350-401 Practice Test Free – 50 Questions to Test Your Knowledge
Are you preparing for the 350-401 certification exam? If so, taking a 350-401 practice test free is one of the best ways to assess your knowledge and improve your chances of passing. In this post, we provide 50 free 350-401 practice questions designed to help you test your skills and identify areas for improvement.
By taking a free 350-401 practice test, you can:
- Familiarize yourself with the exam format and question types
- Identify your strengths and weaknesses
- Gain confidence before the actual exam
50 Free 350-401 Practice Questions
Below, you will find 50 free 350-401 practice questions to help you prepare for the exam. These questions are designed to reflect the real exam structure and difficulty level.
Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address?A. mobility tunnel
B. mobile IP
C. LWAPP tunnel
D. GRE tunnel
Refer to the exhibit. What is the result of the IP SLA configuration?A. The operation runs 5000 times.
B. IP SLA is scheduled to run at 3 a.m.
C. The operation runs 300 times a day.
D. The rate is configured to repeat every 5 minutes.
Refer to the exhibit. Which configuration enables password checking on the console line, using only a password?A. router(config)# line con 0router(config-line)# login
B. router(config)# line con 0router(config-line)# exec-timeout 0 0
C. router(config)# line vty 0 4router(config-line)# login
D. router(config)# line con 0router(config-line)# login local
When the “deny” statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated?A. Traffic is routed to the null 0 interface of the router and discarded.
B. Traffic is returned to the normal forwarding behavior of the router.
C. An additional sequential route-map line is needed to divert the traffic to the router's normal forwarding behavior.
D. An additional sequential route-map line is needed to policy route this traffic.
A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which action meets this requirement?A. Configure the CCMP256 encryption cipher.
B. Configure the CCMP128 encryption cipher.
C. Configure the GCMP256 encryption cipher.
D. Configure the GCMP128 encryption cipher.
Which tunnel type allows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC?A. Mobility
B. IPsec
C. VPN
D. Ethernet over IP
Which action occurs during a Layer 3 roam?A. The client receives a new IP address after authentication occurs.
B. The client is marked as "Foreign" on the original controller.
C. The client database entry is moved from the old controller to the new controller.
D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs.
What are two benefits of using Cisco TrustSec? (Choose two.)A. consistent network segmentation
B. end-to-end traffic encryption
C. advanced endpoint protection against malware
D. simplified management of network access
E. unknown file analysis using sandboxing
Refer to the exhibit. An administrator must enable RESTCONF access to a router. Which two commands or command sets must be added to the existing configuration? (Choose two.)A. aaa authentication login default localaaa authorization exec default local
B. restconf
C. line vty 0 15
D. netconf-yang
E. username restconf privilege 0
Refer to the exhibit. What is achieved by this Python script?A. It reads access list statements into a dictionary list.
B. It displays access list statements on a terminal screen.
C. It configures access list statements.
D. It converts access list statements to a human-readable format.
What is used by vManage to interact with Cisco SD-WAN devices in the fabric?A. IPsec
B. northbound API
C. RESTCONF
D. southbound API
Which feature does Cisco DNA Center Assurance provide?A. application policy configuration
B. device onboarding and configuration
C. software upgrade and management
D. data correlation and analysis
Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a LISP-capable site?A. MR
B. ETR
C. MS
D. ITR
A script contains the statement "while loop != 999:" Which value terminates the loop?A. A value not equal to 999.
B. A value less than or equal to 999.
C. A value equal to 999.
D. A value greater than or equal to 999.
What is a common trait between Ansible and Chef?A. Both rely on a declarative approach.
B. Both are used for mutable infrastructure.
C. Both require a client to be installed on hosts.
D. Both rely on NETCONF.
Which method ensures the confidentiality of data exchanged over a REST API?A. Use the POST method instead of URL-encoded GET to pass parameters.
B. Use TLS to secure the underlying HTTP session.
C. Deploy digest-based authentication to protect the access to the API.
D. Encode sensitive data using Base64 encoding.
An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied?A. aaa authentication network default local
B. aaa authorization network default local
C. aaa authentication exec default local
D. aaa authorization exec default local
Which two advanced security features are available in next-generation firewalls but were not provided by standard firewalls? (Choose two.)A. stateful traffic inspection
B. remote access VPN
C. network telemetry
D. intrusion prevention
E. application control
What is a characteristic of traffic shaping?A. lacks support for marking or remarking
B. must be applied only to outgoing traffic
C. can be applied in both traffic directions
D. queues out-of-profile packets until the buffer is full
Which wireless deployment mode uses a Flex architecture and allows Layer 2 roaming between APs without a physical wireless controller?A. autonomous mode
B. fabric
C. unified
D. Cisco Mobility Express
An engineer adds a new switch to a Cisco StackWise stack. The switch that was active before the switch was added is elected as the active switch again. Which action does the active switch take?A. It suspends traffic forwarding until the new switch is updated with the current running configuration of the stack.
B. It checks the IOS and running configuration of the new switch and updates them if necessary to match the other switches in the stack.
C. It removes any Layer 3 configuration on the new switch to maintain normal Layer 2 functionality on the stack.
D. It clears the MAC table of the stack and relearns the attached devices.
When should the MAC authentication bypass feature be used on a switch port?A. when the attached host supports 802.1X and must authenticate itself based on its MAC address instead of user credentials
B. when the attached host supports limited 802.1X
C. when authentication is required, but the attached host does not support 802.1X
D. when authentication should be bypassed for select hosts based on their MAC address
Which resource must the hypervisor make available to the virtual machines?A. bandwidth
B. IP address
C. processor
D. secure access
Which two items are found in YANG data models? (Choose two.)A. HTTP return codes
B. rpc statements
C. JSON schema
D. container statements
E. XML schema
The Radio Resource Management software that is embedded in the Cisco WLC acts as a manager to constantly monitor over-the-air metrics. Which other factor does the Radio Resource Management software detect?A. presence of rogue APs or malicious SSIDs
B. unauthorized wireless network access
C. repeated attempts to authenticate to a wireless network
D. end-node vulnerabilities
An engineer must configure HSRP for VLAN 1200 on SW1. The second switch is configured by using the last usable IP address in the network as the virtual IP. Which command set accomplishes this task?A. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.254 255.255.255.0SW1(config-if)# standby version 2SW1(config-if)# standby 1200 ip 172.12.0.2SW1(conflg-it)# standby 1200 preempt
B. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.2 255.255.255.0SW1(config-if)# standby version 2SW1(config-if)# standby 1200 ip 172.12.0.254SW1(conflg-it)# standby 1200 preempt
C. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.2 255.255.255.0SW1(config-if)# standby 1200 ip 172.12.0.254SW1(config-if)# standby 1200 timers 5 15SW1(conflg-it)# standby 1200 preempt
D. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.1 255.255.255.0SW1(config-if)# standby 1200 ip 172.12.0.254SW1(config-if)# standby 1200 timers 5 15SW1(conflg-it)# standby 1200 preempt
How do OSPF and EIGRP compare?A. Both OSPF and EIGRP use the concept of areas.
B. OSPF and EIGRP use the same administrative distance.
C. EIGRP shows successor and feasible successor routes, and OSPF shows all known routes.
D. EIGRP shows all known routes, and OSPF shows successor and feasible successor routes.
What do Chef and Ansible have in common?A. They use YAML as their primary configuration syntax.
B. They rely on a procedural approach.
C. They rely on a declarative approach
D. They are clientless architectures.
Refer to the exhibit. A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?A. WPA2 + WPAS
B. None
C. Static WEP
D. WPA+WPA2
Which multicast operational mode sends a prune message to the source when there are no connected members or downstream neighbors?A. IGMPv3
B. PIM dense mode
C. PIM sparse mode
D. IGMPv2
Refer to the exhibit. Users in the Operations VLAN on Switch A are unable to communicate with users in the Operations VLAN on Switch B. Which action resolves the issue?A. Set the switchport mode to dynamic desirable on Switch B.
B. Set the EtherChannel mode to LACP on Switch A.
C. Configure the same allowed VLAN list on Switch A and Switch B.
D. Set the EtherChannel mode to PAGP on Switch B.
Refer to the exhibit. Which type of antenna is shown on the radiation patterns?A. patch
B. dipole
C. omnidirectional
D. Yagi
A customer deployed an ISE solution that allows for web authentication and URL redirect enforced from the access layer. Due to control plane security concerns, only host IP 10.0.1.25 should have HTTP access to these switches. Which configuration must be applied to the switches?A.
B.
C.
D.
DRAG DROP
-
Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.
An engineer must construct an access list for a Cisco Catalyst 9800 Series WLC that will redirect wireless guest users to a splash page that is hosted on a Cisco ISE server. The Cisco ISE servers are hosted at 10.9.11.144 and 10.1.11.141. Which access list meets the requirements?A.
B.
C.
D.
Refer to the exhibit. An engineer must implement HSRP between two WAN routers. In the event R1 fails and then regains operational status, it must allow 100 seconds for the routing protocol to converge before preemption takes effect. Which configuration is required?A. R2 -interface Gi0/0standby 300 preemptstandby 300 delay sync 100
B. R1 -interface Gi0/0standby 300 preemptstandby 300 delay minimum 100
C. R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay sync 100
D. R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay minimum 100
DRAG DROP
-
Drag and drop the snippets onto the blanks within the code to construct a script that blocks a MAC address.
Refer to the exhibit. A network engineer connected two routers using OSPF but the routers are not sharing routes. Which command completes the configuration?A. router ospf 1no passive-interface GigabitEthernet5
B. interface GigabitEthernet5no passive-interface
C. router ospf 1network 172.16.252.0 0.0.0.255 area 0
D. router ospf 1no passive-interface default
Which security feature does stateless authentication and authorization use for REST API calls?A. OAuth 2 tokens
B. API keys
C. SSL/TLS certificate encryption
D. cookie-based session authentication
Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco IOS switch?A. UDP 5246
B. TCP 5246
C. TCP 5247
D. UDP 5247
Which JSON script is properly formatted?A.
B.
C.
D.
An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two.)A. Device(config)# aaa server radius dynamic-author
B. (Cisco Controller) > config wlan aaa-override disable
C. (Cisco Controller) > config radius acct add 10.10.10.12 1812 SECRET
D. Device(config-locsvr-da-radius)# client 10.10.10.12 server-key 0 SECRET
E. (Cisco Controller) > config wlan aaa-override enable
Refer to the exhibit. Which command or set of commands configures switch B as the primary root for VLANs 10, 15, and 20?A. SwitchB(config-mst)# instance 1 vlan 10,20
B. SwitchB(config)# spanning-tree vlan 10,20 root primary
C. SwitchB(config)# interface range g0/0/0-15SwitchB(config-if)# spanning-tree port-priority 100SwitchA (config)# interface range g0/0/0-15SwitchA(config-if)# spanning-tree port-priority 200
D. SwitchB(config)# spanning-tree mst 1 root primary
How does a Type 2 hypervisor function?A. It runs on a virtual server and includes its own operating system.
B. It runs directly on a physical server and includes its own operating system.
C. It is installed as an application on an already installed operating system.
D. It enables other operating systems to run on it.
Refer to the exhibit. An engineer attempts to use RESTCONF to configure GigabitEthernet2 on a remote router with IP address 192.168.159.10, but the configuration fails. Which configuration is required to complete the action?A.
B.
C.
D.
Which element is unique to a Type 2 hypervisor?A. host hardware
B. memory
C. host OS
D. VM OS
Which JSON script is properly formatted?A.
B.
C.
D.
Refer to the exhibit. An engineer must verify the operational status of ISP 1 by testing the IP reachability of the ISP1 DNS server every 10 seconds. If the DNS server is not reachable from the CPE through the Gi0/0 interface, then the test should fail. Which two configuration sets must be used to accomplish this task? (Choose two.)A. ip route 0.0.0.0 0.0.0.0 198.51.100.1ip route 0.0.0.0 0.0.0.0 203.0.113.1
B. ip route 0.0.0.0 255.255.255.255 198.51.100.1ip route 0.0.0.0 255.255.255.255 203.0.113.1
C. ip route 198.51.100.252 255.255.255.255 198.51.100.1
D. ip sla 1icmp-echo 198.51.100.252frequency 10ip sla schedule 1 life forever start-time now
E. ip sla 1dns www.cisco.com name-server 198.51.100.252frequency 10ip sla schedule 1 life forever start-time now
How are control traffic, client authentication and data traffic handled in a mobility express environment?A. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched centrally by the controller.
B. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched locally by the access points.
C. Control traffic and client authentication is handled locally by each access point. Data traffic is switched locally by the access points.
D. Control traffic and client authentication is handled locally by each access point. Data traffic is switched centrally by the controller.
Refer to the exhibit. What can be determined from the output?A. Flow record CC is configured with two separate exporters.
B. Flow record CC is configured with a single exporter.
C. Flow monitor FLOW-CC is configured with two separate flow records to a single exporter.
D. Flow monitor FLOW-CC is configured to two separate exporters.
Get More 350-401 Practice Questions
If you're looking for more 350-401 practice test free questions, click here to access the full 350-401 practice test.
We regularly update this page with new practice questions, so be sure to check back frequently.
Good luck with your 350-401 certification journey!