IT Exam Questions and Solutions Library
Refer to the exhibit. What is the result of the IP SLA configuration? A. The operation runs 5000 times. B. IP SLA is scheduled to run at 3 a.m. C. The operation runs 300 times a day. D. The rate is configured to repeat every 5 minutes. Suggested Answer: D
Refer to the exhibit. Which configuration enables password checking on the console line, using only a password? A. router(config)# line con 0router(config-line)# login B. router(config)# line con 0router(config-line)# exec-timeout 0 0 C. router(config)# line vty 0 4router(config-line)# login D. router(config)# line con 0router(config-line)# login local Suggested Answer: A
When the “deny” statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated? A. Traffic is routed to the null 0 interface of the router and discarded. B. Traffic is returned to the normal forwarding behavior of the router. C. An additional sequential route-map line is needed to divert the traffic to the router's normal forwarding behavior. D. An additional sequential route-map line is needed to policy route this traffic. Suggested Answer: B
A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which action meets this requirement? A. Configure the CCMP256 encryption cipher. B. Configure the CCMP128 encryption cipher. C. Configure the GCMP256 encryption cipher. D. Configure the GCMP128 encryption cipher. Suggested Answer: B
Which tunnel type allows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC? A. Mobility B. IPsec C. VPN D. Ethernet over IP Suggested Answer: A
Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address? A. mobility tunnel B. mobile IP C. LWAPP tunnel D. GRE tunnel Suggested Answer: A
A script contains the statement "while loop != 999:" Which value terminates the loop? A. A value not equal to 999. B. A value less than or equal to 999. C. A value equal to 999. D. A value greater than or equal to 999. Suggested Answer: C
Which method ensures the confidentiality of data exchanged over a REST API? A. Use the POST method instead of URL-encoded GET to pass parameters. B. Use TLS to secure the underlying HTTP session. C. Deploy digest-based authentication to protect the access to the API. D. Encode sensitive data using Base64 encoding. Suggested Answer: B
Which two advanced security features are available in next-generation firewalls but were not provided by standard firewalls? (Choose two.) A. stateful traffic inspection B. remote access VPN C. network telemetry D. intrusion prevention E. application control Suggested Answer: DE
Which wireless deployment mode uses a Flex architecture and allows Layer 2 roaming between APs without a physical wireless controller? A. autonomous mode B. fabric C. unified D. Cisco Mobility Express Suggested Answer: D
When should the MAC authentication bypass feature be used on a switch port? A. when the attached host supports 802.1X and must authenticate itself based on its MAC address instead of user credentials B. when the attached host supports limited 802.1X C. when authentication is required, but the attached host does not support 802.1X D. when authentication should be bypassed for select hosts based on their MAC address Suggested Answer: C
Which resource must the hypervisor make available to the virtual machines? A. bandwidth B. IP address C. processor D. secure access Suggested Answer: C
Which two items are found in YANG data models? (Choose two.) A. HTTP return codes B. rpc statements C. JSON schema D. container statements E. XML schema Suggested Answer: CE
The Radio Resource Management software that is embedded in the Cisco WLC acts as a manager to constantly monitor over-the-air metrics. Which other factor does the Radio Resource Management software detect? A. presence of rogue APs or malicious SSIDs B. unauthorized wireless network access C. repeated attempts to authenticate to a wireless network D. end-node vulnerabilities Suggested Answer: A
An engineer must configure HSRP for VLAN 1200 on SW1. The second switch is configured by using the last usable IP address in the network as the virtual IP. Which command set accomplishes this task? A. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.254 255.255.255.0SW1(config-if)# standby version 2SW1(config-if)# standby 1200 ip 172.12.0.2SW1(conflg-it)# standby 1200 preempt B. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.2 255.255.255.0SW1(config-if)# standby version 2SW1(config-if)# standby 1200 ip 172.12.0.254SW1(conflg-it)# standby 1200 preempt C. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.2 255.255.255.0SW1(config-if)# standby 1200 ip 172.12.0.254SW1(config-if)# standby 1200 timers 5 15SW1(conflg-it)# standby 1200 preempt D. SW1(config)# interface vlan 1200SW1(config-if)# ip address 172.12.0.1 255.255.255.0SW1(config-if)# standby 1200 ip 172.12.0.254SW1(config-if)# standby 1200 timers 5 15SW1(conflg-it)# standby 1200 preempt Suggested Answer: B
Which action occurs during a Layer 3 roam? A. The client receives a new IP address after authentication occurs. B. The client is marked as "Foreign" on the original controller. C. The client database entry is moved from the old controller to the new controller. D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs. Suggested Answer: D
What are two benefits of using Cisco TrustSec? (Choose two.) A. consistent network segmentation B. end-to-end traffic encryption C. advanced endpoint protection against malware D. simplified management of network access E. unknown file analysis using sandboxing Suggested Answer: AD
Refer to the exhibit. An administrator must enable RESTCONF access to a router. Which two commands or command sets must be added to the existing configuration? (Choose two.) A. aaa authentication login default localaaa authorization exec default local B. restconf C. line vty 0 15 D. netconf-yang E. username restconf privilege 0 Suggested Answer: AB
Refer to the exhibit. What is achieved by this Python script? A. It reads access list statements into a dictionary list. B. It displays access list statements on a terminal screen. C. It configures access list statements. D. It converts access list statements to a human-readable format. Suggested Answer: D
What is used by vManage to interact with Cisco SD-WAN devices in the fabric? A. IPsec B. northbound API C. RESTCONF D. southbound API Suggested Answer: D
Which feature does Cisco DNA Center Assurance provide? A. application policy configuration B. device onboarding and configuration C. software upgrade and management D. data correlation and analysis Suggested Answer: D
Which device, in a LISP routing architecture, receives and de-encapsulates LISP traffic for endpoints within a LISP-capable site? A. MR B. ETR C. MS D. ITR Suggested Answer: B
What is a common trait between Ansible and Chef? A. Both rely on a declarative approach. B. Both are used for mutable infrastructure. C. Both require a client to be installed on hosts. D. Both rely on NETCONF. Suggested Answer: B
An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied? A. aaa authentication network default local B. aaa authorization network default local C. aaa authentication exec default local D. aaa authorization exec default local Suggested Answer: D
What is a characteristic of traffic shaping? A. lacks support for marking or remarking B. must be applied only to outgoing traffic C. can be applied in both traffic directions D. queues out-of-profile packets until the buffer is full Suggested Answer: D
An engineer adds a new switch to a Cisco StackWise stack. The switch that was active before the switch was added is elected as the active switch again. Which action does the active switch take? A. It suspends traffic forwarding until the new switch is updated with the current running configuration of the stack. B. It checks the IOS and running configuration of the new switch and updates them if necessary to match the other switches in the stack. C. It removes any Layer 3 configuration on the new switch to maintain normal Layer 2 functionality on the stack. D. It clears the MAC table of the stack and relearns the attached devices. Suggested Answer: B
Which multicast operational mode sends a prune message to the source when there are no connected members or downstream neighbors? A. IGMPv3 B. PIM dense mode C. PIM sparse mode D. IGMPv2 Suggested Answer: B
Refer to the exhibit. Which type of antenna is shown on the radiation patterns? A. patch B. dipole C. omnidirectional D. Yagi Suggested Answer: D
DRAG DROP - Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.Suggested Answer:
Refer to the exhibit. An engineer must implement HSRP between two WAN routers. In the event R1 fails and then regains operational status, it must allow 100 seconds for the routing protocol to converge before preemption takes effect. Which configuration is required? A. R2 -interface Gi0/0standby 300 preemptstandby 300 delay sync 100 B. R1 -interface Gi0/0standby 300 preemptstandby 300 delay minimum 100 C. R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay sync 100 D. R1 -interface Gi0/0standby 300 preemptR2 -interface Gi0/0standby 300 delay minimum 100 Suggested Answer: C
Refer to the exhibit. A network engineer connected two routers using OSPF but the routers are not sharing routes. Which command completes the configuration? A. router ospf 1no passive-interface GigabitEthernet5 B. interface GigabitEthernet5no passive-interface C. router ospf 1network 172.16.252.0 0.0.0.255 area 0 D. router ospf 1no passive-interface default Suggested Answer: D
Which security feature does stateless authentication and authorization use for REST API calls? A. OAuth 2 tokens B. API keys C. SSL/TLS certificate encryption D. cookie-based session authentication Suggested Answer: B
Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco IOS switch? A. UDP 5246 B. TCP 5246 C. TCP 5247 D. UDP 5247 Suggested Answer: D
Which JSON script is properly formatted?
A.
B.
C.
D.
Suggested Answer: A
An engineer must configure AAA on a Cisco 9800 WLC for central web authentication. Which two commands are needed to accomplish this task? (Choose two.) A. Device(config)# aaa server radius dynamic-author B. (Cisco Controller) > config wlan aaa-override disable < wlan-id > C. (Cisco Controller) > config radius acct add 10.10.10.12 1812 SECRET D. Device(config-locsvr-da-radius)# client 10.10.10.12 server-key 0 SECRET E. (Cisco Controller) > config wlan aaa-override enable < wlan-id > Suggested Answer: AC
Refer to the exhibit. Which command or set of commands configures switch B as the primary root for VLANs 10, 15, and 20? A. SwitchB(config-mst)# instance 1 vlan 10,20 B. SwitchB(config)# spanning-tree vlan 10,20 root primary C. SwitchB(config)# interface range g0/0/0-15SwitchB(config-if)# spanning-tree port-priority 100SwitchA (config)# interface range g0/0/0-15SwitchA(config-if)# spanning-tree port-priority 200 D. SwitchB(config)# spanning-tree mst 1 root primary Suggested Answer: D
How does a Type 2 hypervisor function? A. It runs on a virtual server and includes its own operating system. B. It runs directly on a physical server and includes its own operating system. C. It is installed as an application on an already installed operating system. D. It enables other operating systems to run on it. Suggested Answer: C
Refer to the exhibit. An engineer attempts to use RESTCONF to configure GigabitEthernet2 on a remote router with IP address 192.168.159.10, but the configuration fails. Which configuration is required to complete the action? A.
B.
C.
D.
Suggested Answer: B
Which element is unique to a Type 2 hypervisor? A. host hardware B. memory C. host OS D. VM OS Suggested Answer: C
How do OSPF and EIGRP compare? A. Both OSPF and EIGRP use the concept of areas. B. OSPF and EIGRP use the same administrative distance. C. EIGRP shows successor and feasible successor routes, and OSPF shows all known routes. D. EIGRP shows all known routes, and OSPF shows successor and feasible successor routes. Suggested Answer: C
What do Chef and Ansible have in common? A. They use YAML as their primary configuration syntax. B. They rely on a procedural approach. C. They rely on a declarative approach D. They are clientless architectures. Suggested Answer: C
Refer to the exhibit. A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected? A. WPA2 + WPAS B. None C. Static WEP D. WPA+WPA2 Suggested Answer: D
Refer to the exhibit. Users in the Operations VLAN on Switch A are unable to communicate with users in the Operations VLAN on Switch B. Which action resolves the issue? A. Set the switchport mode to dynamic desirable on Switch B. B. Set the EtherChannel mode to LACP on Switch A. C. Configure the same allowed VLAN list on Switch A and Switch B. D. Set the EtherChannel mode to PAGP on Switch B. Suggested Answer: A
A customer deployed an ISE solution that allows for web authentication and URL redirect enforced from the access layer. Due to control plane security concerns, only host IP 10.0.1.25 should have HTTP access to these switches. Which configuration must be applied to the switches?
A.
B.
C.
D.
Suggested Answer: B
An engineer must construct an access list for a Cisco Catalyst 9800 Series WLC that will redirect wireless guest users to a splash page that is hosted on a Cisco ISE server. The Cisco ISE servers are hosted at 10.9.11.144 and 10.1.11.141. Which access list meets the requirements?
A.
B.
C.
D.
Suggested Answer: C
DRAG DROP - Drag and drop the snippets onto the blanks within the code to construct a script that blocks a MAC address.Suggested Answer:
Which feature is offered by the Cisco Advanced Malware Protection for Endpoints solution? A. File Sandboxing B. NetFlow C. TrustSec D. DNS Protection Suggested Answer: A
Which JSON script is properly formatted?
A.
B.
C.
D.
Suggested Answer: D
How are control traffic, client authentication and data traffic handled in a mobility express environment? A. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched centrally by the controller. B. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched locally by the access points. C. Control traffic and client authentication is handled locally by each access point. Data traffic is switched locally by the access points. D. Control traffic and client authentication is handled locally by each access point. Data traffic is switched centrally by the controller. Suggested Answer: B
Which feature allows clients to perform Layer 2 roaming between wireless controllers? A. mobility groups B. N+1 high availability C. RF grouping D. SSO Suggested Answer: A
What is a characteristic of Cisco DNA Northbound APIs? A. They utilize multivendor support APIs. B. They simplify the management of network infrastructure devices. C. They utilize RESTCONF. D. They enable automation of network infrastructure based on intent. Suggested Answer: D
DRAG DROP - Drag and drop the NTP elements from the left onto the correct descriptions on the right.Suggested Answer:
DRAG DROP - Drag and drop the Cisco DNA Center northbound API characteristics from the left to the right. Not all options are used.Suggested Answer:
Refer to the exhibit. R1 and R2 are on the same VLAN. VRRP is configured between the two routers. What is the cause of the VRRP error? A. R1 is configured with VIP 10.18.0.2 on VRRP group 1 and R2 is configured with VIP 10.18.0.1 on VRRP group 1. B. R1 is configured with VIP 10.18.0.2 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 1. C. R1 is configured with VIP 10.18.0.1 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 0. D. R1 is configured with VIP 10.18.0.1 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 1. Suggested Answer: D
An engineer is implementing a new SSID on a Cisco Catalyst 9800 Series WLC that must be broadcast on 6 GHz radios. Users will be required to use EAP-TLS to authenticate. Which wireless Layer 2 security method is required? A. WPA2 Enterprise B. WPA2 Personal C. WPA3 Enterprise D. WPA3 Personal Suggested Answer: C
Which Cisco SD-WAN component authenticates the routers and the vSmart controllers? A. vEdge B. Manage NMS C. Analytics D. vBond orchestrator Suggested Answer: D
DRAG DROP - Drag and drop the characteristics from the left onto the corresponding switching architectures on the right.Suggested Answer:
Refer to the exhibit. What is output by this code? A. -1 -2 -3 -4 B. 8 7 6 5 C. 4 5 6 7 D. -4 -5 -6 -7 Suggested Answer: B
What are two characteristics of a directional antenna? (Choose two.) A. commonly used to cover large areas B. low gain C. provides the most focused and narrow beam-width D. receive signals equally from all directions E. high gain Suggested Answer: CE
DRAG DROP - Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a JSON string. Not all options are used.Suggested Answer:
When does Cisco DNA Center make changes to a device? A. when the device credentials are added B. when the network device is assigned to the site and device controllability is turned on C. when the network device is discovered and device controllability is turned on D. when a NETCONF port has been configured Suggested Answer: C
Which security actions must be implemented to prevent an API injection attack? A. Log and monitor failed attempts. B. Use password hash with biometric authentication. C. Validate, filter, and sanitize all incoming data. D. Use short-lived access tokens and authenticate the apps. Suggested Answer: C
Refer to the exhibit. Which action automatically enables privilege exec mode when logging in via SSH? A. Configure a password under the line configuration. B. Configure the enable secret to be the same as the secret for user "Cisco". C. Configure privilege level 15 under the line configuration. D. Configure user "cisco" with privilege level 15. Suggested Answer: D
Refer to the exhibit. An engineer must verify the operational status of ISP 1 by testing the IP reachability of the ISP1 DNS server every 10 seconds. If the DNS server is not reachable from the CPE through the Gi0/0 interface, then the test should fail. Which two configuration sets must be used to accomplish this task? (Choose two.) A. ip route 0.0.0.0 0.0.0.0 198.51.100.1ip route 0.0.0.0 0.0.0.0 203.0.113.1 B. ip route 0.0.0.0 255.255.255.255 198.51.100.1ip route 0.0.0.0 255.255.255.255 203.0.113.1 C. ip route 198.51.100.252 255.255.255.255 198.51.100.1 D. ip sla 1icmp-echo 198.51.100.252frequency 10ip sla schedule 1 life forever start-time now E. ip sla 1dns www.cisco.com name-server 198.51.100.252frequency 10ip sla schedule 1 life forever start-time now Suggested Answer: CD
Refer to the exhibit. What can be determined from the output? A. Flow record CC is configured with two separate exporters. B. Flow record CC is configured with a single exporter. C. Flow monitor FLOW-CC is configured with two separate flow records to a single exporter. D. Flow monitor FLOW-CC is configured to two separate exporters. Suggested Answer: D
Refer to the exhibit. Which action results from executing the Python script? A. display the output of a command that is entered on that device B. display the output of a command that is entered on that device in a single line C. SSH to the IP address that is manually entered on that device D. display the unformatted output of a command that is entered on that device Suggested Answer: A
Drag and drop the Cisco DNA Center northbound API characteristics from the left to the right. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the corresponding switching architectures on the right. Select and Place:Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a JSON string. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the deployment models on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the deployment models on the right. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the architectures on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the deployment models on the right. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to service. Not all options are used. Select and Place:Correct Answer:
Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right. Select and Place:
Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures policy-based routing. Select and Place:Correct Answer:
Drag and drop the components of the Cisco SD-Access fabric architecture from the left onto the correct descriptions on the right. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some options may be used twice. Select and Place:Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the PHP script to convert a PHP array into JSON format. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a compact JSON object by removing space characters. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the automation characteristics from the left onto the corresponding tools on the right. Select and Place:Correct Answer:
Drag and drop the automation characteristics from the left onto the appropriate tools on the right. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the code snippets from the bottom onto blanks in the Python script so that the program changes the IP address and saves it as a new JSON file on the disk. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the characteristics of Cisco SD-WAN from the left onto the right. Not all options are used. Select and Place:Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the QoS mechanisms from the left onto their descriptions on the right. Select and Place:
Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a JSON string. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the corresponding switching architectures on the right. Select and Place:
Correct Answer:
Drag and drop the NTP elements from the left onto the correct descriptions on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right. Select and Place:Correct Answer:
Drag and drop the LISP components on the left to the correct description on the right. Select and Place:Correct Answer:
Drag and drop the tools from the left onto the agent types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the switching architectures on the right. Select and Place:Correct Answer:
Drag and drop the automation characteristics from the left onto the appropriate tools on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left to the table types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the configuration models on the right. Select and Place:Correct Answer:
Drag and drop the Cisco SD-Access solution areas from the left onto the protocols they use on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:Correct Answer:
An engineer is working with the Cisco DNA Center API. Drag and drop the methods from the left onto the actions that they are used for on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the QoS components they describe on the right. Select and Place:Correct Answer:
Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that configures a loopback interface with an IP address. Not all options are used. Select and Place:
Correct Answer:
Please drag and drop the options provided in the left to configure NTP in client mode. Select and Place:
Correct Answer:
Drag and drop the definitions on the left to their respective technological names on the right. Select and Place:Correct Answer:
Drag and drop the definitions in the left to their respective Terminology in the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:
Correct Answer:
Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the orchestration tool classifications on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the orchestration tools they describe on the right. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that changes the routing from gateway 1 to gateway 2 from 11:00 m. to 12:00 a.m. (2300 to 2400) only, daily. Not all options are used, and some options may be used twice.
Drag and drop the characteristics from the left onto the technology types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that shows all logging that occurred on the appliance from Sunday until 9:00 p.m. Thursday. Not all options are used. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the infrastructure deployment models on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the infrastructure deployment models they describe on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:Correct Answer:
Drag and drop the tools from the left onto the agent types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the infrastructure deployment models on the right. Select and Place:Correct Answer:
Drag and drop the LISP components on the left to their descriptions on the right. Not all options are used. Select and Place:Correct Answer:
An engineer plans to use Python to convert text files that contain device information to JSON Drag and drop the code snippets from the bottom onto the blanks in the code to construct the request. Not all options are used. Select and Place:Correct Answer:
Refer to the exhibit. Drag and drop the snippets into the RESTCONF request to form the request that returns this response. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network prefix 192.168.5.0/24 into a BGP session. Not all options are used. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the switching mechanisms they describe on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the switching architectures on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the deployment types on the right. Select and Place:Correct Answer:
Drag and drop the descriptions from the left onto the correct QoS components on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the appropriate infrastructure deployment types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the infrastructure types on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the correct infrastructure deployment type on the right. Select and Place:
Correct Answer:
Drag and drop the QoS mechanisms from the left onto their descriptions on the right. Select and Place:Correct Answer:
Drag and drop the LISP components from the left onto the functions they perform on the right. Not all options are used. Select and Place:
2%80%93%20Proxy%20ITR%20(PITR)%3A%20A,devices%20deployed%20at%20LISP%20sites. Correct Answer: E
Drag and drop the descriptions of the VSS technology from the left to the right. Not all options are used. Select and Place:
Correct Answer:
Drag and drop the virtual components from the left onto their descriptions on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the correct routing protocol types on the right. Select and Place:Correct Answer:
Drag and drop the descriptions from the left onto the routing protocol they describe on the right. Select and Place:Correct Answer:
Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Select and Place:Correct Answer:
Drag and drop the descriptions from the left onto the routing protocol they describe on the right. Select and Place:
Correct Answer:
Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right. Select and Place:
Correct Answer:
Drag and drop the characteristics from the left onto the protocols they apply to on the right. Select and Place:Correct Answer:
Drag and drop the characteristics of PIM Dense Mode from the left to the right. Not all options are used. Select and Place:Correct Answer:
Drag and drop the wireless elements on the left to their definitions on the right. Select and Place:Correct Answer:
Drag and drop the threat defense solutions from the left onto their descriptions on the right. Select and Place:Correct Answer:
Drag and drop the REST API authentication methods from the left onto their descriptions on the right. Select and Place:
Correct Answer:
Drag and drop the solutions that compromise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right. Select and Place:
Correct Answer:
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used. Select and Place: R1#sh run | i aaa - aaa new-model aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common R1#Correct Answer:
Refer to the exhibit. What can be determined from the output? A. Flow record CC is configured with two separate exporters. B. Flow record CC is configured with a single exporter. C. Flow monitor FLOW-CC is configured with two separate flow records to a single exporter. D. Flow monitor FLOW-CC is configured to two separate exporters. Correct Answer: D
Refer to the exhibit. Which action results from executing the Python script? A. display the output of a command that is entered on that device B. display the output of a command that is entered on that device in a single line C. SSH to the IP address that is manually entered on that device D. display the unformatted output of a command that is entered on that device A Correct Answer:
Which policy feature is used with TrustSec to provide endpoint entitlement in an enterprise network? A. security group tags B. access control lists C. virtual local area network D. virtual routing and forwarding Correct Answer: A
Refer to the exhibit. After unsuccessfully configuring an EtherChannel link, an engineer enables debugging. Which action will resolve the issue? A. configure the EtherChannel members in desirable mode. B. Set the EtherChannel to mode on. C. Set the EtherChannel to mode active. D. configure the EtherChannel members in passive mode. Correct Answer: C
Refer to the exhibit. What is achieved by this code? A. It unshuts the loopback interface. B. It displays the loopback interface. C. It renames the loopback interface. D. It deletes the loopback interface. Correct Answer: A
Which collection contains the resources to obtain a list of fabric nodes through the vManage API? A. device inventory B. administration C. device management D. monitoring Correct Answer: C
Which Cisco DNA Center Assurance feature verifies host reachability? A. path trace B. application experience C. detail information D. network time travel Correct Answer: A
What is one characteristic of Cisco DNA Center and vManage northbound APIs? A. They push configuration changes down to devices. B. They exchange XML-formatted content. C. They implement the RESTCONF protocol. D. They implement the NETCONF protocol. Correct Answer: B
Which feature is offered by the Cisco Advanced Malware Protection for Endpoints solution? A. File Sandboxing B. NetFlow C. TrustSec D. DNS Protection Correct Answer: A
Which JSON script is properly formatted?
A. D Correct Answer:
How are control traffic, client authentication and data traffic handled in a mobility express environment? A. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched centrally by the controller. B. Control traffic and client authentication is handled centrally by the controller. Data traffic is switched locally by the access points. C. Control traffic and client authentication is handled locally by each access point. Data traffic is switched locally by the access points. D. Control traffic and client authentication is handled locally by each access point. Data traffic is switched centrally by the controller. Correct Answer: B
Which feature allows clients to perform Layer 2 roaming between wireless controllers? A. mobility groups B. N+1 high availability C. RF grouping D. SSO Correct Answer: A
What is a characteristic of Cisco DNA Northbound APIs? A. They utilize multivendor support APIs. B. They simplify the management of network infrastructure devices. C. They utilize RESTCON D. They enable automation of network infrastructure based on intent. Correct Answer: D
Refer to the exhibit. R1 and R2 are on the same VLAN. VRRP is configured between the two routers. What is the cause of the VRRP error? A. R1 is configured with VIP 10.18.0.2 on VRRP group 1 and R2 is configured with VIP 10.18.0.1 on VRRP group 1. B. R1 is configured with VIP 10.18.0.2 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 1. C. R1 is configured with VIP 10.18.0.1 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 0. D. R1 is configured with VIP 10.18.0.1 on VRRP group 1 and R2 is configured with VIP 10.18.0.2 on VRRP group 1. Correct Answer: D
An engineer is implementing a new SSID on a Cisco Catalyst 9800 Series WLC that must be broadcast on 6 GHz radios. Users will be required to use EAP-TLS to authenticate. Which wireless Layer 2 security method is required? A. WPA2 Enterprise B. WPA2 Personal C. WPA3 Enterprise D. WPA3 Personal Correct Answer: C
Which Cisco SD-WAN component authenticates the routers and the vSmart controllers? A. vEdge B. Manage NMS C. Analytics D. vBond orchestrator Correct Answer: D
Refer to the exhibit. What is output by this code? A. -1 -2 -3 -4 B. 8 7 6 5 C. 4 5 6 7 D. -4 -5 -6 -7 Correct Answer: B
What are two characteristics of a directional antenna? (Choose two.) A. commonly used to cover large areas B. low gain C. provides the most focused and narrow beam-width D. receive signals equally from all directions E. high gain Correct Answer: CE
When does Cisco DNA Center make changes to a device? A. when the device credentials are added B. when the network device is assigned to the site and device controllability is turned on C. when the network device is discovered and device controllability is turned on D. when a NETCONF port has been configured Correct Answer: C
Which security actions must be implemented to prevent an API injection attack? A. Log and monitor failed attempts. B. Use password hash with biometric authentication. C. Validate, filter, and sanitize all incoming data. D. Use short-lived access tokens and authenticate the apps. Correct Answer: C
Refer to the exhibit. Which action automatically enables privilege exec mode when logging in via SSH? A. configure a password under the line configuration. B. configure the enable secret to be the same as the secret for user "Cisco". C. configure privilege level 15 under the line configuration. D. configure user "cisco" with privilege level 15. Correct Answer: D
Refer to the exhibit. An engineer must verify the operational status of ISP 1 by testing the IP reachability of the ISP1 DNS server every 10 seconds. If the DNS server is not reachable from the CPE through the Gi0/0 interface, then the test should fail. Which two configuration sets must be used to accomplish this task? (Choose two.) A. ip route 0.0.0.0 0.0.0.0 198.51.100.1 ip route 0.0.0.0 0.0.0.0 203.0.113.1 B. ip route 0.0.0.0 255.255.255.255 198.51.100.1 ip route 0.0.0.0 255.255.255.255 203.0.113.1 C. ip route 198.51.100.252 255.255.255.255 198.51.100.1 D. ip sla 1 icmp-echo 198.51.100.252 frequency 10 ip sla schedule 1 life forever start-time now E. ip sla 1 dns www.cisco.com name-server 198.51.100.252 frequency 10 ip sla schedule 1 life forever start-time now Correct Answer: CD
Which characteristic applies to a traditional WAN solution but not to a Cisco SD-WAN solution? A. time consuming configuration and maintenance B. centralized reachability, security, and application policies C. low complexity and increased overall solution scale D. operates over DTLS/TLS authenticated and secured tunnels Correct Answer: A
In which way are EIGRP and OSPF similar? A. Both protocols support autosummarization. B. Both protocols use hello packets to discover neighbors. C. Both protocols support unequal-cost load balancing. D. Both protocols send updates using unicast addresses. Correct Answer: B
Which JSON script is properly formatted?
A. D Correct Answer:
In a Cisco SD-Access environment, which function is performed by the border node? A. Connect users and devices to the fabric domain. B. Group endpoints into IP pools. C. Provide reachability information to fabric endpoints. D. Provide connectivity to traditional Layer 3 networks. Correct Answer: D
What is a characteristic of the overlay network in the Cisco SD-Access architecture? A. It provides multicast support to enable Layer 2 flooding capability in the underlay network. B. It provides isolation among the virtual networks and independence from the physical network. C. It uses a traditional routed access design to provide performance and high availability to the network. D. It consists of a group of physical routers and switches that are used to maintain the network. Correct Answer: B
What gives priority on an egress interface, for database traffic that connected on an ingress interface, without changing the CoS value? A. QoS group B. policy map C. CoS map D. class map Correct Answer: B
What is a difference between TCAM and the MAC address table? A. The MAC address table supports partial matches. TCAM requires an exact match. B. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables. C. The MAC address table is contained in CAM. ACL and QoS information is stored in TCAM. D. Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM. Correct Answer: C
Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100.2.248 to 10.100.2.255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply?
A. Correct Answer: B
Refer to the exhibit. What does the response "204 No Content" mean for the REST API request? A. Interface loopback 100 is removed from the configuration. B. Interface loopback 100 is not removed from the configuration. C. Interface loopback 100 is not found in the configuration. D. The DELETE method is not supported. Correct Answer: C
An engineer uses the Design work flow to create a new network infrastructure in Cisco DNA Center. How is the physical network device hierarchy structured? A. by organization B. by hostname naming convention C. by location D. by role Correct Answer: C
What are two characteristics of vManage APIs? (Choose two.) A. Northbound API is based on RESTCONF and JSON. B. Southbound API is based on NETCONF and XML. C. Southbound API is based on RESTCONF and JSON. D. Southbound API is based on OMP and DTLS. E. Northbound API is RESTful using JSON. Correct Answer: BE
Which API does Cisco DNA Center use to retrieve information about images? A. SWIM B. Img-Mgmt C. PnP D. Client Health Correct Answer: A
What is a characteristic of the Cisco DNA Center Template Editor feature? A. It provides a high-level overview of the health of every network device. B. It facilitates software upgrades to network devices from a central point. C. It uses a predefined configuration through parameterized elements or variables. D. It facilitates a vulnerability assessment of the network devices. Correct Answer: C
Which tunnel type allows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC? A. CAPWAP B. IPsec C. VPN D. Ethernet over IP Correct Answer: A
Refer to the exhibit. CR2 and CR3 are configured with OSP A. Which configuration, when applied to CR1, allows CR1 to exchange OSPF information with CR2 and CR3 but not with other network devices or on new interfaces that are added to CR1?
B. B Correct Answer:
What is a characteristic of vManage? A. It leverages the overlay management protocol to interface with WAN Edge devices. B. It supports protocols such as OSPF to integrate with legacy network devices. C. It requires a public IP address to allow WAN Edge devices to discover fabric components. D. It uses NETCONF to configure vSmart devices to build the overlay network data plane. Correct Answer: D
Refer to the exhibit. An engineer constructs an EEM applet to prevent anyone from entering configuration mode on a switch. Which snippet is required to complete the EEM applet? A. sync yes skip yes B. sync no skip yes C. sync no skip no D. sync yes skip no Correct Answer: B
Refer to the exhibit. What are two results of the NTP configuration? (Choose two.) A. It uses other systems as an authoritative time source. B. It distributes the time via NTP broadcast and multicast packets. C. It distributes the time via NTP broadcast packets. D. It forms a peer association with another system. E. It uses the hardware clock as an authoritative time source. Correct Answer: AC
What is the purpose of data modeling languages? A. to describe a data schema convertible into any data encoding format B. to provide a framework to describe data flow patterns in networks C. to specify algorithms necessary to decode binary-encoded protocol data units D. to translate encoded data for interoperability between different CPU architectures Correct Answer: A
Refer to the exhibit. An engineer must prevent VLAN 20 routes from appearing in the routing table of Switch-1. Which command set must be applied?
A. Correct Answer: D
Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality? A. MAC Authentication Bypass B. MACsec C. private VLANs D. port security Correct Answer: A
Which mechanism does OAuth use to strengthen REST API security when compared to BasicAuth? A. Token B. SSL C. Authentication D. TLS Correct Answer: A
What is the API keys option for REST API authentication? A. a predetermined string that is passed from client to server B. a one-time encrypted token C. a credential that is transmitted unencrypted D. a username that is stored in the local router database Correct Answer: A
Refer to the exhibit. The web server is configured to listen only to TCP port 8080 for all HTTP requests. Which command is required to allow Internet users to access the web server on HTTP port 80? A. ip nat outside static tcp 10.1.1.100 8080 10.1.1.100 80 B. ip nat inside static tcp 10.1.1.100 80 10.1.1.100 8080 C. ip nat inside static tcp 10.1.1.100 8080 10.1.1.100 80 D. ip nat outside static tcp 10.1.1.100 80 10.1.1.100 8080 Correct Answer: C
Refer to the exhibit. What is achieved by this Python script? A. It loads JSON data into an HTTP request. B. It converts JSON data to an HTML document. C. It counts JSON data from a website. D. It reads JSON data into a formatted list. Correct Answer: D
Refer to the exhibit. An engineer must configure router R1 to allow only NETCONF connections from the management VLAN. Which command completes this configuration? A. R1(config-if)# ip access-group netconfacl in B. R1(config)# netconf-yang ipv4 access-list name netconfacl C. R1(config)#ip http secure-server R1(config)# ip http accounting commands 12 default D. R1(config-if)#ip access-group netconfacl out Correct Answer: A
Which configuration saves the running configuration to the startup configuration and logs a "saving configuration automatically" message when a syslog message that contains "SYS-5-CONFIG_I" is received?
A. C Correct Answer:
Refer to the exhibit. An engineer applies this configuration to R1: ip nat inside source static 192.168.10.17 192.168.27.42 Which command set should be added to complete the configuration? A. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip nat outside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip nat inside - B. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip pat outside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip pat inside - C. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip pat inside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip pat outside - D. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip nat inside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip nat outside Correct Answer: A
Which type of roaming event occurs when a client roams across multiple mobility groups? A. Layer1 B. Layer7 C. Layer3 D. Layer2 Correct Answer: D
A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue? A. Open CAPWAP UDP port 12222 in the network firewall. B. Open CAPWAP UDP ports 5246 and 5247 in the network firewall. C. Enable the UDP Lite feature on the WL D. Ensure that the controller is connected to a AAA server. Correct Answer: B
Which technique is used to protect end user devices and data from unknown file behavior? A. crypto file ransomware protection using a file hash calculation B. file retrospection using continuous scan and analyses C. file sandboxing using a protected environment to analyze and simulate the behavior of unknown files D. phishing file quarantine using an internal environment to store attached files Correct Answer: C
A client requests a wireless solution for remote branch offices to eliminate the need for a local controller at each branch. The branch users require local termination in a specifc VLAN for local internet breakout. Which solution must be deployed? A. central switched B. FlexConnect local switching C. auto-anchor mobility D. asymmetric tunneling Correct Answer: B
Which type of tunnel is required between two WLCs to enable intercontroller roaming? A. CAPWAP B. LWAPP C. mobility D. IPsec Correct Answer: A
Refer to the exhibit. Which command must be applied to complete the configuration and enable RESTCONF? A. ip http server B. ip http client username restconf C. ip http secure-port 443 D. ip http secure-server Correct Answer: D
Which device, in a LISP router architecture, receives LISP map requests and determines which ETR should handle the map request? A. proxy ETR B. routing locator C. map resolver D. map server Correct Answer: C
How does a WLC achieve stateful switchover for APs and clients? A. The active WLC establishes a CAPWAP tunnel to the AP, and the standby WLC establishes a LWAPP tunnel to the AP. B. The active WLC establishes a CAPWAP tunnel with the AP, and the standby WLC copies the AP database and the client database from the active WL C. The active WLC establishes a CAPWAP tunnel with the AP and standby WLC to share the AP database information. D. The active and standby WLCs establish separate CAPWAP tunnels to the AP. Correct Answer: C
Refer to the exhibit. What is the purpose of the configuration? A. The router will function in NTP in client mode. B. The router will use 172.16.1.1 as the source for NTP packets. C. The router is allowed to receive NTP broadcast packets. D. The router will function as an authoritative NTP server. Correct Answer: D
What is a consideration when designing a Cisco SD-Access underlay network? A. It must support IPv4 and IPv6 underlay networks. B. End user subnets and endpoints are part of the underlay network. C. Static routing is a requirement. D. The underlay switches provide endpoint physical connectivity for users. Correct Answer: D
Which JSON script is properly formatted?
A. Correct Answer: B
Which NTP concept is used to measure the distance from a device to its authoritative time source? A. stratum B. NTP peer C. GPS D. atomic clock Correct Answer: A
What is a characteristic of a virtual machine? A. It is more resource efficient than a container. B. It provides an environment completely isolated from the host OS. C. It is more lightweight than a container. D. It shares the host OS kernel, binaries, and libraries. Correct Answer: B
When is GLBP preferred over HSRP? A. When the gateway routers are a mix of Cisco and non-Cisco routers. B. When encrypted hellos are required between gateways in a single group. C. When the traffic load needs to be shared between multiple gateways using a single virtual IP. D. When clients need the gateway MAC address to be the same between multiple gateways. Correct Answer: C
Which TLV value must be added to Option 43 when DHCP is used to ensure that APs join the WLC? A. 0x77 B. AAA C. 0xf1 D. 642 Correct Answer: C
Refer to the Exhibit. External users require HTTP connectivity to an internal company web server that is listening on TCP port 8080. Which command set accomplishes? A. interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat outside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static tcp 209.165.200.225 8080 10.1.1.100 8080 B. interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat inside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat outside ip nat inside source static tcp 10.1.1.1 8080 209.165.200.225 80 C. interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat outside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat inside ip nat inside source static tcp 10.1.1.1 8080 209.165.200.225 80 D. interface G0/0 ip address 209.165.200.225 255.255.255.224 ip nat inside interface G0/1 ip address 10.1.1.1 255.255.255.0 ip nat outside ip nat inside source static tcp 209.165.200.225 80 10.1.1.100 8080 Correct Answer: C
A network engineer must configure the VTY lines on a router to achieve these results: · Remote access should be permitted only for secure protocols. · Only a password should be required for device authentication. · All idle EXEC sessions must be terminated in 60 minutes. Which configuration should be applied? A. line vty 0 15 password Cisco123 transport input ssh exec-timeout 60 B. line vty 0 15 login password Cisco123 transport input ssh exec-timeout 60 C. line vty 0 15 password Cisco123 transport input telnet ssh exec-timeout 60 D. line vty 0 15 password Cisco123 transport input all session-timeout 60 Correct Answer: B
How does NETCONF YANG represent data structures? A. as strict data structures defined by RFC 6020 B. in an XML tree format C. in an HTML format D. as modules within a tree Correct Answer: B
Refer to the exhibit. An engineer must modify the existing configuration so that R2 can take over as the primary router when serial interface 0/0.1 on R1 goes down. Which command must the engineer apply? A. R2# standby 100 preempt B. R2# standby 100 priority 100 C. R2# standby 100 track 26 decrement 10 D. R2# track 26 interface Serial0/0.1 line-protocol Correct Answer: A
Refer to the exhibit. An engineer deploys a script to retrieve the running configuration from a NETCONF-capable Cisco IOS XE device that is configured with default settings. The script fails. Which configuration must be applied to retrieve the configuration using NETCONF? A. print (netconf_host.get_config(`show running')) B. port=830 C. device_params=(`name':'los-xe'}) D. hostkey_verify=True, Correct Answer: B
Refer to the exhibit. Which action must be taken to configure a WLAN for WPA2-AES with PSK and allow only 802.11r-capable clients to connect? A. Enable Fast Transition and FT + PSK. B. Enable Fast Transition and PSK. C. Change Fast Transition to Adaptive Enabled and enable FT + PSK. D. Enable PSK and FT + PSK Correct Answer: A
Refer to the exhibit. Which address type is 10.10.10.10 configured for? A. outside global B. inside global C. outside local D. inside local Correct Answer: D
Refer to the exhibit. What is the result of the NTP configuration? A. The router will use the address of loppback 0 to communicate with the NTP server. B. The router will advertise but not listen to NTP broadcast packets. C. The router will be used as an NTP authoritative server only if it synchronized with an outside source. D. The router will be used as an NTP authoritative server, even if it is not synchronized with an outside source. Correct Answer: D
Refer to the exhibit. An engineer must create a manually triggered EEM applet to enable the R2 router interface and assign an IP address to it. What is required to complete this configuration? A. R2(config-apple)#action 4 cli command "ip add 172.16.1.1 0.0.0.255" B. R2(config)# event manager session cli username C. R2(config-applet)# event oir D. R2(config-applet)# event none sync yes Correct Answer: D
What is stateful switchover? A. cluster protocol used to facilitate switch failover B. mechanism to take control from a failed RP while maintaining connectivity C. mechanism used to prevent routing protocol loops during an RP switchover D. First Hop Redundancy Protocol for host gateway connectivity Correct Answer: B
Which two features are available only in next-generation rewalls? (Choose two.) A. application awareness B. packet filtering C. stateful inspection D. deep packet inspection E. virtual private network Correct Answer: AD
Refer to the exhibit. Which result is achieved by the CoPP configuration? A. traffic that matches entry 10 of ACL 100 is always dropped. B. Class-default is dropped. C. traffic that matches entry 10 of ACL 100 is always allowed with a limited CIR. D. traffic that matches entry 10 of ACL 100 is always allowed. Correct Answer: D
An engineer must use flexible NetFlow on a group of switches. To prevent overloading of the flow connector, if the flow is idle for 20 seconds, the flow sample should be exported. Which command set should be applied? A. flow record record flow exporter owexport record record flow cache timeout active 120 cache timeout inactive 20 cache type immediate B. flow monitor monitor flow exporter owexport record record flow cache timeout active 120 cache timeout inactive 20 cache type immediate C. flow monitor monitor flow exporter record flow cache timeout active 120 cache timeout inactive 20 cache type permanent D. flow record record flow match ipv6 destination ip-address match ipv6 source ip-address match ipv6 protocol-type view match interface input match interface output match transport destination-port collect counter bytes long Correct Answer: B
When a branch location loses connectivity, which Cisco FlexConnect state rejects new users but allows existing users to function normally? A. Authentication-Down/Switch-Local B. Authentication-Down/Switching-Down C. Authentication-Central/Switch-Local D. Authentication-Local/Switch-Local Correct Answer: A
Refer to the exhibit. Which action does the Python script accomplish? A. connects to the device using Telnet and exports the routing table information B. connects to the device using SSH and exports the routing table information C. displays the output of the show command in an unformatted way D. displays the output of the show command in a formatted way Correct Answer: B
An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply? A. ip access-list extended nms permit 1 host 10.15.2.19 any snmp-server view ro internet included snmp-server view ro ifEntry included snmp-server group nms v3 priv notify ro access nms snmp-server user user1 nms v3 encrypted auth md5 Password1 pri 3des Password123 B. ip access-list standard nms permit 10.15.2.19 0.0.0.0 snmp-server view ro iso included snmp-server view ro ifEntry included snmp-server group nms v3 priv read ro access nms snmp-server user user1 nms v3 auth sha Password1 pri aes 256 Password123 C. ip access-list standard nms permit 10.15.2.19 0.0.0.0 snmp-server view rw iso included snmp-server view rw ifEntry included snmp-server group nms v3 auth write rw access nms snmp-server user user1 nms v3 auth des Password1 pri des Password123 D. ip access-list standard nms permit 10.15.2.19 255.255.255.255 snmp-server view ro iso included snmp-server view ro ifEntry included snmp-server group nms v3 priv read ro access nms snmp-server user user1 nms v3 auth 3des Password1 pri aes 192 Password123 Correct Answer: B
Refer to the exhibit. An engineer attempts to configure standby group 512 on interface GigabitEthernet0/1, but the configuration is not accepted. Which command resolves this problem? A. standby redirects B. standby 512 priority 100 C. standby 512 preempt D. standby version 2 Correct Answer: D
Which type of antenna is designed to provide a 360-degree radiation pattern? A. Yagi B. patch C. directional D. omnidirectional Correct Answer: D
Which two security mechanisms are used by Cisco Threat Defense to gain visibility into the most dangerous cyber threats? (Choose two.) A. virtual private networks B. file reputation C. VLAN segmentation D. traffic Telemetry E. dynamic enforce policy Correct Answer: BD
Which action is a LISP ITR responsible for? A. responding to map-request messages B. forwarding user data traffic C. nding EID-to-RLOC mappings D. accepting registration requests from ETRs Correct Answer: C
An engineer modifies the existing ISE guest portal URL to use a static FQDN. Users immediately report that they receive certificate errors when they are redirected to the new page. Which two additional configuration steps are needed to implement the change? (Choose two.) A. Add a new DNS record to resolve the FQDN to the PSN IP address B. Create and sign a new CSR that contains the static FQDN entry C. Manually configure the hosts file on each user device. D. Disable HTTPS on the WLC under the Management menu E. Add the FQDN entry under the WLC virtual interface Correct Answer: AB
Which JSON script is properly formatted?
A. C Correct Answer:
What is contained in the VXLAN header? A. VXLAN network identifier B. source and destination RLOC ID C. endpoint ID D. original Layer 2 VLAN ID Correct Answer: D
Refer to the exhibit. Clients are reporting an issue with the voice traffic from the branch site to the central site. What is the cause of this issue? A. There is a routing loop on the network B. There is a high delay on the WAN links C. traffic is load-balancing over both links, causing packets to arrive out of order D. The voice traffic is using the link with less available bandwidth Correct Answer: C
Which virtualization component creates VMs and performs hardware abstraction that allows multiple VMs to run at the same time? A. container B. Docker C. hypervisor D. rkt Correct Answer: C
Refer to the exhibit. An SSID is configured and both clients can reach their gateways on the Layer 3 switch, but they cannot communicate with each other. Which action resolves this issue? A. Set the WMM Policy to Allowed B. Set the P2P Blocking Action to Disabled C. Set the WMM Policy to Required D. Set the P2P Blocking Action to Forward-UpStream Correct Answer: B
What is a characteristic of VXLAN? A. It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay B. It has a 12-byte packet header C. It uses TCP for transport, D. It is a multi-tenant solution. Correct Answer: D
Which network devices secure API platforms? A. content switches B. web application rewalls C. next-generation intrusion detection systems D. Layer 3 transit network devices Correct Answer: B
What does Call Admission Control require the client to send in order to reserve the bandwidth? A. SIP flow information B. Wi-Fi multimedia C. VoIP media session awareness D. traffic specification Correct Answer: D
Which capability does a distributed virtual switch have? A. use floating static routes B. provide configuration consistency across the hosts C. run dynamic routing protocols D. use advanced IPsec encryption algorithms Correct Answer: B
Which two methods are used to assign security group tags to the user in a Cisco TrustSec. architecture? (Choose two.) A. web authentication B. IEEE 802.1x C. DHCP D. modular QoS E. policy routing Correct Answer: BC
Which resource must the hypervisor make available to the virtual machines? A. bandwidth B. IP address C. processor D. secure access Correct Answer: C
Refer to the exhibit. An engineer must configure a Cisco WLC with WPA2 Enterprise mode and avoid global server lists. Which action is required? A. Enable EAP parameters B. Apply CISCO ISE default settings C. Select a RADIUS authentication server D. Disable the RADIUS server accounting interim update Correct Answer: C
Refer to the exhibit. An administrator must collect basic statistics about the approximate amount of IPv4 and IPv6 ows entering Gi0/0 using NetFlow. However, the administrator is concerned that NetFlow processing during periods of high utilization on Gi0/0 will overwhelm the router CPU. Which configuration minimizes CPU impact and keeps the data ows across Gi0/0 intact?
A. Correct Answer: A
Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two.) A. authorization B. custom headers C. request management D. authentication E. accounting Correct Answer: AD
Which characteristic applies to the endpoint security aspect of the Cisco Threat Defense architecture? A. detect and block ransomware in email attachments B. outbound URL analysis and data transfer controls C. user context analysis D. blocking of leless malware in real time Correct Answer: D
Refer to the exhibit. An administrator writes a script to fetch the list of devices that are registered with Cisco DNA Center. Why does the execution abort? A. The TLS certificate of DNA Center is invalid B. The username or the password is incorrect C. The "dna-center" hostname cannot be resolved to an IP address D. The authentication URL is incorrect Correct Answer: B
Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources? A. native B. bare metal C. type 1 D. type 2 Correct Answer: D
Refer to the exhibit. The NETCONF object is sent to a Cisco IOS XE switch. What is the purpose of the object? A. Discover the IP address of interface GigabitEthernet1 B. Remove the IP address from interface GigabitEthernet1 C. Set the description of interface GigabitEthernet1 to "1" D. View the configuration of all GigabitEthernet interfaces Correct Answer: A
Which protocol does Cisco SD-WAN use to protect control plane communication? A. STUN B. OMP C. IPsec D. DTLS Correct Answer: D
Which security option protects credentials from sniffer attacks in a basicAPI authentication? A. next-generation firewall B. TLS or SSL for communication C. VPN connection between client and server D. AAA services to authenticate the API Correct Answer: B
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied? A. aaa authentication exec default radius local B. aaa authentication exec default radius C. aaa authorization exec default radius local D. aaa authorization exec default radius Correct Answer: A
What does the Cisco WLC Layer 3 roaming feature allow clients to do? A. maintain their IP address when roaming to an AP or controller with a different client VLAN assignment B. maintain their connection between APs even when the AP management VLANs are different C. maintain their connection even if the client IP address changes when roaming D. roam seamlessly between controllers even when the controller management VLANs are different Correct Answer: A
Which JSON script is properly formatted?
A. Correct Answer: A
What is the function of Cisco DNA Center in a Cisco SD-Access deployment? A. It is responsible for the design, management, deployment, provisioning, and assurance of the fabric network devices B. It is responsible for routing decisions inside the fabric C. It provides integration and automation for all nonfabric nodes and their fabric counterparts D. It possesses information about all endpoints, nodes, and external networks related to the fabric Correct Answer: A
How do the MAC address table and TCAM differ? A. TCAM is populated from the ARP file, and the MAC address table is populated from the switch configuration file B. TCAM stores Layer 2 forwarding information, and the MAC address table stores QoS information C. TCAM lookups can match only 1s and 0s, and MAC address lookups can match 1s, 0s and a third "care/don't care" state D. TCAM is a type of memory and the MAC address table is a logical structure Correct Answer: D
Which technology provides an overlay fabric to connect remote locations utilizing commodity data paths and improves network performance, boosts security, and reduces costs? A. In niBand B. VTEP C. SD-WAN D. VXLAN Correct Answer: C
Which two actions are recommended as security best practices to protect REST API? (Choose two.) A. Enable dual authentication of the session B. Use a password hash C. Use SSL for encryption D. Use TACACS+ authentication E. Enable out-of-band authentication Correct Answer: AC
Refer to the exhibit. An engineer is configuring WebAuth on a Cisco Catalyst 9800 Series WL A. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use it on the WebAuth splash page. What must be configured so that the clients do not receive a certificate error? B. Virtual IPv4 Hostname must match the CN of the certificate C. Virtual IPv4 Address must be set to a routable address D. Web Auth Intercept HTTPs must be enabled E. Trustpoint must be set to the management certificate of the WLC Correct Answer: A
Refer to the exhibit. Which configuration must be added to enable remote access only using SSHv1 or SSHv2 to this router?
A. C Correct Answer:
Refer to the exhibit. What is the output of this code? A. 1st_item#######: 645298791871446 2nd_item_that_must_display: jlugyydt## B. 1st_item#######: 6452987918 2nd_item_that_m: jlugyydt## C. 1st_item#######: 8791871446 at_must_display: jlugyydt D. 645298791871446 ##jlugyydt Correct Answer: B
Refer to the exhibit. An engineer is troubleshooting an issue with non-Wi-Fi interference on the 5-GHz band. The engineer has enabled Cisco CleanAir and set the appropriate traps, but the AP does not change the channel when it detects significant interference. Which action will resolve the issue? A. Enable the Avoid Persistent Non-WiFi interference option B. Change the DCA Sensitivity option to High C. Enable the Event Driven Radio Resource Management option D. Disable the Avoid Foreign AP Interference option Correct Answer: C
Refer to the exhibit. What is achieved by the XML code? A. It displays the access list sequence numbers from the output of the show ip access-list extended p command on the terminal screen B. It displays the output of the show ip access-list extended p command on the terminal screen C. It reads the access list sequence numbers from the output of the show ip access-list extended p command into a dictionary list D. It reads the output of the show ip access-list extended p command into a dictionary list Correct Answer: D
An engineer measures the Wi-Fi coverage at a customer site The RSSI values are recorded as follows: · Location A: -72 dBm · Location B: -75 dBm · Location C -65 dBm · Location D -80 dBm Which two statements does the engineer use to explain these values to the customer? (Choose two.) A. The signal strength at location C is too weak to support web sur ng B. Location D has the strongest RF signal strength C. The RF signal strength at location B is 50% weaker than location A D. The RF signal strength at location C is 10 times stronger than location B E. The signal strength at location B is 10 dB better than location C Correct Answer: CD
Where are operations related to software images located in the Cisco DNA Center GUI? A. Services B. Provisioning C. Assurance D. Design Correct Answer: B
What is a difference between OSPF and EIGRP? A. OSPF uses a default hello timer of 5 seconds. EIGRP uses a default hello timer of 10 seconds. B. OSPF uses multicast addresses 224.0.0.5 and 224.0.0.6. EIGRP uses multicast address 224.0.0.10. C. OSPF uses an administrative distance of 115. EIGRP uses an administrative distance of 160. D. OSPF uses IP protocol number 88. EIGRP uses IP protocol number 89. Correct Answer: B
Which feature is provided by Cisco Mobility Services Engine in a Cisco Wireless unified Network architecture? A. It adds client packet capturing. B. It enables NetFlow data collection. C. It adds client tracking and location API. D. It identifies authentication problems. Correct Answer: C
Which unit of measure is used to measure wireless RF SNR? A. dBi B. dB C. dBm D. mW Correct Answer: C
In a campus network design, what are two benefits of using BFD for failure detection? (Choose two.) A. BFD speeds up routing convergence time. B. BFD is an efficient way to reduce memory and CPU usage. C. BFD provides fault tolerance by enabling multiple routers to appear as a single virtual router. D. BFD provides path failure detection in less than a second. E. BFD enables network peers to continue forwarding packets in the event of a restart. Correct Answer: AD
Refer to the exhibit. A network engineer issues the debug command while troubleshooting a network issue. What does the output confirm? A. ACL 100 is tracking ICMP traffic from 10.1.1.1 destined for 1.1.1.1. B. ACL100 is tracking all traffic from 10.1.1.1 destined for 1.1.1.1. C. ACL100 is tracking ICMP traffic from Serial1/0 destined for Serial3/0. D. ACL100 is tracking ICMP traffic from 1.1.1.1 destined for 10.1.1.1. Correct Answer: D
Refer to the exhibit. An engineer must update the existing configuration to achieve these results: · Only administrators from the 192.168.1.0/24 subnet can access the vty lines. · Access to the vty lines using clear-text protocols is prohibited. Which command set should be applied?
A. C Correct Answer:
Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network? A. NBAR2 B. IPFIX C. 8 D. flexible Correct Answer: D
Refer to the exhibit. What is printed to the console when this script is run? A. a key-value pair in tuple type B. an error C. a key-value pair in list type D. a key-value pair in string type Correct Answer: D
What is a difference between Chef and other automation tools? A. Chef is an agentless tool that uses playbooks, and Ansible is an agent-based tool that uses cookbooks. B. Chef is an agentless tool that uses a primary/minion architecture, and SaltStack is an agent-based tool that uses a primary/secondary architecture C. Chef is an agent-based tool that uses cookbooks, and Ansible is an agentless tool that uses playbooks. D. Chef uses Domain specific Language, and Puppet uses Ruby. Correct Answer: C
An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement? A. 802.1X and Fast Transition B. FT PSK and Fast Transition C. 802.1X and SUITEB-1X D. FT PSK and SUITEB-1X Correct Answer: D
Refer to the exhibit. An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users. The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected. Which WLC configuration change resolves the issue? A. Enable AAA Override. B. Enable Aironet I C. Set MFP client protection to Required. D. Change NAC state to ISE NA E. Correct Answer: A
What is one role of the VTEP in a VXLAN environment? A. to maintain VLAN configuration consistency B. to forward packets to non-LISP sites C. to provide EID-to-RLOC mapping D. to encapsulate the tunnel Correct Answer: D
How is CAPWAP data traffic encapsulated when running an Over the Top WLAN in a Cisco SD-Access wireless environment? A. LISP B. VXLAN C. GRE D. IPsec Correct Answer: B
Refer to the exhibit. What does the Python code accomplish? A. It configures interface e1/32 to be in an admin down state B. It generates a status code of 403 because the type is incorrect. C. It configures interface e1/32 to be in an err-disable state. D. It returns data in JSON-RPC format. Correct Answer: A
Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device? A. Enable the NETCONF service. B. Enable the SSH service. C. Enable the IOX service. D. Enable the HTTPS service. Correct Answer: D
Which JSON script is properly formatted?
A. Correct Answer: C
Which technology is used as the basis for the Cisco SD-Access data plane? A. LISP B. 802.1Q C. VXLAN D. IPsec Correct Answer: C
How is OAuth framework used in REST API? A. as a framework to hash the security information in the REST URL B. by providing the external application a token that authorizes access to the account C. as a framework to hide the security information in the REST URL D. by providing the user credentials to the external application Correct Answer: B
What is a characteristic of Cisco DNA southbound APIs? A. implements monitoring by using the SOAP protocol B. enables orchestration and automation of network devices based on intent C. utilizes REST API D. simpli es management of network devices Correct Answer: D
Where is the wireless LAN controller located in a mobility express deployment? A. The wireless LAN controller exists in a server that is dedicated for this purpose. B. The wireless LAN controller is embedded into the access point. C. The wireless LAN controller exists in the cloud. D. There is no wireless LAN controller in the network. Correct Answer: B
Refer to the exhibit. A network engineer must permit administrators to automatically authenticate if there is no response from either of the AAA servers. Which configuration achieves these results? A. aaa authentication enable default group radius local B. aaa authentication login default group radius C. aaa authentication login default group tacacs+ line D. aaa authentication login default group radius none Correct Answer: D
What is one difference between SaltStack and Ansible? A. SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box. B. SaltStack uses an API proxy agent to program Cisco boxes in agent mode, whereas Ansible uses a Telnet connection. C. SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus. D. SaltStack is constructed with minion, whereas Ansible is constructed with YAML. Correct Answer: D
Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints? A. DTLS B. IPsec C. PGP D. HTTPS Correct Answer: A
A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EoIP tunnel remains in an UP state in the event of failover on the SSO cluster? A. Use the same mobility domain on all WLCs. B. Enable default gateway reachability check. C. configure back-to-back connectivity on the RP ports. D. Use the mobility MAC when the mobility peer is configured. Correct Answer: D
Which configuration lters out DOT1X messages in the format shown below from being sent toward Syslog server 10.15.20.33? Nov 20 13:47:32/553 %DOT1X-5-FAIL:Authentication failed for client (e04f.438e.de4f) on interface Gi1/0/1 AudtiSessionID 0A0B50A5000004543910739E A. logging discriminator DOT1X facility drops DOT1X logging host 10.15.20.33 discriminator DOT1X B. logging discriminator DOT1X msg-body drops DOTX logging host 10.15.20.33 discriminator DOTX C. logging discriminator DOT1X mnemonics includes DOTX logging host 10.15.20.33 discriminator DOT1X D. logging discriminator DOT1X mnemonics includes DOT1X logging host 10.15.20.33 discriminator DOTX Correct Answer: B
Refer to the exhibit. A network engineer is troubleshooting an issue with the file server based on reports of slow file transmissions. Which two commands or command sets are required to switch SW1 to analyze the traffic from the file server with a packet analyzer? (Choose two.) A. SW1#show monitor B. SW1(config)#monitor session 1 source interface gigabitethernet0/3 SW1(config)#monitor session 1 destination interface gigabitethernet0/1 encapsulation replicate C. SW1#show ip route D. SW1#show vlan E. SW1(config)#monitor session 1 source interface gigabitethernet0/1 SW1(config)#monitor session 1 destination interface gigabitethernet0/3 encapsulation replicate AB Correct Answer:
What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two.) A. It enforces a single, scalable, hub-and-spoke topology. B. It simpli es endpoint provisioning through standalone router management. C. It allows configuration of application-aware policies with real time enforcement. D. It improves endpoint protection by integrating embedded and cloud security features. E. It provides resilient and effective traffic flow using MPLS. Correct Answer: CD
Which two functions is an edge node responsible for? (Choose two.) A. authenticates endpoints B. provides the default entry point for fabric traffic C. provides multiple entry and exit points for fabric traffic D. provides the default exit point for fabric traffic E. provides a host database that maps endpoint IDs to a current location Correct Answer: AC
Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two.) A. R2 - router ospf 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0 B. R1 - router ospf 0 network 192.168.1.0 255.255.255.0 area 0 network 192.168.2.0 255.255.255.0 area 0 C. R2 - router ospf 0 network 172.16.1.0 255.255.255.0 area 0 network 172.16.2.0 255.255.255.0 area 0 D. R1 - router ospf 0 network 192.168.1.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0 E. R2 - router ospf 0 network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 255.255.255.0 area 0 Correct Answer: AD
Which Python library is used to work with YANG data models via NETCONF? A. ncclient B. requests C. cURL D. Postman Correct Answer: A
Refer to the exhibit. A network architect has partially configured static NAT. Which commands should be added to complete the configuration? A. R1(config)# interface GigabitEthernet 0/0 R1(config)# ip pat inside - R1(config)# interface GigabitEthernet 0/1 R1(config)# ip pat outside - B. R1(config)# interface GigabitEthernet 0/0 R1(config)# ip pat outside - R1(config)# interface GigabitEthernet 0/1 R1(config)# ip pat inside - C. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip nat inside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip nat outside - D. R1(config)# interface GigabitEthernet 0/0 R1(config-if)# ip nat outside - R1(config)# interface GigabitEthernet 0/1 R1(config-if)# ip nat inside Correct Answer: D
Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied? A. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1 (config)#interface giga 0/2 - R1 (config-if)#ip access-group 120 in B. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20 R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21 R1(config)#interface giga 0/2 - R1 (config-if)#ip access-group 120 in C. R1 (config)# access-list 120 deny any any R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21 R1 (config)#interface giga 0/0 - R1(config-if)#ip access-group 120 out D. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1(config)# access-list 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R1 (config)#interface giga 0/2 - R1(config-if)#ip access-group 120 out Correct Answer: B
High bandwidth utilization is occurring on interface Gig0/1 of a router. An engineer must identify the ows that are consuming the most bandwidth. Cisco DNA Center is used as a flow exporter and is configured with the IP address 192.168.23.1 and UDP port 23000. Which configuration must be applied to set NetFlow data export and capture on the router?
A. Correct Answer: A
Which DNS record type is required to allow APs to discover a WLC by using DNS on IPv4? A. NS B. A C. SOA D. MX Correct Answer: B
What is modularity in network design? A. ability to bundle several functions into a single layer of the network B. ability to create self-contained, repeatable sections of the network C. ability to self-heal the network to prevent service outages D. ability to scale and accommodate future needs of the network Correct Answer: B
Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable access? A. R1 (config)# ip tacacs source-interface Gig 0/0 B. R1 (config)# tacacs server prod - R1(config-server-tacacs)# port 1020 C. R1 (config)# aaa authorization exec default group tacacs+ local D. R1 (config)# tacacs server prod - R1(config-server-tacacs)# key cisco123 Correct Answer: D
A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop their connections and change IP addresses when roaming. Which action resolves this issue? A. configure high availability. B. Enable fast roaming. C. configure mobility groups. D. Enable client load balancing Correct Answer: C
What is one difference between the RIB and the FIB? A. The RIB keeps all routing information received from peers, and the FIB keeps the minimum information necessary to make a forwarding decision. B. The RIB works at the data plane, and the FIB works at the control plane. C. The FIB contains routing prefixes, and the RIB contains the Layer 2 and Layer 3 information necessary to make a forwarding decision. D. The RIB is known as the CEF table, and the FIB is known as the routing table. Correct Answer: A
What is a characteristic of an AP operating in FlexConnect mode? A. All traffic traverses the WLC to ensure policy enforcement on client traffic. B. Forwarding for locally switched traffic continues when the AP loses connectivity to the WL C. APs connect in a mesh topology and elect a root AP D. FlexConnect enables an AP to connect to multiple WLCs. Correct Answer: D
What is the benefit of using TCAM for IP forwarding decisions versus using the CAM table? A. TCAM finds results based on binary, and CAM uses the longest match to find results B. TCAM processes lookups in a hardware CPU. and CAM relies on binary masks to find results. C. TCAM finds results based on masks, and CAM finds results basing on exact match. D. TCAM uses low cost hardware memory to store addresses, and CAM uses expensive hardware memory. Correct Answer: C
Refer to the exhibit. Two indirectly connected routers fail to form an OSPF neighborship. What is the cause of the issue? A. failing hello packets between the two routers B. DR/BDR selection dispute C. MTU mismatch D. OSPF network type mismatch Correct Answer: C
What is a characteristic of a Type 2 hypervisor? A. It is completely independent of the operating system. B. It is installed on an operating system and supports other operating systems. C. It eliminates the need for an underlying operating system. D. Its main task is to manage hardware resources between different operating systems. Correct Answer: B
What are two benefits of implementing a traditional WAN instead of an SD-WAN solution? (Choose two.) A. lower control plane abstraction B. faster fault detection C. simplified troubleshooting D. comprehensive configuration standardization E. lower data plane overhead Correct Answer: CD
Which technology uses network traffic telemetry, contextual information, and file reputation to provide insight into cyber threats? A. security services B. security intelligence C. segmentation D. threat defense Correct Answer: B
Which IEEE standard provides the capability to permit or deny network connectivity based on the user or device identity? A. 802.1d B. 802.1w C. 802.1q D. 802.1x Correct Answer: D
Refer to the exhibit.The CPE router acts as a DHCP server for the locally attached LAN. After DHCP snooping is enabled on the switch where the DHCP clients are connected, clients are unable to obtain their configuration from the DHCP server. What is the cause of this issue? A. The IP address of the DHCP server is in the excluded DHCP range. B. The configuration of Gi0/1 is missing the ip helper-address 192.168.255.1 command. C. The DHCP server drops DHCP packets carrying Option 82 and an empty relay agent IP address. D. The excluded DHCP range contains the subnet address of the entire LAN network. Correct Answer: C
Which solution simpli es management of secure access to network resources? A. RFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs B. 802.1AE to secure communication in the network domain C. ISE to automate network access control leveraging RADIUS AV pairs D. TrustSec to logically group internal user environments and assign policies Correct Answer: C
What is the recommended minimum SNR for data applications on wireless networks? A. 20 B. 25 C. 15 D. 10 Correct Answer: A
What does the Cisco DNA Center Authentication API provide? A. list of VLAN names B. client health status C. access token to make calls to Cisco DNA Center D. list of global issues that are logged in Cisco DNA Center Correct Answer: C
What does the destination MAC on the outer MAC header identify in a VXLAN packet? A. the leaf switch B. the next hop C. the remote switch D. the remote spine Correct Answer: B
What does the statement print(format(0.8, '.0%')) display? Correct Answer: D Correct Answer: D
An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use? A. aaa new-model aaa authentication login console local B. aaa new-model aaa authentication login console group radius C. aaa new-model aaa authentication login default enable D. aaa new-model aaa authentication enable default Correct Answer: B
When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC? A. CONTROLLER-CAPWAP-CISCO B. CISCO-CONTROLLER-CAPWAP C. CAPWAP-CISCO-CONTROLLER D. CISCO-CAPWAP-CONTROLLER Correct Answer: D
Refer to the exhibit. An engineer tries to log in to router R1. Which configuration enables a successful login? A. R1#username admin privilege 15 - aaa authorization exec default local B. R1#username admin privilege 15 - aaa authorization exec default local netconf-yang C. R1#netconf-yang - username admin privilege 15 secret cisco123 aaa new-model aaa authorization exec default local D. R1#aaa new-model - aaa authorization exec default local enable aaa admin privilege 15 Correct Answer: C
Which statement must be used to export the contents of the devices object in JSON format?A. json.repr(Devices) B. json.loads(Devices) C. json.print(Devices) D. json.dumps(Devices) Correct Answer: D
Why does the vBond orchestrator have a public IP? A. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal B. to provide access to Cisco Smart Licensing servers for license enablement C. to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space D. to facilitate downloading and distribution of operational and security patches Correct Answer: A
Why would a small or mid-size business choose a cloud solution over an on-premises solution? A. Cloud provides greater ability for customization than on-premises. B. Cloud provides more control over the implementation process than on-premises. C. Cloud provides lower upfront cost than on-premises. D. Cloud provides higher data security than on-premises. Correct Answer: C
Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.) A. stateful packet inspection B. integrated intrusion prevention C. NAT D. VPN E. application-level inspection Correct Answer: BE
Refer to the exhibit. An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script? A. action 6.0 cli command "ip access-list extended 101" B. action 3.1 cli command "ip access-list extended 101" C. event none D. action 2.1 cli command "ip access-list extended 101" Correct Answer: C
Refer to the exhibit. An engineer is troubleshooting an issue with client devices triggering excessive power changes on APs in the 2.4 GHz band. Which action resolves this issue? A. Disable Aironet I B. Set the 802.11b/g/n DTIM interval to 0. C. Enable MFP Client Protection. D. Disable Coverage Hole Detection. Correct Answer: D
Refer to the exhibit. What is the effect of these commands on the BR and HQ tunnel interfaces?
A. The keepalives are sent every 3 seconds and 5 retries. B. The tunnel line protocol goes down when the keepalive counter reaches 5. C. The keepalives are sent every 5 seconds and 3 retries. D. The tunnel line protocol goes down when the keepalive counter reaches 6. Correct Answer: C
By default, which virtual MAC address does HSRP group 30 use? A. 05:0c:5e:ac:07:30 B. 00:00:0c:07:ac:1e C. 00:43:19:74:89:1e D. 00:05:0c:07:ac:30 Correct Answer: B
Which NTP mode must be activated when using a Cisco router as an NTP authoritative server? A. primary B. peer C. broadcast client D. server Correct Answer: B
Refer to the exhibit.Which router is elected as the VRRP primary virtual router? A. Router A B. Router B C. Router C D. Router D Correct Answer: C
An engineer applies this EEM applet to a router:What does the applet accomplish? A. It generates a syslog message every 600 seconds on the status of the speci ed MAC address. B. It compares syslog output to the MAC address table every 600 seconds and generates an event when no match is found. C. It compares syslog output to the MAC address table every 600 seconds and generates an event when there is a match. D. It checks the MAC address table every 600 seconds to see if the speci ed address has been learned. Correct Answer: D
Which authorization framework gives third-party applications limited access to HTTP services? A. IPsec B. GRE C. Basic Auth D. OAuth 2.0 Correct Answer: D
How does Cisco Express Forwarding switching differ from process switching on Cisco devices? A. Cisco Express Forwarding switching saves memory by storing adjacency tables in dedicated memory on the line cards, and process switching stores all tables in the main memory. B. Cisco Express Forwarding switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table. C. Cisco Express Forwarding switching uses dedicated hardware processors, and process switching uses the main processor. D. Cisco Express Forwarding switching uses a proprietary protocol based on IS-IS for MAC address lookup, and process switching uses the MAC address table. Correct Answer: A
Refer to the exhibit. What is the result of running this code? A. A list of lists is created. B. A list of new VLANs is created. C. An error is displayed. D. A dictionary is created. Correct Answer: B
Refer to the exhibit. The administrator configures an ERSPAN session, but no packets are received on the destination host. Which action is required to complete the configuration? A. Ensure that the ERSPAN destination addresses are not reachable through the Mgmt-vrf VR B. Ensure that the ERSPAN destination is reachable from the switch. C. configure the ERSPAN destination VLAN as an RSPAN VLAN. D. Enable the ERSPAN session. Correct Answer: D
Refer to the exhibit. Which command is required on router R1 to start receiving RESTCONF requests? A. R1(config)# ip http accounting commands 12 default B. R1(config)# ip http server C. R1(config)# restconf D. R1(config)# ip http access-class 12 Correct Answer: C
What is a command-line tool for consuming REST APIs? A. Python requests B. Postman C. cURL D. Firefox Correct Answer: C
An engineer receives a report that an application exhibits poor performance. On the switch where the server is connected, this syslog message is visible: SW_MATM-4-MACFLAP_NOTIF: Host 0054.3962.7651 in vlan 14 is apping between port Gi1/0/1 and port Gi1/0/2. What is causing the problem? A. undesirable load-balancing configuration on the switch B. invalid port channel configuration on the switch C. wrong SFP+ and cable connected between the server and the switch D. failed NIC on the server Correct Answer: A
Refer to the exhibit. Why does the OSPF neighborship fail between the two interfaces? A. The MTU is not the same. B. The OSPF timers are different. C. There is a mismatch in the OSPF interface network type. D. The IP subnet mask is not the same. Correct Answer: D
Which technology enables a redundant supervisor engine to take over when the primary supervisor engine fails? A. SSO B. FHRP C. graceful restart D. NSF Correct Answer: A
A customer requires their wireless data traffic to egress at the switch port of the access point. Which access point mode supports this? A. FlexConnect B. Sniffer C. Bridge D. Monitor Correct Answer: A
What is a capability of the Cisco DNA Center southbound API? A. It adds support for managing non-Cisco devices from Cisco DNA Center. B. It connects to ITSM services such as ServiceNow. C. It sends webhooks from Cisco DNA Center when alerts are triggered. D. It allows administrators to make API calls to Cisco DNA Center. Correct Answer: A
Refer to the exhibit. Which command set enables router R2 to be configured via NETCONF? A. R1(config)# netconf - R1(config)# ip http secure-server B. R1(config) # username Netconf privilege 15 password example_password R1(config)# netconf-yang - R1(config)# netconf-yang feature candidate-datastore C. R1(config)# snmp-server manager - R1(config)# snmp-server community ENCOR rw D. R1(config)# snmp-server manager - R1(config)# snmp-server community ENCOR ro Correct Answer: B
In the Cisco DNA Center Image Repository, what is a golden image? A. The latest software image that is available for a specific device type. B. The Cisco recommended software image for a specific device type. C. A software image that is compatible with multiple device types. D. A software image that meets the compliance requirements of the organization. Correct Answer: B
A wireless administrator must create a new web authentication corporate SSID that will be using ISE as the external RADIUS server. The guest VLAN must be speci ed after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN? A. Enable AAA Override. B. Enable Network Access Control State. C. Set AAA Policy name. D. Set RADIUS Pro ling. Correct Answer: D
An engineer must configure an EXEC authorization list that first checks a AAA server then a local username. If both methods fail, the user is denied. Which configuration should be applied? A. aaa authorization exec default local group radius none B. aaa authorization exec default group radius local none C. aaa authorization exec default group radius local D. aaa authorization exec default local group tacacs+ Correct Answer: C
Refer to the exhibit.A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied? A. AP(config-if-ssid)# authentication open eap eap_methods B. AP(config-if-ssid)# authentication dynamic open wep_dynamic C. AP(config-if-ssid)# authentication dynamic wep wep_methods D. AP(config-if-ssid)# authentication open wep wep_methods Correct Answer: D
Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Which command set accomplishes this task? A. SW1(config)# mac access-list extended HOST-A-B SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd SW1(config)# ip access-list extended DENY-HTTP SW1(config-ext-nacl)# deny tcp host 10.1.1.10 host 10.1.1.20 eq www SW1(config)# vlan access-map DROP-MAC 10 SW1(config-access-map)# match mac address HOST-A-B SW1(config-access-map)# action drop SW1(config)# vlan access-map HOST-A-B 20 SW1(config-access-map)# match ip address DENY-HTTP SW1(config-access-map)# action drop SW1(config)# vlan filter HOST-A-B vlan 10 B. SW1(config)# ip access-list extended DENY-HTTP SW1(config-ext-nacl)# deny tcp host 10.1.1.10 host 10.1.1.20 eq www SW1(config)# ip access-list extended MATCH_ALL SW1(config-ext-nacl)# permit ip any any SW1(config)# vlan access-map HOST-A-B 10 SW1(config-access-map)# match ip address DENY-HTTP SW1(config-access-map)# action drop SW1(config)# vlan access-map HOST-A-B 20 SW1(config-access-map)# match ip address MATCH_ALL SW1(config-access-map)# action forward SW1(config)# vlan filter HOST-A-B vlan 10 C. SW1(config)# mac access-list extended HOST-A-B SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd SW1(config)# ip access-list extended DENY-HTTP SW1(config-ext-nacl)# permit tcp host 10.1.1.10 host 10.1.1.20 eq www SW1(config)# vlan access-map DROP-MAC 10 SW1(config-access-map)# match mac address HOST-A-B SW1(config-access-map)# action forward SW1(config)# vlan access-map HOST-A-B 20 SW1(config-access-map)# match ip address DENY-HTTP SW1(config-access-map)# action drop SW1(config)# vlan filter HOST-A-B vlan 10 Correct Answer: B
A network engineer wants to configure console access to a router without using AAA so that the privileged exec mode is entered directly after a user provides the correct login credentials. Which action achieves this goal? A. configure a RADIUS or TACACS+ server and use it to send the privilege level. B. configure login authentication privileged on line con 0. C. configure privilege level 15 on line con 0. D. configure a local username with privilege level 15. Correct Answer: B
Refer to the exhibit.What is output by this code? A. 0 5 B. 0 1 2 3 4 5 C. 0 1 2 3 4 D. (0,5) Correct Answer: C
What is one benefit of implementing a data modeling language? A. use XML style of data formatting B. interoperability to allow unlimited implementations C. machine-oriented logic and language-facilitated processing D. conceptual representation makes interpretation simple Correct Answer: C
Refer to the exhibit.What is generated by the script? A. the router processes B. the cdp neighbors C. the routing table D. the running configuration Correct Answer: D
What is a benefit of YANG modules? A. tightly coupled models with encoding to improve performance B. easier multivendor interoperability provided by common or industry models C. avoidance of ecosystem fragmentation by having fixed modules that cannot be changed D. single protocol and model coupling to simplify maintenance and support Correct Answer: B
Refer to the exhibit.An engineer must save the configuration of router R2 using the NETCONF protocol. Which script must be used? A.
B.
C.
D.
Correct Answer: A
Which language defines the structure or modeling of data for NETCONF and RESTCONF? A. YAML B. XML C. JSON D. YANG Correct Answer: C
Refer to the exhibit.What is displayed when the code is run? A. The answer is 100 B. The answer is 5 C. The answer is 25 D. The answer is 70 Correct Answer: A
What is the purpose of an integration API in Cisco DNA Center? A. Obtain information about clients, sites, and topology from Cisco DNA Center. B. Enable external systems to take actions in response to an event. C. Allow the platform into approval chains in ITSM. D. Enable discovery and control of the network by using HTTPS verbs. Correct Answer: B
Refer to the exhibit.What is the value of the variable list after the code is run? A. [1, 2, 10] B. [1, 2, 3, 10] C. [1, 2, 10, 4] D. [1, 10,10,10] Correct Answer: C
Which signal strength and noise values meet the minimum SNR for voice networks? A. signal strength -66 dBm, noise 90 dBm B. signal strength -67 dBm, noise 91 dBm C. signal strength -68 dBm, noise 89 dBm D. signal strength -69 dBm, noise 94 dBm Correct Answer: B
A customer requires their wireless network to be fully functional, even if the wireless controller fails. Which wireless design supports these requirements? A. FlexConnect B. mesh C. centralized D. embedded Correct Answer: A
Which two conditions occur when the primary route processor fails on a switch that is using dual route processors with stateful switchover? (Choose two.) A. Data forwarding can continue along known paths until routing protocol information is restored. B. Data forwarding is stopped until the routing protocols reconverge after the switchover. C. The standby route processor is fully initialized and state information is maintained. D. User sessions are immediately recreated on the new active route processor. E. The standby route processor initialization is started when the primary router processor fails. Correct Answer: AC
Refer to the exhibit.Which configuration must be added to R2 to enable PC3 to obtain a DHCP address and successfully ping PC1? A. Router(config)# vrf definition PRODUCTION Router(config-vrf)# address-family ipv4 Router(config)# interface GigabitEthernet 0/0 Router(config-if)# vrf forwarding PRODUCTION Router(config-if)# ip address 10.199.0.1 255.255.252.0 Router(config)# ip dhcp pool R&D Router(dhcp-config)# vrf PRODUCTION B. Router(config)# vrf definition PRODUCTION Router(config-vrf)# rd 1:100 - Router(config)# router eigrp 100 Router(config-rtr)# redistribute vrf PRODUCTION C. Router(config)# vrf definition PRODUCTION Router(config-vrf)# vnet tag 100 Router(config)# interface GigabitEthernet 0/0 Router(config-if)# vnet trunk - D. Router(config)# vrf definition PRODUCTION Router(config-vrf)# rd 1:100 - Router(config-vrf)# address-family ipv4 Router(config)# router eigrp 100 Router(config-rtr)# route-target export 1:100 Correct Answer: A
Which device is responsible for nding EID-to-RLOC mapping when traffic is sent to a LISP-capable site? A. map resolver B. egress tunnel router C. map server D. ingress tunnel router Correct Answer: C
Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP? A. Option 15 B. Option 43 C. Option 125 D. Option 42 Correct Answer: B
Refer to the exhibit.PC 2 cannot communicate with PC 4. Which configuration resolves this issue? A. SW1(config)# interface Gigabitethernet 2/1 SW1(config-if)# switchport mode trunk B. SW1(config)# interface Gigabitethernet 2/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10 C. SW1(config)# interface Gigabitethernet 2/1 SW1(config-if)# switchport trunk allowed vlan add 10 D. SW1(config)# interface Gigabitethernet 2/1 SW1(config-if)# switchport vlan mapping 10 10 Correct Answer: C
A customer has 20 stores located throughout a city. Each store has a single Cisco AP managed by a central WL A. The customer wants to gather analytics for users in each store. Which technique supports these requirements? B. angle of arrival C. presence D. trilateration E. hyperlocation Correct Answer: D
Refer to the exhibit.Two switches are interconnected using interface GigabitEthernet0/0 on both sides. While configuring one of the switches, a network engineer receives the logging message. Which action resolves this issue? A. Block VLAN1 on the trunk interface GigabitEthernet0/0. B. configure interface GigabitEthernet0/0 as an access port. C. configure interface GigabitEthernet0/0 as a trunk port. D. Shutdown interface GigabitEthemet0/0 and bring it back up. Correct Answer: B
By default, which virtual MAC address does HSRP group 12 use? A. 00:00:0c:07:ac:0c B. 00:05:5e:00:0c:12 C. 00:5e:0c:07:ac:12 D. 05:43:84:57:29:2c Correct Answer: A
Refer to the exhibit.An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each other. Which action resolves this issue? A. Enable Client Exclusions. B. Enable P2P Blocking. C. Disable Aironet I D. Enable Wi-Fi Direct Client Policy. Correct Answer: A
Refer to the exhibit.What happens to access interfaces where VLAN 222 is assigned? A. STP BPDU guard is enabled. B. A description "RSPAN" is added. C. They are placed into an inactive state. D. They cannot provide Po E. Correct Answer: C
Refer to the exhibit.Which command is required to validate that an IP SLA configuration matches the traffic between the branch office and the central site? A. R1# show ip sla group schedule B. R1# show ip route C. R1# show ip sla configuration D. R1# show ip sla statistics Correct Answer: C
Refer to the exhibit.The administrator must extend the configuration of the switch to perform remote logging using syslog according to these requirements: · syslog server: 203.0.113.11 reachable through Gi0/0 · initial message severity: notifications · message transport: reliable Which two commands must be added to the configuration to accomplish this goal? (Choose two.) A. logging monitor notifications B. logging host 203.0.113.11 vrf Mgmt-vrf transport tcp C. logging source-Interface GigabitEthernet0/0 vrf Mgmt-vrf D. logging trap notifications E. logging host 203.0.113.11 vrf Mgmt-vrf Correct Answer: BE
Which two prerequisites must be met before Cisco DNA Center can provision device? (Choose two.) A. Cisco DNA Center must have the software image for he provisioned device in its image repository. B. The provisioned device must be put into bootloader mode. C. The provisioned device must be configured with CLI and SNMP credentials that are known to Cisco DNA Center. D. Cisco DNA Center must have IP connectivity to the provisioned device. E. The provisioned device must recognize Cisco DNA Center as its LLDP neighbor. Correct Answer: CE
In Cisco DNA Center, what is used to publish events and notifications to a third-party product such as IPAM? A. intent API B. southbound SDK C. integration API D. RESTful API Correct Answer: B
Router R1 must be configured as a UDP responder on port 6336. Which configuration accomplishes this task? A. (config)#ip sla responder udp-echo ipaddress 10.10.10.1 port 6336 B. (config)#ip sla responder udp-echo ipv4 10.10.10.1 port 6336 C. (config)#ip sla responder ipaddress 10.10.10.1 port 6336 D. (config-if)#ip sla responder udp-port ipaddress 10.10.10.1 port 6336 Correct Answer: A
Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN tunnel? A. (config-mon-erspan-src-dst)# no shut B. (config-mon-erspan-src-dst)# traffic bidirectional C. (config-mon-erspan-src-dst)# monitor session 1 activate D. (config-mon-erspan-src-dst)# ip address 10.10.10.10 Correct Answer: D
Refer to the exhibit.Which configuration enables fallback to local authentication and authorization when no TACACS+ server is available? A. Router(config)# aaa fallback local B. Router(config)# aaa authentication login FALLBACK local Router(config)# aaa authorization exec FALLBACK local C. Router(config)# aaa authentication login default local Router(config)# aaa authorization exec default local D. Router(config)# aaa authentication login default group tacacs+ local Router(config)# aaa authorization exec default group tacacs+ local Correct Answer: D
Which configuration protects the password for the VTY lines against over-the-shoulder attacks? A. line vty 0 15 password $2$FpM7f82! B. username admin secret 7 6j809J23kpp438337113N7%e$ C. line vty 0 4 password $2$FpM7f82! D. service password-encryption Correct Answer: D
Refer to the exhibit.Remote users cannot access the Internet but can upload files to the storage server. Which configuration must be applied to allow Internet access? A. ciscoasa(config)# access-list MAIL_AUTH extended permit udp any any eq http ciscoasa(config)# aaa authentication listener http outside redirect B. ciscoasa(config)# access-list MAIL_AUTH extended permit tcp any any eq www ciscoasa(config)# aaa authentication listener http inside redirect C. ciscoasa(config)# access-list MAIL_AUTH extended permit tcp any any eq http ciscoasa(config)# aaa authentication listener http inside port 43 D. ciscoasa(config)# access-list HTTP_AUTH extended permit udp any any eq http ciscoasa(config)# aaa authentication listener http outside port 43 Correct Answer: B
Refer to the exhibit.Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list? A. R1(config)#no access-list 100 deny ip any any B. R1(config)#no access-list 100 seq 10 R1(config)#access-list 100 seq 40 deny ip any any C. R1(config)#ip access-list extended 100 R1(config-ext-nacl)#5 permit ip any any D. R1(config)#ip access-list extended 100 R1(config-ext-nacl)#no 10 Correct Answer: D
Which security measure mitigates a man-in-the-middle attack of a REST API? A. password hash B. SSL certificates C. nonrepudiation feature D. biometric authentication Correct Answer: B
Refer to the exhibit.Users cannot reach the web server at 192.168.100.1. What is the root cause for the failure? A. The server is attempting to load balance between links 10.100.100.1 and 10.100.200.1. B. There is a loop in the path to the server. C. The gateway cannot translate the server domain name. D. The server is out of service. Correct Answer: B
What is one method for achieving REST API security? A. using a combination of XML encryption and XML signatures B. using HTTPS and TLS encryption C. using a MDS hash to verify the integrity D. using built-in protocols known as Web Services Security Correct Answer: B
What is a benefit of using segmentation with TrustSec? A. Integrity checks prevent data from being modified in transit. B. Packets sent between endpoints on a LAN are encrypted using symmetric key cryptography. C. Security group tags enable network segmentation. D. Firewall rules are streamlined by using business-level profiles. Correct Answer: D
Refer to the exhibit.A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router A. Which configuration must be applied? B. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# access-list 101 deny any RouterB(config)# int g0/0/0 - RouterB(config-if)# ip access-group 101 out C. RouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any RouterB(config)# access-list 101 deny any RouterB(config)# int g0/0/0 - RouterB(config-if)# ip access-group 101 out RouterB(config)# int g0/0/1 - RouterB(config-if)# ip access-group 101 out D. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# access-list 101 deny any RouterB(config)# int g0/0/2 - RouterB(config-if)# ip access-group 101 in E. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any RouterB(config)# int g0/0/0 - RouterB(config-if)# ip access-group 101 out RouterB(config)# int g0/0/1 - RouterB(config-if)# ip access-group 101 out Correct Answer: D
How is traffic classi ed when using Cisco TrustSec technology? A. with the IP address B. with the VLAN C. with the security group tag D. with the MAC address Correct Answer: C
Refer to the exhibit.How should the programmer access the list of VLANs that were received via the API call? A. VlanNames[`response'] B. VlanNames[0] C. VlanNames[`Vlan1'] D. list(VlanNames) Correct Answer: D
An EEM applet contains this command: event snmp oid 1.3.6.1.4.3.8.0.5.8.7.1.3 get-type next entry-op gt entry-val 80 poll-interval 8 What is the result of the command? A. An SNMP event is generated when the value equals 80% for eight polling cycles. B. An SNMP event is generated when the value is greater than 80% for eight polling cycles. C. An SNMP event is generated when the value reaches 80%. D. An SNMP variable is monitored and an action is triggered when the value exceeds 80%. Correct Answer: D
Refer to the exhibit.What does this Python script do? A. enters the TACACS+ username for a specific IP address B. reads the username for a specific IP address from a light database C. writes the username for a specific IP address into a light database D. enters the RADIUS username for a specific IP address Correct Answer: B
Refer to the exhibit.What is output by this code? A. 0 5 B. 0 1 2 3 4 5 C. 0 1 2 3 4 D. (0,5) Correct Answer: B
Which statement describes the Cisco SD-Access plane functionality for fabric-enabled wireless? A. The control plane traffic is sent to the WLC through VXLAN, and the data plane traffic is sent to the WLC through CAPWAP tunnels. B. Control plane traffic and data plane traffic are sent to the WLC through CAPWAP tunnels. C. The control plane traffic is sent to the WLC through CAPWAP tunnels, and the data plane traffic is sent from the AP to the fabric edge switch through VXLAN. D. Control plane traffic and data plane traffic are sent to the WLC through VXLAN. Correct Answer: C
A company hires a network architect to design a new OTT wireless solution within a Cisco SD-Access Fabric wired network. The architect wants to register access points to the WLC tofficentrally switch the traffic. Which AP mode must the design include? A. local B. bridge C. FlexConnect D. fabric Correct Answer: A
Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.) A. SD-Access transit B. fabric interconnect C. wireless transit D. IP-based transit E. SAN transit Correct Answer: AD
What is a characteristic of Cisco SD-WAN? A. uses unique per-device feature templates B. requires manual secure tunnel configuration C. uses control plane connections between routers D. operates over DTLS/TLS authenticated and secured tunnels Correct Answer: D
What is the centralized control policy in a Cisco SD-WAN deployment? A. set of statements that defines how routing is performed B. set of rules that governs nodes authentication within the cloud C. list of ordered statements that define user access policies D. list of enabled services for all nodes within the cloud Correct Answer: A
Which function is performed by vSmart in the Cisco SD-WAN architecture? A. aggregation and distribution of VPN routing information B. execution of localized policies C. facilitation of NAT detection and traversal D. redistribution between OMP and other routing protocols Correct Answer: B
How do cloud deployments compare to on-premises deployments? A. Cloud deployments provide a better user experience across world regions, whereas on-premises deployments depend upon region-specific conditions. B. Cloud deployments mandate a secure architecture, whereas on-premises deployments are inherently unsecure. C. Cloud deployments must include automation infrastructure, whereas on-premises deployments often lack the ability for automation. D. Cloud deployments are inherently unsecure, whereas a secure architecture is mandatory for on-premises deployments. Correct Answer: C
When voice services are deployed over a wireless environment, which service must be disabled to ensure the quality of calls? A. priority queuing B. dynamic transmit power control C. aggressive load balancing D. Fastlane Correct Answer: A
What is an OVF? A. a package that is similar to an IMG and that contains an OVA file used to build a virtual machine B. an alternative form of an ISO that is used to install the base operating system of a virtual machine C. the third step in a P2V migration D. a package of files that is used to describe a virtual machine or virtual appliance A Correct Answer:
Refer to the exhibit.An engineer configures routing between all routers and must build a configuration to connect R1 to R3 via a GRE tunnel. Which configuration must be applied? A. R1 - interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 R3 - interface Tunnel ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 B. R1 - interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 R3 - interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 C. R1 - interface Tunnel2 ip address 1.1.1.12 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.125 R2 - interface Tunnel1 ip address 1.1.1.125 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.110 interface Tunnel3 ip address 1.1.1.125 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.160 R3 - interface Tunnel2 ip address 1.1.1.32 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.125 D. R1 - interface Tunnel1 ip address 1.1.1.13 255.255.255.0 tunnel source Loopback0 tunnel destination x-y.z.110 R3 - interface Tunnel1 ip address 1.1.1.31 255.255.255.0 tunnel source Loopback0 tunnel destination x.y.z.125 Correct Answer: B
Which function does a virtual switch provide? A. RAID storage for virtual machines B. connectivity between virtual machines C. CPU context switching for multitasking between virtual machines D. emulation of power for virtual machines Correct Answer: B
Two Cisco switches are logically configured as a single switch using Cisco Stackwise technology. This will result in virtually combining which two planes? (Choose two.) A. Data Plane B. Control Plane C. Forwarding Plane D. Management Plane E. Bearer Plane Correct Answer: BD
Please select the correct option that shows the correct combination for the Type 1 Hypervisor. A. Hardware; Hypervisor; Guest OS B. Hardware; Host OS; Hypervisor; Guest OS C. Host OS; Hypervisor; Guest OS D. Hardware; Host OS; Guest OS Correct Answer: A
Select the prerequisites for configuring LISP from the below options. (Choose two.) A. Determine the type of LISP deployment you intend to deploy B. One can directly deploy LISP without determining the type. C. LISP configuration requires the datak9 license. D. LISP configuration requires the advanced ip services license. Correct Answer: AC
Select the benefits of implementing Cisco DNA Center. (Choose all that apply.) A. simplified management B. Automatic VPN tunnelling C. One click configuration D. Policy Driven Provisioning E. Ensure Network & Appliance performance Correct Answer: ADE
A network administrator need to configure Net flow on the devices in his network. He has Source IP Address, Destination IP Address, Source Port number & Destination port number. What additional information do he need to configure Net flow. A. Layer 3 Protocol type B. Encryption type C. ToS (Type of Service) byte D. Input Logical Interface E. Hashing Algorithm F. Transform-set details Correct Answer: ACD
A network administrator is configuring a configuration management tool for some network devices that does not support agent. Select what option will you pick from the below options to successfully configure configuration management tool for that device. A. Agent based configuration B. Agent Less configuration C. Proxy-agent configuration D. None of the above Correct Answer: C
Select the devices from the below options that can be fart of Cisco SDWAN Solution. (Choose two.) A. ISR 2900 B. ASR 1000 C. IR8300 D. FTD 1120 E. ASR 9000 Correct Answer: BC
What is the purpose of the weight attribute in an EID-to-RLOC mapping? A. It determines the administrative distance of LISP generated routes in the RI B. It indicates the load-balancing ratio between ETRs of the same priority. C. It indicates the preference for using LISP over native IP connectivity. D. It identifies the preferred RLOC address family. Correct Answer: B
A network engineer is designing a QoS policy for voice and video applications. Which software queuing feature provides strict-priority servicing? A. Class-Based Weighted Fair Queuing B. Low Latency Queuing C. Link Fragmentation D. Automatic QoS Correct Answer: B
What is a characteristic of traffic shaping? A. drops out-of-profile packets B. causes TCP retransmits when packets are dropped C. can be applied in both traffic directions D. queues out-of-profile packets until the buffer is full Correct Answer: D
What is a characteristic of para-virtualization? A. Para-virtualization allows the host hardware to be directly accessed. B. Para-virtualization guest servers are unaware of one another. C. Para-virtualization lacks support for containers. D. Para-virtualization allows direct access between the guest OS and the hypervisor. Correct Answer: D
What is a Type 2 hypervisor? A. installed as an application on an already installed operating system B. also referred to as a "bare metal hypervisor" because it sits directly on the physical server C. runs directly on a physical server and includes its own operating system D. supports over-allocation of physical resources Correct Answer: A
What is a characteristic of a Type 1 hypervisor? A. It is referred to as a hosted hypervisor. B. It is completely independent of the operating system. C. Problems in the base operating system can affect the entire system. D. It is installed on an operating system and supports other operating systems above it. Correct Answer: B
Refer to the exhibit.Which antenna emits this radiation pattern? A. omnidirectional B. RP-TNC C. dish D. Yagi Correct Answer: A
Refer to the exhibit.A. router bgp 65002 neighbor 10.0.1.2 remote-as 65002 network 10.0.2.0 255.255.255.0 B. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 redistribute static C. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 network 10.0.1.0 255.255.255.0 D. router bgp 65001 neighbor 10.0.1.2 remote-as 65002 network 10.0.2.0 255.255.255.0 Correct Answer: D
What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.) A. configure passive-interface on nontransit links. B. Implement security features at the core. C. Summarize routes from the aggregation layer toward the core layer. D. Tune Cisco Express Forwarding load balancing hash for ECMP routing. E. Summarize from the access layer toward the aggregation layer. Correct Answer: CD
Refer to the exhibit.Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path? A. R4(config)# router bgp 65020 - R4(config-router)# bgp default local-preference 300 R5(config)# router bgp 65020 - R5(config-router)# bgp default local-preference 200 B. R2(config)# router bgp 65010 - R2(config-router)# bgp default local-preference 300 R1(config)# router bgp 65010 - R1(config-router)# bgp default local-preference 200 C. R2(config)# router bgp 65010 - R2(config-router)# bgp default local-preference 200 R1(config)# router bgp 65010 - R1(config-router)# bgp default local-preference 300 D. R4(config)# router bgp 65020 - R4(config-router)# bgp default local-preference 200 R5(config)# router bgp 65020 - R5(config-router)# bgp default local-preference 300 Correct Answer: B
Refer to the exhibit.An engineer must reduce the number of Type 1 and Type 2 LSAs that are advertised to R4 within OSPF area 0. Which configuration must be applied? A. R1# conf t - Router(config)# router ospf 1 - Router(config-router)# prefix-suppression B. R4# conf t - Router(config)# router ospf 1 - Router(config-router)# summary-address 10.0.0.0 255.255.255.0 C. R2# conf t - Router(config)# interface Gig0/0 Router(config-router)# ip ospf prefix-suppression D. R2# conf t - Router(config)# int Gig0/0 - Router(config-if)# ip summary-address 10.0.0.0 255.255.255.0 Correct Answer: A
An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generated by the router? A. logging host B. terminal monitor C. service timestamps log uptime D. logging buffer Correct Answer: B
You have configured router R1 with multiple VRF's in order to support multiple customer VPN networks. If you wanted to see the best path for the 10.2.1.0.24 route in VRF Green, what command would you use? A. show ip route vrf Green 10.2.1.0 B. show ip route 10.2.1.0 vrf Green C. show route all 10.2.1.0 D. show ip route 10.2.1.0 Green Correct Answer: A
Which of the following are benefits from implementing the use of VXLAN's in a network? (Choose two) A. Increased scalability since VXLAN extends the IF field to 24 bits, providing up to 16 million unique ID values. B. Makes the implementation of Spanning Tree more efficient. C. Can be used to replace layer 3 routing protocols and increase routing efficiency at layer 2. D. Supports Equal Cost Multi-pathing (ECMP) so that load balancing over multiple links can be used. Correct Answer: AD
Which component of TCP defines the maximum packet size that a host interface is able to accept on ingress? A. MTU B. PATH MTU C. Window size D. MRU Correct Answer: D
Which of the following are examples of Type 2 hypervisors? (Choose three.) A. VMware ESXi B. Oracle VirtualBox C. Oracle Solaris Zones D. Microsoft Hyper-V E. Microsoft Virtual PC Correct Answer: BCE
EIRP (Effective Isotropic Radiated Power) is the actual amount of signal leaving the antenna. It is a measurement value in db and is based on which three components? (Choose three.) A. Transmit Power B. RSSI C. Cable Loss D. Antenna Gain E. SNR Correct Answer: ACD
A switch is attached to router R1 on its gig 0/0 interface. Fort security reasons, you want to prevent R1 from sending OSPF hellos to the switch. Which command should be enabled to accomplish this? A. R1(config-router)#ip ospf hello disable B. R1(config-router)#ip ospf hello-interval 0 C. R1(config)#passive-interface Gig 0/0 D. R1(config-router)#passive-interface Gig 0/0 Correct Answer: D
What are some of the key differences between HSRPv1 and HSRPv2? (Choose two.) A. HSRPv1 uses the multicast address of 224.0.0.102 while HSRPv2 uses 225.0.0.2. B. HSRP uses a group range of 0-255, while HSRP uses a group range of 0-4095. C. HSRPv1 uses seconds based timers, while HSRPv2 uses milliseconds based timers. D. HSRPv1 provides support for IPv6, while HSRPv2 supports IPv4 only. Correct Answer: BC
Which of the following are valid Port Aggregation Protocol (PAgP) modes? (Choose two.) A. On B. Active C. Passive D. Auto E. Desirable Correct Answer: DE
Which of the following are true statements regarding the Virtual Router Redundancy Protocol (VRRP) feature? (Choose two.) A. Pre-emption is enabled by default B. The router priority is a configurable value from 0-4095 C. MD5 authentication is supported with VRRP D. Secondary IP addresses are supported with VRRP E. VRRP can only be used with Cisco devices Correct Answer: AD
You want to securely implement the Network Time Protocol (NTP) on your network. What two mechanisms are available to secure NTP? (Choose two.) A. IPSec communication B. MD5 authentication keys C. Role based access control (RBAC) D. access-group configuration Correct Answer: BD
Which Cisco EIGRP K-values are set to zero by default? (Choose three.) A. Bandwidth B. Load C. Total Delay D. Reliability E. MTU Correct Answer: BDE
What are the four stages of obtaining an IP address lease from a DHCP server? A. Discover, Offer, Release, Renew B. Discover, Obtain, Request, Renew C. Determine, Obtain, Release, Acknowledge D. Discover, Offer, Request, Acknowledge Correct Answer: D
A new multicast server is being added to an existing PIM Sparse modefinetwork. Which device in this network must the new server register with before its multicast traffic can be dispersed throughout the network? A. IGMP Querier B. Local PIM router C. Local IGMP switch D. Rendezvous Point (RP) Correct Answer: D
You want to create a policy that allows all TCP traffic in the port range of 20 to 110, except for telnet traffic, which should be dropped. Which of the following access control lists will accomplish this? A. deny tcp any any eq 22 permit tcp any any gt 20 lt 110 B. permit tcp any any range 22 443 deny tcp any any eq 23 C. deny tcp any any eq 23 permit tcp any any D. deny tcp any any eq 23 permit tcp any any range 20 110 Correct Answer: D
In a Cisco SD-Access network architecture, what is the role of the Fabric Edge Node? A. It manages endpoint to device relationships B. It connects external layer 3 networks to the SDA fabric C. It connects wired endpoints to the SDA fabric D. It connects wireless endpoints to the SDA fabric Correct Answer: C
Which of the following are features typically only found in a Next Generation (NextGen) firewall? (Choose two.) A. Network Address Translation (NAT) B. Secure remote access VPN (RA VPN) C. Deep packet inspection D. reputation based malware detection E. IPSec site-to-site VPN Correct Answer: CD
JSON web tokens (JWT) are used to secure JSON based communications. Which of the following fields make up a JWT? (Choose three.) A. Header B. Trailer C. Payload D. Sequence number E. Signature Correct Answer: ACE
Ansible is being used in a network for configuration and management automation. Which of the following are true statements regarding Ansible? (Choose two.) A. Requires an agent on the end device. B. Utilizes the concept of playbooks to execute the configuration. C. Uses a pull model, where the end devices pull configuration files from the Ansible server. D. Utilizes SS E. Correct Answer: BD
In a Cisco Software defined Networking (SDN) architecture, what is used to describe the API communication between the SDN controller and the network elements (routers and switches) that it manages? A. Southbound API B. Northbound API C. Westbound API D. Eastbound API. Correct Answer: A
In a Cisco VXLAN based network, which of the following best describes the main function of a VXLAN Tunnel Endpoint (VTEP)? A. A device that performs VXLAN encapsulation and decapsulation. B. It is a 24 bit segment ID that defines the broadcast domain. C. It is the Logical interface where the encapsulation and de-encapsulation occurs. D. It is a device that performs tunneling using GR E. Correct Answer: A
What are two valid modes that Cisco Express Forwarding can operate in? (Choose two.) A. Central CEF mode B. Dense CEF mode C. Sparse CEF mode D. Distributed CEF mode E. Routed CEF mode Correct Answer: AD
You need to weigh the pros and cons of deploying a premise-based data center versus using a cloud-based data center deployment. What is an advantage of using a premise-based solution? (Choose two.) A. Lower application latency for end users B. Easily scalable C. Lower capital costs D. Reduced deployment times E. Increased control over the environment Correct Answer: AE
Which Quality of Service (QoS) mechanism allows for the creation of multiple levels of QoS policy, providing a more granular degree of traffic management? A. Policing B. H-QoS C. Congestion avoidance D. Dual Policy Correct Answer: B
Which Quality of Service (QoS) mechanism allows the network administrator to control the maximum rate of traffic received or sent on a given interface? A. Policing B. Marking C. Queueing D. classification Correct Answer: A
Refer to the following two images regarding QoS traffic Shaping and traffic Policing: Image A:Image B:
Based on the images, which of the following are true? (Choose two.) A. Image A depicts the result of traffic Shaping B. Image A depicts the result of traffic Policing C. Image B depicts the result of traffic Shaping D. Image B depicts the result of traffic Policing Correct Answer: BC
In a Cisco SD-Access fabric architecture, which of the following are valid device roles (Choose three.) A. Control Plane Node B. Access routing device C. Edge Node D. Border Node E. Distributed Node Correct Answer: ACD
Which of the following are valid statements when configuring Nonstop Forwarding (NSF) with Stateful Switchover (SSO) on a Cisco device? (Choose two.) A. supports multicast routing protocols B. Supports IPv4 and IPv6 C. Nonstop Forwarding requires SSO to also be configured D. HSRP is not supported with NSF/SSO E. Improper implementation of NSF/SSO can result in routing loops Correct Answer: CD
In a Cisco SD-Access wireless network, which device is used as an entry and exit point in and out of the fabric? A. fabric edge node B. control plane node C. fabric border node D. fabric access points Correct Answer: C
The Overlay Management Protocol (OMP) is used as the control plane protocol and forms peers between the VSmart Controller and the SD-WAN edge devices. OMP is responsible for advertising which three types of routes in the SD-WAN network? (Choose three.) A. OMP routes B. TLOCs C. MP-BGP D. LISP routes E. Service routes Correct Answer: ABE
Which of the following are the three components of the three-tier hierarchical networking model used in the classical Cisco networks design? (Choose three.) A. Distribution B. Core C. Access D. Leaf E. Spine Correct Answer: ABC
Which of the following are the two components of the two-tier modern data center design? (Choose two.) A. Distribution B. Core C. Access D. Leaf E. Spine Correct Answer: EF
In a Cisco SD-WAN network, which VPN identifier is reserved for carrying out-of-band network management traffic? A. VPN 0 B. VPN 1 C. VPN 512 D. VPN 514 Correct Answer: C
In a Cisco SD-WAN network, which VPN identifier is reserved as the transport VPN, carrying control traffic? A. VPN 0 B. VPN 1 C. VPN 512 D. VPN 514 Correct Answer: A
Which Cisco SD-WAN component acts as a single pane of glass for management and offers centralized fault, performance, accounting, and configuration management? A. vBond B. vEdge C. vSmart D. vManage Correct Answer: D
You need to implement a First Hop Redundancy Protocol (FHRP) in a dual stack (IPv4 and IPV6) environment that utilizes devices from multiple different vendors. Which protocol best meets these needs? A. HSRP B. GLBP C. VRRPv1 D. VRRPv2 Correct Answer: D
A wireless client roams from one Access Point to another Access Point using a different switch in a Cisco SD-Access network. If only a single Wireless Lan Controller in involved, what roaming methods is being used? A. L3 roaming B. inter-xTR C. auto anchor D. bridged roaming Correct Answer: B
In a Cisco SD-Access network where VXLAN is used for encapsulating data packets, what is the minimum MTU setting that devices should be configured with? A. 1492 B. 1500 C. 1518 D. 1550 Correct Answer: D
Which Cisco Locator/ID Separation Protocol (LISP) device receives packets from remote site facing devices and either decapsulates the LISP packets or routes them natively? A. ITR B. ETR C. MS D. MR Correct Answer: A
Which of the following statements regarding the use of Bidirectional Forwarding Detection (BFD) in a Cisco SD-WAN environment are true? A. BFD cannot be disabled on SD-WAN routers. B. OSPFv3 is not supported with BF C. In addition to link failure detection, it is also used to measure loss and latency used by application aware routing. D. Is not typically enabled for OMP. E. Does not support BGP. Correct Answer: AC
Which of the following statements are true regarding the Link Management Protocol (LMP) when used in the Cisco Stackwise virtual link? (Choose two.) A. It determines the switch priority. B. It negotiates the version of the virtual header C. It verifies link integrity via bidirectional forwarding D. It performs auto discovery of other active Stackwise switches Correct Answer: BC
The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which configuration must be applied to the interface of both routers to establish an OSPF adjacency without maintaining a DR/BDR relationship? A. interface Gig0/0 ip ospf network non-broadcast B. interface Gig0/0 ip ospf network point-to-multipoint C. interface Gig0/0 ip ospf network point-to-point D. interface Gig0/0 ip ospf network broadcast Correct Answer: C
Refer to the exhibit.An engineer configures VRRP and issues the show commands to verify operation. What does the engineer confirm about VRRP group 1 from the output? A. Communication between VRRP members is encrypted using MD5. B. There is no route to 10.10.1.1/32 in R2's routing table. C. R1 is primary if 10.10.1.1/32 is in its routing table. D. If R1 reboots, R2 becomes the primary virtual router until R2 reboots. Correct Answer: C
Refer to the exhibit. An administrator troubleshoots intermittent connectivity from internal hosts to an external public server. Some internal hosts can connect to the server while others receive an ICMP Host Unreachable message, and these hosts change over time. What is the cause of this issue? A. The NAT ACL and NAT pool share the same name. B. The translation does not use address overloading. C. The NAT ACL does not match all internal hosts. D. The NAT pool netmask is excessively wide. Correct Answer: B
What is the function of the LISP map resolver? A. to connect a site to the LISP-capable part of a core network publish the EID-to-RLOC mappings for the site, and respond to map-request messages B. to advertise routable non-LISP traffic from one address family to LISP sites in a different address family C. to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable EIDs as packet sources D. to decapsulate map-request messages from ITRs and forward the messages to the MS Correct Answer: D
Refer to the exhibit. An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and black hole traffic. Which action must be taken to avoid this attack and still be able to advertise this subnet into OSPF? A. configure 172.16.20.0 as a stub network. B. configure graceful restart on the 172.16.20.0 interface. C. configure a passive interface on R2 toward 172.16.20.0. D. Apply a policy to filter OSPF packets on R2. Correct Answer: D
Refer to the exhibit. What is the result when a switch that is running PVST+ is added to this network? A. Both switches operate in the PVST+ mode. B. Spanning tree is disabled automatically on the network. C. Both switches operate in the Rapid PVST+ mode. D. DSW2 operates in Rapid PVST + and the new switch operates in PVST+. Correct Answer: D
Which protocol is responsible for data plane forwarding in a Cisco SD-Access deployment? A. IS-IS B. OSPF C. VXLAN D. LISP Correct Answer: C
Refer to the exhibit. Which Python code parses the response and prints "18:32:21.474 UTC Sun Mar 10 2019"? A. print(response['result'][0]('simple_time']) B. print(response['result']['body']( 'simple_time']) C. print(response['body']['simple_time']) D. print(response['jsonrpc']['body'][ 'simple_time']) Correct Answer: B
Refer to the exhibit. An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration? A. Device(config-mon-erspan-src-dst)# no vrf 1 B. Device(config-mon-erspan-src)# no filter vlan 30 C. Device(config-mon-erspan-src-dst)# mtu 1460 D. Device(config-mon-erspan-src-dst}# erspan-id 6 Correct Answer: A
An administrator is configuring NETCONF using the following XML string. What must the administrator end the request with? <?xml version="1.0" encoding="UTF-8" ?> <rpc message-id="9.0"> A. </rpc>]]>]]> B. <rpc message-id="9.0"><notification-off/> C. </rpc-reply> D. </rpc> Correct Answer: A
Which Python snippet should be used to store the devices data structure in a JSON file?
A.
B.
C.
D. Correct Answer: C
A large campus network has deployed two wireless LAN controllers to manage the wireless network WLC1 and WLC2 have been configured as mobility peers. A client device roams from AP1 on WLC1 to AP2 on WLC2, but the controller's client interfaces are on different VLANs. How do the wireless LAN controllers handle the inter-subnet roaming? A. WLC1 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC2. B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied to the new controller and marked with a foreign entry on WLC1. C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC2. D. WLC2 marks the client with a foreign entry in its own database. The database entry is copied to the new controller and marked with an anchor entry on WLC1. Correct Answer: B
By default, which virtual MAC address does HSRP group 25 use? A. 04:30:83:88:4c:19 B. 00:00:0c:07:ac:25 C. 05:5c:5e:ac:0c:25 D. 00:00:0c:07:ac:19 Correct Answer: B
In a Cisco Catalyst switch equipped with two supervisor modules an administrator must temporarily remove the active supervisor from the chassis to perform hardware maintenance on it. Which mechanism ensures that the active supervisor removal is not disruptive to the network operation? A. VRRP B. HSRP C. NSF/NSR D. SSO Correct Answer: D
Which function does a fabric AP perform in a Cisco SD-Access deployment? A. It updates wireless clients' locations in the fabric. B. It connects wireless clients to the fabric. C. It manages wireless clients' membership information in the fabric. D. It configures security policies down to wireless clients in the fabric. Correct Answer: B
Refer to the exhibit. What is the effect of introducing the sampler feature into the Flexible NetFlow configuration on the router? A. NetFlow updates to the collector are sent 50% less frequently. B. Every second IPv4 packet is forwarded to the collector for inspection. C. CPU and memory utilization are reduced when compared with what is required for full NetFlow. D. The resolution of sampling data increases, but it requires more performance from the router. Correct Answer: C
A.
B.
C.
D. B Correct Answer:
Refer to the exhibit. An engineer has configured an IP SLA for UDP echos. Which command is needed to start the IP SLA to lest every 30 seconds and continue until stopped? A. ip sla schedule 100 life forever B. ip sla schedule 30 start-time now life forever C. ip sla schedule 100 start-time now life 30 D. ip sla schedule 100 start-time now life forever Correct Answer: C
What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna? A. mW B. ERIP C. dBm D. dBi Correct Answer: B
Which Quality of Service (QoS) mechanism is used to identify traffic flow and to use DSCP, IP Precedence values, and MPLS EXP bits to create different priority levels? A. Policing B. Marking C. Queueing D. classification Correct Answer: D
Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN tunnel? A. (config-mon-erspan-dst-src)# erspan-id 172.16.10.10 B. (config mon erspan-dst-src)# erspan-id 110 C. (config-mon-erspan-dst-src)# no shut D. (config-mon-erspan-dst-src)# origin ip address 172.16.10.10 Correct Answer: B
What are two characteristics of Cisco SD-Access elements? (Choose two.) A. The border node is required for communication between fabric and nonfabric devices. B. traffic within the fabric always goes through the control plane node. C. Fabric endpoints are connected directly to the border node. D. The control plane node has the full RLOC-to-EID mapping database. E. The border node has the full RLOC-to-EID mapping database. Correct Answer: AD
When is an external antenna used inside a building? A. only when using Mobility Express B. only when using 2.4 GHz C. when it provides the required coverage D. only when using 5 GHz Correct Answer: C
Refer to the exhibit. R1 and R2 are directly connected, but the BGP session does not establish. Which action must be taken to build an eBGP session? A. configure no neighbor 192.168.12.1 shutdown under R2 BGP process. B. configure neighbor 2.2.2.2 remote-as 65002 under R1 BGP process. C. configure ip route 1.1.1.1 0.0.0.0 192.168.12.1 on R2. D. configure neighbor 192.168.12.1 activate under R2 BGP process. states#:~:text=Idle%20(Admin)%20means%20that%20the,!&text=This%20is%20a%20good%20way,BGP% 20section%20of%20the%20configuration Correct Answer: A
A company requires a wireless solution to support its main office and multiple branch locations. All sites have local Internet connections and a link to the main office for corporate connectivity. The branch offices are managed centrally. Which solution should the company choose? A. Cisco DNA Spaces B. Cisco unified Wireless Network C. Cisco Mobility Express D. Cisco Catalyst switch with embedded controller Correct Answer: A
Which QoS feature uses the IP Precedence bits in the ToS field of the IP packet header to partition traffic into different priority levels? A. marking B. shaping C. policing D. classification Correct Answer: A
Refer to the exhibit. Which two commands are required on router R1 to block FTP and allow all other traffic from the Branch 2 network? (Choose two.) A. access-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp access-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp-data access-list 101 permit ip any any B. access-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp-data access-list 101 permit ip any any C. interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.252 ip access-group 101 out D. access-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp access-list 101 permit ip any any E. interface GigabitEthernet0/0 ip address 10.0.101.1 255.255.255.252 ip access-group 101 in BD Correct Answer:
A company recently decided to use RESTCONF instead of NETCONF, and many of their NETCONF scripts contain the operation <edit-config> (operation="create"). Which RESTCONF operation must be used to replace these statements? A. PUT B. CREATE C. GET D. POST Correct Answer: B
An engineer is configuring RADIUS-Based Authentication with EAP MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type? A. LDAP B. EAP-FAST C. EAP-TLS D. PEAP Correct Answer: C
An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which configuration should be applied? A. line vty 0 15 password XD822j B. service password-encryption C. username netadmin secret 7 $1$42J31k98867Pyh4QzwXyZ4 D. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA Correct Answer: B
Refer to the exhibit. Hosts FC1, PC2; and PC3 must access resources on Server1. An engineer configures NAT on Router R1 to enable the communication and enters the show command to verify operation. Which IP address is used by the hosts when they communicate globally to Server1? A. random addresses in the 155.1.1.0/24 range B. 155.1.1.1 C. their own address in the 10.10.10.0/24 range D. 155.1.1.5 Correct Answer: D
Using the EIRP formula, what parameter is subtracted to determine the EIRP value? A. transmitter power B. antenna cable loss C. antenna gain D. signal-to-noise ratio Correct Answer: C
What is one main REST security design principle? A. separation of privilege B. password hashing C. con dential algorithms D. OAuth Correct Answer: A
Refer to the exhibit. R1 has a BGP neighborship with a directly connected router on interface Gi0/0. Which command set is applied between the iterations of show ip bgp 2.2.2.2? A. R1(config)#no ip route 192.168.50.2 255.255.255.255 Gi0/0 B. R1(config)#ip route 2.2.2.2 255.255.255.255 192.168.50.2 C. R1(config)#router bgp 65002 R1(config-router)#neighbor 192.168.50.2 shutdown D. R1(config)#router bgp 65001 R1(config-router)#neighbor 192.168.50.2 shutdown B Correct Answer:
After a redundant route processor failure occurs on a Layer 3 device, which mechanism allows for packets to be forwarded from a neighboring router based on the most recent tables? A. BFD B. RP failover C. NSF D. RPVST+ Correct Answer: C
By default, which virtual MAC address does HSRP group 15 use? A. c0:42:31:98:86:0f B. 05:af:1c:0f:ac:15 C. 00:00:0c:07:ac:0f D. 05:5e:ac:07:0c:0f Correct Answer: C
An engineer must provide wireless coverage in a square office. The engineer has only one AP and believes that it should be placed it in the middle of the room. Which antenna type should the engineer use? A. directional B. polarized C. omnidirectional D. Yagi Correct Answer: C
Which technology reduces the implementation of STP and leverages both unicast and multicast? A. VLAN B. VPC C. VXLAN D. VSS Correct Answer: D
A customer has recently implemented a new wireless infrastructure using WLC-5520s at a site directly next to a large commercial airport. Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes. Which two actions x this issue? (Choose two.) A. Enable DFS channels because they are immune to radar interference. B. Restore the DCA default settings because this automatically avoids channel interference. C. Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list. D. Disable DFS channels to prevent interference with Doppler radar. E. configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 Ghz band only. Correct Answer: CD
Refer to the exhibit.Which GRE tunnel configuration command is missing on R2? A. tunnel source 172.16.1.0 B. tunnel source 200.1.1.1 C. tunnel destination 200.1.1.1 D. tunnel source 192.168.1.2 Correct Answer: B
When does a Cisco StackWise primary switch lose its role? A. when a switch with a higher priority is added to the stack B. when a stack member fails C. when the priority value of a stack member is changed to a higher value D. when the stack primary is reset Correct Answer: D
Refer to the exhibit. A network engineer troubleshoots an issue with the port channel between SW1 and SW2. Which command resolves the issue? A. SW2(config-if)#switchport mode trunk B. SW1(config-if)#channel-group 10 mode active C. SW1(config-if)#channel-group 10 mode desirable D. SW2(config-if)#channel-group 10 mode on Correct Answer: B
How do stratum levels relate to the distance from a time source? A. Stratum 0 devices are connected directly to an authoritative time source. B. Stratum 1 devices are connected directly to an authoritative time source. C. Stratum 15 devices are connected directly to an authoritative time source. D. Stratum 15 devices are an authoritative time source. Correct Answer: B
A customer has a wireless network deployed within a multi-tenant building. The network provides client access, location-based services and is monitored using Cisco DNA Center. The security department wants to locate and track malicious devices based on threat signatures. Which feature is required for this solution? A. malicious rogue rules on Cisco DNA Center B. malicious rogue rules on the WLC C. Cisco aWIPS policies on the WLC D. Cisco aWIPS policies on Cisco DNA Center Correct Answer: B
In a Cisco SD-Access wireless environment, which device is responsible for hosting the anycast gateway? A. fusion router B. control plane node C. fabric border node D. fabric edge node Correct Answer: D
Refer to the exhibit. The port channel between the switches does not work as expected. Which action resolves the issue? A. Interface Gi0/1 on Switch1 must be configured as desirable. B. Trunking must be enabled on both interfaces on Switch2. C. Interface Gi0/0 on Switch2 must be configured as passive. D. Interface Gi0/1 on Switch2 must be configured as active. Correct Answer: D
Refer to the exhibit. Which set of commands is required to configure and verify the VRF for Site 1 Network A on router R1? A. R1#ip routing R1#(config)#ip vrf 100 R1#(config-vrf)#rd 100:1 R1#(config-vrf)# address family ipv4 ! R1(config)#interface Gi0/2 R1(config- if)#ip address 10.0.1.1 255.255.255.0 R1#show ip route B. R1#ip routing R1#(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#showip route C. R1#ip routing R1#(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip vrf forwarding 100 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip vrf D. R1#ip routing R1#(config)#ip vrf 100 ! R1(config)#interface Gi0/2 R1(config-if)#ip address 10.0.1.1 255.255.255.0 R1#show ip vrf C Correct Answer:
How does Protocol Independent Multicast function? A. In sparse mode, it establishes neighbor adjacencies and sends hello messages at 5-second intervals. B. It uses the multicast routing table to perform the multicast forwarding function. C. It uses unicast routing information to perform the multicast forwarding function. D. It uses broadcast routing information to perform the multicast forwarding function. Correct Answer: C
Which VXLAN component is used to encapsulate and decapsulate Ethernet frames? A. VNI B. GRE C. VTEP D. EVPN Correct Answer: C
Refer to the exhibit. Assuming all links are functional, which path does PC1 take to reach DSW1? A. PC1 goes from ALSW1 to DSW2 to CORE to DSW1. B. PC1 goes from ALSW1 to DSW2 to ALSW2 to DSW1. C. PC1 goes from ALSW1 to DSW2 to DSW1. D. PC1 goes from ALSW1 to DSW1. Correct Answer: D
By default, which virtual MAC address does HSRP group 22 use? A. c0:41:99:98:06:16 B. 00:00:0c:07:ac:16 C. 00:00:0c:07:ac:22 D. c0:07:0c:ac:00:22 Correct Answer: B
Refer to the exhibit. Both controllers are in the same mobility group. Which result occurs when client 1 roams between APs that are registered to different controllers in the same WLAN? A. The client database entry moves from controller A to controller B B. A CAPWAP tunnel is created between controller A and controller B C. Client 1 uses an EoIP tunnel to contact controller A D. Client 1 contacts controller B by using an EoIP tunnel Correct Answer: A
Where in Cisco DNA Center is documentation of each API call organized by its functional area? A. Developer Toolkit B. platform management C. platform bundles D. Runtime Dashboard Correct Answer: A
Refer to the exhibit. An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two.) A. R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 32 conform-action transmit exceed-action drop violate-action transmit B. R1(config)#policy-map POLICY-CoPP R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 320000 conform-action transmit exceed-action drop violate-action drop C. R1(config)#policy-map POLICY-CoPP R1(config-pmap)#class CLASS-CoPP-Management R1(config-pmap-c)#police 320000 conform-action transmit exceed-action transmit violate-action drop D. R1(config)#control-plane R1(config-cp)# service-policy output POLICY-CoPP E. R1(config)#control-plane R1(config-cp)# service-policy input POLICY-CoPP Correct Answer: BE
Which free application has the ability to make REST calls against Cisco DNA Center? A. API Explorer B. REST Explorer C. Postman D. Mozilla Correct Answer: C
If AP power level is increased from 25 mW to 100 mW, what is the power difference in dBm? A. 6 dBm B. 14 dBm C. 17 dBm D. 20 dBm Correct Answer: A
What is the result when an active route processor fails in a design that combines NSF with SSO? A. The standby route processor temporarily forwards packets until route convergence is complete. B. An NSF-aware device immediately updates the standby route processor RIB without churning the network. C. An NSF-capable device immediately updates the standby route processor RIB without churning the network. D. The standby route processor immediately takes control and forwards packets along known routes D Correct Answer:
Refer to the exhibit. Which command is required to verify NETCONF capability reply messages? A. show netconf rpc-reply B. show netconf | section rpc-reply C. show netconf schema | section rpc-reply D. show netconf xml rpc-reply Correct Answer: C
Which A record type should be configured for access points to resolve the IP address of @ wireless LAN controller using ONS? A. CISCO.CONTROLLER localdomain B. CISCO.CAPWAP.CONTROLLER localdomain C. CISCO-CONTROLLER localdomain D. CISCO-CAPWAP-CONTROLLER.localdomain Correct Answer: D
Which activity requires access to Cisco DNA Center CLI? A. provisioning a wireless LAN controller B. creating a configuration template C. upgrading the Cisco DNA Center software D. graceful shutdown of Cisco DNA Center Correct Answer: D
A customer wants to connect a device to an autonomous Cisco AP configured as a WG A. The WGB is configured properly: however, it fails to associate to a CAPWAP-enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue? B. Enable Aironet I C. Enable passive client. D. Disable AAA override. E. Disable FlexConnect local switching. Correct Answer: A
By default, which virtual MAC address does HSRP group 32 use? A. 04:19:01:05:2e:32 B. 05:5e:5c:ac:0c:32 C. 00:00:0c:07:ac:20 D. 00:5e:0c:07:ac:20 Correct Answer: C
Which two Cisco SD-WAN components exchange OMP information? (Choose two.) A. WAN Edge B. vBond C. vManage D. vAnalytics E. vSmart Correct Answer: AE
What does the number in an NTP stratum level represent? A. The number of hops it takes to reach the authoritative time source B. The amount of offset between the device clock and true time C. The number of hops it takes to reach the primary time server D. The amount of drift between the device clock and true time Correct Answer: A
Refer to the exhibit. Clients report that they cannot connect to this SSID using the provided PSK. Which action will resolve this issue? A. Apply the correct interface to this WLAN B. Apply the changes this SSID C. Select the PSK under authentication key management D. define the correct Radio Policy. Correct Answer: C
Which QoS queuing method transmits packets out of the interface in the order the packets arrive? A. custom B. weighted-fair C. FIFO D. priority Correct Answer: C
Which two results occur if Cisco DNA Center loses connectivity to devices in the SD-Access fabric? (Choose two.) A. Users lose connectivity B. Already connected users are unaffected but new users cannot connect C. All devices reload after detecting loss of connection to Cisco DNA Center D. User connectivity is unaffected E. Cisco DNA Center is unable to collect monitoring data in Assurance Correct Answer: AE
Refer to the exhibit. The connection between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two.) A. configure switchport nonegotiate on SW1 B. configure switchport nonegotiate on SW2 C. configure switchport mode access on SW2 D. configure switchport mode trunk on SW2 E. configure switchport mode dynamic desirable on SW2 Correct Answer: BE
Refer to the exhibit. A company has an internal wireless network with a hidden SSID and RADIUS-based client authentication for increased security. An employee attempts to manually add the company network to a laptop, but the laptop does not attempt to connect to the network. The regulatory domains of the access points and the laptop are identical. Which action resolves this issue? A. Ensure that the "Connect even if this network is not broadcasting" option is selected. B. Change the security type to WPA2-Personal AES. C. Use the empty string as the hidden SSID network name. D. Limit the enabled wireless channels on the laptop to the maximum channel range that is supported by the access points. Correct Answer: A
How do the RIB and the FIB differ? A. RIB is derived from the control plane, and the FIB is derived from the RI B. FIB is derived from the control plane, and the RIB is derived from the data plane. C. RIB contains the interface for a destination, and the FIB contains the next hop information. D. FIB contains routes learned through a dynamic routing protocol and the RIB contains routes that are static or directly connected. Correct Answer: A
What does a YANG model provide? A. standardized data structure independent of the transport protocols B. creation of transport protocols and their interaction with the OS C. user access to interact directly with the CLI of the device to receive or modify network configurations D. standardized data structure that can be used only with NETCONF or RESTCONF transport protocols Correct Answer: D
A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle? A. economy of mechanism B. complete mediation C. separation of privilege D. least common mechanism Correct Answer: B
Refer to the exhibit. Which command set completes the ERSPAN session configuration? A. monitor session 11 type erspan-destination destination interface GigabitEthemet4 source erspan-id 11 ip address 10.10.10.10 B. monitor session 12 type erspan-destination destination interface GigabitEthernet4 source erspan-id 12 ip address 10.10.10.10 C. monitor session 11 type erspan-destination destination interface GigabitEthernet4 source erspan-id 12 ip address 10.100.10.10 D. monitor session 12 type erspan-destination destination interface GigabitEthernet4 source erspan-id 11 ip address 10.10.10.10 C Correct Answer:
"HTTP/1.1 204 No Content" is returned when the curl -i -X DELETE command is issued. Which situation has occurred? A. The command succeeded in deleting the object. B. The object was located at the URI, but it could not be deleted C. The object could not be located at the URI path. D. The URI was invalid. Correct Answer: A
Refer to the exhibit. Which configuration is required to summarize the Area 2 networks that are advertised to Area 0? A. RouterB(config)# router ospf 1 RouterB(config-router)# area 2 range 192.168.36.0 255.255.252.0 B. RouterB(config)# router ospf 1 RouterB(config-router)# network 192.168.38.0 255.255.255.0 C. RouterB(config)# router ospf 1 RouterB(config-router)# network 192.168.38.0 255.255.252.0 D. RouterB(config)# router ospf 1 RouterB(config-router)# area 2 range 192.168.36.0 255.255.255.0 A Correct Answer:
Based on the router's API output in JSON format below, which Python code will display the value of the "role" key?A.
B.
C.
D.
Correct Answer: B
What is the recommended minimum SNR for voice applications on wireless networks? A. 10 B. 15 C. 20 D. 25 Correct Answer: D
Refer to the exhibit. What are two results of the NAT configuration? (Choose two.) A. Packets with a destination of 200.1.1.1 are translated to 10.1.1.1 or .2, respectively. B. A packet that is sent to 200 1.1.1 from 10.1.1.1 is translated to 209.165.201.1 on R1. C. R1 is performing NAT for inside addresses and outside address. D. R1 looks at the destination IP address of packets entering S0/0 and destined for inside hosts. E. R1 processes packets entering E0/0 and S0/0 by examining the source IP address. Correct Answer: BC
A network engineer must configure a switch to allow remote access for all feasible protocols Only a password must be requested for device authentication and all idle sessions must be terminated in 30 minutes. Which configuration must be applied? A. line vty 0 15 password cisco transport input telnet ssh exec-timeout 30 0 B. line vty 0 15 password cisco transport input all exec-timeout 0 30 C. username cisco privilege 15 cisco line vty 0 15 transport input telnet ssh login local exec-timeout 0 30 D. line console 0 password cisco exec-timeout 30 0 Correct Answer: B
Refer to the exhibit. An engineer configures a trunk between SW1 and SW2 but tagged packets are not passing. Which action xes the issue? A. configure SW1 with dynamic auto mode on interface FastEthernet0/1. B. configure the native VLAN to be the same VLAN on both switches on interface FastEthernet0/1. C. configure SW2 with encapsulation dot1q on interface FastEthernet0/1. D. configure FastEthernet0/1 on both switches for static trunking. Correct Answer: C
A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent? A. container B. Type 1 hypervisor C. Type 2 hypervisor D. hardware pass-thru Correct Answer: B
Which features does Cisco EDR use to provide threat detection and response protection? A. containment, threat intelligence, and machine learning B. rewalling and intrusion prevention C. container-based agents D. cloud analysis and endpoint firewall controls Correct Answer: A
Refer to the exhibit. Only administrators from the subnet 10.10.10.0/24 are permitted to have access to the router. A secure protocol must be used for the remote access and management of the router instead of clear-text protocols. Which configuration achieves this goal? A.
B.
C.
D.
Correct Answer: A
An engineer is configuring Local WebAuth on a Cisco Wireless LAN Controller. According to RFC 5737, which virtual IP address must be used in this configuration? A. 172.20.10.1 B. 192.168.0.1 C. 1.1.1.1 D. 192.0.2.1 Correct Answer: B
Refer to the exhibit. The OSPF neighborship fails between two routers. What is the cause of this issue? A. The OSPF process is stopped on the neighbor router. B. The OSPF router ID is missing on this router. C. The OSPF router ID is missing on the neighbor router. D. There is an MTU mismatch between the two routers. Correct Answer: D
What is one benefit of adopting a data modeling language? A. augmenting the use of management protocols like SNMP for status subscriptions B. refactoring vendor and platform specific configurations with widely compatible configurations C. augmenting management process using vendor centric actions around models D. deploying machine-friendly codes to manage a high number of devices Correct Answer: B
In Cisco DNA Center what is the integration API? A. southbound consumer-facing RESTful API, which enables network discovery and configuration management B. westbound interface, which allows the exchange of data to be used by ITSM, IPAM and reporting C. an interface between the controller and the network devices, which enables network discovery and configuration management D. northbound consumer-facing RESTful API which enables network discovery and configuration management Correct Answer: B
An engineer must configure a new WLAN that allows a user to enter a passphrase and provides forward secrecy as a security measure. Which Layer 2 WLAN configuration is required on the Cisco WLC? A. WPA3 Enterprise B. WPA2 Personal C. WPA2 Enterprise D. WPA3 Personal Correct Answer: D
How does an on-premises infrastructure compare to a cloud infrastructure? A. On-premises offers faster deployment than cloud. B. On-premises requires less power and cooling resources than cloud. C. On-premises offers lower latency for physically adjacent systems than cloud. D. On-premises can increase compute power faster than cloud. Correct Answer: C
An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows: Until interrupted from the keyboard, the script reads in the hostname of a device, its management IP address operating system type, and CLI remote access protocol. After being interrupted, the script displays the entered entries and adds them to the JSON-formatted file, replacing existing entries whose hostname matches. The contents of the JSON-formatted file are as follows:Drag and drop the statements onto the blanks within the code to complete the script. Not all options are used. Select and Place:
Correct Answer:
Refer to the exhibit. An engineer configures HSRP and enters the show standby command. Which two facts about the network environment are derived from the output? (Choose two.) A. If the local device fails to receive a hello from the active router for more than 5 seconds, it becomes the active router. B. If a router with a higher IP address and same HSRP priority as the active router becomes available that router becomes the new active router 5 seconds later. C. The virtual IP address of the HSRP group is 10.1.1.1. D. The hello and hold timers are set to custom values. E. The local device has a higher priority setting than the active router. Correct Answer: BC
Refer to the exhibit. Cisco IOS routers R1 and R2 are interconnected using interface Gi0/0. Which configuration allows R1 and R2 to form an OSPF neighborship on interface Gi0/0? A. R2(config)#interface Gi0/0 R2(config-if)#ip ospf cost 1 B. R1(config)#router ospf 1 R1(config-if)#network 172.20.0.0 0.0.0.255 area 1 C. R1(config)#router ospf 1 R1(config-router)#no passive-interface Gi0/0 D. R2(config)#router ospf 1 R2(config-router)#passive-interface Gi0/0 Correct Answer: C
Refer to the exhibit. After configuring the BGP network an engineer verifies that the path between Server1 and Server2 is functional. Why did RouterSF choose the route from RouterDAL instead of the route from RouterCHI? A. BGP is not running on RouterCHI B. There is a static route in RouterSF for 10.0.0.0/24 C. The route from RouterDAL has a lower MED D. The Router-ID for Router DAL is lower than the Router-ID for RouterCHI Correct Answer: C
Refer to the exhibit. Which command set must be added to permit and log all traffic that comes from 172.20.10.1 in interface GigabitEthernet0/1 without impacting the functionality of the access list? A.
B.
C.
D.
Correct Answer: A
Refer to the exhibit. A network engineer checks connectivity between two routers. The engineer can ping the remote endpoint but cannot see an ARP entry. Why is there no ARP entry? A. When VRFs are used, ARP protocol must be enabled in each VR B. The ping command must be executed in the global routing table. C. Interface FastEthernet0/0 is configured in VRF CUST-A, so the ARP entry is also in that VR D. When VRFs are used, ARP protocol is disabled in the global routing table. Correct Answer: C
Which option must be used to support a WLC with an IPv6 management address and 100 Cisco Aironet 2800 Series access points that will use DHCP to register? A. 43 B. 52 C. 60 D. 82 Correct Answer: B
Refer to the exhibit. Which configuration set implements Control Plane Policing for SSH and Telnet? A.
B.
C.
D.
Correct Answer: A
A customer deploys a new wireless network to perform location-based services using Cisco DNA Spaces. The customer has a single WLC located on-premises in a secure data center. The security team does not want to expose the WLC to the public Internet. Which solution allows the customer to securely send RSSI updates to Cisco DNA Spaces? A. Deploy a Cisco DNA Spaces connector as a VM B. Perform tethering with Cisco DNA Center C. Replace the WLC with a cloud-based controller D. Implement Cisco Mobility Services Engine Correct Answer: A
Refer to the exhibit. An engineer entered the command no spanning-tree bpduguard enable on interface Fa1/0/7. What is the effect of this command on Fa1/0/7? A. It remains in err-disabled state until the errdisable recovery cause failed-port-state command is entered in the global configuration mode B. It remains in err-disabled state until the no shutdown command is entered in the interface configuration mode C. It remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode D. It remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode. Correct Answer: C
Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied? A. least privilege B. fail-safe defaults C. economy of mechanism D. complete mediation Correct Answer: B
Refer to the exhibit. Communication between R2 and R3 over FastEthenet1/1 falls. What is the root cause of the failure? A. The subnet mask is different between the two interfaces. B. The interface of R3 is not operational. C. The wrong type of cable is connected between the two interfaces. D. IP CEF is disabled on R3. Correct Answer: A
What is one characteristic of the Cisco SD-Access control plane? A. It allows host mobility only in the wireless network. B. It is based on VXLAN technology. C. Each router processes every possible destination and route. D. It stores remote routes in a centralized database server. Correct Answer: D
A customer transitions a wired environment to a Cisco SD-Access solution. The customer does not want to integrate the wireless network with the fabric. Which wireless deployment approach enables the two systems to coexist and meets the customer requirement? A. Deploy the wireless network over the top of the fabric. B. Implement a Cisco DNA Center to manage the two networks. C. Deploy a separate network for the wireless environment. D. Deploy the APs in autonomous mode. Correct Answer: D
By default, which virtual MAC address does HSRP group 14 use? A. 04:17:01:05:7c:0e B. 00:05:0c:07:ac:14 C. 00:00:0c:07:ac:0e D. 00:05:5e:19:0c:14 Correct Answer: C
Which LISP component decapsulates messages and forwards them to the map server responsible for the egress tunnel routers? A. Router Locator B. Map Resolver C. Proxy ETR D. Ingress Tunnel Router Correct Answer: B
An engineer must design a wireless network for a school system based on these requirements: The network must be able to triangulate client location based on RSSI. Each client must be able to sustain 5 Mbps of throughput at all times. Each classroom has up to 30 clients. Primary coverage is 5 GHz. Which design should be used? A. Place APs in a grid orientation throughout the building, located as close as possible to the center of each classroom. B. Mount one AP in the center of each classroom. C. Space APs evenly on both sides of the hallways. D. Place APs near exterior walls and corners of the building, and ll in the center area with a staggered pattern. Correct Answer: D
Refer to the exhibit. Which command must be applied to R2 for an OSPF neighborship to form? A. network 20.1.1.0 0.0.0.0 area 0 B. network 20.1.1.2 0.0.0.0 area 0 C. network 20.0.0.2 0.0.0.3 area 0 D. network 20.0.0.2 0.0.0.0 area 0 Correct Answer: B
What is one characteristic of VXLAN? A. It supports a maximum of 4096 VLANs B. It supports multitenant segments C. It uses STP to prevent loops in the underlay network D. It uses the Layer 2 header to transfer packets through the network underlay Correct Answer: B
What is the function of vBond in a Cisco SD-WAN deployment? A. initiating connections with SD-WAN routers automatically B. pushing of configuration toward SD-WAN routers C. onboarding of SD-WAN routers into the SD-WAN overlay D. gathering telemetry data from SD-WAN routers Correct Answer: A
Refer to the exhibit. A network administrator configured RSPAN to troubleshoot an issue between switch 1 and switch2. The switches are connected using interface GigabitEthernet 1/1. An external packet capture device is connected to swich2 interface GigabitEthernet 1/2. Which two commands must be added to complete this configuration? (Choose two.) A. switch2(config-if)# switchport trunk allowed vlan 10,20,30,40,50,60,70-80 B. switch2(config)# monitor session 1 source remote vlan 70 switch2(config)# monitor session 1 destination interface GigabitEthernet1/2 C. switch1(config)# interface GigabitEthernet 1/1 switch1 (config-if)# switchport mode access switch1 (config-if)# switchport access vlan 10 switch2(config)# interface GigabitEthernet 1/1 switch2(config-if)# switchport mode access switch2(config-if)# switchport access vlan 10 D. switch2(config)# monitor session 2 destination vlan 10 E. switch2(config)# monitor session 1 source remote vlan 70 switch2(config)# monitor session 1 destination interface GigabitEthernet1/1 AB Correct Answer:
Which function does a Cisco SD-Access extended node perform? A. provides fabric extension to nonfabric devices through remote registration and configuration B. performs tunneling between fabric and nonfabric devices to route traffic over unknown networks C. used to extend the fabric connecting to downstream nonfabric enabled Layer 2 switches D. in charge of establishing Layer 3 adjacencies with nonfabric unmanaged node Correct Answer: C
Which router is elected the IGMP Querier when more than one router is in the same LAN segment? A. The router with the shortest uptime. B. The router with the longest uptime. C. The router with the highest IP address. D. The router with the lowest IP address. Correct Answer: D
In which two ways does the routing protocol OSPF differ from EIGRP? (Choose two.) A. OSPF provides shorter convergence time than EIGRP. B. OSPF supports only equal-cost load balancing EIGRP supports unequal-cost load balancing. C. OSPF is distance vector protocol. EIGRP is a link-state protocol. D. OSPF supports an unlimited number of hops EIGRP supports a maximum of 255 hops. E. OSPF supports unequal-cost load balancing EIGRP supports only equal-cost load balancing. Correct Answer: AB
Refer to the exhibit. A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result? A. aaa authorization exec default group ISE-Servers local enable B. aaa authentication login error-enable aaa authentication login default group enable local ISE-Servers C. aaa authentication login default group ISE-Servers local enable D. aaa authentication login default group enable local ISE-Servers Correct Answer: C
When using BFD in a network design, which consideration must be made? A. BFD is used with dynamic routing protocols to provide subsecond convergence. B. BFD is used with first hop routing protocols to provide subsecond convergence. C. BFD is used with NSF and graceful to provide subsecond convergence. D. BFD is more CPU-intensive than using reduced hold timers with routing protocols. Correct Answer: D
Refer to the exhibit. Which command lters the ERSPAN session packets only to interface GigabitEthernet1? A. source ip 10.10.10.1 B. filter access-group 10 C. destination ip 10.10.10.1 D. source interface gigabitethernet1 ip 10.10.10.1 Correct Answer: B
Refer to the exhibit. traffic is not passing between SW1 and SW2. Which action xes the issue? A. configure switch port mode to ISL on S2 B. configure LACP mode on S1 to active C. configure PAgP mode on S1 to desirable D. configure LACP mode on S1 to passive Correct Answer: C
Which Python code snippet must be added to the script to store the changed interface configuration to a local JSON-formatted file?A.
B.
C.
D.
Correct Answer: B
Refer to the exhibit. An engineer configures a new HSRP group. While reviewing the HSRP status, the engineer sees the logging message generated on R2. What is the cause of the message? A. The HSRP configuration has caused a routing loop B. The same virtual IP address has been configured for two HSRP groups C. A PC is on the network using the IP address 10.10.1.1 D. The HSRP configuration has caused a spanning-tree loop Correct Answer: B
Refer to the exhibit. Which configuration must be implemented to establish EBGP peering between R1 and R2? A.
B.
C.
D.
Correct Answer: C
What are the main components of Cisco TrustSec? A. Cisco ISE and Enterprise Directory Services B. Cisco ISE, network switches, rewalls, and routers C. Cisco ISE and TACACS+ D. Cisco ASA and Cisco Firepower Threat Defense Correct Answer: B
What is a characteristic of a WLC that is in master controller mode? A. configuration on the master controller is executed on all wireless LAN controllers. B. The master controller is responsible for load balancing all connecting clients to other controllers. C. All new APs that join the WLAN are assigned to the master controller. D. All wireless LAN controllers are managed by the master controller. Correct Answer: C
Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost? A. Authentication Down/Switching Down B. Authentication-Central/Switch-Local C. Authentication-Central/Switch-Central D. Authentication-Down/Switch-Local Correct Answer: D
Refer to the exhibit. Object tracking has been configured for VRRP-enabled routers Edge-01 and Edge-02. Which commands cause Edge-02 to preempt Edge-01 in the event that interface G0/0 goes down on Edge-01? A. Edge-01(config)#interface G0/1 Edge-01(config-if)#vrrp 10 track 10 decrement 30 B. Edge-02(config)#interface G0/1 Edge-02(config-if)#vrrp 10 track 10 decrement 30 C. Edge-02(config)#interface G0/1 Edge-02(config-if)#vrrp 10 track 10 decrement 10 D. Edge-01(config)#interface G0/1 Edge-01(config-if)#vrrp 10 track 10 decrement 10 A Correct Answer:
Refer to the exhibit. An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0. Which action must the engineer take? A. Apply a filter list outbound on R3 and R7. B. Apply a filter list inbound on R2 and R9. C. Apply a filter list inbound on R3 and R7. D. Apply a filter list outbound on R7 only. Correct Answer: C
An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two.) A. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2 class- map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action drop control-plane Service-policy input CoPP-policy B. show ip interface brief C. show quality-of-service-profile D. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp class-map match-all CoPP-management match access-group 150 policy- map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action transmit control-plane Service-policy input CoPP-policy E. show policy-map control-plane Correct Answer: AE
A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols. Which configuration must be applied to allow only secure and reliable remote access for device administration? A. line vty 0 15 login local transport input all B. line vty 0 15 login local transport input ssh C. line vty 0 15 login local transport input telnet ssh D. line vty 0 15 login local transport input none Correct Answer: B
Which feature is used to propagate ARP, broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating? A. Multisite Fabric B. Native Fabric Multicast C. SDA Transit D. Layer 2 Flooding Correct Answer: D
Which function does a fabric wireless LAN controller perform in a Cisco SD-Access deployment? A. manages fabric-enabled APs and forwards client registration and roaming information to the Control Plane Node B. coordinates configuration of autonomous nonfabric access points within the fabric C. performs the assurance engine role for both wired and wireless clients D. is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric A Correct Answer:
Refer to the exhibit. An engineer must permit traffic from these networks and block all other traffic. An informational log message should be triggered when traffic enters from these prefixes. Which access list must be used? A. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 access-list acl_subnets deny ip any log B. access-list acl_subnets permit ip 10.0.32.0 255.255.248.0 log C. access-list acl_subnets permit ip 10.0.32.0 0.0.7.255 log D. access-list acl_subnets permit ip 10.0.32.0 0.0.0.255 log Correct Answer: C
Refer to the exhibit. Which Python code snippet prints the descriptions of disabled interfaces only? A.
B.
C.
D.
Correct Answer: B
Which measure is used by an NTP server to indicate its closeness to the authoritative time source? A. stratum B. time zone C. latency D. hop count Correct Answer: A
When is the Design work flow used in Cisco DNA Center? A. in a green field deployment, with no existing infrastructure B. in a green field or brown field deployment, to wipe out existing data C. in a brown field deployment, to modify configuration of existing devices in the network D. in a brown field deployment, to provision and onboard new network devices Correct Answer: A
What are two characteristics of VXLAN? (Choose two) A. It lacks support for host mobility. B. It uses VTEPs to encapsulate and decapsulate frames. C. It allows for up to 16 million VXLAN segments. D. It extends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay. E. It has a 12-bit network identifier. Correct Answer: BC
Refer to the exhibit. An engineer configures OSPF and wants to verify the configuration. Which configuration is applied to this device? A. R1(config)#interface Gi0/1 R1(config-if)#ip ospf enable R1(contig-if)#ip ospf network broadcast R1(config-if)#no shutdown B. R1(config)#router ospf 1 R1(config-router)#network 0.0.0.0 0.0.0.0 area 0 R1(config-router)#no passive-interface Gi0/1 C. R1(config)#interface Gi0/1 R1(config-if)#ip ospf 1 area 0 R1(config-if)#no shutdown D. R1(config)#router ospf 1 R1(config-router)#network 192.168.50.0 0.0.0.255 area 0 Correct Answer: D
What is the function of a control-plane node in a Cisco SD-Access solution? A. to run a mapping system that manages endpoint to network device relationships B. to implement policies and communicate with networks outside the fabric C. to connect external Layer 3 networks to the SD-Access fabric D. to connect APs and wireless endpoints to the SD-Access fabric Correct Answer: A
What is the purpose of a data modeling language? A. to describe the structure and meaning of exchanged data B. to standardize the procedures that are executed when parsing sent and received data C. to establish a framework to process data by using an object-oriented programming approach D. to specify the rules for transcoding between text and binary data encodings C Correct Answer:
Which IPv4 packet field carries the QoS IP classification marking? A. ID B. TTL C. FCS D. ToS Correct Answer: D
Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose two.) A. bare metal server B. remote server C. NFS share D. local server E. non-linux server Correct Answer: BC
Refer to the exhibit. What does the output confirm about the switch's spanning tree configuration? A. The spanning-tree operation mode for this switch is PVST. B. The spanning-tree operation mode for this switch is PVST+. C. The spanning-tree mode stp ieee command was entered on this switch. D. The spanning-tree operation mode for this switch is IEE E. Correct Answer: B
Based on the router's API output in JSON format below, which Python code will display the value of the `hostname` key?A. json_data = response,json() print(json_data['response'][0]['hostname']) B. json_data = json.loads(response.text) print(json_data['response']['family']['hostname']) C. json_data = json.loads(response.text) print(json_data[response][0][hostname]) D. json_data = response.json() print(json_data['response'][family][hostname']) Correct Answer: A
Which function is performed by vSmart in the Cisco SD-WAN architecture'? A. distribution of IPsec keys B. execution of localized policies C. redistribution between OMP and other routing protocols D. facilitation of NAT detection and traversal Correct Answer: B
Refer to the exhibit. The administrator troubleshoots an EtherChannel that keeps moving to err-disabled. Which two actions must be taken to resolve the issue? (Choose two.) A. Ensure that the corresponding port channel interface on the neighbor switch is named Port-channel1. B. Ensure that the switchport parameters of Port-channel1 match the parameters of the port channel on the neighbor switch. C. Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch. D. Reload the switch to force EtherChannel renegotiation. E. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the same EtherChannel. Correct Answer: BE
Refer to the exhibit. A network engineer must configure NETCON A. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration? B. Device(config)# netconf max-sessions 100 C. Device(config)# no netconf ssh acl 1 D. Device(config)# netconf lock-time 500 E. Device(config)# netconf max-message 1000 Correct Answer: B
Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes? A. IKE B. TLS C. IPsec D. ESP Correct Answer: B
Refer to the exhibit. Which command set is needed to configure and verify router R3 to measure the response time from router R3 to the file server located in the data center? A.
B.
C.
D.
Correct Answer: B
Refer to the exhibit. What are two reasons for IP SLA tracking failure? (Choose two.) A. The threshold value is wrong. B. The destination must be 172.30.30.2 for icmp-echo. C. The default route has the wrong next hop IP address. D. A route back to the R1 LAN network is missing in R2. E. The source-interface is configured incorrectly. Correct Answer: AD
Refer to the exhibit. Which command set must be added to the configuration to analyze 50 packets out of every 100? A. sampler SAMPLER-1 mode random 1-out-of 2 flow FLOW-MONITOR-1 interface GigabitEthernet 0/0/0 ip flow monitor SAMPLER-1 input B. flow monitor FLOW-MONITOR-1 record v4_r1 sampler SAMPLER-1 interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input C. sampler SAMPLER-1 no mode random 1-out-of 2 mode percent 50 interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input D. interface GigabitEthernet 0/0/0 ip flow monitor FLOW-MONITOR-1 sampler SAMPLER-1 input B Correct Answer:
Why would an engineer use YANG? A. to transport data between a controller and a network device B. to model data for NETCONF C. to access data using SNMP D. to translate JSON into an equivalent XML syntax Correct Answer: B
A network monitoring system uses SNMP polling to record the statistics of router interfaces. The SNMP queries work as expected until an engineer installs a new interface and reloads the router. After this action, all SNMP queries for the router fail. What is the cause of this issue? A. The SNMP interface index changed after reboot. B. The SNMP server traps are disabled for the link state. C. The SNMP server traps are disabled for the interface index. D. The SNMP community is configured incorrectly. Correct Answer: A
Which character formatting is required for DHCP Option 43 to function with current AP models? A. MD5 B. Base64 C. ASCII D. Hex Correct Answer: C
Which benefit is realized by implementing SSO? A. IP first-hop redundancy B. communication between different nodes for cluster setup C. physical link redundancy D. minimal network downtime following an RP switchover Correct Answer: D
Refer to the exhibit. After configuring HSRP an engineer enters the show standby command. Which two facts are derived from the output? (Choose two.) A. R2 becomes the active router after the hold time expires. B. If Fa0/0 is shut down, the HSRP priority on R2 becomes 80. C. R2 Fa1/0 regains the primary role when the link comes back up. D. The router with IP 10.10.1.3 is active because it has a higher IP address. E. R2 is using the default HSRP hello and hold timers. Correct Answer: BE
Which two parameters are examples of a QoS traffic descriptor? (Choose two.) A. DSCP B. MPLS EXP bits C. packet size D. bandwidth E. ToS Correct Answer: AB
Refer to the exhibit. An engineer attempts to create a configuration to allow the Blue VRF to leak into the global routing table, but the configuration does not function as expected. Which action resolves this issue? A. Change the source network that is speci ed in access-list 101. B. Change the access-list destination mask to a wildcard. C. Change the access-list number in the route map. D. Change the route-map configuration to VRF_BLU E. Correct Answer: B
An engineer must configure a multicast UDP jitter operation. Which configuration should be applied? A. Router(config)#ip sla 1 Router(config)#udp-jitter 192.0.2.115 65051 B. Router(config)#ip sla 1 Router(config)#udp jitter 239.1.1.1 65051 end-point list List source-ip 192.168.1.1 C. Router(config)#ip sla 1 Router(config)#udp-jitter 192.0.2.115 65051 num-packets 20 D. Router(config)#ip sla 1 Router(config)#udp jitter 10.0.0.1 source-ip 192.168.1.1 B Correct Answer:
Refer to the exhibit. The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated? A. aaa authentication login default group radius local none B. aaa authorization exec default group radius C. aaa authorization exec default group radius if-authenticated D. aaa authorization exec default group radius none Correct Answer: C
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.) A. advertisement of network prefixes and their attributes B. configuration of control and data policies C. gathering of underlay infrastructure data D. delivery of crypto keys E. segmentation and differentiation of traffic Correct Answer: AD
How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API? A. Add a timestamp to the request in the API header. B. Use a password hash. C. Add OAuth to the request in the API header. D. Use HTTPS. Correct Answer: A
Which two features does the Cisco SD-Access architecture add to a traditional campus network? (Choose two.) A. modular QoS B. software-defined segmentation C. identity services D. private VLANs E. SD-WAN Correct Answer: BC
Which congestion queuing method on Cisco IOS based routers uses four static queues? A. weighted fair B. custom C. low latency D. priority Correct Answer: D
Which resource is able to be shared among virtual machines deployed on the same physical server? A. disk B. VM configuration file C. applications D. operating system Correct Answer: A
Refer to the exhibit. An engineer must set up connectivity between a campus aggregation layer and a branch office access layer. The engineer uses dynamic trunking protocol to establish this connection; however, management traffic on VLAN1 is not passing. Which action resolves the issue and allow communication for all configured VLANs? A. Disable Spanning Tree for the native VLAN. B. Allow all VLANs on the trunk links. C. Change both interfaces to access ports. D. configure the correct native VLAN on the remote interface Correct Answer: D
Which three resources must the hypervisor make available to the virtual machines? (Choose three.) A. Memory B. bandwidth C. IP address D. Processor E. storage F. secure access Correct Answer: ADE
Refer to the exhibit. An engineer must configure static NAT on R1 to allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and ISP 2. Which command set should be applied to R1 to fulfill these requirements? A. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 extendable ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 extendable B. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 C. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 no-alias ip nat inside source static tcp 10.1.1.100 80 209.165.201.1 80 no-alias D. ip nat inside source static tcp 10.1.1.100 80 209.165.200.225 80 ip nat inside source static tcp 10.1.1.100 8080 209.165.201.1 8080 A Correct Answer:
Refer to the exhibit. An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue? A. Enable fast LACP PDUs on interface Gi0/0. B. Set LACP max-bundle to 2 on interface Port-channel1. C. configure no shutdown on interface Gi0/0. D. configure channel-group 1 mode active on interface Gi0/0. Correct Answer: B
In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch? A. management and data B. control, and forwarding C. control and management D. control and data Correct Answer: C
Refer to the exhibit. A network engineer is enabling logging to a local buffer, to the terminal, and to a syslog server for all debugging level logs ltered by facility code 7. Which command is needed to complete this configuration snippet? A. logging buffered debugging B. logging discriminator Disc1 severity includes 7 C. logging buffered discriminator Disc1 debugging D. logging discriminator Disc1 severity includes 7 facility includes fac7 Correct Answer: B
Refer to the exhibit. What is the result of the API request? A. The native interface information is read from the network appliance. B. The information for all interfaces is read from the network appliance. C. The params variable reads data fields from the network appliance. D. The params variable sends data fields to the network appliance. Correct Answer: A
Which definition describes JWT in regard to REST API security? A. an encrypted JSON token that is used for authentication B. an encrypted JSON token that is used for authorization C. an encoded JSON token that is used to securely exchange information D. an encoded JSON token that is used for authentication Correct Answer: D
Refer to the exhibit. A client has two directly connected eBGP peering links with diverse ISPs. Both providers advertise the same public prefix 209.165.200.224/27 to R1 without any route manipulation. traffic leaves R1 outbound via ISP1 but returns inbound via ISP2. Which configuration prevents asymmetrical routing and makes ISP1 the preferred path inbound and outbound? A.
B.
C.
D.
Correct Answer: C
Refer to the exhibit. An engineer must allow all users in the 10.2.2.0/24 subnet to access the internet. To conserve address space, the public interface address of 209.165.201.1 must be used for all external communication. Which command set accomplishes these requirements? A.
B.
C.
D.
Correct Answer: D
What is a TLOC in a Cisco SD-WAN deployment? A. value that identifies a specific tunnel within the Cisco SD-WAN overlay B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay C. attribute that acts as a next hop for network prefixes D. component set by the administrator to differentiate similar nodes that offer a common service C Correct Answer:
Refer to the exhibit. Which configuration must be applied to the HQ router to set up a GRE tunnel between the HQ and BR routers? A.
B.
C.
D.
Correct Answer: C
Refer to the exhibit. An engineer configures the BGP adjacency between R1 and R2; however, it fails to establish. Which action resolves the issue? A. Change the network statement on R1 to 172.16.10.0. B. Change the remote-as number on R1 to 6500. C. Change the remote-as number for 192.168.100.11. D. Enable synchronization on R1 and R2. Correct Answer: B
Refer to the exhibit. The trunk does not work over the back-to-back link between Switch1 interface Gig1/0/20 and Switch2 interface Gig1/0/20. Which configuration xes the problem? A. Switch 1(config)#interface gig1/0/20 Switch1(config-if)#switchport mode dynamic auto B. Switch2(config)#interface gig1/0/20 Switch2(config-if)#switchport mode dynamic desirable C. Switch2(config)#interface gig1/0/20 Switch2(config-if)#switchport mode dynamic auto D. Switch1(config)#interface gig1/0/20 Switch1(config-if)#switchport trunk native vlan 1 Switch2(config)#interface gig1/0/20 Switch2(config- if)#switchport trunk native vlan 1 Correct Answer: B
Refer to the exhibit. An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1. Which commands must be added to complete the configuration? A. Device(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1 Device(config-mon-erspan-src-dst)#ip address 10.10.0.1 B. Device(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no vrf 1 C. Device(config)#monitor session 1 type erspan-source Device(config-mon-erspan-src)#destination Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1 Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1 D. Device(config)#monitor session 1 type erspan-destination Device(config-mon-erspan-src)#source Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1 Correct Answer: B
An engineer must configure a router to leak routes between two VRFs. Which configuration must the engineer apply? A.B.
C.
D.
Correct Answer: C
Which Python code snippet must be added to the script to save the returned configuration as a JSON-formatted file?A.
B.
C.
D.
Correct Answer: A
When firewall capabilities are considered, which feature is found only in Cisco next-generation rewalls? A. malware protection B. stateful inspection C. traffic filtering D. active/standby high availability Correct Answer: A
A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which configuration commands are required to issue a certificate signing request from the core switch? A. Core-Switch(config)#crypto pki enroll Core-Switch Core-Switch(config)#ip http secure-trustpoint Core-Switch B. Core-Switch(config)#ip http secure-trustpoint Core-Switch Core-Switch(config)#crypto pki enroll Core-Switch C. Core-Switch(config)#crypto pki trustpoint Core-Switch Core-Switch(ca-trustpoint)#enrollment terminal Core-Switch(config)#crypto pki enroll Core-Switch D. Core-Switch(config)#crypto pki trustpoint Core-Switch Core-Switch(ca-trustpoint)#enrollment terminal Core-Switch(config)#ip http secure- trustpoint Core-Switch Correct Answer: D
An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication. Which profile must the engineer edit to achieve this requirement? A. Policy B. RF C. Flex D. WLAN Correct Answer: A
An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionality? A. Local Policy B. WPA2 Policy C. CCKM D. Web Policy Correct Answer: D
A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP load balancing method supports this environment? A. round robin B. host dependent C. weighted D. least connection Correct Answer: C
Refer to the exhibit. Which command set changes the neighbor state from Idle (Admin) to Active? A. R1(config)#router bgp 65001 R1(config-router)#neighbor 192.168.50.2 remote-as 65001 B. R1(config)#router bgp 65001 R1(config-router)#neighbor 192.168.50.2 activate C. R1(config)#router bgp 65001 R1(config-router)#no neighbor 192.168.50.2 shutdown D. R1(config)#router bgp 65002 R1(config-router)#neighbor 192.168.50.2 activate C Correct Answer:
A network engineer configures a WLAN controller with increased security for web access. There is IP connectivity with the WLAN controller, but the engineer cannot start a management session from a web browser. Which action resolves the issue? A. Disable Adobe Flash Player. B. Use a private or incognito session. C. Use a browser that supports 128-bit or larger ciphers. D. Disable JavaScript on the web browser. Correct Answer: C
What does a northbound API accomplish? A. programmatic control of abstracted network resources through a centralized controller B. access to controlled network resources from a centralized node C. communication between SDN controllers and physical switches D. controlled access to switches from automated security applications Correct Answer: A
In a Cisco SD-WAN solution, how is the health of a data plane tunnel monitored? A. with IP SLA B. ARP probing C. using BFD D. with OMP Correct Answer: C
Which solution do IaaS service providers use to extend a Layer 2 segment across a Layer 3 network? A. VXLAN B. VTEP C. VRF D. VLAN Correct Answer: A
By default, which virtual MAC address does HSRP group 16 use? A. c0:41:41:43:07:10 B. 00:05:5c:07:0c:16 C. 00:00:0c:07:ac:10 D. 05:00:0c:07:ac:16 Correct Answer: C
Refer to the exhibit. Why was the response code generated? A. The resource was unreachable. B. Access was denied based on the user permissions. C. Access was denied based on the credentials. D. The resource is no longer available on the server. Correct Answer: B
Refer the exhibit. Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a blocking state? A. SW4(config)#spanning-tree vlan 1 priority 0 ! SW2(config)#int G0/2 SW2(config-if)#spanning-tree cost 128 B. SW4(config)#spanning-tree vlan 1 priority 0 ! SW2(config)#interface G0/2 SW2(config-if)#spanning-tree vlan 1 port-priority 64 C. SW4(config)#spanning-tree vlan 1 priority 32768 ! SW2(config)#int G0/2 SW2(config-if)#spanning-tree cost 128 D. SW4(config)#spanning-tree vlan 1 priority 32768 ! SW2(config)#interface G0/2 SW2(config-if)#spanning-tree vlan 1 port-priority 0 Correct Answer: A
What happens when a FlexConnect AP changes to standalone mode? A. All client roaming continues to work. B. Only clients on central switching WLANs stay connected. C. All clients on all WLANs are disconnected. D. All controller-dependent activities stop working except the DFS. Correct Answer: C
If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm. which power level effectively doubles the transmit power? A. 13 dBm B. 14 dBm C. 17 dBm D. 20 dBm Correct Answer: C
An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply? A. event manager applet ENABLE_OSPF_DEBUG event syslog pattern %OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN action 1.0 cli command enable action 2.0 cli command debug ip ospf event action 3.0 cli command debug ip ospf adj action 4.0 syslog priority informational msg ENABLE_OSPF_DEBUG B. event manager applet ENABLE_OSPF_DEBUG event syslog pattern %OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL action 1.0 cli command debug ip ospf event action 2.0 cli command debug ip ospf adj action 3.0 syslog priority informational msg ENABLE_OSPF_DEBUG C. event manager applet ENABLE_OSPF_DEBUG event syslog pattern %OSPF-1-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN action 1.0 cli command debug ip ospf event action 2.0 cli command debug ip ospf adj action 3.0 syslog priority informational msg ENABLE_OSPF_DEBUG D. event manager applet ENABLE_OSPF_DEBUG event syslog pattern %OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL action 1.0 cli command enable action 2.0 cli command debug ip ospf event action 3.0 cli command debug ip ospf adj action 4.0 syslog priority informational msg ENABLE_OSPF_DEBUG Correct Answer: A
A customer wants to provide wireless access to contractors using a guest portal on Cisco IS A. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal? B. Install a trusted third-party certificate on the Cisco IS C. Install an internal CA signed certificate on the Cisco IS D. Install a trusted third-party certificate on the contractor devices. E. Install an internal CA signed certificate on the contractor devices. Correct Answer: B
An engineer must configure a new loopback interface on a router and advertise the interface as a /24 in OSP A. Which command set accomplishes this task? B. R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network broadcast R2(config- if)#ip ospf 100 area 0 C. R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-point R2(config- if)#ip ospf 100 area 0 D. R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf network point-to-multipoint R2(config-if)#router ospf 100 E. R2(config-router)#network 172.22.2.0 0.0.0.255 area 0 R2(config)#interface Loopback0 R2(config-if)#ip address 172.22.2.1 255.255.255.0 R2(config-if)#ip ospf 100 area 0 Correct Answer: B
Refer to the exhibit. Which commands are required to allow SSH connections to the router? A.
B.
C.
D.
Correct Answer: A
Refer to the exhibit. Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow communication from R1 to reach the networks? A.
B.
C.
D.
Correct Answer: B
Refer to the exhibit. Which command must be configured for RESTCONF to operate on port 8888? A. restconf port 8888 B. ip http restconf port 8888 C. ip http port 8888 D. restconf http port 8888 Correct Answer: C
Why would a log file contain a * next to the date? A. The network device was receiving NTP time when the log messages were recorded. B. The network device was unable to reach the NTP server when the log messages were recorded. C. The network device is not configured to use NTP. D. The network device is not configured to use NTP time stamps for logging. Correct Answer: D
What is one difference between EIGRP and OSPF? A. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state algorithm. B. OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state algorithm. C. EIGRP uses the variance command for unequal cost load balancing, and OSPF supports unequal cost balancing by default. D. OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol. Correct Answer: A
A network engineer must configure a router to send logging messages to a syslog server based on these requirements: * uses syslog IP address: 10.10.10.1 * uses a reliable protocol * must not use any well-known TCP/UDP ports Which configuration must be used? A. logging host 10.10.10.1 transport tcp port 1024 B. logging host 10.10.10.1 transport udp port 1024 C. logging host 10.10.10.1 transport udp port 1023 D. logging origin-id 10.10.10.1 Correct Answer: A
Refer to the exhibit. A network engineer must log in to the router via the console, but the RADIUS servers are not reachable. Which credentials allow console access? A. no username and only the password test123 B. no username and only the password cisco123 C. the username cisco and the password cisco D. the username cisco and the password cisco123 Correct Answer: B
Which configuration allows administrators to configure the device through the console port and use a network authentication server? A. aaa new-model aaa authentication login default local aaa authorization console aaa authorization config-commands username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDAx1uV B. aaa new-model aaa authentication login default local aaa authorization console aaa authorization config-commands C. aaa new-model aaa authentication login default line D. aaa new-model aaa authentication login default group radius aaa authorization console aaa authorization config-commands Correct Answer: D
What is the process for moving a virtual machine from one host machine to another with no downtime? A. high availability B. disaster recovery C. live migration D. multisite replication Correct Answer: C
Refer to the exhibit. An engineer must create a configuration that prevents R3 from receiving the LSA about 172.16.1.4/32. Which configuration set achieves this goal? A. On R3 ip access-list standard R4_L0 deny host 172.16.1.4 permit any router ospf 200 distribute-list R4_L0 in B. On R1 ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32 ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 file 32 router ospf 200 area 1 filter-list prefix INTO-AREA1 out C. On R1 ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32 ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 file 32 router ospf 200 area 1 filter-list prefix INTO-AREA1 in D. On R3 ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32 ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 file 32 router ospf 200 area 1 filter-list prefix INTO-AREA1 in Correct Answer: C
Refer to the exhibit. An engineer is reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to take a path of R1-R3-R4? A. R1(config)#route-map RM_LOCAL_PREF permit 10 R1(config-route-map)#set local-preference 101 R1(config-route-map)#exit R1(config)#router bgp 100 R1(config-router)#neighbor 13.13.13.3 route-map RM_LOCAL_PREF in R1(config-router)#end R1#clear ip bgp 13.13.13.3 soft in B. R1(config)#route-map RM_AS_PATH_PREPEND R1(config-route-map)#set as-path prepend 200 200 R1(config-route-map)#exit R1(config)#router bgp 100 R1(config-router)#neighbor 12.12.12.2 route-map RM_AS_PATH_PREPEND in R1(config-router)#end R1#clear ip bgp 12.12.12.2 soft in C. R1(config)#router bgp 100 R1(config-router)#neighbor 13.13.13.3 weight 1 R1(config-router)#end D. R2(config)#route-map RM_MED permit 10 R2(config-route-map)#set metric 1 R2(config-route-map)#exit R2(config)#router bgp 200 R2(config-router)#neighbor 12.12.12.1 route-map RM_MED out R2(config-router)#end R2#clear ip bgp 12.12.12.1 soft out Correct Answer: B
In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node? A. VXLAN B. IS-IS C. 802.1Q D. CTS Correct Answer: C
Refer to the exhibit. How does the router handle traffic after the CoPP policy is configured on the router? A. traffic generated by R1 that matches access list SNMP is policed. B. traffic coming to R1 that matches access list SNMP is policed. C. traffic passing through R1 that matches access list SNMP is policed. D. traffic coming to R1 that does not match access list SNMP is dropped. Correct Answer: A
What is a characteristic of Cisco StackWise technology? A. It is supported on the Cisco 4500 series. B. It supports devices that are geographically separated C. It combines exactly two devices. D. It uses proprietary cabling. Correct Answer: D
What is one primary REST security design principle? A. fail-safe defaults B. password hash C. adding a timestamp in requests D. OAuth Correct Answer: A
Refer to the exhibit. After the code is run on a Cisco IOS-XE router, the response code is 204. What is the result of the script? A. The configuration fails because interface GigabitEthernet2 is missing on the target device. B. Interface GigabitEthemet2 is configured with IP address 10.10.10.1/24. C. The configuration fails because another interface is already configured with IP address 10.10.10.1/24. D. The configuration is successfully sent to the device in cleartext. Correct Answer: B
Which time protocol offers security features and utilizes site-local IPv6 multicast addresses? A. NTPv3 B. PTP IEEE 1588v1 C. NTPv4 D. PTP IEEE 1588v2 Correct Answer: C
Refer to the exhibit. Which command must be applied to Router1 to bring the GRE tunnel to an up/up state? A. Router1(config-if)#tunnel source Loopback0 B. Router1(config-if)#tunnel mode gre multipoint C. Router1(config-if)#tunnel source GigabitEthernet0/1 D. Router1(config)#interface tunnel0 Correct Answer: A
Refer to the exhibit. VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN- A. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from VPN- B. Which configuration is applied? C. PE-2 vrf VPN-B address-family ipv4 unicast import route-target 100:1 export route-target 100:2 D. PE-3 vrf VPN-B address-family ipv4 unicast import route-target 100:2 export route-target 100:2 E. PE-2 vrf VPN-B address-family ipv4 unicast import route-target 100:2 export route-target 100:2 F. PE-3 vrf VPN-B address-family ipv4 unicast import route-target 100:1 export route-target 100:2 Correct Answer: A
A customer wants to use a single SSID to authenticate IoT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement? A. Central Web Authentication B. Ciscofficentralized Key Management C. Identity PSK D. Fast Transition Correct Answer: C
In which two ways does TCAM differ from CAM? (Choose two.) A. CAM is used to make Layer 2 forwarding decisions, and TCAM is used for Layer 3 address lookups. B. CAM is used by routers for IP address lookups, and TCAM is used to make Layer 2 forwarding decisions. C. CAM is used for software switching mechanisms, and TCAM is used for hardware switching mechanisms. D. The MAC address table is contained in TCAM, and ACL and QoS information is stored in CAM. E. The MAC address table is contained in CAM, and ACL and QoS information is stored in TCAM. Correct Answer: AE
Which tool is used in Cisco DNA Center to build generic configurations that are able to be applied on devices with similar network settings? A. Command Runner B. Application Policies C. Template Editor D. Authentication Template Correct Answer: C
In which part of the HTTP message is the content type speci ed? A. HTTP method B. body C. header D. URI Correct Answer: C
An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use? event manager applet LogMessage event routing network 172.30.197.0/24 type all A. action 1 syslog msg OSPF ROUTING ERROR B. action 1 syslog send OSPF ROUTING ERROR C. action 1 syslog pattern OSPF ROUTING ERROR D. action 1 syslog write OSPF ROUTING ERROR Correct Answer: C
An engineer runs the code against an API of Cisco DNA Center, and the platform returns this output. What does the response indicate?A. The authentication credentials are incorrect. B. The URI string is incorrect. C. The Cisco DNA Center API port is incorrect. D. The HTTP method is incorrect. Correct Answer: D
What are two benefits of YANG? (Choose two.) A. It enforces the use of a specific encoding format for NETCON B. It collects statistical constraint analysis information. C. It enables multiple leaf statements to exist within a leaf list. D. It enforces configuration semantics. E. It enforces configuration constraints. Correct Answer: AE
Refer to the exhibit. After running the code in the exhibit, which step reduces the amount of data that the NETCONF server returns to the NETCONF client, to only the interface's configuration? A. Use the Ixml library to parse the data returned by the NETCONF server for the interface's configuration. B. Create an XML filter as a string and pass it to get_config() method as an argument. C. Create a JSON filter as a string and pass it to the get_config() method as an argument. D. Use the JSON library to parse the data returned by the NETCONF server for the interface's configuration. Correct Answer: D
Running the script causes the output in the exhibit. Which change to the first line of the script resolves the error?A. from ncclient import B. import manager C. from ncclient import * D. import ncclient manager Correct Answer: C
Which line must be added in the Python function to return the JSON object {`cat_9k`: `FXS1932Q2SE`}?
A. return (json.dumps({d['hostname']: d['serialNumber'] for d in json.loads(test_json)['response']}))
B. return (json.dumps({for d in json.loads(test_json)['response']: d['hostname']: d['serialNumber']}))
C. return (json.loads({d['hostname']: d['serialNumber'] for d in json.dumps(test_json)['response'}))
D. return (json.loads({for d in json.dumps(test_json)['response']: d['hostname']: d['serialNumber']})) A
Correct Answer:
Refer to the exhibit. Which code results in the working Python script displaying a list of network devices from the Cisco DNA Center? A. network_device_list(dnac[ host ], dnac[ username ],dnac[ password ]) login = dnac_login(dnac) print(dnac_devices) B. login = dnac_login(dnac[ host ], dnac[ username ], dnac[ password ]) network_device_list(dnac, login) print(dnac_devices) C. login = dnac_login(dnac[ host ], dnac[ username ], dnac[ password ]) network_device_list(dnac, login) for item in dnac_devices: print(dnac_devices.item) D. network_device_list(dnac[ host ], dnac[ username ], dnac[ password ]) login = dnac_login(dnac) for item in dnac_devices: print(dnac_devices.item) Correct Answer: C
What does the Cisco DNA REST response indicate? A. Cisco DNA Center has the incorrect credentials for cat3850-1 B. Cisco DNA Center is unable to communicate with cat9000-1 C. Cisco DNA Center has the incorrect credentials for cat9000-1 D. Cisco DNA Center has the incorrect credentials for RouterASR-1 Correct Answer: C
What is a characteristic of YANG? A. It is a Cisco proprietary language that models NETCONF data. B. It allows model developers to create custom data types. C. It structures data in an object-oriented fashion to promote model reuse. D. It provides loops and conditionals to control flow within models. Correct Answer: C
Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SL A. Which configuration should the engineer use? B. event manager applet EEM_IP_SLA event track 10 state down C. event manager applet EEM_IP_SLA event track 10 state unreachable D. event manager applet EEM_IP_SLA event sla 10 state unreachable E. event manager applet EEM_IP_SLA event sla 10 state down Correct Answer: A
Refer to the exhibit.What is the value of the variable list after the code is run? A. [1, 2], [1, 2], [1, 2] B. [1, 2] * 3 C. [1, 2, 1, 2, 1, 2] D. [3, 6] Correct Answer: C
Refer to the exhibit.Which result does the Python code achieve? A. The code encrypts a base64 decrypted password. B. The code converts time to the Epoch LINUX time format. C. The code converts time to the "year/month/day" time format. D. The code converts time to the yyyymmdd representation. Correct Answer: D
Refer to the exhibit.POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue? A. The URI string is incorrect. B. The token has expired. C. Authentication has failed. D. The JSON payload contains the incorrect UUI E. Correct Answer: A
Refer to the exhibit.Running the script causes the output in the exhibit. What should be the first line of the script? A. from ncclient import manager B. import manager C. from ncclient import * D. ncclient manager import Correct Answer: A
Refer to the exhibit.An engineer must create a script that appends the output of the show process cpu sorted command to a file. Which action completes the configuration? A. action 4.0 syslog command "show process cpu sorted | append flash:high-cpu- file" B. action 4.0 cli command "show process cpu sorted | append flash:high-cpu- file" C. action 4.0 cns-event "show process cpu sorted | append flash:high-cpu- file" D. action 4.0 publish-event "show process cpu sorted | append flash:high-cpu- file" B Correct Answer:
What is an advantage of utilizing data models in a multivendor environment? A. lowering CPU load incurred to managed devices B. improving communication security with binary encoded protocols C. facilitating a unified approach to configuration and management D. removing the distinction between configuration and runtime state data Correct Answer: C
How is a data modeling language used? A. To enable data to be easily structured, grouped, validated, and replicated. B. To represent nite and well-defined network elements that cannot be changed. C. To model the ows of unstructured data within the infrastructure. D. To provide human readability to scripting languages. Correct Answer: A
A network engineer is configuring OSPF on a router. The engineer wants to prevent having a route to 172.16.0.0/16 learned via OSPF in the routing table and configures a prefix list using the command ip prefix-list OFFICE seq 5 deny 172.16.0.0/16. Which two additional configuration commands must be applied to accomplish the goal? (Choose two.) A. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 file 32 B. distribute-list prefix OFFICE in under the OSPF process C. distribute-list OFFICE in under the OSPF process D. distribute-list OFFICE out under the OSPF process E. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32 Correct Answer: AB
What is YANG used for? A. scraping data via CLI B. processing SNMP read-only polls C. describing data models D. providing a transport for network configuration data between client and server Correct Answer: C
Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session? A. HTTP Status Code: 200 B. HTTP Status Code: 302 C. HTTP Status Code: 401 D. HTTP Status Code: 504 Correct Answer: C
Which protocol does REST API rely on to secure the communication channel? A. HTTP B. SSH C. HTTPS D. TCP Correct Answer: C
At which layer does Cisco DNA Center support REST controls? A. session layer B. northbound APIs C. EEM applets or scripts D. YAML output from responses to API calls Correct Answer: B
Which algorithms are used to secure REST API from brute attacks and minimize the impact? A. SHA-512 and SHA-384 B. MD5 algorithm-128 and SHA-384 C. SHA-1, SHA-256, and SHA-512 D. PBKDF2, BCrypt, and SCrypt Correct Answer: D
Which method of account authentication does OAuth 2.0 use within REST APIs? A. username/role combination B. access tokens C. cookie authentication D. basic signature work flow Correct Answer: B
Which two protocols are used with YANG data models? (Choose two.) A. TLS B. RESTCONF C. SSH D. NETCONF E. HTTPS Correct Answer: BD
What is a benefit of data modeling languages like YANG? A. They create more secure and efficient SNMP OIDs. B. They provide a standardized data structure, which results in configuration scalability and consistency. C. They enable programmers to change or write their own applications within the device operating system. D. They make the CLI simpler and more efficient. Correct Answer: B
Which protocol infers that a YANG data model is being used? A. SNMP B. RESTCONF C. REST D. NX-API Correct Answer: B
Which method displays text directly into the active console with a synchronous EEM applet policy? A. event manager applet boom event syslog pattern 'UP' action 1.0 syslog priority direct msg 'logging directly to console' B. event manager applet boom event syslog pattern 'UP' action 1.0 gets 'logging directly to console' C. event manager applet boom event syslog pattern 'UP' action 1.0 string 'logging directly to console' D. event manager applet boom event syslog pattern 'UP' action 1.0 puts 'logging directly to console' D Correct Answer:
Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.) A. automation backup B. system update C. golden image selection D. proxy configuration E. application updates Correct Answer: BE
Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually? A. event manager applet ondemand event none action 1.0 syslog priority critical msg 'This is a message from ondemand' B. event manager applet ondemand action 1.0 syslog priority critical msg 'This is a message from ondemand' C. event manager applet ondemand event register action 1.0 syslog priority critical msg 'This is a message from ondemand' D. event manager applet ondemand event manual action 1.0 syslog priority critical msg 'This is a message from ondemand' Correct Answer: A
What does this EEM applet event accomplish? "event snmp oid 1.3.6.1.3.7.6.5.3.9.3.8.7 get-type next entry-op gt entry-val 75 poll-interval 5" A. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server. B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action. C. It issues email when the value is greater than 75% for five polling cycles. D. It presents a SNMP variable that can be interrogated. Correct Answer: B
What is a requirement for an Ansible-managed node? A. It must have an SSH server running. B. It must be a Linux server or a Cisco device. C. It must support ad hoc commands. D. It must have an Ansible Tower installed. Correct Answer: A
Which characteristic distinguishes Ansible from Chef? A. Ansible uses Ruby to manage configurations. Chef uses YAML to manage configurations. B. The Ansible server can run on Linux, Unix or Windows. The Chef server must run on Linux or Unix. C. Ansible pushes the configuration to the client. Chef client pulls the configuration from the server. D. Ansible lacks redundancy support for the primary server. Chef runs two primary servers in active/active mode. Ansible works by connecting to your nodes and pushing out small programs, called Ansible modules to them. These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when nished. Chef is a much older, mature solution to configure management. Unlike Ansible, it does require an installation of an agent on each server, named chef-client. Also, unlike Ansible, it has a Chef server that each client pulls configuration from. Correct Answer: C
Refer to the exhibit. What does the snippet of code achieve? A. It creates an SSH connection using the SSH key that is stored, and the password is ignored. B. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls. C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context. D. It opens a tunnel and encapsulates the login information, if the host key is correct. Correct Answer: C
Which two characteristics define the Intent API provided by Cisco DNA Center? (Choose two.) A. northbound API B. business outcome oriented C. device-oriented D. southbound API E. procedural Correct Answer: AB
In a Cisco DNA Center Plug and Play environment, why would a device be labeled unclaimed? A. The device has not been assigned a work flow. B. The device could not be added to the fabric. C. The device had an error and could not be provisioned. D. The device is from a third-party vendor. Correct Answer: A
What does the Cisco DNA Center use to enable the delivery of applications through a network and to yield analytics for innovation? A. process adapters B. Command Runner C. intent-based APIs D. domain adapters Correct Answer: C
Which devices does Cisco DNA Center configure when deploying an IP-based access control policy? A. all devices integrating with ISE B. selected individual devices C. all devices in selected sites D. all wired devices Correct Answer: C
What is a characteristic of MACsec? A. 802.1AE is built between the host and switch using the MKA protocol, which negotiates encryption keys based on the primary session key from a successful 802.1X session. B. 802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol. C. 802.1AE is built between the host and switch using the MKA protocol using keys generated via the Diffie-hellman algorithm (anonymous encryption mode). D. 802.1AE provides encryption and authentication services. Correct Answer: A
Refer to the exhibit. A network engineer attempts to connect to the Router1 console port. Which configuration is needed to allow Telnet connections? A. Router1(config)# line vty 0 15 Router1(config-line)# transport output telnet B. Router1(config)# telnet client C. Router1(config)# line console 0 Router1(config-line)# transport output telnet D. Router1(config)# access-list 100 permit tcp any any eq telnet Router1(config)# line console 0 Router1(config-line)# access-class 100 out C Correct Answer:
Refer to the exhibit.A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task? A. Add the username admin privilege 15 common-criteria-policy Administrators password 0 Cisco13579! command. B. The password expiry mechanism is on the AAA server and must be configured there. C. Add the aaa authentication enable default Administrators command. D. No further action is required. The configuration is complete. Correct Answer: A
Refer to the exhibit.Which privilege level is assigned to VTY users? A. 1 B. 7 C. 13 D. 15 Correct Answer: A
Which statements are used for error handling in Python? A. try/catch B. catch/release C. block/rescue D. try/except Correct Answer: D
How do agent-based versus agentless configuration management tools compare? A. Agentless tools use proxy nodes to interface with slave nodes. B. Agentless tools require no messaging systems between master and slaves. C. Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes. D. Agent-based tools do not require installation of additional software packages on the slave nodes. Correct Answer: B
Refer to the exhibit.Which HTTP JSON response does the Python code output give? A. 7.0(3)|7(4) B. 7.61 C. NameError: name 'json' is not defined D. KeyError: 'kickstart_ver_str' Correct Answer: A
A network administrator is preparing a Python script to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running. Which operation of the ncclient manager prevents colleagues from making changes to the devices while the script is running? A. m.lock(config='running') B. m.lock(target='running') C. m.freeze(target='running') D. m.freeze(config='running') Correct Answer: B
Which outcome is achieved with this Python code? client.connect (ip, port= 22, username= usr, password= pswd ) stdin, stdout, stderr = client.exec_command ( 'show ip bgp 192.168.101.0 bestpathn ' ) print (stdout) A. connects to a Cisco device using SSH and exports the BGP table for the prefix B. displays the output of the show command in a formatted way C. connects to a Cisco device using SSH and exports the routing table information D. connects to a Cisco device using Telnet and exports the routing table information A Correct Answer:
Refer to the exhibit. Which JSON syntax is derived from this data? A. {[{'First Name': 'Johnny', 'Last Name': 'Table', 'Hobbies': ['Running', 'Video games']}, {'First Name': 'Billy', 'Last Name': 'Smith', 'Hobbies': ['Napping', 'Reading']}]} B. {'Person': [{'First Name': 'Johnny', 'Last Name': 'Table', 'Hobbies': 'Running', 'Video games'}, {'First Name': 'Billy', 'Last Name': 'Smith', 'Hobbies': 'Napping', 'Reading'}]} C. {[{'First Name': 'Johnny', 'Last Name': 'Table', 'Hobbies': 'Running', 'Hobbies': 'Video games'}, {'First Name': 'Billy', 'Last Name': 'Smith', 'Hobbies': 'Napping', 'Reading'}]} D. {'Person': [{'First Name': 'Johnny', 'Last Name': 'Table', 'Hobbies': ['Running', 'Video games']}, {'First Name': 'Billy', 'Last Name': 'Smith', 'Hobbies': ['Napping', 'Reading']}]} Correct Answer: D
Which data is properly formatted with JSON? A.B.
C.
D.
Correct Answer: B
Based on the output below, which Python code shows the value of the "upTime" key?A. json_data = response.json() print(json_data['response'][0]['upTime']) B. json_data = response.json() print(json_data[response][0][upTime]) C. json_data = json.loads(response.text) print(json_data['response']['family']['upTime']) D. json_data = response.json() print(json_data['response'][family]['upTime']) C Correct Answer:
Which exhibit displays a valid JSON file? A.B.
C.
D.
Correct Answer: D
Refer to the exhibit.What is the JSON syntax that is formed from the data? A. {Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]} B. { Name : Bob Johnson , Age ,75 : Alive : true, Favorite Foods : [ Cereal , Mustard , Onions ]} C. {'Name': 'Bob Johnson', 'Age': 75, 'Alive': True, 'Favorite Foods': 'Cereal', 'Mustard', 'Onions'} D. { Name : Bob Johnson , Age : Seventy five, Alive : true, Favorite Foods : [ Cereal , Mustard , Onions ]} Correct Answer: B
Which JSON syntax is valid?
A. { switch : name : dist1 , interfaces : [ gig1 , gig2 , gig3 ]}
B. {/ switch/ : {/ name/ : dist1 / , interfaces/ : [ gig1 , gig2 , gig3 ]}}
C. { switch : { name : dist1 , interfaces : [ gig1 , gig2 , gig3 ]}}
D. {'switch': ('name': 'dist1', 'interfaces': ['gig1', 'gig2', 'gig3'])}
Correct Answer: C
What is the structure of a JSON web token? A. three parts separated by dots: header, payload, and signature B. three parts separated by dots: version, header, and signature C. header and payload D. payload and signature Correct Answer: A
A response code of 404 is received while using the REST API on Cisco DNA Center to POST to this URI: /dna/intent/api/v1/template-programmer/project What does the code mean? A. The POST/PUT request was fulfilled and a new resource was created. Information about the resource is in the response body. B. The request was accepted for processing, but the processing was not completed. C. The client made a request for a resource that does not exist. D. The server has not implemented the functionality that is needed to fulfill the request. Correct Answer: C
Which two operations are valid for RESTCONF? (Choose two.) A. PULL B. PUSH C. PATCH D. REMOVE E. ADD F. HEAD xml/ios/prog/configuration/166/b_166_programmability_cg/b_166_programmability_cg_chapter_01011.html Correct Answer: CF
Refer to the exhibit. An engineer is using XML in an application to send information to a RESTCONF-enabled device. After sending the request, the engineer gets this response message and an HTTP response code of 400. What do these responses tell the engineer? A. The Accept header sent was application/xml. B. POST was used instead of PUT to update. C. The Content-Type header sent was application/xml. D. A JSON body was used. Correct Answer: C
What is used to validate the authenticity of client and is sent in HTTP requests as a JSON object? A. SSH B. HTTPS C. JWT D. TLS Correct Answer: C
Refer to the exhibit.What is the effect of this configuration? A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey. B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+. C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4. D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails. Correct Answer: B
Which deployment option of Cisco NGFW provides scalability? A. inline tap B. high availability C. clustering D. tap Correct Answer: C
In a Cisco SD-Access solution, what is the role of the Identity Services Engine? A. It is leveraged for dynamic endpoint to group mapping and policy definition. B. It provides GUI management and abstraction via apps that share context. C. It is used to analyze endpoint to app ows and monitor fabric status. D. It manages the LISP EID database. Correct Answer: A
What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution? A. real-time threat management to stop DDoS attacks to the core and access networks B. real-time awareness of users, devices, and traffic on the network C. malware control D. dynamic threat control for web traffic Correct Answer: B
An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL? A. access-list 110 permit tcp any any eq 21 tcp-ack B. access-list 10 permit tcp any any eq 21 established C. access-list 110 permit tcp any any eq 21 established D. access-list 10 permit ip any any eq 21 tcp-ack Correct Answer: C
A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web server. Which statement allows this traffic? A. permit tcp host 209.165.200.225 lt 80 host 209.165.201.25 B. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80 C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 D. permit tcp host 209.165.200.225 host 209.165.201.25 eq 80 Correct Answer: D
Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet? A. permit 10.0.0.0 0.0.0.1 B. permit 10.0.0.1 0.0.0.254 C. permit 10.0.0.1 0.0.0.0 D. permit 10.0.0.0 255.255.255.254 Correct Answer: B
Refer to the exhibit.An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthernet 0/1. Which configuration command set will allow this traffic without disrupting existing traffic ows? A.
B.
C.
D.
Correct Answer: D
Which configuration restricts the amount of SSH traffic that a router accepts to 100 kbps? A.B.
C.
D.
Correct Answer: C
Refer to the exhibit. What step resolves the authentication issue? A. use basic authentication B. change the port to 12446 C. target 192.168.100.82 in the URI D. restart the vsmart host Correct Answer: D
Refer to the exhibit.Security policy requires all idle exec sessions to be terminated in 600 seconds. Which configuration achieves this goal? A. line vty 0 15 absolute-timeout 600 B. line vty 0 15 no exec-timeout C. line vty 0 15 exec-timeout 10 0 D. line vty 0 4 exec-timeout 600 Correct Answer: C
Refer to the exhibit.An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet. What explains this behavior? A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router. B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect. C. Only standard access control lists can block traffic from a source IP address. D. The access control list must contain an explicit deny to block traffic from the router. Correct Answer: A
What is a characteristic of a next-generation firewall? A. only required at the network perimeter B. required in each layer of the network C. lters traffic using Layer 3 and Layer 4 information only D. provides intrusion prevention Correct Answer: D
Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action resolves this issue? A. implement P2P blocking B. implement MFP client protection C. implement Wi-Fi direct policy D. implement split tunneling Correct Answer: A
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue? A. enable AAA override B. set a NAC state C. utilize RADIUS pro ling D. require a DHCP address assignment Correct Answer: C
Refer to the exhibit. Which single security feature is recommended to providefinetwork Access Control in the enterprise? A. MAB B. 802.1X C. WebAuth D. port security sticky MAC Correct Answer: B
Refer to the exhibit. After configuring an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show? A. VPN peers agreed on parameters for the ISAKMP S B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated. C. ISAKMP SA is authenticated and can be used for Quick Mode. D. ISAKMP SA has been created, but it has not continued to form. Correct Answer: C
Which two threats does AMP4E have the ability to block? (Choose two.) A. email phishing B. DDoS C. Microsoft Word macro attack D. SQL injection E. ransomware Correct Answer: AE
Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Drag and drop the commands into the configuration to achieve these results. Some commands may be used more than once. Not all commands are used. Select and Place:
Correct Answer:
An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used? A. username netadmin secret 5 $1$b1Ju$kZbBS1Pyh4QzwXyZ1kSZ2 B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDAx1uV C. username netadmin secret $1$b1Ju$k406689705QzwXyZ1kSZ2 D. line Console 0 password $1$b1Ju$ Correct Answer: B
Which NGFW mode blocks ows crossing the firewall? A. tap B. inline C. passive D. inline tap Correct Answer: B
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers? A. uses flexible NetFlow B. assigns a VLAN to the endpoint C. classi es traffic based on advanced application recognition D. classi es traffic based on the contextual identity of the endpoint rather than its IP address Correct Answer: D
The login method is configured on the VTY lines of a router with these parameters: * The first method for authentication is TACACS * If TACACS is unavailable, login is allowed without any provided credentials Which configuration accomplishes this task? A.B.
C.
D.
Correct Answer: D
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network? A. security group tag ACL assigned to each port on a switch B. security group tag number assigned to each user on a switch C. security group tag number assigned to each port on a network D. security group tag ACL assigned to each router on a network Correct Answer: B
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model? A. SSL B. Cisco TrustSec C. MACsec D. IPsec Correct Answer: C
An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the WLAN? A. ISE server B. RADIUS server C. anchor WLC D. local WLC Correct Answer: D
Which method does the enable secret password option use to encrypt device passwords? A. MD5 B. PAP C. CHAP D. AES Correct Answer: A
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric? A. VXLAN B. LISP C. Cisco TrustSec D. IS-IS Correct Answer: A
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device? A. The enable secret password is protected via stronger cryptography mechanisms. B. The enable password cannot be decrypted. C. The enable password is encrypted with a stronger encryption method. D. There is no difference and both passwords are encrypted identically. Correct Answer: A
Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80? A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444 B. permit tcp any any range 22 443 deny tcp any any eq 80 C. permit tcp any any eq 80 D. deny tcp any any eq 80 permit tcp any any range 22 443 Correct Answer: D
A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+ What is the process of password checks when a login attempt is made to the device? A. A TACACS+ server is checked first. If that check fails, a local database is checked. B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked. C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked. D. A local database is checked first. If that check fails, a TACACS+ server is checked. Correct Answer: D
Refer to the exhibit.Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS- related traffic? A. the controller management interface B. the controller virtual interface C. the interface speci ed on the WLAN configuration D. any interface configured on the WLC Correct Answer: C
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis? A. Cisco Firepower and FireSIGHT B. Cisco Stealthwatch system C. Advanced Malware Protection D. Cisco Web Security Appliance Correct Answer: B
An engineer must protect their company against ransomware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption? A. Use Cisco Firepower and block traffic to TOR networks. B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled. C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation. D. Use Cisco AMP deployment with the Exploit Prevention engine enabled. Correct Answer: B
Refer to the exhibit.An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times. Which command set accomplishes this task? A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in Correct Answer: B
Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction? A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080 B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080 C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2 D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2 Correct Answer: C
What is the result of applying this access control list? ip access-list extended STATEFUL 10 permit tcp any any established 20 deny ip any any A. TCP traffic with the URG bit set is allowed. B. TCP traffic with the SYN bit set is allowed. C. TCP traffic with the ACK bit set is allowed. D. TCP traffic with the DF bit set is allowed. Correct Answer: C
Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1? A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80 D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any D Correct Answer:
Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required? A. Add the access-class keyword to the username command. B. Add the autocommand keyword to the aaa authentication command. C. Add the access-class keyword to the aaa authentication command. D. Add the autocommand keyword to the username command. Correct Answer: D
Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration? A. All traffic will be policed based on access-list 120. B. If traffic exceeds the speci ed rate, it will be transmitted and remarked. C. Class-default traffic will be dropped. D. ICMP will be denied based on this configuration. Correct Answer: A
Which feature must be configured to allow packet capture over Layer 3 infrastructure? A. RSPAN B. ERSPAN C. VSPAN D. IPSPAN Correct Answer: B
Refer to the exhibit.What is the result when a technician adds the monitor session 1 destination remote vlan 223 command? A. The RSPAN VLAN is replaced by VLAN 223. B. RSPAN traffic is sent to VLANs 222 and 223. C. An error is agged for configuring two destinations. D. RSPAN traffic is split between VLANs 222 and 223. Correct Answer: A
Refer to the exhibit. An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm? A. RSPAN session 1 is incompletely configured for monitoring. B. RSPAN session 1 monitors activity on VLAN 50 of a remote switch. C. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15. D. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14. Correct Answer: A
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled. In a dual-stack network with two dual-stack NetFlow collectors, how many flow exporters are needed per network device in the flexible NetFlow configuration? A. 1 B. 2 C. 4 D. 8 Correct Answer: B
A network engineer is configuring Flexible NetFlow and enters these commands. sampler NetFlow1 mode random one-out-of 100 interface fastethernet 1/0 flow-sampler NetFlow1 What are two results of implementing this feature instead of traditional NetFlow? (Choose two.) A. Only the ows of top 100 talkers are exported. B. CPU and memory utilization are reduced. C. The number of packets to be analyzed are reduced. D. The data export flow is more secure. E. The accuracy of the data to be analyzed is improved. Correct Answer: BC
Refer to the exhibit. An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added? A. under the interface B. under the flow record C. under the flow monitor D. under the flow exporter Correct Answer: D
A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.) A. configure the logging synchronous global configuration command. B. configure the logging synchronous command under the vty. C. Increase the number of lines on the screen using the terminal length command. D. configure the logging delimiter feature. E. Press the TAB key to reprint the command in a new line. Correct Answer: BE
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port? A. logging host 10.2.3.4 vrf mgmt transport tcp port 514 B. logging host 10.2.3.4 vrf mgmt transport udp port 514 C. logging host 10.2.3.4 vrf mgmt transport tcp port 6514 D. logging host 10.2.3.4 vrf mgmt transport udp port 6514 Correct Answer: C
Refer to this output. R1# *Feb 14 37:09:53.129: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up What is the logging severity level? A. notification B. emergency C. critical D. alert Correct Answer: A
An engineer reviews a router's logs and discovers the following entry. What is the event's logging severity level? Router# *Jan 01 38:24:04.401: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up A. error B. warning C. informational D. notification Correct Answer: A
Refer to the exhibit.An engineer must configure a SPAN session. What is the effect of the configuration? A. traffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1. B. traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1. C. traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1. D. traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1. Correct Answer: A
Refer to the exhibit.These commands have been added to the configuration of a switch. Which command flags an error if it is added to this configuration? A. monitor session 1 source interface port-channel 6 B. monitor session 1 source vlan 10 C. monitor session 1 source interface FastEthemet0/1 rx D. monitor session 1 source interface port-channel 7, port-channel 8 Correct Answer: B
Which method does Cisco DNA Center use to allow management of non-Cisco devices through southbound protocols? A. It creates device packs through the use of an SDK. B. It uses an API call to interrogate the devices and register the returned data. C. It obtains MIBs from each vendor that details the APIs available. D. It imports available APIs for the non-Cisco device in a CSV format. Correct Answer: A
Refer to the exhibit. Cisco DNA Center has obtained the username of the client and the multiple devices that the client is using on the network. How is Cisco DNA Center getting these context details? A. Those details are provided to Cisco DNA Center by the Identity Services Engine. B. The administrator had to assign the username to the IP address manually in the user database tool on Cisco DNA Center. C. Cisco DNA Center pulled those details directly from the edge node where the user connected. D. User entered those details in the Assurance app available on iOS and Android devices. Correct Answer: C
Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface? A. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 3 B. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 1 - 2, 4 - 4094 C. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 3 D. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 1- 2, 4 - 4094 Correct Answer: C
Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1? A. Specify a different UDP port. B. Specify a different TCP port. C. configure a version 5 flow-export to the same destination. D. Specify a different flow I E. Specify a VR F. Correct Answer: A
Refer to the exhibit. After implementing the configuration, 172.20.20.2 stops replying to ICMP echos, but the default route fails to be removed. What is the reason for this behavior? A. The threshold value is wrong. B. The source-interface is configured incorrectly. C. The destination must be 172.30.30.2 for icmp-echo. D. The default route is missing the track feature. Correct Answer: D
Refer to the exhibit.An engineer is troubleshooting a connectivity issue and executes a traceroute. What does the result confirm? A. The destination port is unreachable. B. The probe timed out. C. The destination server reported it is too busy. D. The protocol is unreachable. In Cisco routers, the codes for a traceroute command reply are: ! " success * " time out N " network unreachable - H " host unreachable - P " protocol unreachable - A " admin denied - Q " source quench received (congestion) ? " unknown (any other ICMP message). In Cisco routers, the codes for a traceroute command reply are: ! " success * " time out N " network unreachable - H " host unreachable - P " protocol unreachable - A " admin denied - Q " source quench received (congestion) ? " unknown (any other ICMP message) Correct Answer: B
Which Cisco DNA Center application is responsible for group-based access control permissions? A. Provision B. Design C. Assurance D. Policy Correct Answer: D
An engineer is concerned with the deployment of a new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements? A. Router(config)# ip sla responder udp-connect 172.29.139.134 5000 B. Router(config)# ip sla responder tcp-connect 172.29.139.134 5000 C. Router(config)# ip sla responder udp-echo 172.29.139.134 5000 D. Router(config)# ip sla responder tcp-echo 172.29.139.134 5000 Correct Answer: C
Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.) A. monitor B. rogue detector C. FlexConnect D. sniffer E. local Correct Answer: CE
Refer to the exhibit. An engineer attempts to configure a trunk between switch SW1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer apply to switch SW2 to resolve this issue? A. switchport nonegotiate B. no switchport C. switchport mode dynamic desirable D. switchport mode access Correct Answer: C
An engineer is troubleshooting the AP join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC? A. wlchostname.domain.com B. cisco-capwap-controller.domain.com C. ap-manager.domain.com D. primary-wlc.domain.com Correct Answer: B
Which new enhancement was implemented in Wi-Fi 6? A. Uplink and Downlink Orthogonal Frequency Division Multiple Access B. Channel bonding C. Wi-Fi Protected Access 3 D. 4096 Quadrature Amplitude Modulation Mode networks/#:~:text=1024%2DQAM%20(Quadrature%20Amplitude%20Modulation,speeds%20by%20up%20to%2025%25 . Correct Answer: A
Which device makes the decision for a wireless client to roam? A. wireless client B. wireless LAN controller C. access point D. WCS location server Correct Answer: A
An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task? interface GigabitEthernet0/1 ip address 10.10.10.2 255.255.255.0 vrrp 115 ip 10.10.10.1 vrrp 115 authentication 407441579 A. Router(config if)# vrrp 115 track 1 decrement 100 Router(config-if)# vrrp 115 preempt B. Router(config-if)# vrrp 115 priority 100 C. Router(config-if)# vrrp 115 track 1 decrement 10 Router(config-if)# vrrp 115 preempt D. Router(config-if)# standby 115 priority 100 Router(config-if)# standby 115 preempt B Correct Answer:
How is MSDP used to interconnect multiple PIM-SM domains? A. MSDP allows a rendezvous point to dynamically discover active sources outside of its domain. B. MSDP SA request messages are used to request a list of active sources for a specific group. C. MSDP depends on BGP or multiprotocol BGP for interdomain operation. D. MSDP messages are used to advertise active sources in a domain. Correct Answer: C
If the noise floor is -90 dBm and the wireless client is receiving a signal of 75'^ dBm, what is the SNR? A. 15 B. 1.2 C. 165'^ D. .83 Signal Strength ^' Noise floor = SNR Correct Answer: A
Refer to the exhibit.The EtherChannel between SW2 and SW3 is not operational. Which action resolves this issue? A. configure the channel-group mode on SW3 Gi0/0 and Gi0/1 to active. B. configure the mode on SW2 Gi0/0 to trunk. C. configure the channel-group mode on SW2 Gi0/0 and Gi0/1 to on. D. configure the mode on SW2 Gi0/1 to access. Correct Answer: B
Refer to the exhibit.Which action completes the configuration to achieve a dynamic continuous mapped NAT for all users? A. Reconfigure the pool to use the 192.168.1.0 address range. B. configure a match-host type NAT pool. C. Increase the NAT pool size to support 254 usable addresses. D. configure a one-to-one type NAT pool. Correct Answer: C
How does EIGRP differ from OSPF? A. EIGRP is more prone to routing loops than OSP B. EIGRP uses more CPU and memory than OSP C. EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors. D. EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost. Correct Answer: D
Which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues? A. client mode B. SE-connect mode C. sensor mode D. sniffer mode Correct Answer: C
A client device roams between wireless LAN controllers that are mobility peers. Both controllers have dynamic interfaces on the same client VLAN. Which type of roam is described? A. intra-VLAN B. inter-controller C. intra-controller D. inter-subnet Correct Answer: B
Which component does Cisco Threat Defense use to measure bandwidth, application performance, and utilization? A. TrustSec B. Advanced Malware Protection for Endpoints C. NetFlow D. Cisco Umbrella Correct Answer: C
Which IP SLA operation requires the IP SLA responder to be configured on the remote end? A. UDP jitter B. ICMP jitter C. TCP connect D. ICMP echo Correct Answer: A
Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device? A. The device received a valid NETCONF request and serviced it without error. B. The NETCONF running datastore is currently locked. C. A NETCONF request was made for a data model that does not exist. D. A NETCONF message with valid content based on the YANG data models was made, but the request failed. Correct Answer: C
Which three methods does Cisco DNA Center use to discover devices? (Choose three.) A. CDP B. SNMP C. LLDP D. ping E. NETCONF F. a speci ed range of IP addresses Correct Answer: ACF
Which statement about TLS is accurate when using RESTCONF to write configurations on network devices? A. It is used for HTTP and HTTPS requests. B. It requires certificates for authentication. C. It is provided using NGINX acting as a proxy web server. D. It is not supported on Cisco devices. xml/ios/prog/configuration/166/b_166_programmability_cg/b_166_programmability_cg_chapter_01011.html Community vote distribution Correct Answer: C
What do Cisco DNA southbound APIs provide? A. interface between the controller and the consumer B. RESTful API interface for orchestrator communication C. interface between the controller and the network devices D. NETCONF API interface for orchestrator communication Correct Answer: C
Which statement about an RSPAN session configuration is true? A. Only one session can be configured at a time. B. A special VLAN type must be used as the RSPAN destination. C. A filter must be configured for RSPAN sessions. D. Only incoming traffic can be monitored. Correct Answer: B
What is the responsibility of a secondary WLC? A. It enables Layer 2 and Layer 3 roaming between itself and the primary controller. B. It registers the LAPs if the primary controller fails. C. It avoids congestion on the primary controller by sharing the registration load on the LAPs. D. It shares the traffic load of the LAPs with the primary controller. Correct Answer: B
Refer to the exhibit.Based on the configuration in this WLAN security setting, which method can a client use to authenticate to the network? A. text string B. username and password C. RADIUS token D. certificate Correct Answer: A
A client device fails to see the enterprise SSID, but other client devices are connected to it. What is the cause of this issue? A. The client has incorrect credentials stored for the configured broadcast SSI B. The hidden SSID was not manually configured on the client. C. The broadcast SSID was not manually configured on the client. D. The client has incorrect credentials stored for the configured hidden SSI E. Correct Answer: B
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.) A. APs that operate in FlexConnect mode cannot detect rogue APs. B. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller. C. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other. D. FlexConnect mode is a feature that is designed to allow speci ed CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure. E. FlexConnect mode is a wireless solution for branch office and remote office deployments. Correct Answer: BE
Refer to the exhibit. How was spanning-tree configured on this interface? A. By entering the command spanning-tree portfast trunk in the interface configuration mode. B. By entering the command spanning-tree mst1 vlan 10,20,30,40 in the global configuration mode. C. By entering the command spanning-tree portfast in the interface configuration mode. D. By entering the command spanning-tree vlan 10,20,30,40 root primary in the interface configuration mode. Correct Answer: A
Refer to the exhibit. Rapid PVST+ is enabled on all switches. Which command set must be configured on Switch1 to achieve the following results on port fa0/1? When a device is connected, the port transitions immediately to a forwarding state. The interface should not send or receive BPDUs. If a BPDU is received, it continues operating normally. A. Switch1(config)# spanning-tree portfast bpdu filter default Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast B. Switch1(config)# spanning-tree portfast bpduguard default Switch 1 (config)# interface f0/1 Switch1 (config-if)# spanning-tree portfast C. Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast D. Switch1(config)# interface f0/1 Switch1(config-if)# spanning-tree portfast Switch1 (config-if)# spanning-tree bpduguard enable Correct Answer: A
Refer to the exhibit. Which configuration change will force BR2 to reach 209.165.201.0/27 via BR1? A. Set the MED to 1 on PE2 toward BR2 outbound. B. Set the origin to igp on BR2 toward PE2 inbound. C. Set the weight attribute to 65,535 on BR1 toward PE1. D. Set the local preference to 150 on PE1 toward BR1 outbound. Correct Answer: B
Refer to the exhibit. Which set of commands on router R1 allow deterministic translation of private hosts PC1, PC2, and PC3 to addresses in the public space? A. RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10.10.10.0 0.0.0.255 RouterR1(config)#ip nat inside source list 1 interface f0/1 overload B. RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#access-list 1 10.10.10.0 0.0.0.255 RouterR1(config)#ip nat pool POOL 155.1.1.101 155.1.1.103 netmask 255.255.255.0 RouterR1(config)#ip nat inside source list 1 pool POOL C. RouterR1(config)#int f0/0 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10.10.10.101 155.1.1.101 RouterR1(config)#ip nat inside source static 10.10.10.102 155.1.1.102 RouterR1(config)#ip nat inside source static 10.10.10.103 155.1.1.103 D. RouterR1(config)#int f0/0 RouterR1(config)#ip nat outside RouterR1(config)#exit RouterR1(config)#int f0/1 RouterR1(config)#ip nat inside RouterR1(config)#exit RouterR1(config)#ip nat inside source static 10.10.10.101 155.1.1.101 RouterR1(config)#ip nat inside source static 10.10.10.102 155.1.1.102 RouterR1(config)#ip nat inside source static 10.10.10.103 155.1.1.103 C Correct Answer:
Refer to the exhibit. Communication between London and New York is down. Which command set must be applied to the NewYork switch to resolve the issue? A. NewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 modefinegotiate NewYork(config-if)#end NewYork# B. NewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode on NewYork(config- if)#end NewYork# C. NewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode passive NewYork(config-if)#end NewYork# D. NewYork(config)#no interface po1 NewYork(config)#interface range fa0/1-2 NewYork(config-if)#channel-group 1 mode auto NewYork(config-if)#end NewYork# Correct Answer: C
Refer to the exhibit. An engineer is configuring an EtherChannel between Switch1 and Switch2 and notices the console message on Switch2. Based on the output, which action resolves this issue? A. configure more member ports on Switch1. B. configure less member ports on Switch2. C. configure the same port channel interface number on both switches. D. configure the same EtherChannel protocol on both switches. Correct Answer: D
Refer to the exhibit. A network engineer configures NAT on R1 and enters the show command to verify the configuration. What does the output confirm? A. The first packet triggered NAT to add an entry to the NAT table. B. R1 is configured with NAT overload parameters. C. A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated. D. R1 is configured with PAT overload parameters. Correct Answer: A
Refer to the exhibit. What is the cause of the log messages? A. OSPF area change B. MTU mismatch C. IP address mismatch D. hello packet mismatch Correct Answer: A
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1: `May 5 39:85:55.469: %TCP-6-BADAUTH` Invalid MD5 digest from 10.10.10.1 (29832) to 10.120.10.1 (179) tebleid -0 Which two configurations allow a peering session to form between R1 and R2? (Choose two.) A. R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco B. R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco C. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco D. R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco E. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco Correct Answer: AB
Refer to the exhibit. An engineer implemented several configuration changes and receives the logging message on Switch1. Which action should the engineer take to resolve this issue? A. Change Switch2 to switch port mode dynamic auto. B. Change the VTP domain to match on both switches. C. Change Switch1 to switch port mode dynamic auto. D. Change Switch1 to switch port mode dynamic desirable. Correct Answer: B
How are the different versions of IGMP compatible? A. IGMPv2 is compatible only with IGMPv2. B. IGMPv3 is compatible only with IGMPv3. C. IGMPv2 is compatible only with IGMPv1. D. IGMPv3 is compatible only with IGMPv1 Correct Answer: C
Which measurement is used from a post wireless survey to depict the cell edge of the access points? A. SNR B. Noise C. RSSI D. CCI Correct Answer: A
If a client's radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value? A. 15 dB B. 16 dB C. 18 dB D. 20 dB Correct Answer: C
Which AP mode allows an engineer to scan configured channels for rogue access points? A. monitor B. bridge C. local D. sniffer Correct Answer: A
Refer to the exhibit. While troubleshooting a routing issue, an engineer issues a ping from S1 to S2. Which two actions result from the initial value of the TTL? (Choose two.) A. The packet reaches R2, and the TTL expires. B. R1 replies with a TTL exceeded message. C. The packet reaches R3, and the TTL expires. D. R2 replies with a TTL exceeded message. E. R3 replies with a TTL exceeded message. F. The packet reaches R1, and the TTL expires. Correct Answer: CE
What is the wireless Received Signal Strength Indicator? A. the value given to the strength of the wireless signal received compared to the noise level B. the value of how strong the wireless signal is leaving the antenna using transmit power, cable loss, and antenna gain C. the value of how much wireless signal is lost over a defined amount of distance D. the value of how strong a wireless signal is received, measured in dBm Correct Answer: D
Refer to the exhibit.The traceroute fails from R1 to R3. What is the cause of the failure? A. An ACL applied inbound on loopback0 of R2 is dropping the traffic. B. The loopback on R3 is in a shutdown state. C. Redistribution of connected routes into OSPF is not configured. D. An ACL applied inbound on fa0/1 of R3 is dropping the traffic. Correct Answer: D
Refer to the exhibit.An engineer must establish eBGP peering between router R3 and router R4. Both routers should use their loopback interfaces as the BGP router I A. Which configuration set accomplishes this task? B. R3(config)#router bgp 200 R3(config-router)#neighbor 10.4.4.4 remote-as 100 R3(config-router)# neighbor 10.4.4.4 update-source Loopback0 R4(config)#router bgp 100 R4(config-router)#neighbor 10.3.3.3 remote-as 200 R4(config-router)#network 10.3.3.3 update-source Loopback0 C. R3(config)#router bgp 200 R3(config-router)#neighbor 10.24.24.4 remote-as 100 R3(config-router)#neighbor 10.24.24.4 update-source Loopback0 R4(config)#router bgp 100 R4(config-router)#neighbor 10.24.24.3 remote-as 200 R4(config-router)#neighbor 10.24.24.3 update- source Loopback0 D. R3(config)#router bgp 200 R3(config-router)#neighbor 10.4.4.4 remote-as 100 R3(config-router)#bgp router-id 10.3.3.3 R4(config)#router bgp 100 R4(config-router)#neighbor 10.3.3.3 remote-as 200 R4(config-router)#bgp router-id 10.4.4.4 E. R3(config)#router bgp 200 R3(config-router)#neighbor 10.24.24.4 remote-as 100 R3(config-router)#bgp router-id 10.3.3.3 R4(config)#router bgp 100 R4(config-router)#neighbor 10.24.24.3 remote-as 200 R4(config-router)#bgp router-id 10.4.4.4 Correct Answer: A
An engineer is configuring GigabitEthernet1/0/0 for VRRP. When the router has the highest priority in group 5, it must assume the master role. Which command set should the engineer add to the configuration to accomplish this task? interface GigabitEthernet1/0/0 description To IDF A 38- 70-774-10 ip address 172.16.13.2 255.255.255.0 A. standby 5 ip 172.16.13.254 standby 5 priority 100 standby 5 track 1 decrement 10 B. standby 5 ip 172.16.13.254 standby 5 priority 100 standby 5 preempt C. vrrp 5 ip 172.16.13.254 vrrp 5 priority 100 D. vrrp 5 ip 172.16.13.254 255.255.255.0 vrrp 5 track 1 decrement 10 vrrp 5 preempt C Correct Answer:
Which two security features are available when implementing NTP? (Choose two.) A. encrypted authentication mechanism B. symmetric server passwords C. clock offset authentication D. broadcast association mode E. access list-based restriction scheme Correct Answer: AE
How does the EIGRP metric differ from the OSPF metric? A. The EIGRP metric is calculated based on bandwidth only. The OSPF metric is calculated on delay only. B. The EIGRP metric is calculated based on delay only. The OSPF metric is calculated on bandwidth and delay. C. The EIGRP metric is calculated based on bandwidth and delay. The OSPF metric is calculated on bandwidth only. D. The EIGRP metric is calculated based on hop count and bandwidth. The OSPF metric is calculated on bandwidth and delay. By default, EIGRP metric is calculated: metric = bandwidth + delay While OSPF is calculated by: OSPF metric = Reference bandwidth / Interface bandwidth in bps Correct Answer: C
Refer to the exhibit.An engineer is installing a new pair of routers in a redundant configuration. Which protocol ensures that traffic is not disrupted in the event of a hardware failure? A. HSRPv1 B. GLBP C. VRRP D. HSRPv2 The virtual MAC address is 0000.0c07.acXX (XX is the hexadecimal group number) so it is using HSRPv1. HSRP Version 2 uses a new MAC address which ranges from 0000.0C9 E. F000 to 0000.0C9 F. FFF Correct Answer: A
Refer to the exhibit. After an engineer configures an EtherChannel between switch SW1 and switch SW2, this error message is logged on switch SW2: SW2# 09:45:32: %PM-4-ERR_DISABLE: channel-misconfig error detected on Gi0/0, putting Gi0/0 in err-disable state 09:45:32: %PM-4-ERR_DISABLE: channel-misconfig error detected on Gi0/1, putting Gi0/1 in err-disable state Based on the output from switch SW1 and the log message received on switch SW2, what action should the engineer take to resolve this issue? A. configure the same protocol on the EtherChannel on switch SW1 and SW2. B. define the correct port members on the EtherChannel on switch SW1. C. Correct the configuration error on Interface Gi0/0 on switch SW1. D. Correct the configuration error on Interface Gi0/1 on switch SW1. Correct Answer: A
Refer to the exhibit. Communication between London and New York is down. Which command set must be applied to resolve this issue? A. NewYork(config)#int f0/1 NewYork(config)#switchport nonegotiate NewYork(config)#end NewYork# B. NewYork(config)#int f0/1 NewYork(config)#switchport mode trunk NewYork(config)#end NewYork# C. NewYork(config)#int f0/1 NewYork(config)#switchport trunk encap dot1q NewYork(config)#end NewYork# D. NewYork(config)#int f0/1 NewYork(config)#switchport mode dynamic desirable NewYork(config)#end NewYork# Correct Answer: B
Which encryption hashing algorithm does NTP use for authentication? A. SSL B. MD5 C. AES128 D. AES256 Correct Answer: B
Refer to the exhibit. The trunk between Gig1/0/1 of switch SW2 and Gig1/0/1 of switch SW1 is not operational. Which action resolves this issue? A. configure both interfaces to nonegotiate and ensure that the switches are in different VTP domains. B. configure both interfaces in dynamic auto DTP mode and ensure that the switches are in the same VTP domain. C. configure both interfaces in dynamic auto DTP mode and ensure that the switches are in different VTP domains. D. configure both interfaces in dynamic desirable DTP mode and ensure that the switches are in the same VTP domain. Correct Answer: D
Refer to the exhibit. Which two facts does the device output confirm? (Choose two.) A. The device's HSRP group uses the virtual IP address 10.0.3.242. B. The device is configured with the default HSRP priority. C. The device sends unicast messages to its peers. D. The standby device is configured with the default HSRP priority. E. The device is using the default HSRP hello timer. Correct Answer: DE
Refer to the exhibit. Which type of antenna is shown on the radiation patterns? A. patch B. dipole C. omnidirectional D. Yagi Correct Answer: B
Refer to the exhibit. All switches are configured with the default port priority value. Which two commands ensure that traffic from PC1 is forwarded over the Gi1/3 trunk port between DSW1 and DSW2? (Choose two.) A. DSW2(config)#interface gi1/3 B. DSW1(config-if)#spanning-tree port-priority 0 C. DSW2(config-if)#spanning-tree port-priority 128 D. DSW1(config)#interface gi1/3 E. DSW2(config-if)#spanning-tree port-priority 16 Correct Answer: DE
A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WL A. Clients connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WL B. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, clients cannot roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue? C. mobility MAC on the 5520 cluster D. mobility MAC on the 9800 WLC E. new mobility on the 5520 cluster F. new mobility on the 9800 WLC Correct Answer: B
Refer to the exhibit. Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the 172.30.110.0/24 network? A. R2 standby 1 priority 90 standby 1 preempt B. R2 standby 1 priority 100 standby 1 preempt C. R1 standby 1 preempt R2 standby 1 priority 90 D. R1 standby 1 preempt R2 standby 1 priority 100 Correct Answer: C
A customer has completed the installation of a Wi-Fi 6 green field deployment at their new campus. They want to leverage Wi-Fi 6 enhanced speeds on the trusted employee WLAN. To configure the employee WLAN, which two Layer 2 security policies should be used? (Choose two.) A. WPA2 (AES) B. 802.1X C. OPEN D. WEP E. WPA (AES) Correct Answer: AB
Which two actions, when applied in the LAN network segment, will facilitate Layer 3 CAPWAP discovery for lightweight AP? (Choose two.) A. Utilize DHCP option 43. B. Utilize DHCP option 17. C. configure an ip helper-address on the router interface. D. Enable port security on the switch port. E. configure WLC IP address on LAN switch Correct Answer: AC
Refer to the exhibit. Which action resolves the EtherChannel issue between SW2 and SW3? A. configure switchport mode trunk on SW2. B. configure switchport nonegotiate on SW3. C. configure channel-group 1 mode desirable on both interfaces. D. configure channel-group 1 mode active on both interfaces. Correct Answer: D
Refer to the exhibit. A network engineer configures OSPF and reviews the router configuration. Which interface or interfaces are able to establish OSPF adjacency? A. GigabitEthernet0/0 and GigabitEthernet0/1 B. only GigabitEthernet0/1 C. only GigabitEthernet0/0 D. GigabitEthernet0/1 and GigabitEthernet0/1.40 Correct Answer: D
Which two methods are used by an AP that is trying to discover a wireless LAN controller? (Choose two.) A. Cisco Discovery Protocol neighbor B. querying other APs C. DHCP Option 43 D. broadcasting on the local subnet E. DNS lookup CISCO-DNA-PRIMARY.localdomain Correct Answer: CD
Refer to the exhibit.A network engineer is configuring OSPF between router R1 and router R2. The engineer must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area 0. Which configuration set accomplishes this goal? A. R1(config-if)interface Gi0/0 R1(config-if)ip ospf network point-to-point R2(config-if)interface Gi0/0 R2(config-if)ip ospf network point-to- point B. R1(config-if)interface Gi0/0 R1(config-if)ip ospf network broadcast R2(config-if)interface Gi0/0 R2(config-if)ip ospf network broadcast C. R1(config-if)interface Gi0/0 R1(config-if)ip ospf database- filter all out R2(config-if)interface Gi0/0 R2(config-if)ip ospf database- filter all out D. R1(config-if)interface Gi0/0 R1(config-if)ip ospf priority 1 R2(config-if)interface Gi0/0 R2(config-if)ip ospf priority 1 Correct Answer: A
Refer to the exhibit.Which type of antenna does the radiation pattern represent? A. multidirectional B. directional patch C. omnidirectional D. Yagi Correct Answer: D
Wireless users report frequent disconnections from the wireless network. While troubleshooting, a network engineer finds that after the user is disconnected, the connection re-establishes automatically without any input required. The engineer also notices these message logs: AP 'AP2' is down. Reason: Radio channel set. 6:54:04 PM AP 'AP4' is down. Reason: Radio channel set. 6:44:49 PM AP 'AP7' is down. Reason: Radio channel set. 6:34:32 PM Which action reduces the user impact? A. enable coverage hole detection B. increase the AP heartbeat timeout C. enable BandSelect D. increase the dynamic channel assignment interval Correct Answer: D
Refer to the exhibit.The inside and outside interfaces in the NAT configuration of this device have been correctly identified. What is the effect of this configuration? A. NAT64 B. dynamic NAT C. static NAT D. PAT Correct Answer: D
What is the purpose of an RP in PIM? A. send join messages toward a multicast source SPT B. ensure the shortest path from the multicast source to the receiver C. receive IGMP joins from multicast receivers D. secure the communication channel between the multicast sender and receiver Correct Answer: A
Refer to the exhibit. Which command must be applied to R2 for an OSPF neighborship to form? A. network 20.1.1.2 255.255.0.0 area 0 B. network 20.1.1.2 0.0.0.0 area 0 C. network 20.1.1.2 255.255.255.255 area 0 D. network 20.1.1.2 0.0.255.255 area 0 Correct Answer: B
Refer to the exhibit. Which router is the designated router on the segment 192.168.0.0/24? A. This segment has no designated router because it is a p2p network type. B. Router Chicago because it has a lower router I C. Router NewYork because it has a higher router I D. This segment has no designated router because it is a nonbroadcast network type. Correct Answer: A
Refer to the exhibit. Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two.) A. R2#no network 10.0.0.0 255.255.255.0 B. R2#network 209.165.201.0 mask 255.255.192.0 C. R2#network 192.168.0.0 mask 255.255.0.0 D. R1#no network 10.0.0.0 255.255.255.0 E. R1#network 192.168.0.0 mask 255.255.0.0 Correct Answer: AC
Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue? A. interface Vlan10 no ip vrf forwarding Clients ! interface Vlan20 no ip vrf forwarding Servers ! interface Vlan30 no ip vrf forwarding Printers B. router eigrp 1 network 10.0.0.0 255.255.255.0 network 172.16.0.0 255.255.255.0 network 192.168.1.0 255.255.255.0 C. interface Vlan10 no ip vrf forwarding Clients ip address 192.168.1.1. 255.255.255.0 ! interface Vlan20 no ip vrf forwarding Servers ip address 172.16.1.1 255.255.255.0 ! interface Vlan30 no ip vrf forwarding Printers ip address 10.1.1.1 255.255.255.0 D. router eigrp 1 network 10.0.0.0 255.0.0.0 network 172.16.0.0 255.255.0.0 network 192.168.1.0 255.255.0.0 C Correct Answer:
How does SSO work with HSRP to minimize network disruptions? A. It enables HSRP to elect another switch in the group as the active HSRP switch. B. It ensures fast failover in the case of link failure. C. It enables data forwarding along known routes following a switchover, while the routing protocol reconverges. D. It enables HSRP to failover to the standby RP on the same device. Correct Answer: D
Refer to the exhibit. Which command when applied to the Atlanta router reduces type 3 LSA flooding into the backbone area and summarizes the inter-area routes on the Dallas router? A. Atlanta(config-router)#area 0 range 192.168.0.0 255.255.252.0 B. Atlanta(config-router)#area 1 range 192.168.0.0 255.255.248.0 C. Atlanta(config-router)#area 0 range 192.168.0.0 255.255.248.0 D. Atlanta(config-router)#area 1 range 192.168.0.0 255.255.252.0 Correct Answer: D
An engineer must configure interface GigabitEthernet0/0 for VRRP group 10. When the router has the highest priority in the group, it must assume the master role. Which command set must be added to the initial configuration to accomplish this task? Initial configuration - interface GigabitEthernet0/0 description To IDF A 38-24-044.40 ip address 172.16.13.2 255.255.255.0 A. standby 10 ip 172.16.13.254 255.255.255.0 standby 10 preempt B. vrrp group 10 ip 172.16.13.254 255.255.255.0 vrrp group 10 priority C. standby 10 ip 172.16.13.254 standy 10 priority 120 D. vrrp 10 ip 172.16.13.254 vrrp 10 preempt Correct Answer: D
Refer to the exhibit. Which two commands ensure that DSW1 becomes the root bridge for VLAN 10 and 20? (Choose two.) A. spanning-tree mst 1 priority 4096 B. spanning-tree mst 1 root primary C. spanning-tree mst vlan 10,20 priority root D. spanning-tree mst 1 priority 1 E. spanning-tree mstp vlan 10,20 root primary Correct Answer: AB
Refer to the exhibit. R1 is able to ping the R3 fa0/1 interface. Why do the extended pings fail? A. The maximum packet size accepted by the command is 1476 bytes. B. The DF bit has been set. C. R3 is missing a return route to 10.99.69.0/30. D. R2 and R3 do not have an OSPF adjacency. Correct Answer: B
Refer to the exhibit. Which command allows hosts that are connected to FastEthernet0/2 to access the Internet? A. ip nat inside source list 10 interface FastEthernet0/2 overload B. ip nat inside source list 10 interface FastEthernet0/1 overload C. ip nat outside source static 209.165.200.225 10.10.10.0 overload D. ip nat outside source list 10 interface FastEthernet0/2 overload Correct Answer: B
Refer to the exhibit. What are two effects of this configuration? (Choose two.) A. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online. B. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online. C. R1 becomes the active router. D. R1 becomes the standby router. E. If R1 goes down, R2 becomes active and remains the active device when R1 comes back online. Correct Answer: CE
Refer to the exhibit. An engineer must ensure that all traffic entering AS 200 from AS 100 chooses Link 2 as an entry point. Assume that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers. Which configuration accomplishes this task? A. R3(config)#route-map PREPEND permit 10 R3(config-route-map)#set as-path prepend 200 200 200 R3(config)#router bgp 200 R3#(config- router)#neighbor 10.1.1.1 route-map PREPEND out B. R4(config)#route-map PREPEND permit 10 R4(config-route-map)#set as-path prepend 100 100 100 R4(config)#router bgp 200 R4(config- router)#neighbor 10.2.2.2 route-map PREPEND in C. R4(config)#route-map PREPEND permit 10 R4(config-route-map)#set as-path prepend 200 200 200 R4(config)#router bgp 200 R4(config- router)#neighbor 10.2.2.2 route-map PREPEND out D. R3(config)#route-map PREPEND permit 10 R3(config-route-map)#set as-path prepend 100 100 100 R3(config)#router bgp 200 R3(config- router)#neighbor 10.1.1.1 route-map PREPEND in Correct Answer: A
Which DHCP option provides the CAPWAP APs with the address of the wireless controller(s)? A. 43 B. 66 C. 69 D. 150 Correct Answer: A
Refer to the exhibit.Which two commands ensure that DSW1 becomes root bridge for VLAN 10? (Choose two.) A. DSW1(config)#spanning-tree vlan 10 priority 4096 B. DSW1(config)#spanning-tree vlan 10 priority root C. DSW2(config)#spanning-tree vlan 10 priority 61440 D. DSW1(config)#spanning-tree vlan 10 port-priority 0 E. DSW2(config)#spanning-tree vlan 20 priority 0 Correct Answer: AB
What mechanism does PIM use to forward multicast traffic? A. PIM sparse mode uses a pull model to deliver multicast traffic. B. PIM dense mode uses a pull model to deliver multicast traffic. C. PIM sparse mode uses receivers to register with the RP. D. PIM sparse mode uses a ood and prune model to deliver multicast traffic. Correct Answer: A
Refer to the exhibit.Which type of antenna do the radiation patterns present? A. Yagi B. patch C. omnidirectional D. dipole Correct Answer: B
Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state? A. mismatched OSPF link costs B. mismatched OSPF network type C. mismatched areas D. mismatched MTU size Correct Answer: D
When configuring WPA2 Enterprise on a WLAN, which additional security component configuration is required? A. PKI server B. NTP server C. RADIUS server D. TACACS server Correct Answer: C
A customer has several small branches and wants to deploy a Wi-Fi solution with local management using CAPWAP. Which deployment model meets this requirement? A. local mode B. autonomous C. SD-Access wireless D. Mobility Express Correct Answer: D
Refer to the exhibit.The WLC administrator sees that the controller to which a roaming client associates has Mobility Role Anchor configured under Clients > Detail. Which type of roaming is supported? A. indirect B. Layer 3 intercontroller C. intracontroller D. Layer 2 intercontroller Correct Answer: B
Which feature is supported by EIGRP but is not supported by OSPF? A. route filtering B. unequal-cost load balancing C. route summarization D. equal-cost load balancing Correct Answer: B
What is the correct EBGP path attribute list, ordered from most preferred to least preferred, that the BGP best-path algorithm uses? A. local preference, weight, AS path, MED B. weight, local preference, AS path, MED C. weight, AS path, local preference, MED D. local preference, weight, MED, AS path Correct Answer: B
A local router shows an EBGP neighbor in the Active state. Which statement is true about the local router? A. The local router is attempting to open a TCP session with the neighboring router. B. The local router is receiving prefixes from the neighboring router and adding them in RIB-IN. C. The local router has active prefixes in the forwarding table from the neighboring router. D. The local router has BGP passive mode configured for the neighboring router. Correct Answer: A
Refer to the exhibit.SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch. Which command meets this requirement? A. SwitchC(config)#vtp pruning vlan 110 B. SwitchC(config)#vtp pruning C. SwitchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan add 210,310 D. SwitchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan remove 110 Correct Answer: D
Refer to the exhibit.An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplishes this task? A. R4(config-router)bgp default local-preference 200 B. R3(config-router)bgp default local-preference 200 C. R4(config-router)neighbor 10.2.2.2 weight 200 D. R3(config-router)neighbor 10.1.1.1 weight 200 20routers,to%20use%20for%20traffic%20forwarding. Correct Answer: A
Which feature of EIGRP is not supported in OSPF? A. load balancing of unequal-cost paths B. load balance over four equal-cost paths C. uses interface bandwidth to determine best path D. per-packet load balancing over multiple paths Correct Answer: A
Which NTP Stratum level is a server that is connected directly to an authoritative time source? A. Stratum 0 B. Stratum 1 C. Stratum 14 D. Stratum 15 Correct Answer: B
Refer to the exhibit.An engineer reconfigures the port-channel between SW1 and SW2 from an access port to a trunk and immediately notices this error in SW1's log: *Mar 1 09:47:22.245: %PM-4-ERR_DISABLE: bpduguard error detected on Gi0/0, putting Gi0/0 in err-disable state Which command set resolves this error? A. SW1(config-if)#interface Gi0/0 SW1(config-if)#no spanning-tree bpdu filter SW1(config-if)#shut SW1(config-if)#no shut B. SW1(config-if)#interface Gi0/0 SW1(config-if)#no spanning-tree bpduguard enable SW1(config-if)#shut SW1(config-if)#no shut C. SW1(config-if)#interface Gi0/0 SW1(config-if)#spanning-tree bpduguard enable SW1(config-if)#shut SW1(config-if)#no shut D. SW1(config-if)#interface Gi0/1 SW1(config-if)#spanning-tree bpduguard enable SW1(config-if)#shut SW1(config-if)#no shut B Correct Answer:
When a wireless client roams between two different wireless controllers, a network connectivity outage is experienced for a period of time. Which configuration issue would cause this problem? A. Not all of the controllers in the mobility group are using the same mobility group name. B. Not all of the controllers within the mobility group are using the same virtual interface IP address. C. All of the controllers within the mobility group are using the same virtual interface IP address. D. All of the controllers in the mobility group are using the same mobility group name. Correct Answer: B
What is the role of the RP in PIM sparse mode? A. The RP maintains default aging timeouts for all multicast streams requested by the receivers. B. The RP acts as a control-plane node only and does not receive or forward multicast packets. C. The RP is the multicast router that is the root of the PIM-SM shared multicast distribution tree. D. The RP responds to the PIM join messages with the source of a requested multicast group. Correct Answer: C
Why is an AP joining a different WLC than the one speci ed through option 43? A. The AP is joining a primed WLC B. The APs broadcast traffic is unable to reach the WLC through Layer 2 C. The AP multicast traffic is unable to reach the WLC through Layer 3 D. The WLC is running a different software version 20conventions.-,Overview%20of%20the%20Wireless%20LAN%20Controller%20(WLC)%20Discovery%20and%20Join%20Process,- In%20a%20Cisco Correct Answer: A
Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue? A. SW1(config)#int gi1/1 SW1(config)#switchport trunk allowed vlan 1-9,11-4094 B. SW2(config)#int gi1/2 SW2(config)#switchport trunk allowed vlan 10 C. SW2(config)#int gi1/2 SW2(config)#switchport trunk allowed vlan 1-9,11-4094 D. SW1(config)#int gi1/1 SW1(config)#switchport trunk allowed vlan 10 Correct Answer: C
Which First Hop Redundancy Protocol should be used to meet a design requirement for more efficient default gateway bandwidth usage across multiple devices? A. GLBP B. LACP C. HSRP D. VRRP Correct Answer: A
A client device roams between access points located on different floors in an atrium. The access points are joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same. Which type of roam occurs? A. inter-controller B. inter-subnet C. intra-VLAN D. intra-controller Correct Answer: D
Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller? A. Option 43 B. Option 60 C. Option 67 D. Option 150 Correct Answer: A
Which DNS lookup does an access point perform when attempting CAPWAP discovery? A. CISCO-CONTROLLER.local B. CAPWAP-CONTROLLER.local C. CISCO-CAPWAP-CONTROLLER.local D. CISCO-DNA-CONTROLLER.local http://www.revolutionwi .net/revolutionwi /2010/11/capwap-controller-discovery-process_23.html Community vote distribution Correct Answer: C
Refer to the exhibit.What are two effects of this configuration? (Choose two.) A. It establishes a one-to-one NAT translation. B. The 209.165.201.0/27 subnet is assigned as the outside local address range. C. The 10.1.1.0/27 subnet is assigned as the inside local addresses. D. Inside source addresses are translated to the 209.165.201.0/27 subnet. E. The 10.1.1.0/27 subnet is assigned as the inside global address range. Correct Answer: CD
An engineer configures a WLAN with fast transition enabled. Some legacy clients fail to connect to this WLAN. Which feature allows the legacy clients to connect while still allowing other clients to use fast transition based on their OUIs? A. over the DS B. 802.11k C. adaptive R D. 802.11v Correct Answer: C
What are two common sources of interference for Wi-Fi networks? (Choose two.) A. LED lights B. radar C. re alarm D. conventional oven E. rogue AP Correct Answer: BE
Which two pieces of information are necessary to compute SNR? (Choose two.) A. transmit power B. noise floor C. EIRP D. RSSI E. antenna gain Correct Answer: BD
Which OSPF network types are compatible and allow communication through the two peering devices? A. point-to-multipoint to nonbroadcast B. broadcast to nonbroadcast C. point-to-multipoint to broadcast D. broadcast to point-to-point Correct Answer: B
Refer to the exhibit.Which statement about the OSPF debug output is true? A. The output displays OSPF hello messages which router R1 has sent or received on interface Fa0/1. B. The output displays all OSPF messages which router R1 has sent or received on all interfaces. C. The output displays all OSPF messages which router R1 has sent or received on interface Fa0/1. D. The output displays OSPF hello and LSACK messages which router R1 has sent or received. Correct Answer: A
Which statement about multicast RPs is true? A. RPs are required only when using protocol independent multicast dense mode. B. RPs are required for protocol independent multicast sparse mode and dense mode. C. By default, the RP is needed periodically to maintain sessions with sources and receivers. D. By default, the RP is needed only to start new sessions with sources and receivers. Correct Answer: D
To increase total throughput and redundancy on the links between the wireless controller and switch, the customer enabled LAG on the wireless controller. Which EtherChannel mode must be configured on the switch to allow the WLC to connect? A. Active B. Passive C. On D. Auto Correct Answer: C
Based on this interface configuration, what is the expected state of OSPF adjacency?A. 2WAY/DROTHER on both routers B. not established C. FULL on both routers D. FULL/BDR on R1 and FULL/BDR on R2 Correct Answer: B
Refer to the exhibit.Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked. Which command should be entered on the ports that are connected to Link2 to resolve the issue? A. Enter spanning-tree port-priority 4 on SW2. B. Enter spanning-tree port-priority 32 on SW1. C. Enter spanning-tree port-priority 224 on SW1. D. Enter spanning-tree port-priority 64 on SW2. Correct Answer: B
Which behavior can be expected when the HSRP version is changed from 1 to 2? A. No changes occur because the standby router is upgraded before the active router. B. No changes occur because version 1 and 2 use the same virtual MAC OUI. C. Each HSRP group reinitializes because the virtual MAC address has changed. D. Each HSRP group reinitializes because the multicast address has changed. Correct Answer: C
Refer to the exhibit.Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails? A. 192.168.101.10 B. 192.168.101.14 C. 192.168.101.6 D. 192.168.101.18 Correct Answer: D
Which PAgP mode combination prevents an EtherChannel from forming? A. auto/desirable B. desirable/desirable C. desirable/auto D. auto/auto Correct Answer: D
If a VRRP master router fails, which router is selected as the new master router? A. router with the lowest priority B. router with the highest priority C. router with the highest loopback address D. router with the lowest loopback address Correct Answer: B
Which two mechanisms are available to secure NTP? (Choose two.) A. IPsec B. IP prefix list-based C. encrypted authentication D. TACACS-based authentication E. IP access list-based Correct Answer: CE
In OSPF, which LSA type is responsible for pointing to the ASBR router? A. type 1 B. type 2 C. type 3 D. type 4 Correct Answer: D
Refer to the exhibit.VLANs 50 and 60 exist on the trunk links between all switches. All access ports on SW3 are configured for VLAN 50 and SW1 is the VTP server. Which command ensures that SW3 receives frames only from VLAN 50? A. SW1(config)#vtp mode transparent B. SW3(config)#vtp mode transparent C. SW2(config)#vtp pruning D. SW1(config)#vtp pruning Correct Answer: D
Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary? A. GLBP B. HSRP v2 C. VRRP D. HSRP v1 Correct Answer: A
Refer to the exhibit.Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP? A. R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.10.2 remote-as 2 R1(config-router)#network 10.1.1.0 mask 255.255.255.0 R2(config)#router bgp 2 R2(config-router)#neighbor 192.168.10.1 remote-as 1 R2(config-router)#network 10.2.2.0 mask 255.255.255.0 B. R1(config)#router bgp 1 R1(config-router)#neighbor 10.2.2.2 remote-as 2 R1(config-router)#network 10.1.1.0 mask 255.255.255.0 R2(config)#router bgp 2 R2(config-router)#neighbor 10.1.1.1 remote-as 1 R2(config-router)#network 10.2.2.0 mask 255.255.255.0 C. R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.10.2 remote-as 2 R1(config-router)#network 10.0.0.0 mask 255.0.0.0 R2(config)#router bgp 2 R2(config-router)#neighbor 192.168.10.1 remote-as 1 R2(config-router)#network 10.0.0.0 mask 255.0.0.0 D. R1(config)#router bgp 1 R1(config-router)#neighbor 10.2.2.2 remote-as 2 R1(config-router)#neighbor 10.2.2.2 update-source lo0 R1(config- router)#network 10.1.1.0 mask 255.255.255.0 R2(config)#router bgp 2 R2(config-router)#neighbor 10.1.1.1 remote-as 1 R2(config- router)#neighbor 10.1.1.1 update-source lo0 R2(config-router)#network 10.2.2.0 mask 255.255.255.0 Correct Answer: A
What is a benefit of using a Type 2 hypervisor instead of a Type 1 hypervisor? A. better application performance B. improved security because the underlying OS is eliminated C. improved density and scalability D. ability to operate on hardware that is running other OSs Correct Answer: D
Refer to the exhibit. A network engineer must simplify the IPsec configuration by enabling IPsec over GRE using IPsec profiles. Which two configuration changes accomplish this? (Choose two). A. Create an IPsec profile, associate the transform-set ACL, and apply the profile to the tunnel interface. B. Apply the crypto map to the tunnel interface and change the tunnel mode to tunnel mode ipsec ipv4. C. Remove all configuration related to crypto map from R1 and R2 and eliminate the ACL. D. Create an IPsec profile, associate the transform-set, and apply the profile to the tunnel interface. E. Remove the crypto map and modify the ACL to allow traffic between 10.10.0.0/24 to 10.20.0.0/24. Correct Answer: CD
What is a benefit of a virtual machine when compared with a physical server? A. Multiple virtual servers can be deployed on the same physical server without having to buy additional hardware. B. Virtual machines increase server processing performance. C. The CPU and RAM resources on a virtual machine cannot be affected by other virtual machines. D. Deploying a virtual machine is technically less complex than deploying a physical server. Correct Answer: A
What is required for a virtual machine to run? A. a Type 1 hypervisor and a host operating system B. a hypervisor and physical server hardware C. only a Type 1 hypervisor D. only a Type 2 hypervisor Correct Answer: B
Which entity is a Type 1 hypervisor? A. Oracle VM VirtualBox B. Citrix XenServer C. VMware server D. Microsoft Virtual PC Correct Answer: B
What are two benefits of virtual switching when compared to hardware switching? (Choose two.) A. increased MTU size B. VM-level isolation C. extended 802.1Q VLAN range D. hardware independence E. increased exibility Correct Answer: DE
Which LISP component is required for a LISP site to communicate with a non-LISP site? A. Proxy ITR B. ITR C. ETR D. Proxy ETR Correct Answer: D
Which two components are supported by LISP? (Choose two.) A. proxy ETR B. egress tunnel router C. route reflector D. HMAC algorithm E. spoke Correct Answer: AB
What is the function of a VTEP in VXLAN? A. provide the routing underlay and overlay for VXLAN headers B. dynamically discover the location of end hosts in a VXLAN fabric C. encapsulate and de-encapsulate traffic into and out of the VXLAN fabric D. statically point to end host locations of the VXLAN fabric Correct Answer: C
Refer to the exhibit. Which configuration must be applied to R1 to enable R1 to reach the server at 172.16.0.1? A. interface Ethernet0/0 ip address 172.16.0.7 255.255.0.0 router ospf 44 vrf bank network 172.16.0.0 255.255.0.0 B. interface Ethernet0/0 vrf forwarding hotel ip address 172.16.0.7 255.255.0.0 router ospf 44 vrf Hotel network 172.16.0.0 0.0.255.255 area C. interface Ethernet0/0 vrf forwarding bank ip address 172.16.0.7 255.255.0.0 router ospf 44 vrf bank network 172.16.0.0 0.0.255.255 area 0 D. interface Ethernet0/0 ip address 172.16.0.7 255.255.0.0 router ospf 44 vrf hotel network 172.16.0.0 255.255.0.0 C Correct Answer:
Refer to the exhibit. Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200? A. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 global ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 global ip route 192.168.1.0 255.255.255.0 Vlan10 ip route 172.16.1.0 255.255.255.0 Vlan20 B. ip route vrf Customer1 172.16.1.1 255.255.255.255 172.16.1.1 global ip route vrf Customer2 192.168.1.200 255.255.255.0 192.168.1.1 global ip route 192.168.1.0 255.255.255.0 Vlan10 ip route 172.16.1.0 255.255.255.0 Vlan20 C. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer2 ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer1 D. ip route vrf Customer1 172.16.1.0 255.255.255.0 172.16.1.1 Customer1 ip route vrf Customer2 192.168.1.200 255.255.255.255 192.168.1.1 Customer2 Correct Answer: A
Refer to the exhibit. A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify? A. The tunnel keepalive is configured incorrectly because they must match on both sites. B. The tunnel destination will be known via the tunnel interface. C. The tunnel will be established and work as expected. D. The default MTU of the tunnel interface is 1500 bytes. Correct Answer: B
Which element enables communication between guest VMs within a virtualized environment? A. hypervisor B. virtual router C. vSwitch D. pNIC Each VM is provided with a virtual NIC (vNIC) that is connected to the virtual switch. Multiple vNICs can connect to a single vSwitch, allowing VMs on a physical host to communicate with one another at layer 2 without having to go out to a physical switch. Correct Answer: C
Which two methods are used to reduce the AP coverage area? (Choose two.) A. Reduce channel width from 40 MHz to 20 MHz. B. Reduce AP transmit power. C. Enable Fastlane. D. Increase minimum mandatory data rate. E. Disable 2.4 GHz and use only 5 GHz. Correct Answer: BD
Which antenna type should be used for a site-to-site wireless connection? A. patch B. dipole C. omnidirectional D. Yagi Correct Answer: D
In a wireless network environment, what is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain? A. SNR B. RSSI C. EIRP D. dBi Correct Answer: C
What does the LAP send when multiple WLCs respond to the CISCO-CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process? A. unicast discovery request to the first WLC that resolves the domain name B. broadcast discovery request C. join request to all the WLCs D. unicast discovery request to each WLC Correct Answer: D
Refer to the exhibit.A port channel is configured between SW2 and SW3. SW2 is not running a Cisco operating system. When all physical connections are made, the port channel does not establish. Based on the configuration excerpt of SW3, what is the cause of the problem? A. The port-channel mode should be set to auto. B. The port channel on SW2 is using an incompatible protocol. C. The port-channel trunk is not allowing the native VLAN. D. The port-channel interface load balance should be set to src-mac. Correct Answer: B
What is a fact about Cisco EAP-FAST? A. It requires a client certificate. B. It is an IETF standard. C. It does not require a RADIUS server certificate. D. It operates in transparent mode. Correct Answer: C
Which statement about route targets is true when using VRF-Lite? A. Route targets control the import and export of routes into a customer routing table. B. When BGP is configured, route targets are transmitted as BGP standard communities. C. Route targets allow customers to be assigned overlapping addresses. D. Route targets uniquely identify the customer routing table. Correct Answer: A
Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination? A. PITR B. map resolver C. map server D. PETR Correct Answer: A
Which statement explains why Type 1 hypervisor is considered more efficient than Type2 hypervisor? A. Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques. B. Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources. C. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS. D. Type 1 hypervisor enables other operating systems to run on it. Correct Answer: C
Which statement about VXLAN is true? A. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries. B. VXLAN uses the Spanning Tree Protocol for loop prevention. C. VXLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network. D. VXLAN uses TCP as the transport protocol over the physical data center network. Correct Answer: A
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel? A. MSS B. MTU C. MRU D. window size Correct Answer: A
Which statement describes the IP and MAC allocation requirements for virtual machines on Type 1 hypervisors? A. Virtual machines do not require a unique IP or unique MA B. They share the IP and MAC address of the physical server. C. Each virtual machine requires a unique IP address but shares the MAC address with the physical server. D. Each virtual machine requires a unique IP and MAC addresses to be able to reach to other nodes. E. Each virtual machine requires a unique MAC address but shares the IP address with the physical server. Correct Answer: C
Which two namespaces does the LISP network architecture and protocol use? (Choose two.) A. TLOC B. RLOC C. DNS D. VTEP E. EID Correct Answer: BE
Which two entities are Type 1 hypervisors? (Choose two.) A. Oracle VM VirtualBox B. Microsoft Hyper-V C. VMware server D. VMware ESXi E. Microsoft Virtual PC Correct Answer: BD
Which action is a function of VTEP in VXLAN? A. tunneling traffic from IPv6 to IPv4 VXLANs B. allowing encrypted communication on the local VXLAN Ethernet segment C. encapsulating and de-encapsulating VXLAN Ethernet frames D. tunneling traffic from IPv4 to IPv6 VXLANs Correct Answer: C
Which two actions provide controlled Layer 2 network connectivity between virtual machines running on the same hypervisor? (Choose two.) A. Use a virtual switch provided by the hypervisor. B. Use a virtual switch running as a separate virtual machine. C. Use VXLAN fabric after installing VXLAN tunneling drivers on the virtual machines. D. Use a single routed link to an external router on stick. E. Use a single trunk link to an external Layer2 switch. Correct Answer: AB
What is a Type 1 hypervisor? A. runs directly on a physical server and depends on a previously installed operating system B. runs directly on a physical server and includes its own operating system C. runs on a virtual server and depends on an already installed operating system D. runs on a virtual server and includes its own operating system Correct Answer: B
Refer to the exhibit. A network engineer configures a GRE tunnel and enters the show interface tunnel command. What does the output confirm about the configuration? A. The keepalive value is modified from the default value. B. The physical interface MTU is 1476 bytes. C. The tunnel mode is set to the default. D. Interface tracking is configured. Correct Answer: C
What it the purpose of the LISP routing and addressing architecture? A. It creates two entries for each network node, one for its identity and another for its location on the network. B. It allows LISP to be applied as a network virtualization overlay though encapsulation. C. It allows multiple instances of a routing table to co-exist within the same router. D. It creates head-end replication used to deliver broadcast and multicast frames to the entire network. Correct Answer: A
What function does VXLAN perform in a Cisco SD-Access deployment? A. policy plane forwarding B. control plane forwarding C. data plane forwarding D. systems management and orchestration Correct Answer: C
Refer to the exhibit.MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared? A. The packet is discarded on router B B. The packet arrives on router C without fragmentation C. The packet arrives on router C fragmented D. The packet is discarded on router A Correct Answer: C
Which entity is responsible for maintaining Layer 2 isolation between segments in a VXLAN environment? A. VNID B. switch fabric C. VTEP D. host switch Correct Answer: A
What is an emulated machine that has dedicated compute, memory, and storage resources and a fully installed operating system? A. mainframe B. host C. virtual machine D. container Correct Answer: C
Which technology does VXLAN use to provide segmentation for Layer 2 and Layer 3 traffic? A. bridge domain B. VLAN C. VNI D. VRF Correct Answer: C
Refer to the exhibit. An engineer must assign an IP address of 192.168.1.1/24 to the GigabitEthernet1 interface. Which two commands must be added to the existing configuration to accomplish this task? (Choose two.) A. Router(config-if)#ip address 192.168.1.1 255.255.255.0 B. Router(config-vrf)#address-family ipv4 C. Router(config-vrf)#ip address 192.168.1.1 255.255.255.0 D. Router(config-if)#address-family ipv4 E. Router(config-vrf)#address-family ipv6 Correct Answer: AB
The following system log message is presented after a network administrator configures a GRE tunnel: %TUN-RECURDOWN Interface Tunnel 0 temporarily disabled due to recursive routing Why is Tunnel 0 disabled? A. Because dynamic routing is not enabled. B. Because the tunnel cannot reach its tunnel destination. C. Because the best path to the tunnel destination is through the tunnel itself. D. Because the router cannot recursively identify its egress forwarding interface. Correct Answer: C
What is the function of a fabric border node in a Cisco SD-Access environment? A. To collect traffic flow information toward external networks. B. To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks. C. To attach and register clients to the fabric. D. To handle an ordered list of IP addresses and locations for endpoints in the fabric. Correct Answer: B
In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one AP to another on a different access switch using a single WLC? A. Layer 3 B. inter-xTR C. auto anchor D. fast roam Correct Answer: D
What is the recommended MTU size for a Cisco SD-Access Fabric? A. 4464 B. 17914 C. 9100 D. 1500 Correct Answer: C
What is the function of the fabric control plane node in a Cisco SD-Access deployment? A. It is responsible for policy application and network segmentation in the fabric. B. It performs traffic encapsulation and security profiles enforcement in the fabric. C. It holds a comprehensive database that tracks endpoints and networks in the fabric. D. It provides integration with legacy nonfabric-enabled environments. Correct Answer: C
What is the data policy in a Cisco SD-WAN deployment? A. list of ordered statements that define node configurations and authentication used within the SD-WAN overlay B. set of statements that defines how data is forwarded based on IP packet information and specific VPNs C. detailed database mapping several kinds of addresses with their corresponding location D. group of services tested to guarantee devices and links liveliness within the SD-WAN overlay Correct Answer: B
In Cisco SD-WAN, which protocol is used to measure link quality? A. IPsec B. OMP C. RSVP D. BFD Correct Answer: D
What is used to perform QoS packet classification? A. the Type field in the Layer 2 frame B. the Options field in the Layer 3 header C. the TOS field in the Layer 3 header D. the Flags field in the Layer 3 header Correct Answer: C
How do cloud deployments differ from on-premises deployments? A. Cloud deployments require longer implementation times than on-premises deployments. B. Cloud deployments are more customizable than on-premises deployments. C. Cloud deployments have lower upfront costs than on-premises deployments. D. Cloud deployments require less frequent upgrades than on-premises deployments. Correct Answer: C
Which controller is capable of acting as a STUN server during the onboarding process of Edge devices? A. vBond B. vSmart C. vManage D. PNP Server Correct Answer: A
How is 802.11 traffic handled in a fabric-enabled SSID? A. centrally switched back to WLC where the user traffic is mapped to a VXLAN on the WLC B. converted by the AP into 802.3 and encapsulated into VXLAN C. centrally switched back to WLC where the user traffic is mapped to a VLAN on the WLC D. converted by the AP into 802.3 and encapsulated into a VLAN Correct Answer: B
Refer to the exhibit.An engineer is installing a new pair of routers in a redundant configuration. When checking on the standby status of each router, the engineer notices that the routers are not functioning as expected. Which action will resolve the configuration error? A. configure matching hold and delay timers B. configure matching key-strings C. configure matching priority values D. configure unique virtual IP addresses Correct Answer: B
Refer to the exhibit.Router1 is currently operating as the HSRP primary with a priority of 110. Router1 fails and Router2 takes over the forwarding role. Which command on Router1 causes it to take over the forwarding role when it returns to service? A. standby 2 priority B. standby 2 preempt C. standby 2 track D. standby 2 timers Correct Answer: B
An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172 16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I- E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows: Network 172.16.100.0 255.255.255.0 Default Router 172.16.100.1 - Option 43 ASCII 172.16.50.5 - The access points are failing to join the wireless LAN controller. Which action resolves the issue? A. configure option 43 Hex F104.AC10.3205 B. configure option 43 Hex F104.CA10.3205 C. configure dns-server 172.16.50.5 D. configure dns-server 172. 16.100.1 Correct Answer: A
What is the role of vSmart in a Cisco SD-WAN environment? A. to establish secure control plane connections B. to monitor, configure, and maintain SD-WAN devices C. to provide secure data plane connectivity over WAN links D. to perform initial authentication of devices Correct Answer: A
Which action is performed by Link Management Protocol in a Cisco StackWise Virtual domain? A. It determines which switch becomes active or standby. B. It determines if the hardware is compatible to form the StackWise Virtual domain. C. It rejects any unidirectional link traffic forwarding. D. It discovers the StackWise domain and brings up SVL interfaces. Correct Answer: C
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two.) A. vSwitch must interrupt the server CPU to process the broadcast packet. B. The Layer 2 domain can be large in virtual machine environments. C. Virtual machines communicate primarily through broadcast mode. D. Communication between vSwitch and network switch is broadcast based. E. Communication between vSwitch and network switch is multicast based. Correct Answer: AB
Which two GRE features are configured to prevent fragmentation? (Choose two.) A. TCP window size B. IP MTU C. TCP MSS D. DF bit clear E. MTU ignore Correct Answer: BC
Which LISP device is responsible for publishing EID-to-RLOC mappings for a site? A. ETR B. MR C. ITR D. MS Correct Answer: A
Refer to the exhibit.Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1? A. default VRF B. VRF VPN_A C. VRF VPN_B D. management VRF Correct Answer: A
What are two benefits of virtualizing the server with the use of VMs in a data center environment? (Choose two.) A. reduced rack space, power, and cooling requirements B. smaller Layer 2 domain C. increased security D. speedy deployment E. reduced IP and MAC address requirements Correct Answer: AD
In a Cisco SD-Access wireless architecture, which device manages endpoint ID to edge node bindings? A. fabric control plane node B. fabric wireless controller C. fabric border node D. fabric edge node Correct Answer: A
Which control plane protocol is used between Cisco SD-WAN routers and vSmart controllers? A. TCP B. OMP C. UDP D. BGP Correct Answer: B
In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer? A. provide QoS prioritization services such as marking, queueing, and classification for critical network traffic B. provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster convergence C. provide advanced network security features such as 802.1X, DHCP snooping, VACLs, and port security D. provide redundant aggregation for access layer devices and first-hop redundancy protocols such as VRRP Correct Answer: B
What is a VPN in a Cisco SD-WAN deployment? A. common exchange point between two different services B. attribute to identify a set of services offered in specific places in the SD-WAN fabric C. virtualized environment that provides traffic isolation and segmentation in the SD-WAN fabric D. virtual channel used to carry control plane information Correct Answer: C
Which function does a fabric edge node perform in an SD-Access deployment? A. Connects endpoints to the fabric and forwards their traffic. B. Encapsulates end-user data traffic into LISP. C. Connects the SD-Access fabric to another fabric or external Layer 3 networks. D. Provides reachability between border nodes in the fabric underlay. Correct Answer: A
What is the role of a fusion router in an SD-Access solution? A. acts as a DNS server B. provides additional forwarding capacity to the fabric C. performs route leaking between user-defined virtual networks and shared services D. provides connectivity to external networks Correct Answer: C
Which action is the vSmart controller responsible for in an SD-WAN deployment? A. onboard vEdge nodes into the SD-WAN fabric B. gather telemetry data from vEdge routers C. distribute security information for tunnel establishment between vEdge routers D. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric C Correct Answer:
What is one fact about Cisco SD-Access wireless network deployments? A. The access point is part of the fabric overlay. B. The wireless client is part of the fabric overlay. C. The access point is part of the fabric underlay. D. The WLC is part of the fabric underlay. Correct Answer: A
In a Cisco SD-Access solution, what is the role of a fabric edge node? A. to connect external Layer 3 networks to the SD-Access fabric B. to connect wired endpoints to the SD-Access fabric C. to advertise fabric IP address space to external networks D. to connect the fusion router to the SD-Access fabric Correct Answer: B
What are two reasons a company would choose a cloud deployment over an on-prem deployment? (Choose two.) A. Cloud costs adjust up or down depending on the amount of resources consumed. On-prem costs for hardware, power, and space are on- going regardless of usage. B. Cloud resources scale automatically to an increase in demand. On-prem requires additional capital expenditure. C. In a cloud environment, the company is in full control of access to their data. On-prem risks access to data due to service provider outages. D. In a cloud environment, the company controls technical issues. On-prem environments rely on the service provider to resolve technical issues. E. Cloud deployments require long implementation times due to capital expenditure processes. On-prem deployments can be accomplished quickly using operational expenditure processes. Correct Answer: AB
What is the difference between the MAC address table and TCAM? A. TCAM is used to make L2 forwarding decisions. CAM is used to build routing tables. B. Router prefix lookups happen in CAM. MAC address table lookups happen in TCAM. C. The MAC address table supports partial matches. TCAM requires an exact match. D. The MAC address table is contained in CAM. ACL and QoS information is stored in TCAM. Correct Answer: D
Which controller is the single plane of management for Cisco SD-WAN? A. vBond B. vSmart C. vManage D. vEdge Correct Answer: C
A company plans to implement intent-based networking in its campus infrastructure. Which design facilitates a migration from a traditional campus design to a programmable fabric design? A. two-tier B. Layer 2 access C. three-tier D. routed access Correct Answer: D
Which statement about a fabric access point is true? A. It is in local mode and must be connected directly to the fabric edge switch. B. It is in local mode and must be connected directly to the fabric border node. C. It is in FlexConnect mode and must be connected directly to the fabric border node. D. It is in FlexConnect mode and must be connected directly to the fabric edge switch. Correct Answer: A
A customer requests a network design that supports these requirements: FHRP redundancy multivendor router environment IPv4 and IPv6 hosts Which protocol does the design include? A. VRRP version 2 B. VRRP version 3 C. GLBP D. HSRP version 2 Correct Answer: B
While configuring an IOS router for HSRP with a virtual IP of 10.1.1.1, an engineer sees this log message. Jan 1 12:12:12.111 : %HSRP-4-DIFFVIP1: GigabitEthernet0/0 Grp 1 active routers virtual IP address 10.1.1.1 is different to the locally configured address 10.1.1.25 Which configuration change must the engineer make? A. Change the HSRP group configuration on the local router to 1. B. Change the HSRP virtual address on the local router to 10.1.1.1. C. Change the HSRP virtual address on the remote router to 10.1.1.1. D. Change the HSRP group configuration on the remote router to 1. Correct Answer: B
A network administrator has designed a network with two multilayer switches on the distribution layer, which act as default gateways for the end hosts. Which two technologies allow every end host in a VLAN to use both gateways? (Choose two.) A. VRRP B. GLBP C. VSS D. MHSRP E. HSRP Correct Answer: BD
Refer to the exhibit. On which interfaces should VRRP commands be applied to provide first hop redundancy to PC-01 and PC-02? A. G0/0 and G0/1 on Core B. G0/0 on Edge-01 and G0/0 on Edge-02 C. G0/1 on Edge-01 and G0/1 on Edge-02 D. G0/0 and G0/1 on ASW-01 Correct Answer: C
Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most bene cial? A. under traffic classification and marking conditions B. under interface saturation conditions C. under all network conditions D. under network convergence conditions Correct Answer: A
An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the active HSRP router. The peer router has been configured using the default priority value. Which command set is required? A. standby version 2 standby 300 priority 110 standby 300 preempt B. standby 300 priority 110 standby 300 timers 1 110 C. standby version 2 standby 300 priority 90 standby 300 preempt D. standby 300 priority 90 standby 300 preempt Correct Answer: A
What is the difference between a RIB and a FIB? A. The FIB is populated based on RIB content. B. The RIB maintains a mirror image of the FI C. The RIB is used to make IP source prefix-based switching decisions. D. The FIB is where all IP routing information is stored. Correct Answer: A
Which QoS component alters a packet to change the way that traffic is treated in the network? A. policing B. classification C. marking D. shaping Correct Answer: C
Which statement about Cisco Express Forwarding is true? A. The CPU of a router becomes directly involved with packet-switching decisions. B. It uses a fast cache that is maintained in a router data plane. C. It maintains two tables in the data plane: the FIB and adjacency table. D. It makes forwarding decisions by a process that is scheduled through the IOS scheduler. Correct Answer: C
What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment? A. ability to quickly increase compute power without the need to install additional hardware B. less power and cooling resources needed to run infrastructure on-premises C. faster deployment times because additional infrastructure does not need to be purchased D. lower latency between systems that are physically located near each other Correct Answer: D
How does QoS traffic shaping alleviate network congestion? A. It drops packets when traffic exceeds a certain bitrate. B. It buffers and queues packets above the committed rate. C. It fragments large packets and queues them for delivery. D. It drops packets randomly from lower priority queues. Correct Answer: B
An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two.) A. Policing should be performed as close to the source as possible. B. Policing adapts to network congestion by queuing excess traffic. C. Policing should be performed as close to the destination as possible. D. Policing drops traffic that exceeds the defined rate. E. Policing typically delays the traffic, rather than drops it. Correct Answer: AD
Which component handles the orchestration plane of the Cisco SD-WAN? A. vBond B. vSmart C. vManage D. WAN Edge Correct Answer: A
What are two device roles in Cisco SD-Access fabric? (Choose two.) A. edge node B. vBond controller C. access switch D. core switch E. border node Correct Answer: AE
What is the role of the vSmart controller in a Cisco SD-WAN environment? A. It performs authentication and authorization. B. It manages the control plane. C. It is the centralized network management system. D. It manages the data plane. Correct Answer: B
When a wired client connects to an edge switch in a Cisco SD-Access fabric, which component decides whether the client has access to the network? A. edge node B. Identity Services Engine C. RADIUS server D. control-plane node Correct Answer: B
Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment? A. virtualization B. supported systems C. storage capacity D. efficient scalability Correct Answer: D
Which action is the vSmart controller responsible for in a Cisco SD-WAN deployment? A. onboard WAN Edge nodes into the Cisco SD-WAN fabric B. gather telemetry data from WAN Edge routers C. distribute policies that govern data forwarding performed within the Cisco SD-WAN fabric D. handle, maintain, and gather configuration and status for nodes within the Cisco SD-WAN fabric Correct Answer: C
Where is radio resource management performed in a Cisco SD-Access wireless solution? A. DNA Center B. control plane node C. wireless controller D. Cisco CMX Correct Answer: B
How does the RIB differ from the FIB? A. The FIB maintains network topologies and routing tables. The RIB is a list of routes to particular network destinations. B. The FIB includes many routes to a single destination. The RIB is the best route to a single destination. C. The RIB is used to create network topologies and routing tables. The FIB is a list of routes to particular network destinations. D. The RIB includes many routes to the same destination prefix. The FIB contains only the best route. Correct Answer: C
Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture? A. underlay network B. VPN routing/forwarding C. easy virtual network D. overlay network Correct Answer: D
What is the difference between CEF and process switching? A. CEF processes packets that are too complex for process switching to manage. B. Process switching is faster than CE C. CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet. D. CEF is more CPU-intensive than process switching. Correct Answer: C
What are two considerations when using SSO as a network redundancy feature? (Choose two.) A. requires synchronization between supervisors in order to guarantee continuous connectivity B. the multicast state is preserved during switchover C. must be combined with NSF to support uninterrupted Layer 3 operations D. both supervisors must be configured separately E. must be combined with NSF to support uninterrupted Layer 2 operations Correct Answer: AC
In a Cisco SD-Access fabric, which control plane protocol is used for mapping and resolving endpoints? A. DHCP B. VXLAN C. SXP D. LISP Correct Answer: D
What are two differences between the RIB and the FIB? (Choose two.) A. FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for each packet. B. The FIB is derived from the data plane, and the RIB is derived from the FI C. The RIB is a database of routing prefixes, and the FIB is the information used to choose the egress interface for each packet. D. The RIB is derived from the control plane, and the FIB is derived from the RI E. The FIB is derived from the control plane, and the RIB is derived from the FI F. Correct Answer: CD
Which two network problems indicate a need to implement QoS in a campus network? (Choose two.) A. port apping B. excess jitter C. misrouted network packets D. duplicate IP addresses E. bandwidth-related packet loss Correct Answer: BE
Refer to the exhibit. What step resolves the authentication issue?37441 views0 answers0 votes
janessaj48 answered 3 months ago • 350-401
19 views1 answers0 votes
50 views0 answers0 votes
38 views0 answers0 votes
61 views0 answers0 votes
36 views0 answers0 votes
27 views0 answers0 votes
41 views0 answers0 votes
29 views0 answers0 votes
30 views0 answers0 votes
38 views0 answers0 votes
52 views0 answers0 votes
29 views0 answers0 votes
23 views0 answers0 votes
29 views0 answers0 votes
137 views0 answers0 votes
27 views0 answers0 votes
48 views0 answers0 votes
42 views0 answers0 votes
Other exams
- 101 (450)
- 101-500 (120)
- 102-500 (120)
- 1V0-21.20 (97)
- 200-125 (1926)
- 200-201 (300)
- 200-301 (1384)
- 200-901 (587)
- 201-450 (60)
- 202-450 (120)
- 212-89 (82)
- 220-1001 (414)
- 220-1002 (472)
- 220-1101 (517)
- 220-1102 (472)
- 2V0-21.19 (213)
- 2V0-21.19D (90)
- 2V0-21.20 (107)
- 2V0-21.23 (103)
- 2V0-31.20 (86)
- 2V0-31.21 (87)
- 2V0-41.19 (89)
- 2V0-41.20 (92)
- 2V0-41.23 (105)
- 2V0-51.21 (94)
- 2V0-602 (97)
- 2V0-62.21 (87)
- 300-101 (1468)
- 300-115 (992)
- 300-160 (97)
- 300-320 (112)
- 300-410 (621)
- 300-415 (402)
- 300-420 (266)
- 300-425 (176)
- 300-430 (249)
- 300-435 (105)
- 300-510 (106)
- 300-535 (45)
- 300-610 (135)
- 300-615 (200)
- 300-620 (292)
- 300-630 (107)
- 300-635 (46)
- 300-710 (311)
- 300-715 (277)
- 300-730 (172)
- 300-735 (56)
- 300-810 (170)
- 300-815 (170)
- 300-820 (306)
- 300-910 (105)
- 312-38 (184)
- 312-39 (85)
- 312-49 (146)
- 312-49V10 (580)
- 312-50V10 (203)
- 312-50V11 (400)
- 312-50v12 (310)
- 312-50V9 (198)
- 350-201 (129)
- 350-401 (1020)
- 350-501 (396)
- 350-601 (526)
- 350-701 (703)
- 350-801 (443)
- 350-901 (383)
- 3V0-21.21 (90)
- 5V0-21.19 (100)
- 5V0-21.21 (94)
- 5V0-23.20 (123)
- 5V0-31.22 (128)
- 712-50 (638)
- ADM-201 (561)
- AI-100 (206)
- AI-102 (293)
- AI-900 (245)
- ANS-C00 (377)
- ANS-C01 (220)
- AXS-C01 (58)
- AZ-103 (265)
- AZ-104 (606)
- AZ-120 (223)
- AZ-140 (189)
- AZ-204 (399)
- AZ-220 (174)
- AZ-300 (241)
- AZ-301 (232)
- AZ-303 (334)
- AZ-304 (237)
- AZ-305 (284)
- AZ-400 (516)
- AZ-500 (485)
- AZ-700 (260)
- AZ-800 (227)
- AZ-900 (462)
- BDS-C00 (85)
- CAS-003 (390)
- CAS-004 (514)
- CCAK (160)
- CCNA (1385)
- CCSP (509)
- CDPSE (126)
- Certified Advanced Administrator (182)
- Certified AI Associate (72)
- Certified Business Analyst (95)
- Certified CPQ Specialist (240)
- Certified Data Architect (70)
- Certified Experience Cloud Consultant (111)
- Certified Integration Architect (68)
- Certified Marketing Cloud Consultant (99)
- Certified Marketing Cloud Email Specialist (112)
- Certified OmniStudio Developer (77)
- CERTIFIED PLATFORM APP BUILDER (469)
- Certified Platform Developer II (266)
- Certified Sales Cloud Consultant Exam (196)
- Certified Tableau CRM and Einstein Discovery Consultant (95)
- CGEIT (362)
- CISA (1284)
- CISM (1250)
- CISSP (484)
- CISSP-ISSAP (107)
- CLF-C01 (987)
- CLF-C02 (714)
- CRISC (1896)
- CRT-450 (283)
- CS0-001 (277)
- CS0-002 (422)
- CS0-003 (265)
- CSSLP (172)
- CV0-003 (315)
- DA0-001 (190)
- DAS-C01 (164)
- DBS-C01 (359)
- DEA-C01 (141)
- DOP-C01 (208)
- DOP-C02 (281)
- DP-100 (477)
- DP-200 (228)
- DP-201 (206)
- DP-203 (370)
- DP-500 (183)
- DP-900 (285)
- DVA-C01 (443)
- DVA-C02 (414)
- GISF (316)
- GISP (654)
- Google Associate Cloud Engineer (274)
- Google Professional Cloud Architect (278)
- Google Professional Cloud Database Engineer (132)
- Google Professional Cloud Developer (279)
- Google Professional Cloud DevOps Engineer (166)
- Google Professional Cloud Network Engineer (172)
- Google Professional Cloud Security Engineer (244)
- ITILF (540)
- JN0-102 (63)
- JN0-103 (96)
- JN0-104 (103)
- JN0-105 (94)
- JN0-211 (65)
- JN0-231 (102)
- JN0-251 (67)
- JN0-347 (58)
- JN0-348 (69)
- JN0-349 (95)
- JN0-351 (90)
- JN0-360 (74)
- JN0-362 (63)
- JN0-363 (94)
- JN0-649 (65)
- JN0-663 (91)
- JN0-664 (95)
- JN0-682 (56)
- MB-210 (365)
- MB-220 (205)
- MB-230 (249)
- MB-300 (411)
- MB-310 (289)
- MB-330 (392)
- MB-500 (257)
- MB-700 (178)
- MB-800 (238)
- MD-100 (398)
- MLS-C0 (0)
- MLS-C01 (336)
- MS-100 (426)
- MS-101 (449)
- MS-102 (294)
- MS-203 (392)
- MS-500 (344)
- MS-700 (395)
- MS-900 (438)
- N10-007 (701)
- N10-008 (677)
- NSE4_FGT-7.2 (103)
- PAS-C01 (130)
- PCCET (137)
- PCCSE (246)
- PCDRA (93)
- PCNSA (403)
- PCNSE (619)
- PCSAE (139)
- PCSFE (103)
- PL-100 (339)
- PL-200 (279)
- PL-300 (516)
- PL-400 (349)
- PL-500 (158)
- PL-600 (192)
- PL-900 (288)
- PMP (1137)
- PNCSE (0)
- PSE Strata (115)
- PT0-001 (196)
- PT0-002 (341)
- RHCSA-EX200 (109)
- SAA-C02 (800)
- SAA-C03 (1777)
- SAP-C01 (1019)
- SAP-C02 (410)
- SC-100 (185)
- SC-200 (305)
- SC-300 (302)
- SC-400 (580)
- SC-900 (209)
- SCS-C01 (509)
- SCS-C02 (173)
- SK0-005 (303)
- SOA-C01 (931)
- SOA-C02 (464)
- SSCP (151)
- SY0-501 (1043)
- SY0-601 (847)
- SY0-701 (305)
- XK0-004 (322)
- XK0-005 (239)