Pre-Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Cisco > CCNP Enterprise > 350-401

350-401 Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Question and Answers

Question # 4

Which common type of attack does a data center next-generation firewall protect against?

A.

DDoS protection

B.

Unauthorized analyzers

C.

Rogue APs

D.

Malicious or risky applications

Full Access
Question # 5

What is the function of an intermediate node in a Cisco SD-Access fabric?

A.

to route packets within the fabric based on the Layer 3 information in the header

B.

to provide an entry and exit point between the fabric and external resources

C.

to encapsulate and de-encapsulate packets with a VXLAN header

D.

to provide reachability between fabric clients and nonfabric clients on the same subnet

Full Access
Question # 6

In a wireless network environment, which measurement compares the received signal to the background noise?

A.

free space path loss

B.

link power budget

C.

fading

D.

SNR

Full Access
Question # 7

Refer to the exhibit. A network engineer must log in to the router via the console, but the RADIUS servers are not reachable. Which credentials allow console access?

A.

the username " cisco " and the password " cisco "

B.

no username and only the password " test123 "

C.

no username and only the password " cisco123 "

D.

the username " cisco " and the password " cisco123 "

Full Access
Question # 8

In a Cisco Mobility Express wireless deployment, which AP takes over if the primary AP fails?

A.

AP with highest IP address

B.

AP with the lowest IP address

C.

AP with highest MAC address

D.

AP with highest controller up time

Full Access
Question # 9

Which action is a function of VTEP in VXLAN?

A.

tunneling traffic from IPv6 to IPv4 VXLANs

B.

allowing encrypted communication on the local VXLAN Ethernet segment

C.

encapsulating and de-encapsulating VXLAN Ethernet frames

D.

tunneling traffic from IPv4 to IPv6 VXLANs

Full Access
Question # 10

Refer to the exhibit.

What does the snippet of code achieve?

A.

It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.

B.

It opens a tunnel and encapsulates the login information, if the host key is correct.

C.

It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.

D.

It creates an SSH connection using the SSH key that is stored, and the password is ignored.

Full Access
Question # 11

Which controller is the single plane of management for Cisco SD-WAN?

A.

vBond

B.

vEdge

C.

vSmart

D.

vManage

Full Access
Question # 12

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list?

Full Access
Question # 13

Why does the vBond orchestrator have a public IP?

Why does the vBond orchestrator have a public IP?

A.

to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space

B.

to facilitate downloading and distribution of operational and security patches

C.

to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal

D.

to provide access to Cisco Smart Licensing servers for license enablement

Full Access
Question # 14

In which forms can Cisco Catalyst SD-WAN routers be deployed at the perimeter of a site to provide SD-WAN services?

A.

virtualized instances

B.

hardware, software, cloud, and virtualized instances

C.

hardware, virtualized. and cloud instances

D.

hardware and virtualized instances

Full Access
Question # 15

An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement?

A.

802.1XandSUITEB-1X

B.

FT PSK and Fast Transition

C.

802.1X and Fast Transition

D.

FTPSKandSUITEB-1X

Full Access
Question # 16

Which technology collects location information through data packets received by the APs instead of using mobile device probes?

A.

detect and locate

B.

FastLocate

C.

hyperlocation

D.

RF fingerprinting

Full Access
Question # 17

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

A.

broadcast discover request

B.

join request to all the WLCs

C.

unicast discovery request to each WLC

D.

Unicast discovery request to the first WLS that resolves the domain name

Full Access
Question # 18

An engineer must configure a new 6 Ghz only SSID on a cisco catalyst 9800 series WLC, with these requirements:

Provide 802.11ax data rates for supported devices

All users authenticate using a certificate

Which wireless layer 2 security mode meets the requirements?

A.

WPA2 Enterprise

B.

WPA3 Personal

C.

WPA2 Personal

D.

WPA3 Enterprise

Full Access
Question # 19

Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

Full Access
Question # 20

What is the role of a LISP map server?

A.

It receives information from ETRs that map EIDs to RLOCs

B.

It transmits requests for EID-to-RLOC resolution

C.

It transmits information from ETRs that map EIDs to RLOCs

D.

It responds to requests for EID-to-RLOC resolution.

Full Access
Question # 21

Drag and drop the automation characteristics from the left onto the appropriate tools on the right. Not all options are used.

Full Access
Question # 22

Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use?

A.

event manager applet EEM_IP_SLAevent track 10 state down

B.

event manager applet EEM_IP_SLAevent sla 10 state unreachable

C.

event manager applet EEM_IP_SLAevent sla 10 state down

D.

event manager applet EEM_IP_SLAevent track 10 state unreachable

Full Access
Question # 23

Drag and drop the Cisco Catalyst Center (formerly DNA Center) southbound API characteristics from the left to the right. Not all options are used.

Full Access
Question # 24

What does the statement print(format(0.8, \0% ' )) display?

A.

80%

B.

8.8%

C.

.08%

D.

8%

Full Access
Question # 25

DRAG DROP. An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.

R1#show run | include aaa

aaa new-model

aaa authentication login default group ACE group AAA_RADIUS local-case

aaa session-id common

Full Access
Question # 26

In a fabric-enabled wireless network, which device is responsible for maintaining the endpoint ID database?

A.

fabric border node

B.

fabric edge node

C.

fabric wireless controller

D.

control plane node

Full Access
Question # 27

Drag and drop the snippets onto the blanks within the code to create an EEM script that adds an entry to a locally stored text file with a timestamp when a configuration change is made. Not all options are used.

Full Access
Question # 28

The login method is configured on the VTY lines of a router with these parameters:

    The first method for authentication is TACACS+

    If TACACS is unavailable, login is allowed without any provided credentials

Which configuration accomplishes this task?

A.

aaa new-model

aaa authentication login telnet group tacacs+ none

aaa session-id common

B.

aaa new-model

aaa authentication login default group tacacs+

aaa session-id common

C.

aaa new-model

aaa authentication login default group tacacs+ none

aaa session-id common

D.

aaa new-model

aaa authentication login VTY group tacacs+ none

aaa session-id common

Full Access
Question # 29

Refer to the exhibit.

Which configuration enables password checking on the console line, using only a password?

A.

router(config)# line con 0

router(config-line)# exec-timeout 0 0

B.

router(config)# line con 0

router(config-line)# login

C.

router(config)# line con 0

router(config-line)# login local

D.

router(config)# line vty 0 4

router(config-line)# login

Full Access
Question # 30

With IGMPv2, which multicast group address does the IGMP querier use to send query messages to all hosts on the LAN?

A.

239.0.0.2

B.

224.0.0.1

C.

239.0.0.1

D.

224.0.0.2

Full Access
Question # 31

What is the primary responsibility of the vBond orchestrator?

A.

to provide centralized management and provisioning of all elements into the network

B.

to configure NAT communication on WAN Edge routers

C.

to provide configuration synchronization of an WAN Edge devices

D.

to facilitate start-up by performing authentication and authorization of all elements into the network

Full Access
Question # 32

A corporate policy mandates that a certificate-based authentication system must be implemented on the wireless infrastructure. All corporate clients will contain a certificate that will be used in conjunction with ISE and user credentials to perform authentication before the clients are allowed to connect to the corporate Wi-Fi. Which authentication key option must be selected to ensure that this authentication can take place?

A.

none

B.

PSK

C.

802.1x

D.

CCKM

Full Access
Question # 33

In a high-density AP environment, which feature can be used to reduce the RF cell size and not demodulate radio packets above a given threshold?

A.

RX-SOP

B.

FRA

C.

80211k

D.

RRM

Full Access
Question # 34

A wireless administrator must create a new web authentication corporate SSID that will be using ISE as the external RADIUS server. The guest VLAN must be specified after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN?

A.

Set RADIUS Profiling.

B.

Set AAA Policy name.

C.

Enable Network Access Control State.

D.

Enable AAA Override.

Full Access
Question # 35

What are two characteristics of vManage APIs? (Choose two.)

A.

Southbound API is based on OMP and DTLS.

B.

Southbound API is based on NETCONF and XML.

C.

Northbound API is based on RESTCONF and JSON.

D.

Southbound API is based on RESTCONF and JSON.

E.

Northbound API is RESTful, using JSON.

Full Access
Question # 36

What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.)

A.

Summarize routes from the aggregation layer toward the core layer.

B.

Summarize from the access layer toward the aggregation layer.

C.

Configure passive-interface on nontransit links.

D.

Implement security features at the core.

E.

Tune Cisco Express Forwarding load balancing hash for ECMP routing.

Full Access
Question # 37

Which deployment option of Cisco NGFW provides scalability?

A.

tap

B.

inline tap

C.

high availability

D.

clustering

Full Access
Question # 38

Refer to the exhibit. An engineer deployed a wireless QoS setting for a new building within a campus. All network devices support 802.1p priority tags. What can be determined from the WLC settings?

A.

The WLC configuration prioritizes traffic based on access group assignment.

B.

The WLC uses the Platinum, Gold, Silver, and Bronze levels for traffic classification based on priority.

C.

The WLC configuration inherits DSCP values from an upstream AP.

D.

The WLC configuration maps user data ToS level priorities to IP precedence levels.

Full Access
Question # 39

What is a characteristic of the overlay network in the Cisco SD-Access architecture?

A.

It provides multicast support to enable Layer 2 flooding capability in the underlay network.

B.

It consists of a group of physical routers and switches that are used to maintain the network.

C.

It uses a traditional routed access design to provide performance and high availability to the network.

D.

It provides isolation among the virtual networks and independence from the physical network.

Full Access
Question # 40

Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.)

A.

local

B.

rogue detector

C.

monitor

D.

FlexConnect

E.

sniffer

Full Access
Question # 41

Which location tracking method is used when locating client devices using Cisco hyperlocation?

A.

angle of arrival

B.

location patterning

C.

TTL

D.

line of sight

Full Access
Question # 42

Refer to the exhibit. A customer reports that many wireless clients cannot reliably receive multicast audio. Which action resolves this issue?

A.

Set the 24 Mbps and 54 Mbps data rates to Supported.

B.

Set the RSSI Threshold to -67dBm.

C.

Set the Fragmentation Threshold to 1250 bytes

D.

Disable RSSI Low Check.

Full Access
Question # 43

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

A.

Cisco Firepower and FireSIGHT

B.

Cisco Stealth watch system

C.

Advanced Malware Protection

D.

Cisco Web Security Appliance

Full Access
Question # 44

What is the VXLAN network identifier used to identify?

A.

network tunnel interface

B.

IP subnet

C.

virtual tunnel endpoint

D.

broadcast domain

Full Access
Question # 45

Which two sources cause interference for Wi-Fi networks? (Choose two.)

A.

incandescent lights

B.

DECT 6.0 cordless phone

C.

mirrored wall

D.

fish tank

E.

900MHz baby monitor

Full Access
Question # 46

Refer to the exhibit.

Which JSON syntax is derived from this data?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 47

Refer to the exhibit. A customer asks an engineer to create a new secure WLAN to support only WPA3. Users must connect using a passphrase. Which encryption and key management configuration is required?

A.

CCMP256 encryption with CCKM key management

B.

GCMP128 encryption with OWE key management

C.

CCMP128 encryption with SAE key management

D.

GCMP256 encryption with 802.1x key management

Full Access
Question # 48

What is one benefit of adopting a data modeling language?

A.

deploying machine-friendly codes to manage a high number of devices

B.

augmenting the use of management protocols like SNMP for status subscriptions

C.

augmenting management process using vendor centric actions around models

D.

refactoring vendor and platform specific configurations with widely compatible configurations

Full Access
Question # 49

What is the recommended minimum SNR for data applications on wireless networks?

A.

15

B.

20

C.

25

D.

10

Full Access
Question # 50

Which characteristic applies to the Cisco SD-Access solution?

A.

Dynamic routing is used to discover and provision border and edge switches.

B.

The control plane is based on VXLAN.

C.

The data plane is based on VXLAN.

D.

GRE is used as the policy plane.

Full Access
Question # 51

Drag and drop the characteristics from the left into the orchestration tools that they describe on the right.

Full Access
Question # 52

Which type of tunnel is required between two WLCs to enable intercontroller roaming?

A.

LWAPP

B.

CAPWAP

C.

IPsec

D.

mobility

Full Access
Question # 53

What is one main REST security design principle?

A.

separation of privilege

B.

password hashing

C.

confidential algorithms

D.

OAuth

Full Access
Question # 54

Which feature is needed to maintain the IP address of a client when an inter-controller Layer 3 roam is performed between two WLCs that are using different mobility groups?

A.

interface groups

B.

RF groups

C.

AAA override

D.

auto anchor

Full Access
Question # 55

Refer to the exhibit. R2 is configured as an NTP master sourcing NTP packets from its locally connected interface of 10.1.1.1. Which additional configuration is needed to complete the configuration?

A.

NTP server 10.1.1.1 key NTP-p455w0rd

B.

NTP trusted-key NTP-p455w0rd

C.

NTP server 10.1.1.1 key 1

D.

NTP trusted-key 1

Full Access
Question # 56

What are two characteristics of a directional antenna? (Choose two.)

A.

high gain

B.

receive signals equally from all directions

C.

commonly used to cover large areas

D.

provides the most focused and narrow beam width

E.

low gain

Full Access
Question # 57

Which A record type should be configured for access points to resolve the IP address of a wireless LAN controller using DNS?

A.

CISCO.CONTROLLER.Iocaldomain

B.

CISCO.CAPWARCONTROLLERJocaldomain

C.

CISCO-CONTROLLER.Iocaldomain

D.

CISCO-CAPWAP-CONTROLLER.Iocaldomain

Full Access
Question # 58

Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Full Access
Question # 59

Which AP mode allows administrators to generate pcap files to use for troubleshooting?

A.

Sniffer

B.

Local

C.

H-REAP

D.

Monitor

Full Access
Question # 60

An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as follows:

•LocationA -72dBm

• Location B:-75 dBm

• Location C; -65 dBm

• Location D -80 dBm

Which two statements does the engineer use to explain these values to the customer? (Choose two.)

A.

The signal strength at location B is 10 dB better than location C.

B.

The signal strength at location C is too weak to support web surfing

C.

Location D has the strongest RF signal strength.

D.

The RF signal strength at location B is 50% weaker than location A.

E.

The RF signal strength at location C is 10 times stronger than location B

Full Access
Question # 61

When deploying a Cisco Unified Wireless solution what is a design justification for using a distributed WLC deployment model?

A.

It reduces the number of WLCs that network administrators must support by locating them in a common location

B.

It more evenly distributes MAC ARP and ND processing over multiple switches which helps with scalability

C.

The number of wireless clients is low and the size of the physical campus is small

D.

There are no latency concerns about LWAPP and CAPWAP tunnels traversing the campus core network

Full Access
Question # 62

In a LISP topology, which component does the ITR send a resolution request to when it does not know the path to a specific EID?

A.

Map resolver

B.

Routing locator

C.

Proxy ingress tunnel router

D.

Proxy egress tunnel router

Full Access
Question # 63

In Cisco CatalystCenter(formerly DNA Center) Inventory, the Software Version of a networkdevice displays a status of OUTDATED. What does It me?

A.

There is a later software version available on Cisco Catalyst Center (formerly DNA Center).

B.

The current software image does not match the selected Golden image for this type of network device.

C.

The current type of software image does not match the type of the network device.

D.

There is a later software version available at www.cisco.com website.

Full Access
Question # 64

An engineer must construct an access list for a Cisco Catalyst 9800 Series WLC that will redirect wireless guest users to a splash page that is hosted on a Cisco ISE server. The Cisco ISE servers are hosted at 10.9.11.141 and 10.1.11.141. Which access list meets the requirements?

A.

B.

C.

D.

Full Access
Question # 65

What does a next-generation firewall that is deployed at the data center protect against?

A.

signature-based malware

B.

DMZ web server vulnerabilities

C.

zero-day attacks

D.

DDoS

Full Access
Question # 66

What is the structure of a JSON web token?

A.

header and payload

B.

three parts separated by dots: version, header, and signature

C.

payload and signature

D.

three parts separated by dots: header, payload. and signature

Full Access
Question # 67

An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication. Which profile must the engineer edit to achieve this requirement?

A.

RF

B.

WLAN

C.

Policy

D.

Flex

Full Access
Question # 68

Drag and drop the Cisco Catalyst Center (formerly DNA Center) northbound API characteristics from the left to the right. Not all options are used.

Full Access
Question # 69

Which three methods does Cisco Catalyst Center (formerly DNA Center) use to discover devices? (Choose three.)

A.

SNMP

B.

a specified range of IP addresses

C.

NETCONF

D.

LLDP

E.

ping

F.

CDP

Full Access
Question # 70

Full Access
Question # 71

Full Access
Question # 72

Full Access
Question # 73

Full Access
Question # 74

Full Access
Question # 75

Full Access
Question # 76

Full Access
Question # 77

Full Access
Question # 78

Full Access
Question # 79

Full Access
Question # 80

Full Access
Question # 81

Full Access
Question # 82

Full Access
Question # 83

Full Access
Question # 84

Full Access
Question # 85

Full Access
Question # 86

Full Access
Question # 87

Full Access
Question # 88

Full Access
Question # 89

Full Access
Question # 90

Full Access
Question # 91

Full Access
Question # 92

OR

Full Access
Question # 93

Full Access
Question # 94

Full Access
Question # 95

Full Access
Question # 96

Full Access
Question # 97

Full Access
Question # 98

Full Access