Get 350-401 Braindumps & 350-401 Real Exam Questions [Q72-Q97]

Get 350-401 Braindumps & 350-401 Real Exam Questions

Cisco 350-401 Actual Questions and Braindumps

NEW QUESTION 72
When reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?

A. Mismatched OSPF network type
B. Mismatched areas
C. Mismatched MTU size
D. Mismatched OSPF link costs

Answer: C

NEW QUESTION 73
Which two security features are available when implementing NTP? (Choose two )

A. broadcast association mode
B. dock offset authentication
C. symmetric server passwords
D. access list-based restriction scheme
E. encrypted authentication mechanism

Answer: D,E

Explanation:
The time kept on a machine is a critical resource and it is strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.
Reference:
https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html

NEW QUESTION 74
Refer to the exhibit.

A port channel is configured between SW2 and SW3. SW2 is not running a Cisco operating system. When all physical connections are mode, the port channel does not establish. Based on the configuration excerpt of SW3, what is the cause of the problem?

A. The port-channel trunk is not allowing the native VLAN.
B. The port-channel interface lead balance should be set to src-mac
C. The port-channel should be set to auto.
D. The port channel on SW2 is using an incompatible protocol.

Answer: D

NEW QUESTION 75
Refer to the exhibit.

An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Which command set accomplishes this task?

A. Option D
B. Option C
C. Option B
D. Option A

Answer: D

NEW QUESTION 76
Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

A. The 10.1.1.0/27 subnet is assigned as the inside local addresses.
B. The 209.165.201.0/27 subnet is assigned as the outside local address range.
C. Inside source addresses are translated to the 209.165.201.0/27 subnet.
D. It establishes a one-to-one NAT translation.
E. The 10.1.1.0/27 subnet is assigned as the inside global address range.

Answer: A,C

NEW QUESTION 77
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?

A. MSS
B. MTU
C. MRU
D. Window size

Answer: A

Explanation:
The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.
TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints.
PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet's source to its destination.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation- gre/25885-pmtud-ipfrag.html (there is some examples of how TCP MSS avoids IP Fragmentation in this link but it is too long so if you want to read please visit this link) Note: IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later.

NEW QUESTION 78
A client device roams between access points located on different floors in an atrium. The access points are joined to the same controller and configured in local mode. The access points are in different AP groups and have different IP addresses, but the client VLAN in the groups is the same.
Which type of roam occurs?

A. intra-controller
B. intra-VLAN
C. inter-controller
D. inter-subnet

Answer: A

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/ b_cg83_chapter_010011.html

NEW QUESTION 79
Drag and drop the descriptions from the left onto the routing protocol they describe on the right.

Answer:

Explanation:

NEW QUESTION 80
What do Cisco DNA southbound APIs provide?

A. RESful API interface for orchestrator communication
B. Interface between the controller and the network devices
C. NETCONF API interface for orchestration communication
D. Interface between the controller and the consumer

Answer: B

Explanation:
Explanation
The Southbound API is used to communicate with network devices.

NEW QUESTION 81
Refer to the exhibit.

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?

A. Option D
B. Option C
C. Option B
D. Option A

Answer: D

Explanation:
Explanation
R3 advertises BGP updates to R1 with multiple AS 100 so R3 believes the path to reach AS 200 via R3 is farther than R2 so R3 will choose R2 to forward traffic to AS 200.

NEW QUESTION 82
Which entity is responsible for maintaining Layer 2 isolation between segments In a VXLAN environment?

A. switch fabric
B. host switch
C. VTEP
D. VNID

Answer: D

Explanation:
Explanation

VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco

NEW QUESTION 83
What is a benefit of data modeling languages like YANG?

A. They make the CLI simpler and more efficient.
B. They provide a standardized data structure, which results in configuration scalability and consistency.
C. They create more secure and efficient SNMP OIDs.
D. They enable programmers to change or write their own application within the device operating system.

Answer: B

NEW QUESTION 84
Refer to the exhibit.

Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

Answer: D

Explanation:
Explanation
With BGP, we must advertise the correct network and subnet mask in the "network" command (in this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on R2). BGP is very strict in the routing advertisements. In other words, BGP only advertises the network which exists exactly in the routing table. In this case, if you put the command "network x.x.0.0 mask 255.255.0.0" or
"network x.0.0.0 mask 255.0.0.0" or "network x.x.x.x mask 255.255.255.255" then BGP will not advertise anything.
It is easy to establish eBGP neighborship via the direct link. But let's see what are required when we want to establish eBGP neighborship via their loopback interfaces. We will need two commands:
+ the command "neighbor 10.1.1.1 ebgp-multihop 2" on R1 and "neighbor 10.2.2.2 ebgpmultihop
2" on R1. This command increases the TTL value to 2 so that BGP updates can reach the BGP neighbor which is two hops away.
+ Answer 'R1 (config) #router bgp 1
R1 (config-router) #neighbor 192.168.10.2 remote-as 2
R1 (config-router) #network 10.1.1.0 mask 255.255.255.0
R2 (config) #router bgp 2
R2 (config-router) #neighbor 192.168.10.1 remote-as 1
R2 (config-router) #network 10.2.2.0 mask 255.255.255.0
Quick Wireless Summary
Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight
+ Autonomous: self-sufficient and standalone. Used for small wireless networks.
+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function.
LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels.
- Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control messaging for setup, authentication and operations between APs and WLCs. CAPWAP is similar to LWAPP except the following differences:
+CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to protect traffic between APs and controllers. LWAPP uses AES.
+ CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism.
+ CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages) An LAP operates in one of six different modes:
+ Local mode (default mode): measures noise floor and interference, and scans for intrusion detection (IDS) events every 180 seconds on unused channels
+ FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone client authentication and switch VLAN traffic locally even when it's disconnected to the WLC (Local Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to a centralized WLC (Central Switched).
+ Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a sensor for location-based services (LBS), rogue AP detection, and IDS
+ Rogue detector mode: monitor for rogue APs. It does not handle data at all.
+ Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues. Strictly used for troubleshooting purposes.
+ Bridge mode: bridge together the WLAN and the wired infrastructure together.
Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps

NEW QUESTION 85
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

Explanation:

NEW QUESTION 86
Drag and drop the characteristics from the left onto the appropriate infrastructure deployment types on the right

Answer:

Explanation:

Explanation
On Premises:+ resources can be over or underutilized as requirements vary+ customizable hardware, purpose-built systems+ more suitable for companies with specific regulatory or security requirementsCloud:+ easy to scale and upgrade+ requires a strong and stable internet connection+ built-in, automated data backups and recovery On premise: customizable,specific requirements,resourcesCloud: scale, built-in automated backup, strong stable internet

NEW QUESTION 87
Which two namespaces does the LISP network architecture and protocol use? (Choose two.)

A. RLOC
B. TLOC
C. VTEP
D. DNS
E. EID

Answer: A,E

Explanation:
Explanation
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)-assigned to end hosts.
+ Routing locators (RLOCs)-assigned to devices (primarily routers) that make up the global routing system.

NEW QUESTION 88
An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose two.)

A. Policing should be performed as close to the destination as possible
B. Policing should be performed as close to the source as possible
C. Policing drops traffic that exceeds the defined rate
D. Policing typically delays the traffic, rather than drops it
E. Policing adapts to network congestion by queuing excess traffic

Answer: B,C

Explanation:
Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs.
Unlike traffic shaping, traffic policing does not cause delay.
Classification (which includes traffic policing, traffic shaping and queuing techniques) should take place at the network edge. It is recommended that classification occur as close to the source of the traffic as possible.
Also according to this Cisco link, "policing traffic as close to the source as possible".

NEW QUESTION 89
Refer to the exhibit.

What is the JSON syntax that is formed from the data?

A. {Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}
B. {"Name":"Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods":["Cereal, "Mustard",
"Onions"]}
C. {'Name':'Bob Johnson', 'Age': 75, 'Alive': True, 'Favorite Foods': 'Cereal', 'Mustard', 'Onions'}
D. {"Name::"Bob Johnson", "Age": 75, "Alive":true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

Answer: D

NEW QUESTION 90
What does this EEM applet event accomplish?
"event snmp oid 1.3.6.1.3.7.1.5.1.2.4.2.9 get-type next entry-op g entry-val 75 poll-interval 5"

A. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server.
B. It presents a SNMP variable that can be interrogated.
C. It issues email when the value is greater than 75% for five polling cycles.
D. It reads an SNMP variable, and when the value exceeds 75% for live polling cycles.

Answer: D

Explanation:
Explanation
EEM offers the ability to monitor events and take informational or corrective action when the monitored events occur or reach a threshold. An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration.
To specify the event criteria for an Embedded Event Manager (EEM) applet that is run by sampling Simple Network Management Protocol (SNMP) object identifier values, use the event snmp command in applet configuration mode.
event snmp oid oid-value get-type {exact | next} entry-op operator entry-val entryvalue
[exit-comb {or | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-timevalue] poll-interval poll-int-value
+ oid: Specifies the SNMP object identifier (object ID)
+ get-type: Specifies the type of SNMP get operation to be applied to the object ID specified by the oid-value argument.
- next - Retrieves the object ID that is the alphanumeric successor to the object ID specified by the oid-value argument.
+ entry-op: Compares the contents of the current object ID with the entry value using the specified operator. If there is a match, an event is triggered and event monitoring is disabled until the exit criteria are met.
+ entry-val: Specifies the value with which the contents of the current object ID are compared to decide if an SNMP event should be raised.
+ exit-op: Compares the contents of the current object ID with the exit value using the specified operator. If there is a match, an event is triggered and event monitoring is reenabled.
+ poll-interval: Specifies the time interval between consecutive polls (in seconds) Reference: https://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtioseem.html Question 2

NEW QUESTION 91
Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router However, the router can still ping hosts on the 209.165.200.0/24 subnet. Which explanation of this behavior is true?

A. Only standard access control lists can block traffic from a source IP address.
B. The access control list must contain an explicit deny to block traffic from the router.
C. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.
D. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.

Answer: D

NEW QUESTION 92
Refer to the exhibit.

A network architect has partially configured static NAT. which commands should be asked to complete the configuration?

A. R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat outside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat inside
B. R1(config)#interface GigabitEthernet0/0 R1(config)#ip nat inside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip nat outside
C. R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat outside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat inside
D. R1(config)#interface GigabitEthernet0/0 R1(config)#ip pat inside
R1(config)#interface GigabitEthernet0/1 R1(config)#ip pat outside

Answer: A

NEW QUESTION 93
Refer to the exhibit.

Which IPv6 OSPF network type is applied to interface Fa0/0 of R2
by default?

A. Ethernet
B. broadcast
C. point-to-point
D. multipoint

Answer: B

Explanation:
Explanation
The Broadcast network type is the default for an OSPF enabled ethernet interface (while Point-to- Point is the default OSPF network type for Serial interface with HDLC and PPP encapsulation).

NEW QUESTION 94
Drag and drop the virtual components from the left onto their deceptions on the right.

Answer:

Explanation:

Explanation

Table Description automatically generated

NEW QUESTION 95
Refer to the exhibit.

SwitchC connects HR and Sales to the Core switch However, business needs require that no traffic from the Finance VLAN traverse this switch Which command meets this requirement?
A)

B)

C)

D)