350-401 Braindumps Real Exam Updated on Sep 05, 2022 with 618 Questions
Latest 350-401 PDF Dumps & Real Tests Free Updated Today
NEW QUESTION 332 
Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity the configuration What toes the output confirm?
- A. A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.
- B. R1 to configured with PAT overload parameters
- C. R1 is configured with NAT overload parameters
- D. The first pocket triggered NAT to add on entry to NAT table
Answer: D
NEW QUESTION 333
What is the function of the fabric control plane node In a Cisco SD-Access deployment?
- A. It performs traffic encapsulation and security profiles enforcement in the fabric.
- B. It holds a comprehensive database that tracks endpoints and networks in the fabric.
- C. It provides Integration with legacy nonfabric-enabled environments.
- D. It is responsible for policy application and network segmentation in the fabric.
Answer: B
Explanation:
Fabric control plane node (C): One or more network elements that implement the LISP Map-Server (MS) and Map-Resolver (MR) functionality. The control plane node's host tracking database keep track of all endpoints in a fabric site and associates the endpoints to fabric nodes in what is known as an EID-to-RLOC binding in LISP.
NEW QUESTION 334
What is the difference between the enable password and the enable secret password when service password encryption is enable on an IOS device?
- A. The enable secret password is protected via stronger cryptography mechanisms.
- B. The enable password is encrypted with a stronger encryption method.
- C. There is no difference and both passwords are encrypted identically.
- D. The enable password cannot be decrypted.
Answer: A
Explanation:
Explanation
The "enable secret" password is always encrypted (independent of the "service passwordencryption" command) using MD5 hash algorithm. The "enable password" does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the "enable password", use the "service password-encryption" command. This command will encrypt the passwords by using the Vigenere encryption algorithm. Unfortunately, the Vigenere encryption method is cryptographically weak and trivial to reverse.
The MD5 hash is a stronger algorithm than Vigenere so answer 'The enable secret password is protected via stronger cryptography mechanisms' is correct.
NEW QUESTION 335
Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination?
- A. map server
- B. PITR
- C. map resolver
- D. PETR
Answer: B
Explanation:
Explanation
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/5-0/LISPmobility/ DCI_LISP_Host_Mobility/LISPmobile_2.html
NEW QUESTION 336
Drag and drop the REST API authentication methods from the left onto their descriptions on the right.
Answer:
Explanation:
NEW QUESTION 337
What is the differences between TCAM and the MAC address table?
- A. The MAC address table supports partial matches. TCAM requires an exact match
- B. Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM.
- C. TCAM is used to make Layer 2 forwarding decisions CAM is used to build routing tables
- D. The MAC address table is contained in CAM ACL and QoS information is stored in TCAM
Answer: D
Explanation:
Explanation
https://community.cisco.com/t5/networking-documents/cam-content-addressable-memory-vs-tcam-ternary-cont
NEW QUESTION 338
In an SD-Access solution what is the role of a fabric edge node?
- A. to connect wired endpoint to the SD-Access fabric
- B. to connect external Layer 3- network to the SD-Access fabric
- C. to advertise fabric IP address space to external network
- D. to connect the fusion router to the SD-Access fabric
Answer: A
Explanation:
Explanation
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
NEW QUESTION 339
Drag and drop the descriptions from the left onto the routing protocol they describe on the right.
Answer:
Explanation:
NEW QUESTION 340
Drag and drop the characteristics from the left onto the infrastructure deployment models they describe on the right.
Answer:
Explanation:
NEW QUESTION 341
Refer the exhibit.
Which router is the designated router on the segment 192.168.0.0/24?
- A. Router NewYork because it has a higher router ID
- B. Router Chicago because it has a lower router ID
- C. This segment has no designated router because it is a p2p network type.
- D. This segment has no designated router because it is a nonbroadcast network type.
Answer: C
NEW QUESTION 342
A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority Which configuration commands are required to issue a certificate signing request from the core switch?
A)
B)
C)
D)
- A. Option B
- B. Option C
- C. Option D
- D. Option A
Answer: A
Explanation:
Certificate authorities (CAs) are responsible for managing certificate requests and issuing certificates to participating IPSec network devices. These services provide centralized security key and certificate management for the participating devices. Specific CA servers are referred to as "trustpoints." The command "crypto pki trustpoint name" declares the trustpoint and a given name and enters ca-trustpoint configuration mode. The command "enrollment terminal" specifies manual cut-and-paste certificate enrollment method. The certificate request will be displayed on the console terminal so that you may manually copied (or cut). The command "crypto pki enroll name" generates certificate request and displays the request for copying and pasting into the certificate server. The full configuration is shown in the reference below. Reference: https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/convert/sec_pki_xe_3s_book/sec_cert_enroll_pki_xe.html
NEW QUESTION 343
Which router is elected the IGMP Querier when more than one router is in the same LAN segment?
- A. The router with the lowest IP address
- B. The router with the highest IP address
- C. The router with the longest uptime
- D. The router with the shortest uptime
Answer: A
Explanation:
Query messages are used to elect the IGMP querier as follows: 1. When IGMPv2 devices start, they each multicast a general query message to the all-systems group address of 224.0.0.1 with their interface address in the source IP address field of the message. 2. When an IGMPv2 device receives a general query message, the device compares the source IP address in the message with its own interface address. The device with the lowest IP address on the subnet is elected the IGMP querier. 3. All devices (excluding the querier) start the query timer, which is reset whenever a general query message is received from the IGMP querier. If the query timer expires, it is assumed that the IGMP querier has gone down, and the election process is performed again to elect a new IGMP querier.
NEW QUESTION 344
Refer to the exhibit.
A GRE tunnel has been created between HO and BR routers.
What is the tunnel IP on the HQ router?
- A. 10.111.111.1
- B. 209.165.202.134
- C. 209.165.202.130
- D. 10.111.111.2
Answer: A
Explanation:
Explanation
In the above output, the IP address of "209.165.202.130" is the tunnel source IP while the IP 10.111.1.1 is the tunnel IP address.
An example of configuring GRE tunnel is shown below:
NEW QUESTION 345
An engineer reviews a router's logs and discovers the following entry. What is the event's logging severity level?
- A. informational
- B. notification
- C. error
- D. warning
Answer: C
Explanation:
Explanation
Syslog levels are listed below:
Number 3 in %LINK-3-UPDOWN is the severity level of this message so in this case it is errors.
NEW QUESTION 346
Drag and drop characteristics of PIM dense mode from the left to the right.
Answer:
Explanation:
Reference:
PIM dense mode (PIM-DM) uses a push model to flood multicast traffic to every corner of the network. This push model is a brute-force method of delivering data to the receivers. This method would be efficient in certain deployments in which there are active receivers on every subnet in the network. PIM-DM initially floods multicast traffic throughout the network. Routers that have no downstream neighbors prune the unwanted traffic. This process repeats every 3 minutes.
A rendezvous point (RP) is required only in networks running Protocol Independent Multicast sparse mode (PIM-SM).
In PIM dense mode (PIM-DM), multicast traffic is initially flooded to all segments of the network. Routers that have no downstream neighbors or directly connected receivers prune back the unwanted traffic.
NEW QUESTION 347
Refer to the exhibit:
An engineer configures VRRP and issues the show commands to verify operation. What does the engineer confirm about VRRP group 1 from the output?
- A. There is no route to 10.10.1.1/32 in R2's routing table
- B. If R1 reboots, R2 becomes the master virtual router until R2 reboots
- C. Communication between VRRP members is encrypted using MD5
- D. R1 is master if 10.10.1.1/32 is in its routing table
Answer: D
NEW QUESTION 348
Refer to the exhibit.
An engineer is designing a guest portal on Cisco ISE using the default
configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring?
- A. The server that is providing the portal has an expired certificate
- B. The connection is using an unsupported protocol
- C. The connection is using an unsupported browser
- D. The server that is providing the portal has a self-signed certificate
Answer: D
Explanation:
Explanation
If you're a website owner and your website displays this error message, then there could be two reasons why the browser says the cert authority is invalid: + You're using a self-signed SSL certificate, OR + The certificate authority (CA) that issued your SSL certificate isn't trusted by your web browser.
NEW QUESTION 349
Refer to the exhibit.
Which commands are required to allow SSH connection to the router?
- A.
- B.
- C.
- D.
Answer: D
NEW QUESTION 350
Drag and drop the characteristics from the left onto the QoS components they describe on the right.
Answer:
Explanation:
Marking = applied on traffic to convey Information to a downstream device Classification = distinguish traffic types Trust = Permits traffic to pass through the device while retaining DSCP/COS values shapping = process used to buffer traffic that exceeds a predefined rate.
NEW QUESTION 351
Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1?
A)
B)
C)
D)
- A. Option C
- B. Option B
- C. Option D
- D. Option A
Answer: D
NEW QUESTION 352
Refer to the exhibit.
What happens to access interfaces where VLAN 222 is assigned?
- A. They are placed into an inactive state
- B. STP BPDU guard is enabled
- C. A description "RSPAN" is added
- D. They cannot provide PoE
Answer: A
Explanation:
Explanation
Access ports (including voice VLAN ports) on the RSPAN VLAN are put in the inactive state.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configura
NEW QUESTION 353
A GRE tunnel is down with the error message %TUN-5-RECUR DOWN:
Which two options describe possible causes of the error? (Choose two)
- A. The tunnel mode and tunnel IP address are misconfigured
- B. There is instability in the network due to route flapping
- C. Incorrect destination IP addresses are configured on the tunnel
- D. There is link flapping on the tunnel
- E. The tunnel destination is being routed out of the tunnel interface
Answer: B,E
Explanation:
Explanation
The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:
+ A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing)
+ A temporary instability caused by route flapping elsewhere in the network
NEW QUESTION 354
Which feature of EIGRP is not supported in OSPF?
- A. uses interface bandwidth to determine best path
- B. load balance over four equal-costs paths
- C. load balancing of unequal-cost paths
- D. per-packet load balancing over multiple paths
Answer: C
Explanation:
Explanation
YANG (Yet another Next Generation) is a data modeling language for the definition of data sent over network management protocols such as the NETCONF and RESTCONF.
NEW QUESTION 355
What are two considerations when using SSO as a network redundancy feature? (Choose two)
- A. requires synchronization between supervisors in order to guarantee continuous connectivity
- B. both supervisors must be configured separately
- C. the multicast state is preserved during switchover
- D. must be combined with NSF to support uninterrupted Layer 3 operations
- E. must be combined with NSF to support uninterrupted Layer 2 operations
Answer: A,D
Explanation:
NEW QUESTION 356
......
350-401 Dumps With 100% Verified Q&As - Pass Guarantee or Full Refund: https://www.braindumpsvce.com/350-401_exam-dumps-torrent.html
Pass Cisco 350-401 Exam With Practice Test Questions Dumps Bundle: https://drive.google.com/open?id=1-t8mFxFu5PRL7aQRNMwYlF-8C7hozwhK