Lưu ý: Free 300-410 ENARSI Dump chỉ dành cho mục đích học tập và làm quen với bài thi. Nội dung của Free Dump không được cập nhật mới nhất nên không đảm bảo Pass Exam. Liên hệ ITexamViet để Pass Exam Nhanh Nhất.
Mục lục
MULTIPLE CHOICE
QUESTION 1
Refer to the exhibit An engineer configured BGP and wants to select the path from 10.77.255.57 as the best path instead of current best path. Which action resolves the issue?
A. Configure AS_PATH prepend for the desired best path
B. Configure higher MED to select as the best path
C. Configure lower LOCAL_PREF to select as the best path
D. Configure AS_PATH prepend for the current best path
Correct Answer: A
QUESTION 2
Refer to the exhibit An administrator is configuring a GRE tunnel to establish an EIGRP neighbor to a remote router. The other tunnel endpoint is already configured. After applying the configuration as shown, the tunnel started flapping.
Which action resolves the issue?
A. Stop sending a route matching the tunnel destination across the tunnel.
B. Advertise the Loopback0 interface from R2 across the tunnel.
C. Modify the network command to use the Tunnel0 interface netmask.
D. Readdress the IP network on the Tunnel0 on both routers using the /31 netmask
Correct Answer: B
QUESTION 3
Reter to the exhibit. An engineer must configure a LAN to LAN IPsec VPN between R1 and the remote router. Which IPsec Phase 1 configuration must the engineer use for the local router?
A.
B.
C.
D.
Correct Answer: B
QUESTION 4
What is a function of an end device configured with DHCPv6 guard?
A. If it is configured as a server, only prefix assignments are permitted.
B. If it is configured as a relay agent, only prefix assignments are permitted.
C. If it is configured as a client, only DHCP requests are permitted.
D. If it is configured as a client, messages are switched regardless of the assigned role.
Correct Answer: D
QUESTION 5
Which two solutions are used to overcome a flapping link that causes a frequent label binding exchange between MPLS routers? (Choose two.)
A. Increase a hold-timer to protect the session.
B. Create link dampening on links to protect the session.
C. Increase input queue on links to protect the session.
D. Increase a session delay to protect the session
E. Create targeted hellos to protect the session.
Correct Answer: CE
QUESTION 6
Refer to the exhibit. A network administrator enables DHCP snooping on the Cisco Catalyst 3750-X switch and configures the uplink port (Port-channel2) as a trusted port. Clients are not receiving an IP address, but when DHCP snooping is disabled, clients start receiving IP addresses. Which global command resolves the issue?
A. ip dhcp relay information trust portchannel2
B. ip dhcp snooping
C. ip dhcp stooping trust
D. no ip dhcp snooping information option
Correct Answer: D
QUESTION 7
Refer to the exhibit. Which action resolves the failed authentication attempt to the router?
A. Configure aaa authorization login command on line vty 0 4
B. Configure aaa authorization login command on line console 0.
C. Configure aaa authorization console global command
D. Configure aaa authorization console command on line vty 0 4
Correct Answer: C
QUESTION 8
Refer to the exhibit. A network administrator is troubleshooting IPv6 address assignment for a DHCP client that is not getting an IPV6 address from the server. Which configuration retrieves the client IPv6 address from the DHCP server?
A. service dhep command on DHCP server
B. ipv6 address autoconfig command on the interface
C. ipv6 dhcp server automatic command on DHCP server
D. ipv6 dhcp relay-3gent command
Correct Answer: C
QUESTION 9
Refer to the exhibit. An engineer must block access to the console ports for all corporate remote Cisco devices based on the recent corporate security policy but the security learn still can connect through the console port. Which configuration on the console port resolves the issue?
A. exec 0 0
B. transport input telnet
C. login and password
D. no exec
Correct Answer: D
QUESTION 10
Refer to the exhibit. The OSPF routing protocol is redistributed into the BGP routing protocol, but not all the OSPF routes are distributed into BGP Which action resolves the issue?
A. Use a route-map command to redistribute OSPF external routes defined in a prefix list.
B. Include the Word external in the redistribute command.
C. Use a route-map command to redistribtite OSPF external routes defined in an access list.
D. Include the word internal external in the redistribute command.
Correct Answer: D
QUESTION 11
Refer to the exhibit. R1 is configured with IP SLA to check the availability of the server behind R6 but it kept failing. Which configuration resolves the issue?
A. R6(config)#ip sla responder
B. R6(config)#ip access-list extended DDOS
R6(config-ext-nacl)#5 permit imp host 10.10.10.1 host 10.66.66.66
C. R6(config)#ip sla responder udp-echo ip address 10.10.10.1 port 5000
D. R6(config)#ip access-list extended DDOS
R6(config-ext-nacI)#5 permit imp host 10.66.66.66 host 10.10.10.1
Correct Answer: B
QUESTION 12
How does an MPLS Layer 3 VPN function?
A. set of sites interconnect privately over the Internet for security
B. multiple customer sites interconnect through service provider network to create secure tunnels between customer edge devices
C. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity
D. set of sites use multiprotocol BGP at the customer site for aggregation
Correct Answer: C
QUESTION 13
R1 and R2 are configured as eBGP neighbors. R1 is in AS100 and R2 is in AS200. R2 is advertising these networks to R1:
172.16.16.0/20
172.16.3.0/24
172.16.4.0/24
192.168.1.0/24
192.168.2.0/24
172.16.0.0/16
The network administrator on R1 must improve convergence by blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in. Which set of configurations accomplishes the task on R1?
A.
B.
C.
D.
Correct Answer: D
QUESTION 14
Which OSI model is used to insert an MPLS label?
A. between Layer 2 and Layer 3
B. between Layer 1 and Layer 2
C. between Layer 3 and Layer 4
D. between Layer 5 and Layer 6
Correct Answer: A
QUESTION 15
Refer to the exhibit. Which configuration allows spoke-to-spoke communication using loopback as a tunnel source?
A. Configure crypto isakmp key cisco address 0.0.0.0 on the spokes.
B. Configure crypto isakmp key cisco address 200. 1.0.0 255.255.0.0 on the spokes
C. Configure crypto isakmp key cisco address 0.0.0.0 on the hub
D. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the hub
Correct Answer: A
QUESTION 16
Refer to the exhibit. An engineer configured BGP between routers R1 and R3. The BGP peers cannot establish neighbor adjacency to be able to exchange routes. Which configuration resolves this issue?
A. R3
router bgp 6502
address-family ipv6
neighbor AB01:2011:7:100::1 activate
B. R1
router bgp 6501
address-family ipv6
neighbor ABO1:2011:7:100:3 activate
C. R3
router bgp 6502
neighbor AB01:2011:7:100::1 ebgp-multihop 255
D. R1
router bgp 6501
neighbor AB01:2011:7:100::3 ebgp-multihop 255
Correct Answer: A
QUESTION 17
Refer to the exhibit. Which set of commands restore reachability to loopback0?
A. interface loopback0
ip address 4.4.4.4255.255.255.0
ip ospf network broadcast
B. interface loopback0
Ip address 4.4.4.4255.255 255.0
ip ospf interface type network
C. interface loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf network point-to-point
D. interface loopback0
ip address 4.4.4.4 255.255.255.0
ip ospf interface area 10
Correct Answer: C
QUESTION 18
When determining if a system is capable of support, what is the minimum time spacing required for a BFD control packet to receive once a control packet is arrived?
A. Detect Mult
B. Required Min Echo RX Interval
C. Required Min RX interval
D. Desired Min TX Interval
Correct Answer: C
QUESTION 19
Refer to the exhibit. An engineer configured NetFlow on R1, but the NMS server cannot see the flow from R1. Which configuration resolves the issue?
A.
B.
C.
D.
Correct Answer: C
QUESTION 20
Refer to the exhibit. The Internet traffic should always prefer Site-A ISP-1 if the link and BGP connection are up, otherwise, all internet traffic should go to ISP-2. Redistribution is configured between BGP and OSPF routing protocols, and it is not working as expected. What action resolves the issue?
A. Set OSPF Cost 100 at Site-A RTR1, and set OSPF Cost 200 at Site-B RTR2.
B. Set OSPF Cost 200 at Site-A RTR1, and set OSPF Cost 100 at Ste-B RTR2
C. Set metric-type 2 at Site-A RTR1, and set metric-type 1 at Site-B RTR2
D. Set metric-type 1 at Site-A RTR1, and set metric-type 2 at Site-B RTR2.
Correct Answer: D
QUESTION 21
Refer to the exhibit. Troubleshoot and ensure that branch B only ever uses the MPLS B network to reach HQ. Which action achieves this requirement?
A. Introduce AS path prepending on the branch A MPLS B network connection so that any HQ advertisements from branch A toward the MPLS B network are prepended three times
B. Modify the weight of all HQ prefixes received at branch B from the MPLS B network to be higher than the weights used on the MPLS A network
C. Introduce an AS path filter on branch A routers so that only local prefixes are advertised into BGP.
D. Increase the local preference for all HQ prefixes received at branch B from the MPLS B network to be higher than the local preferences used on the MPLS A network
Correct Answer: A
QUESTION 22
How does an MPLS Layer 3 VPN differentiate the IP address space used between each VPN?
A. by address family
B. by MP-BGP
C. by RD
D. by RT
Correct Answer: C
QUESTION 23
Refer to the exhibit. A network administrator reviews the branch router console log to troubleshoot the OSPF adjacency issue with the DR router. Which action resolves this issue?
A. Advertise the branch WAN interface matching subnet for the DR site.
B. Configure matching hello and dead intervals between sites
C. Stabilize the DR site flapping link to establish OSPF adjacency.
D. Configure the WAN interface for DR site in the related OSPF area
Correct Answer: A
QUESTION 24
Refer to the exhibit. An engineer configured R2 and R5 as route reflectors and noticed that not all routes are sent to R1 to advertise to the eBGP peers. Which iBGP routers must be configured as route reflectors to advertise all routes to restore reachability across all networks?
A. R1 and R5
B. R1 and R4
C. R2 and R5
D. R4 and R5
Correct Answer: D
QUESTION 25
Refer to the exhibit. A network administrator successfuly logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-Ivl=15″ and the switch asks to enter the enable command. When the command is entered, it gets rejected. Which command set is used to troubleshoot and resolve this issue?
A.
B.
C.
D.
Correct Answer: A
QUESTION 26
Which mechanism provides traffic segmentation within a DMVPN network?
A. RSVP
B. BGP
C. IPsec
D. MPLS
Correct Answer: D
QUESTION 27
Refer to the exhibit. A network administrator sets up an OSPF routing protocol for a DMVPN network on the hub router. Which configuration command is required to establish a DMVPN tunnel with multiple spokes?
A. ip ospf network point-to-point on the hub router
B. ip ospf network point-to-multipoint on both spoke routers
C. ip ospf network point-to-point on both spoke routers
D. ip ospi network point-to-multipoint on one spoke routers
Correct Answer: B
QUESTION 28
Refer to the exhibit. The AP.status.from Cisco DNA Center Assurance Dashboard shows some physical connectivity issues from access switch interface G1/0/14. Which command generates the diagnostic data to resolve the physical connectivity issues
A. show cable-diagnostics tr interface GigabitEthernet1/0/14
B. check cable-diagnostics tr interface GigabitEthernet1/0/14
C. verify cable-diagnostics tr interface GigabitEthernet1/0/14
D. test cable-diagnostics tr interface GigabitEthernet1/0/14
Correct Answer: D
QUESTION 29
Refer to the exhibit. BGP and EIGRP are mutually redistributed on R3, and EIGRP and OSPF are mutually redistributed on R1. Users report packet loss and interruption of service to applications hosted on the 10.1.1.0/24 prefix. An engineer tested the link from R3 to.R4 with no packet loss present but has noticed frequent routing changes on R3 when running the debug ip route command. Which action stabilizes the service?
A. Place an OSPF distribute-list outbound on R2 to block the 10.1.1.0/24 prefix from being advertised back to R3.
B. Reduce frequent OSPF SPF calculations on R3 that cause a high CPU and packet loss on traffic traversing R3.
C. Repeat the test from R4 using ICMP ping on the local 10.1.1.0/24 prefix, and fix any Layer 2 errors on the host or switch side of the subnet.
D. Tag the 10.1.1.0/24 prefix and deny the prefix from being redistributed into OSPF on R1
Correct Answer: D
QUESTION 30
Refer to the exhibit. R5 should not receive any routes originated in the EIGRP domain. Which set of configuration changes removes the EIGRP routes from the R5 routing table to fox the issue?
A.
B.
C.
D.
Correct Answer: A
QUESTION 31
Refer to the exhibit. PC-2 failed to establish a Telnet connection to the terminal server.
Which configuration resolves the issue?
A. Gateway-Router(config)#ipv6 access-list default_Access
Gateway-Router(config-ipv6-acl)#no sequence 20
Gateway-Router(config-ipv6-acl)#sequence 5 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C:: eq telnet
B. Gateway-Router(config)#ipv6 access-list Default_Access
Gateway-Router(config-ipv6-acl)#sequence 15 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
C. Gateway-Router(config)#ipv6 access-list Default_Access
Gateway-Router(config-ipv6-acl)#sequence 25 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
D. Gateway-Router(config)#ipv6 access-list Default_Access
Gateway-Router(config-ipv8-acl)#permit tcp host 2018:DB1:A:B::2 host 2018°DBY:A:C::1 eq telnet
Correct Answer: B
QUESTION 32
Refer to the exhibit. A network administrator has developed a Python script on the local Linux machine and is trying to transfer it to the router. However, the transfer fails. Which action resolves this issue?
A. The SSH access must be allowed on the VTY lines using the transport input ssh command
B. The SCP Service: must be enabled with the ip scp server enable command.
C. The Python interpreter must first be enabled with the guestshell enable command
D. The SSH service must be enabled with the erypto key generate rsa command
Correct Answer: B
QUESTION 33
Refer to the exhibit. An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend. Which configuration resolves the issue?
A. R1
time-range Contractor
no periodic weekdays 8:00 to 16:30
periodic daily 8:00.to 16:30
B. R1
time-range Contractor
no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30
C. R4
No access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
D. R1
no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
Correct Answer: A
QUESTION 34
Refer to the exhibit. Which two commands provide the administrator with the information needed to resolve the issue? (Choose two.)
A. debug snnipv3 engine-id
B. debug snmp engine-id
C. show snmp user
D. show snmpv3 user
E. debug snmp packet
Correct Answer: CE
QUESTION 35
Which function does LDP provide in an MPLS topology?
A. It exchanges routes for MPLS VPNs across different VRFs.
B. It enables a MPLS topology to connect multiple VPNs to P routers.
C. It provides hop-by-hop forwarding in an MPLS topology for LSRs.
D. It provides a means for LSRs to exchange IP routes.
Correct Answer: C
QUESTION 36
Refer to the exhibit. Which action resolves the adjacency issue?A. Configure the same autonomous system numbers.
B. Match the authentication keys
C. Match the hello interval timers
D. Configure the same EIGRP process IDs.
Correct Answer: A
QUESTION 37
Refer to the exhibit. AS111 is receiving its own routes from AS200 causing a loop in the network. Which configuration provides loop prevention?
A. router bgp 111
neighbor 195.1.1.1 as-override
neighbor 195.1.2.2 as-override
B. router bgp 111
no neighbor 195.1.1.1 allowas-in
no neighbor 195.1.2.2 allowas-in
C. router bgp 111
neighbor 195.1.2.2 as-override
no neighbor 195.1.1.1 allowas-in
D. router bgp 111
neighbor 195.1.1.1 as-overrideno neighbor 195.4.2.2 allowas-in
Correct Answer: B
QUESTION 38
Refer to the exhibit. An engineer must establish multipoint GRE tunnels between hub router R6 and branch routers R1, R2, and R3. Which configuration accomplishes this task on R1?
A. interface Tunnel1
ip address 192.168.1.1 255.255.255.0
tunnel source e0/1
tunnel mode gre multipoint
ip nhrp network-eid 1
ip nhrp nhs 192.168.1.6ip nhrp map 192.168.1.6 192.1.10.1
ip nhrp map 192.168.1.2 192.1.20.2
ip nhrp map 192.168.1.3 192.1.30.3
B. interface Tunnel 1
ip address 192.168.1.1 255.255.255.0
tunnel source e0/0
tunnel mode gre multipoint
ip nhrp network-id 1
ip nhrp nhs 192.168.1.6
ip nhrp map 192.168.1.6 192.1.10.6
C. interface Tunnel1
ip address 192.168.1.1255:256.255.0
tunnel source e0/0
tunnel mode gre multipoint
ip nhrp nhs 192.168.1.6
ip nhrp map 192.168.1.6 192.1.10.1
ip nhrp map 192.168.1.2 192.1.20.2
ip nhrp map 192.168.1.3 192.1.30.3
D. interface Tunnel1
ip address.192 168.1.1 255.255 255.0
tunnel source e0/1
tunnel mode gre multipoint
ip nhrp nhs 192.168.1.6
ip nhrp map 192.168.1.6 192.4.10.6
Correct Answer: B
QUESTION 39
Refer to the exhibit. AS65510 iBGP is configured for directly connected neighbors. R4 cannot ping or traceroute network 192.168.100.0/24. Which action resolves this issue?
A. Configure R1 as a route reflector server and-configure R2 and R3 as route reflector clients.
B. Configure R1 as a route reflector server and configure R4 as a route reflector client.
C. Configure R4 as a route reflector server and configure R1 aS a route reflector client
D. Configure R4 as a route reflector server and configure R2 and R3 as route reflector clients.
Correct Answer: A
QUESTION 40
An engineer is implementing a coordinated change with a server team. As part of the change, the engineer must configure interface GigabitEthernet2 in an existing VRF “RED” then move the interface to an existing VRF “BLUE when the serverteam is ready. The engineer configured interface GigabitEthernet2 in VRF “RED”
Which configuration completes the change?
A.
B.
C.
D.
Correct Answer: B
QUESTION 41
What is a characteristic of Layer 3 MPLS VPNs?
A. LSP signaling requires the use of unnumbered IP links for traffic engineering.
B. Traffic engineering capabilities provide QoS and SLAs.
C. Authentication is performed by using digital certificates or preshared keys.
D. Traffic engineering supports multiple IP instances.
Correct Answer: B
QUESTION 42
Refer to the exhibit: A network administrator added one router in the Cisco DNA Center and checked its discovery and health from the Network Health Dashboard. The network administrator observed that the router is still showing up as unmonitored. What must be configured on the router to mount it in the Cisco DNA Center?
A. Configure router with NetFlow data
B. Configure router with SNMPv2c or SNMPv3 traps.
C. Configure router with the telemetry data
D. Configure router with routing to reach Cisco DNA center.
Correct Answer: C
QUESTION 43
Refer to the exhibit. Routing protocols are mutually redistributed on R3 and R1. Users report intermittent connectivity to services hosted on the 10.1.1.0/24 prefix. Significant routing update changes are noticed on R3 when the show ip route profile command is run. How must the services be stabilized?
A. The issue with using BGP must be resolved by using another protocol and redistributing it into EIGRP on R3
B. The issue with using iBGP must be fixed by funning eBGP between R3 and R4
C. The routing loop must be fixed by reducing the-admin distance of iBGP from 200 to 100 on R3
D. The routing loop must be fixed by reducing the admin distance of OSPF from 110 to 80 on R3.
Correct Answer: C
QUESTION 44
A network administrator is troubleshooting a high utilization issue on the route processor of a router that was reported by NMS. The administrator logged into the router to check the control plane policing and observed that the BGP process is
dropping a high number of routing packets and causing thousands of routes to recalculate frequently. Which solution resolves this issue?
A. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action Set-frde- transmit
B. Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp- transmit
C. Shape the cir for BGP, conform-action transmit, and exceed action transmit
D. Police the cir for BGP, conform-action transmit, and exceed action transmit
Correct Answer: D
QUESTION 45
A network administrator performed a Compact Flash Memory upgrade on a Cisco Catalyst 6509 Switch. Everything is functioning normally except SNMP, which was configured to monitor the bandwidth of key interfaces but the interface indexes are changed. Which global configuration resolves the issue?
A. snmp-server ifindex persistB. snmp ifindex persist
C. snmp ifindex permanent
D. snmp-server ifindex permanent
Correct Answer: A
QUESTION 46
Refer to the exhibit. The neighbor relationship is not coming up. Which two configurations bring the adjacency up? (Choose two.)
A. LA
interface E 0/0
ip ospf message-digest-key 1 md5 Cisco123
B. NY
Interface E 0/0
no ip ospf message-digest-key.1 md5 Cisco123
ip ospf authentication-key Cisco123
C. NY
router ospf 1
area 0 authentication message-digest
D. LA
router ospf 1
area 0 authentication message-digest
E. LA
interface E 0/0
ip ospf authentication-key Gisco123
Correct Answer: AD
QUESTION 47
What are two characteristics of IPv6 Source Guard? (Choose two.)
A. requires the user to configure a static binding
B. requires that validate prefix be enabled
C. used in service provider deployments to protect DoS attacks
D. recovers missing binding table entries
E. requires IPv6 snooping on Layer 2 access or trunk ports
Correct Answer: BE
QUESTION 48
Users report issues with reachability between areas as soon as an engineer configured summary routes between areas in a multiple area OSPF autonomous system. Which action resolves the issue?
A. Configure the summary-address command on the ASBR
B. Configure the area range command on the ASBR
C. Configure the summary-address command on the ABR.
D. Configure the area range command on the ABR
Correct Answer: D
QUESTION 49
Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured. Which command resolves this issue?
A. ipv6 access-class INTERNET in
B. ipv6 traffic-filter INTERNET in
C. access-class INTERNET in
D. ip access-group INTERNET in
Correct Answer: B
QUESTION 50
Refer to the exhibit. The branch router is configured with a default route toward the internet and has no routes configured for the HQ site that is connected through interface G2/0. The HQ router is fully configured and does not require changes.
Which configuration on the branch router makes the intranet website (TCP port 80) available to the branch office users?
A.
B.
C.
D.
Correct Answer: B
QUESTION 51
IPv6 is enabled in the infrastructure to support customers with an IPv6 network over WAN and to connect the head office to branch offices in the local network. One of the customers is already running IPv6 and wants to enable IPv6 over the
DMVPN network infrastructure between the headend and branch sites. Which configuration command must be applied to establish an mGRE IPv6 tunnel neighborship?
A. ipv6 nhrp-holdtime 30
B. ipv6 unicast-routing
C. tunnel protection mode ipv6
D. tunnel mode gre multipoint ipv6
Correct Answer: D
QUESTION 52
Refer to the exhibit. An engineer has configured R1 as EIGRP stub router. After the configuration, router R3 failed to reach to R2 loopback address. Which action advertises R2 loopback back into the R3 routing table?
A. Use a leak map on R3 that matches the required prefix and apply it with the EIGRP stub feature.
B. Add a static route for R2 loopback address in R1 and redistribute it to advertise to R3.
C. Use a leak map on R1 that matches the required prefor and apply it with the distribute list command toward R3
D. Add a static null route for R2 loopback address in R1 and redistribute it to advertise to R3
Correct Answer: B
QUESTION 53
How is VPN routing information distributed in an MPLS network?
A. The top level of the customer data packet directs it to the correct CE device
B. It is controlled through the use of RD.
C. It is controlled using of VPN target communities.
D. it is established using VPN IPsec peers:
Correct Answer: C
QUESTION 54
An engineer creates a Cisco DNA Center cluster with three nodes, but all the services are running on one host node. Which action resolves this issue?
A. Click the master host node with all the services and select services to be moved to other hosts.
B. Click system updates, and upgrade to the latest version of Cisco DNA Center.
C. Enable service distribution from the Systems 360 page.
D. Restore the link on the switch interface that is connected to a cluster link on the Cisco DNA Center.
Correct Answer: C
QUESTION 55
Refer to the exhibit.
A network is under a cyberattack. A network engineer connected to R1 by SSH and enabled the terminal monitor via SSH session to find the source and destination of the attack. The session was flooded with messages, which made it impossible for the engineer to troubleshoot the issue, Which command resolves this issue on R1?
A. # terminal no monitor
B. # no terminal monitor
C. (config)# no terminal monitor
D. (configy)#terminal no monitor
Correct Answer: A
QUESTION 56
Refer to the exhibit. An engineer is troubleshooting a TACACS problem. Which action resolves the issue?
A. Apply a configured AAA profile to the VTY.
B. Configure a matching preshared key.
C. Generate authentication from a relative source interface
D. Configure a matching TACACS server IP.
Correct Answer: B
QUESTION 57
Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?
A. VACL blocking broadcast frames from nonauthorized hosts
B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes.
C. IPVv4 ACL blocking route advertisements from nonauthorized hosts
D. PVLANs with community ports associated to route advertisements and isolated ports for nodes
Correct Answer: B
QUESTION 58
Refer to the exhibit.
An engineer configured IP SLA on R1 to avoid the ISP Iink Rapping problem, but it is not working as designed. IP SLA should wait 30 seconds before switching traffic to a secondary connection and then revert to the primary link after waiting 20 seconds, when the primary link is available and stablized. Which configuration resolves the issue?
A.
B.
C.
D.
Correct Answer: D
QUESTION 59
Refer to the exhibit. An engineer has configured policy-based routing and applied the configuration to the correct interface. How is the configuration applied to the traffic that matches the access list?
A. It is forwarded using the routing table lookup
B. It is sent to 209.165.202.131
C. it is dropped
D. it is sent to 209.165.202.129
Correct Answer: B
QUESTION 60
The network administrator configured the network to connect two disjointed networks, and all the connectivity is up except the virtual link, which causes area 250 to be unreachable. Which two configurations resolve this issue? (Choose two)
A.
B.
C.
D.
E.
Correct Answer: BE
QUESTION 61
The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172 16.1.1/32. The administrator has configured this:
The network administrator is not getting the desired results. Which set of configurations resolves this issue?
A.
B.
C.
D.
Correct Answer: A
QUESTION 62
Refer to the exhibit. An engineer configured SNMP communities on the Core_Sw1, but the SNMP server cannot obtain information from Core_Sw1. Which configuration resolves this issue?
A. snmp-server group NETVIEW v2c priv read NETVIEW access 20
B. access-list 20 permit 10.221.10.12
C. snmp-server group NETADMIN V3 priv read NETVIEW write NETADMIN access
D. access-list 20 permit 10.221.10.11
Correct Answer: D
QUESTION 63
Refer to the exhibit. AS 111 wanted to use AS 200 as the preferred path for 172.20.5.0/24 and AS 100 as the backup. After the configuration, AS 100 is not used for any other routes. Which configuration resolves the issue?
A. route-map SETLP permit 10
match ip address prefix-list PLIST1
set local-preference 110
route-map SETLP permit 20
B. route-map SETLP permit 10
match ip address prefix-list PLIST1
set local-preference 99
route-map SETLP permit 20
C. router bgp 111
no neighbor 192.168.10.1 route-map SETLP inneighbor 192.168.20.2 route-map SETLP in
D. router bgp 111
no neighbor 192.169.10.1 route-map SETLP in
neighbor 192.168.10.1 route-map SETLP out
Correct Answer: B
QUESTION 64
Refer to the exhibit. The ISP router is fully configured for customer A and customer B using the VRF-Lite feature. What is the minimum configuration required for customer A to communicate between routers A1 and A2?
A.
B.
C.
Correct Answer: C
QUESTION 65
Refer to the exhibit. The Math and Science departments connect through the corporate IT router, but users in the Math department must not be able to reach the Science department and vice versa. Which configuration accomplishes this task?
A. vrf definition Science
!
interface E0/2
ip address 192.168.1.1 255.255.255.0
no-shut
!
interface E0/3
ip address 192.168.2.1 255.255.255.0
no shut
B. vrf definition Science
address-family ipv4
!
interface E 0/2
vif forwarding Science
ip address 192.168.1.1 255.255.255.0
no shut
!
interface E 0/3
vrf forwarding Science
ip address 192 168.2.1 255.255.255.0
no shut
C. vrf definition ScienceAddres-family ipv4
!
interface E 0/2
ip address 192.168.1.1 255.255 255.0
no shut
!
Interface E 0/3
Ip address 192.168.2.1 255.255.255.0
No shut
D. vrf definition science
Address-family ipv4
!
interface E0/2
ip address 192.168.1.1 255.255.255.0
vrf forwaeding Science
no shut
!
interface E0/3
ip address 192.168.2.1 255.255.255.0
vrf forwarding Science
no shut
Correct Answer: B
QUESTION 66
Refer to the exhibit. An engineer implemented an access list on R1 to allow anyone to Telnet except R2 Loopback to R1 Loopback4. How must sequence 20 be replaced on the R1 access list to resolve the issue?
A. sequence 20 deny tcp host 400A:0:400C::1 host 1001:ABC:2011:7::1 eq telnet
B. sequence 20 permit tcp host 1001:ABC:2011:7::1 host 400A: 0:400C::1 eq telnet
C. sequence 20 permit tcp host 400A:0:400C.::1 host 1001:ABC:2011:7::1 eq telnet
D. sequence 20 deny tcp host 1001 ABC: 2011:7:1 host 400A:0:400C::1 eq telnet
QUESTION 67
Which feature minimizes DoS attacks on an IPv6 network?
A. IPv6 Destination Guard
B. IPv6 Router Advertisement Guard
C. IPv6 Binding Security Table
D. IPv6 Prefix Guard
QUESTION 68
Refer to the exhibit. An engineer implemented CoPP to limit Telnet traffic to protect the router CPU. It was noticed that the Telnet traffic did not pass through CoPP. Which configuration resolves the issue?
A. ip access-list extended TELNET
permit tcp host 10.2.2.1 host 10.2.2.4 eq telnet
permit tcp host 10.1.1.1 host 10.1.1.3 eq telnet
B. policy-map COPP
class TELNET
police 8000 conform-action transmit exceed-action transmit violate-action drop
C. ip access-list extended TELNET
permit tcp host 10.2.2.4 host 10.2.2.1 eq telnet
permit tcp host 10.1.1 3 host 10,1.1.1 eq telnet
D. policy-map COPP
class TELNET
police 8000 conform-action transmit exceed-action transmit
QUESTION 69
Refer to the exhibit. R1 is directly connected to R2 over network 10.100.14.0/24. An engineer configures R1 to advertise a static route that is connected to a local loopback for network 10.100.13.0/24. The network is not in the routing table of R2. Which action resolves the issue?
A. The redistribution command is incorrect on R1. The keyword subnets should be included with the redistribution command
B. The redistribution command is incorrect on R1. The default metric metric 200 should be included with the redistribution command.
C. R2 must use a different OSPF process number and should be changed to ospf 1 to match R1.
D. The Loopback interface on R1 is administratively down. The interface should be enabled with the no shutdown command
QUESTION 70
What is the function of BFD?
A. It negotiates to the highest version if the neighbor version differs
B. It creates high CPU utilization on hardware deployments.
C. It provides uniform failure detection on the same media type
D. It provides uniform failure detection regardless of media type
QUESTION 71
Which type of BFD session is created on a broadcast Ethernet interface with OSPF?
A. with all OSPF routers
B. only with the DR
C. with the DR and BDR, but not any DROTHER routers
D. only on P2P Ethernet interfaces
QUESTION 72
What is the use of IPv6 snooping?
A. required for the operation of IPv6 RA Guard
B. requires an external IPv6 packet analyzer
C. captures any type of user traffic to create a binding table
D. captures IPv6 routing protocol packets to analyze
QUESTION 73
Refer to the exhibit. An administrator must harden a router, but the administrator failed to test the SSH access successfully to the router. Which action resolves the issue?
A. SSH syntax must be ssh -l user ip to log in to the remote device
B. Configure SSH on the remote device to log in using SSH
C. Configure enable secret to log in to the device.
D. SSH must be allowed with the transport output ssh command.
QUESTION 74
Refer to exhibit. A network engineer applied a BGP CoPP to rate limit on the core router to ensure that control traffic is not impacted with upstream ISP. After the CoPP policy is applied, the BGP neighbors started flapping randomly. Which action resolves the issue?
A. Configure the violate action as drop in the policy map
B. Apply the service policy in the output direction.
C. Configure the exceed action as set-cos-transmit in the policy map.
D. Remove the established keyword from the access list
QUESTION 75
Refer to the exhibit.
R1 and R2 have been configured where the neighbor relationship must be authenticated using MD5:
R1
router bgp 100
neighbor 172.16.1.2 remote-as200
neighbor 172.16.1.1 password cisco123
R2router bap 200
neighbor 172.16.1.1 remote-as100
neighbor 172.16.1.1 password cisco
The neighbor relationship is not coming up. Which configuration resolves the issue?
A. R2
router bop 200
neighbor 172.16.1.1 password cisco123
B. R1
router bgp 100
neighbor 172.16.1.2 password MD5 cisco123
R2
router bgp 200
neighbor 172.16.1.1 password MD5 cisco123
C. R1
router bgp 100
neighbor 172.16.1.2 password cisco
D. R1
router bgp 100
neighbor 172.16.1.2 password MD5 cisco
R2
router bgp 100
neighbor 172.16.1.1 password MD5 cisco
QUESTION 76
A network administrator must optimize the segment size of the TCP packet on the DMVPN IPsec protected tunnel interface, which carries application traffic from the head office to a designated branch. The TCP segment size must not
overwhelm the MT of the outbound link. Which configuration must be applied to the router to improve the application performance?
A. interface tunnel30
ip mtu 1400
ip top packet-size 1360
!
crypto ipsec fragmentation after-encryption
B. interface tunnel30
ip mtu 1400
ip top max-segment 1360
!
crypto ipsec fragmentation before-encryption
C. interface tunnel30
ip mtu 1400
ip tcp adjust-mss 1360
!
crypto ipsec fragmentation after-encryption
D. interface tunnel30
ip mtu 1400
ip tp payload-size 1360
!
crypto ipsec fragmentation before-encryption
QUESTION 77
Refer to the exhibit. A prefix of 10.1.1.0/31 is assigned for the DWDM circuit between R1 and R2 to connect the two attached VRFs on each router. Which configuration provides the required connectivity on R1?
A.
B.
C.
D.
QUESTION 78
Refer to the exhibit. R1 is multihomed to ISP1 and ISP2. uRPF strict mode has been configured on both interfaces uplinked to the ISPs. Traffic destined to the Internet over ISP1 returns to R1 via ISP2 and is immediately dropped. Which configuration changes address this issue and allow return traffic from the other ISP?
A. R1(config)#interface fastethernet 0/0
R1(config-if)# ip verify unicast source reachable-via rx
B. R1(config)#interface fastethernet 0/1
R1(config-if)# ip verity unicast source reachable-via any
C. R1(config)#interface fastethernet 0/0
R1(config-if)# no ip verify unicast source reachable-via any allow-default
D. R1(config)#interface fastethernet 0/1
R1(config-if)# ip verify unicast source reachable-via any allow-default
QUESTION 79
A CoPP poly is applied for receIng SSH tratic from the WAN interface on a Cisco ISR4321 router. However, the SSH response from the router is abnormal and stuck during the high link utilization. The problems identified as SSH traffic does not
match in the ACL Which action resolves the issue?
A. Rate-limit SSH traffic to ensure dedicated bandwidth.
B. Apply CoPP on the WAN interface inbound direction
C. Apply CoPP on the control plane interface.D. Increase the IP precedence value of SSH traffic to 6
QUESTION 80
Which two solutions are used to overcome a flapping link that causes a frequent label binding exchange between MPLS routers? (Choose two.)
A. Increase a hold-timer to protect the session.
B. Create link dampening on links to protect the session.
C. Increase input queue on links to protect the session.
D. Increase a session delay to protect the session
E. Create targeted hellos to protect the session.
QUESTION 81
The network administrator configured CoPP so that EIGRP traffic toward the device is limited to 2 mbps. Any traffic that exceeds this limit must also be allowed at this point for traffic analysis
No EIGRP traffic is going through CoPP. Which configuration resolves the issue?
A.
B.
C.
D.
QUESTION 82
In a DMVPN network, the Spoke 1 user observed that the voice traffic is coming to Spoke2 users via the hub router. Which command is required on both spoke routers to communicate directly to one another?
A. ip nhrp shortcut
B. ip nhrp redirect
C. ip nhrp nhs multicast
D. ip nhrp map dynamic
QUESTION 83
Refer to the exhibit. A network engineer must provision two DMVPN spokes sites with a zero-touch deployment model. The spoke must communicate through hub with other spokes. Which configuration provisions these sites?
A.
B.
C.
D.
QUESTION 84
Refer to exhibit. A network engineer is facing issues between SPF neighbors changing states frequently. The engineer enabled an ACL for CoPP and applied it at the control plane interface but got unexpected results. Which action resolves the issue?
A. Remove the log and log-input keywords from ACL
B. Apply ACL on OSPF physical interface in the inward direction
C. Add one more ACL. line to permit 224.0.0.6 in the inward direction
D. Apply ACL on OSPF physical interface in the outward direction.
QUESTION 85
Refer to the exhibit.
The network administrator configured the network to establish connectivity between all devices and notices that the ASBRs do not have routes for each other. Which set of configurations resolves this issue?
A.
B.
C.
D.
DRAG AND DROP
QUESTION 1
Drag and drop the LDP features from the left onto the decisions on the right
Select and Place:
Correct Answer:
QUESTION 2
Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used.
Select and Place:
Correct Answer:
QUESTION 3
Drag and drop the address from the left onto the correct IPv6 filter purposes on the right
Select and Place:
Correct Answer:
QUESTION 4
Drag and drop the SNMP attributes in Cisco IOS device from the left onto the correct SNMPv2c or SNMPv3 categories on the right
Select and Place:
Correct Answer:
QUESTION 5
Drag and drop the actions from the left into the correct order on the right configure a policy to avoid following packet forwarding based on the normal routing path
Select and Place:
Correct Answer:
QUESTION 6
Drag and drop the MPLS terms from the left onto the correct definitions on the right.
Select and Place:
Correct Answer:
QUESTION 7
Drag and drop the OSPF adjacency states from the left onto the correct descriptions on the right.
Select and Place:
Correct Answer:
QUESTION 8
Drag and drop the packet types from the left onto the correct descriptions on the right
Select and Place:
Correct Answer: