Preguntas ENCOR Quiz Part 9

Question 1
Which IPv4 packet field carries the QoS IP classification marking?
A. ID
B. TTL
C. FCS
D. ToS
Answer: D
Question 2
Drag and drop the characteristics from the left onto the technology types on the right.
Answer:
Configuration Management
+ Ansible is used for this type of technology.
+ This type of technology enables consistent configuration of infrastructure resources.
Orchestration
+ Puppet is used for this type of technology.
+ This type of technology provides automation across multiple technologies and domains.
Question 3
Refer to the exhibit.

A network engineer must log in to the router via the console, but the RADIUS servers are not
reachable. Which credentials allow console access?
A. the username “cisco” and the password “cisco123”

B. no username and only the password “test123”
C. no username and only the password “cisco123”
D. the username “cisco” and the password “cisco”
Answer: C
Explanation
We tested with GNS3 and the router only requires password “cisco123” configured under line
console to authenticate. So we can deduce the “password” command under line interface is
preferred over “login authentication” command.
Question 4
A customer transitions a wired environment to a Cisco SD-Access solution. The customer does
not want to integrate the wireless network with the fabric. Which wireless deployment approach
enables the two systems to coexist and meets the customer requirement?
A. Deploy a separate network for the wireless environment.

B. Implement a Cisco DNA Center to manage the two networks.
C. Deploy the wireless network over the top of the fabric.
D. Deploy the APs in autonomous mode.
Answer: C
Explanation
Customers with a wired network based on SD-Access fabric have two options for integrating
wireless access:
+ SD-Access Wireless Architecture
+ Cisco Unified Wireless Network Wireless Over the Top (OTT)
OTT basically involves running traditional wireless on top of a fabric wired network.
Why would you deploy Cisco Unified Wireless Network wireless OTT? There are two primary
reasons:
…
2. Another reason for deploying wireless OTT could be that customer doesn’t want or cannot
migrate to fabric for wireless.
Reference: https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-
automation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf
Question 5
Which two solutions are used for backing up a Cisco DNA Center Assurance database? (Choose
two)
A. NFS share
B. local server
C. non-linux server
D. remote server
E. bare metal server
Answer: A D
Explanation
Cisco DNA Center creates the backup files and posts them to a remote server. Each backup is
uniquely stored using the UUID as the directory name.
To support Assurance data backups, the server must be a Linux-based NFS server that meets
the following requirements:
Support NFS v4 and NFS v3.
Cisco DNA Center stores backup copies of Assurance data on an external NFS device and
automation data on an external remote sync (rsync) target location.
The remote share for backing up an Assurance database (NDP) must be an NFS share.
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-
automation-and-management/dna-center/2-1-2/admin_guide/
b_cisco_dna_center_admin_guide_2_1_2/
b_cisco_dna_center_admin_guide_2_1_1_chapter_0110.html
Question 6

Which command set must be applied on R1 to establish a BGP neighborship with R2 and to allow
communication from R1 to reach the networks?
A. router bgp 1200

network 209.165.200.224 mask 255.255.255.224
neighbor 209.165.202.130 remote-as 1201
B. router bgp 1200

network 209.165.201.0 mask 255.255.255.224
C. router bgp 1200

network 209.165.200.224 mask 255.255.255.224
D. router bgp 1200

network 209.165.200.224 mask 255.255.255.224
Answer: A
Question 7
A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE.
The portal is also used by employees. A solution is implemented, but contractors receive a
certificate error when they attempt to access the portal. Employees can access the portal
without any errors. Which change must be implemented to allow the contractors and employees
to access the portal?
A. Install a trusted third-party certificate on the Cisco ISE.
B. Install an internal CA signed certificate on the Cisco ISE.
C. Install a trusted third-party certificate on the contractor devices.
D. Install an internal CA signed certificate on the contractor devices.
Answer: A
Explanation
It is recommended to use the Company Internal CA for Admin and EAP certificates, and a
publicly-signed certificate for Guest/Sponsor/Hotspot/etc portals. The reason is that if a user or
guest comes onto the network and ISE portal uses a privately-signed certificate for the Guest
Portal, they get certificate errors or potentially have their browser block them from the portal
page. To avoid all that, use a publicly-signed certificate for Portal use to ensure better user
experience. Additionally, Each deployment node(s)’s IP address should be added to the SAN field
to avoid a certificate warning when the server is accessed via the IP address.
Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/
215621-tls-ssl-certificates-in-ise.html
Question 8
Which IP address becomes the active next hop for 192.168.102.0/24 when 192.168.101.2 fails?
A. 192.168.101.10
B. 192.168.101.14
C. 192.168.101.6
D. 192.168.101.18
Answer: D
Explanation
Path Selection Attributes: (highest) Weight > (highest) Local Preference > Originate >
(shortest) AS Path > Origin > (lowest) MED > External > IGP Cost > eBGP Peering > (lowest)
Router ID
Besides 192.168.101.2, other next hops have the same weight attribute of 0 so we have to
consider Local preference. There are two next hops with LocPrf of 100 which are 192.168.101.18
and 192.168.101.10 (The field of LocPrf is empty means the default Local Preference of 100).
Next we compare their AS Path. The next hop 192.168.101.18 has shorter AS Path so it will be
the active next hop when the current one fails.
Question 9
What is the API keys option for REST API authentication?
A. a predetermined string that is passed from client to server

B. a one-time encrypted token
C. a username that is stored in the local router database
D. a credential that is transmitted unencrypted
Answer: A
Explanation
In REST API Security – API keys are widely used in the industry and became some sort of
standard, however, this method should not be considered a good security measure.
API Keys were created as somewhat of a fix to the early authentication issues of HTTP Basic
Authentication and other such systems. In this method, a unique generated value is assigned to
each first time user, signifying that the user is known. When the user attempts to re-enter the
system, their unique key (sometimes generated from their hardware combination and IP data,
and other times randomly generated by the server which knows them) is used to prove that
they’re the same user as before.
Reference: https://blog.restcase.com/4-most-used-rest-api-authentication-methods/
Question 10
Refer the exhibit.
Which configuration elects SW4 as the root bridge for VLAN 1 and puts G0/2 on SW2 into a
blocking state?
A. SW4(config)#spanning-tree vlan 1 priority 32768

!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 0
B. SW4(config)#spanning-tree vlan 1 priority 32768
!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128
C. SW4(config)#spanning-tree vlan 1 priority 0

!
SW2(config)#int G0/2
SW2(config-if)#spanning-tree cost 128
D. SW4(config)#spanning-tree vlan 1 priority 0

!
SW2(config)#interface G0/2
SW2(config-if)#spanning-tree vlan 1 port-priority 64
Answer: C
Question 11
Which Python code snippet must be added to the script to save the returned configuration as a
JSON-formatted file?
A. with open(“ifaces.json”, “w”) as OutFile:

OutFile.write(Response.text)
B. with open(“ifaces.json”, “w”) as OutFile:

OutFile.write(Response.json())
C. with open(“ifaces.json”, “w”) as OutFile:

JSONResponse = json.loads(Response.text)
OutFile.write(JSONResponse)
D. with open(“ifaces.json”, “w”) as OutFile:

OutFile.write(Response)
Answer: A
Explanation
The json() method of the Response interface takes a Response stream and reads it to

completion. It returns a promise which resolves with the result of parsing the body text as JSON.
Response.text returns the content of the response (string), in unicode so we can write it to a

file.
Note: response.json() returns a JSON object of the result so it cannot be written to a file
directly.
Question 12
An engineer must configure an ERSPAN session with the remote end of the session 10.10.0.1.
Which commands must be added to complete the configuration?
A. Device(config)# monitor session 1 type erspan-source

Device(config-mon-erspan-src)# destination
Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip address 10.10.0.1
B. Device(config)# monitor session 1 type erspan-destination

Device(config-mon-erspan-src)# source
Device(config-mon-erspan-src-dst)#origin ip address 10.1.0.1
C. Device(config)# monitor session 1 type erspan-source

Device(config-mon-erspan-src-dst)#no origin ip address 10.10.0.1
Device(config-mon-erspan-src-dst)#ip destination address 10.10.0.1
D. Device(config)# monitor session 1 type erspan-source

Device(config-mon-erspan-src-dst)#no vrf 1
Answer: A
Explanation
For the source session, we have to configure:

+ Unique session ID.
+ List of source interfaces or source VLANs that you want to monitor. Not all platforms support
every possible source.
+ What traffic we want to capture: tx, rx or both.
+ Destination IP address for the GRE tunnel.
+ Origin IP address which is used as the source for the GRE tunnel.
+ Unique ERSPAN flow ID.
+ Optional: you can specify attributes like the ToS (Type of Service), TTL, etc.
Reference: https://networklessons.com/cisco/ccie-routing-switching-written/erspan
The configuration in the exhibit is missing destination IP address for the GRE tunnel so we have
to add it with the “ip address 10.10.0.1”.
========================= New Questions (added on 3rd-March-2022)

=========================
Question 13
The administrator troubleshoots an Etherchannel that keeps moving to err-disabled. Which two
actions must be taken to resolve the issue? (Choose two)
A. Reload the switch to force EtherChannel renegotiation

B. Ensure that interfaces Gi1/0/2 and Gi1/0/3 connect to the same neighboring switch
C. Ensure that the neighbor interfaces of Gi1/0/2 and Gi1/0/3 are configured as members of the
same EtherChannel
D. Ensure that the corresponding port channel interface on the neighbor switch is named Port-
channel1
E. Ensure that the switchport parameters of Port-channel 1 match the parameters of the port
channel on the neighbor switch
Answer: C E
Explanation
The errdisable status indicates that the port was automatically disabled by the switch operating
system software because of an error condition encountered on the port.
Check the EtherChannel configuration on both switches. If one side is configured for
EtherChannel in the On mode, the peer ports must also be in On mode or they will go to
errdisable.
Reference: https://community.cisco.com/t5/networking-documents/port-status-is-errdisable-
due-to-etherchannel-misconfiguration/ta-p/3131226
Question 14
Drag and drop the snippets onto the blanks within the code to construct a script that shows all
logging that occurred on the appliance from Sunday until 9:00 p.m Thursday. Not all options are
used.
Answer:
1 – 0 21 * * 0-4
2 – 3.0
3 – redirect ftp://cisco:cisco@192.168.1.1
Explanation
cron-entry Text string that consists of five fields separated by spaces. The fields represent the
times and dates when CRON timer events will be triggered. There are 5 values you can specify:
minute – this controls what minute of the hour the command will fire values between 0 and 59
hour – this controls what hour the command will run – specified in the 24 hour clock format 0-23
(0=midnight)
day-of-month – A number in the range from 1 to 31 that specifies the day of the month when a
CRON timer event is triggered.
month – A number in the range from 1 to 12 or the first three letters (not case-sensitive) of the
name of the month in which a CRON timer event is triggered.
day-of-week – A number in the range from 0 to 6 (Sunday is 0) or the first three letters (not
case-sensitive) of the name of the day when a CRON timer event is triggered.
Examples:
01 * * * * This command is run at one min past every hour
17 8 * * * This command is run daily at 8:17 am
*/1 **** this command runs every minute
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book/
eem-cr-e2.html
This cron runs from Sunday to Thursday -> 0-4
Question 15
Drag and drop the characteristics from the left onto the infrastructure deployment models on the
right.

Answer:
On Premises:
+ Infrastructure requires large and regular investments.
+ It requires capacity planning for power and cooling.
Cloud:
+ Capacity easily sales up or down.
+ It enables users to access resources from anywhere.
Question 16
Which definition describes JWT in regard to REST API security?
A. an encrypted JSON token that is used for authentication

B. an encrypted JSON token that is used for authorization
C. an encoded JSON token that is used to securely exchange information
D. an encoded JSON token that is used for authentication
Answer: C
Question 17
Drag and drop the characteristics from the left onto the routing protocols they describe on the
right.

Answer:
EIGRP
+ sends hello packets every 5 seconds on high-bandwidth links
OSPF
+ cost is based on interface bandwidth
+ uses virtual links to link an area that does not have a connection to the backbone
========================== New Questions (added on 5th-Mar-2022)

==========================
Question 18
What happens when a FlexConnect AP changes to standalone mode?
A. All controller dependent activities stops working except DFS

B. Only clients on central switching WLANs stay connected
C. All clients roaming continues to work
D. All clients on all WLANs are disconnected
Answer: A
Explanation
When a FlexConnect access point enters standalone mode, it disassociates all clients that are on
centrally switched WLANs. Controller-dependent activities, such as network access control (NAC)
and web authentication (guest access), are disabled.
However, a FlexConnect access point supports dynamic frequency selection (DFS) in standalone
mode.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-2/configuration/guide/
cg/cg_flexconnect.html
Question 19
Which two Cisco SD-Access components provide communication between traditional network
elements and controller layer? (Choose two)
A. network data platform

B. network underlay
C. fabric overlay
D. network control platform
E. partner ecosystem
Answer: B C
========================== New Questions (added on 8th-Mar-2022)

==========================
Question 20
What is one difference between EIGRP and OSPF?
A. OSPF is a Cisco proprietary protocol, and EIGRP is an IETF open standard protocol.
B. EIGRP uses the DUAL distance vector algorithm, and OSPF uses the Dijkstra link-state
algorithm
C. EIGRP uses the variance command lot unequal cost load balancing, and OSPF supports
unequal cost balancing by default.
D. OSPF uses the DUAL distance vector algorithm, and EIGRP uses the Dijkstra link-state
algorithm

Answer: B
Question 21
Which function does a fabric wireless LAN controller perform in a Cisco SD-Access deployment?
A. performs the assurance engine role for both wired and wireless clients
B. coordinates configuration of autonomous nonfabric access points within the fabric
C. manages fabric-enabled APs and forwards client registration and roaming information to the
Control Plane Node
D. is dedicated to onboard clients in fabric-enabled and nonfabric-enabled APs within the fabric
Answer: C
Explanation
+ Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the
SDA fabric.
Question 22
Drag and drop the characteristics from the left onto the orchestration tools that they describe on
the right.
Answer:
Chef
+ communicates using knife tool
+ procedural
SaltStack
+ declarative
+ communicates through SSH
Question 23

An engineer must set up connectivity between a campus aggregation layer and a branch office
access layer. The engineer uses dynamic trunking protocol to establish this connection, however,
management traffic on VLAN1 is not passing. Which action resolves the issue and allow
communication for all configured VLANs?
A. Allow all VLANs on the trunk links

B. Disable Spanning Tree for the native VLAN
C. Change both interfaces to access ports
D. Configure the correct native VLAN on the remote interface
Answer: D
Question 24
How must network management traffic be treated when defining QoS policies?
A. as delay-sensitive traffic in a low latency queue

B. using minimal bandwidth guarantee
C. using the same marking as IP routing
D. as best effort
Answer: A
Question 25

Which command set is needed to configure and verify router R3 to measure the response time
from router R3 to the file server located in the data center?
Option A Option B
ip sla 6 ip sla 6
icmp-echo 172.29.139.134 source-ip icmp-echo 172.29.139.134 source-ip
172.29.139.132 172.29.139.132
frequency 300 frequency 300
ip sla schedule 6 start-time now ip sla schedule 6 start-time now
show ip protocol
Option C Option D
ip sla 6 ip sla 6
icmp-echo 10.0.1.3 source-ip 10.0.0.3 icmp-echo 10.0.1.3 source-ip 10.0.0.3
frequency 300 frequency 300
ip sla schedule 6 life forever start-time now ip sla schedule 6 life forever start-time now
show ip sla statistics 6 show ip protocol
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Question 26
What are the main components of Cisco TrustSec?
A. Cisco ISE and Enterprise Directory Services

B. Cisco ISE, network switches, firewalls, and routers
C. Cisco ISE and TACACS+
D. Cisco ASA and Cisco Firepower Threat Defense
Answer: B
Explanation
The key component of Cisco TrustSec is the Cisco Identity Services Engine. It is typical for
the Cisco ISE to provision switches with TrustSec Identities and Security Group ACLs (SGACLs),
though these may be configured manually.
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/
configuration/guide/sy_swcg/trustsec.pdf
Question 27
What is the result of the API request?
A. The information for all interfaces is read from the network appliance
B. The native interface information is read from the network appliance
C. The “params” variable sends data fields to the network appliance
D. The “params” variable reads data fields from the network appliance
Answer: A
Question 28
What is a TLOC in a Cisco SD-WAN deployment?
A. value that identifies a specific tunnel within the Cisco SD-WAN overlay
B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
C. attribute that acts as a next hop for network prefixes
D. component set by the administrator to differentiate similar nodes that offer a common service
Answer: C
Explanation
TLOCs serve another important function besides data plane connectivity. In OMP terms (the
routing protocol used over the SD-WAN Fabric), the TLOC serves as a next-hop for route
advertisements. OMP is very similar to BGP in many ways, and just as the next-hop must be
resolvable for BGP to install a route, the same is true of OMP.
Reference: https://carpe-dmvpn.com/2019/12/14/tlocs-cisco-sd-wan/
Question 29
Which Cisco FlexConnect state allows wireless users that are connected to the network to
continue working after the connection to the WLC has been lost?
A. Authentication Down/Switching Down

B. Authentication-Central/Switch-Local
C. Authentication-Down/Switch-Local
D. Authentication-Central/Switch-Central
Answer: C
Explanation
A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as

being in one of the following defined states.
+ Authentication-Central/Switch-Central: This state represents a WLAN that uses a
centralized authentication method such as 802.1X, VPN, or web. User traffic is sent to the WLC
via CAPWAP (Central switching). This state is supported only when FlexConnect is in connected
mode.
+ Authentication Down/Switching Down: Central switched WLANs no longer beacon or
respond to probe requests when the FlexConnect AP is in standalone mode. Existing clients are
disassociated.
+ Authentication-Central/Switch-Local: This state represents a WLAN that uses centralized
authentication, but user traffic is switched locally. This state is supported only when the
FlexConnect AP is in connected mode.
+ Authentication-Down/Switch-Local: A WLAN that requires central authentication rejects
new users. Existing authenticated users continue to be switched locally until session time-out if
configured. The WLAN continues to beacon and respond to probes until there are no more
existing users associated to the WLAN. This state occurs as a result of the AP going into
standalone mode.
+ Authentication-local/switch-local: This state represents a WLAN that uses open, static
WEP, shared, or WPA2 PSK security methods. User traffic is switched locally. These are the only
security methods supported locally if a FlexConnect goes into standalone mode. The WLAN
continues to beacon and respond to probes. Existing users remain connected and new user
associations are accepted. If the AP is in connected mode, authentication information for these
security types is forwarded to the WLC.
Question 30

Which commands are required to allow SSH connection to the router?
Option A Option B
Router(config)#access-list 10 permit tcp any Router(config)#access-list 100 permit udp

eq 22 any any any eq 22
Router(config)#class-map class-ssh Router(config)#access-list 101 permit tcp
Router(config-cmap)#match access-group any any eq 22
10 Router(config)#class-map class-ssh
Router(config)#policy-map CoPP Router(config-cmap)#match access-group
Router(config-pmap)#class class-ssh 101
Router(config-pmap-c)#police 100000 Router(config)#policy-map CoPP
conform-action transmit Router(config-pmap)#police 100000
conform-action transmit
Option C Option D
Router(config)#access-list 100 permit tcp Router(config)#access-list 100 permit tcp

any eq 22 any any any eq 22
Router(config)#class-map class-ssh Router(config)#access-list 101 permit tcp
Router(config-cmap)#match access-group any any eq 22
10 Router(config)#class-map class-ssh
Router(config)#policy-map CoPP Router(config-cmap)#match access-group
Router(config-pmap)#class class-ssh 101
Router(config-pmap-c)#police 100000 Router(config)#policy-map CoPP
conform-action transmit Router(config-pmap)#class class-ssh
Router(config-pmap-c)#police 100000
conform-action transmit
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Question 31
An engineer must configure and validate a CoPP policy that allows the network management
server to monitor router R1 via SNMP while protecting the control plane. Which two commands
or command sets must be used? (Choose two)
A. show quality-of-service-profile
B. show ip interface brief
C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp
class-map match-all CoPP-management

match access-group 150
policy-map CoPP-policy
class CoPP-management
police 8000 conform-action transmit exceed-action transmit
violate-action transmit
control-plane
service-policy input CoPP-policy
D. show policy-map control-plane
Answer: C D
Question 32
How do EIGRP metrics compare to OSPF metrics?
A. The EIGRP administrative distance for external routes is 170, and the OSPF administrative
distance for external routes is 110
B. EIGRP uses the Dijkstra algorithm, and OSPF uses The DUAL algorithm
C. The EIGRP administrative distance for external routes is 170, and the OSPF administrative
distance for external routes is undefined
D. EIGRP metrics are based on a combination of bandwidth and packet loss, and OSPF metrics
are based on interface bandwidth
Answer: A
Question 33
A network engineer is configuring OSPF on a router. The engineer wants to prevent having a
route to 177.16.0.0/16 learned via OSPF. In the routing table and configures a prefix list using
the command ip prefix-list OFFICE seq 5 deny 172.16.0.0/16. Which two identical
configuration commands must be applied to accomplish the goal? (Choose two)
A. distribute-list prefix OFFICE in under the OSPF process

B. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 le 32
C. ip prefix-list OFFICE seq 10 permit 0.0.0.0/0 ge 32
D. distribute-list OFFICE out under the OSPF process
E. distribute-list OFFICE in under the OSPF process
Answer: A B
Question 34
Which two features does the Cisco SD-Access architecture add to a traditional campus network?
(Choose two)
A. private VLANs
B. software-defined segmentation
C. SD-WAN
D. identity services
E. modular QoS
Answer: B D
Explanation
SD-Access uses logic blocks called fabrics which leverage virtual network overlays that are
driven through programmability and automation to create mobility, segmentation, and visibility.
Network virtualization becomes easy to deploy through software-defined segmentation and
policy for wired and wireless campus networks.
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/SD-Access-
Distributed-Campus-Deployment-Guide-2019JUL.html
Question 35
Which feature is used to propagate ARP broadcast, and link-local frames across a Cisco SD-
Access fabric to address connectivity needs for silent hosts that require reception of traffic to
start communicating?
A. Native Fabric Multicast

B. Layer 2 Flooding
C. SOA Transit
D. Multisite Fabric
Answer: B
Explanation
Cisco SD-Access fabric provides many optimizations to improve unicast traffic flow, and to
reduce the unnecessary flooding of data such as broadcasts. But, for some traffic and
applications, it may be desirable to enable broadcast forwarding within the fabric.
By default, this is disabled in the Cisco SD-Access architecture. If broadcast, Link local multicast
and Arp flooding is required, it must be specifically enabled on a per-subnet basis using Layer 2
flooding feature.
Layer 2 flooding can be used to forward broadcasts for certain traffic and application types which
may require leveraging of Layer 2 connectivity, such as silent hosts, card readers, door locks,
etc.
Reference: https://community.cisco.com/t5/networking-documents/cisco-sd-access-layer2-
flooding/ta-p/3943916
Question 36
An engineer must configure a new loopback interface on a router and advertise the interface as
a /24 in OSPF. Which command set accomplishes this task?
A. R2(config)#interface Loopback0
R2(config-if)#ip address 172.22.2.1 255.255.255.0
R2(config-if)#ip ospf 100 area 0
B. R2(config)#interface Loopback0
R2(config-if)#ip ospf network broadcast
C. R2(config)#interface Loopback0
R2(config-if)#ip ospf network point-to-multipoint
R2(config-if)#router ospf 100
R2(config-router)#network 172.22.2.0 0.0.0.255 area 0
D. R2(config)#interface Loopback0
R2(config-if)#ip ospf network point-to-point
Answer: D
Explanation
Although the configured loopback address is 172.22.2.1/24 but by default OSPF will advertise
this route to loopback0 as 172.22.2.1/32 (most specific route to that loopback). In order to
override this, we have to change the network type to point-to-point. After this OSPF will
advertise the address to loopback as 172.22.2.0/24.
Question 37
What is one characteristic of the Cisco SD-Access control plane?

A. It stores remote routes in a centralized database server
B. Each router processes every possible destination and route
C. It allows host mobility only in the wireless network
D. It is based on VXLAN technology
Answer: A
Explanation
Control plane: based on Locator Identity Separator Protocol (LISP). LISP simplifies routing by
removing destination information from the routing table and moving it to a centralized mapping
system.
Question 38
An engineer must configure a router to leak routes between two VRFs. Which configuration must
the engineer apply?
Option A Option B
Option C Option D
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation
Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200158-Configure-Route-
Leaking-between-Global-a.html
Question 39

restconf
!
ip http server
ip http authentication local
ip http secure-server
!
Which command must be configured for RESTCONF to operate on port 8888?
A. ip http port 8888

B. restconf port 8888
C. ip http restconf port 8888
D. restconf http port 8888
Answer: A
Question 40
If the maximum power level assignment for global TPC 802.11a/n/ac is configured to 10 dBm,
which power level effectively doubles the transmit power?
A. 13dBm
B. 14dBm
C. 17dBm
D. 20dBm
Answer: A
Explanation
3 dB of gain = +3 dB = doubles signal strength (Let’s say, the base is P. So 10*log10(P/P) =

10*log101 = 0 dB and 10*log10(2P/P) = 10*log10(2) = 3dB -> double signal)
Question 41
Which benefit is realized by implementing SSO?
A. IP first-hop redundancy
B. communication between different nodes for cluster setup
C. physical link redundancy
D. minimal network downtime following an RP switchover
Answer: D
===================================================
There are two questions that we still have not had information about them, but we post the
description here for your reference. Special thanks to KMV who shared these new
questions:
2). Engineer received response code 504 when accessing some blah blah server/application.
what is the issue?
Authentication was unsuccessful, Username and password is wrong, Server was unavailable,
Server timeout
Correct answer should be “Server timeout”
4). What is the CISCO WiFi6 compatible AP technology for small office branches?
Cisco new Generation WLAN, Mobile Controller or some similar answer (I remember the word
“Mobile” only), XXXX, YYYY
I selected “Mobile xxxx”
================================ New Questions (added on 25th-Mar-

2022) ================================
Question 42
What is a characteristic of a type 2 hypervisor?
A. ideal for client/end-user system

B. complicated deployment
C. ideal for data center
D. referred to as bare-metal
Answer: A
Explanation
There are two types of hypervisors: type 1 and type 2 hypervisor.
In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical
server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1
hypervisor has direct access to the hardware resources. Therefore they are more efficient than
hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM
Server, KVM and Microsoft Hyper-V.
In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an
operating system and not the physical hardware directly. A big advantage of Type 2 hypervisors
is that management console software is not required. Examples of type 2 hypervisor are VMware
Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on
Windows).
Question 43

An engineer configures routing between all routers and must build a configuration to connect R1
to R3 via a GRE tunnel. Which configuration must be applied?
Option A Option B
R1 R1
interface Tunnel1 interface Tunnel1
ip address 1.1.1.13 ip address 1.1.1.13 255.255.255.0
255.255.255.0 tunnel source Loopback0
tunnel source Loopback0 tunnel destination x.y.z.160
tunnel destination x.y.z.110
R3
R3 interface Tunnel1
interface Tunnel1 ip address 1.1.1.31 255.255.255.0
ip address 1.1.1.31 tunnel source Loopback0
255.255.255.0 tunnel destination x.y.z.110
tunnel source Loopback0
Option C Option D
R1 R1
interface Tunnel1 interface Tunnel2
ip address 1.1.1.13 ip address 1.1.1.12 255.255.255.0
255.255.255.0 tunnel source Loopback0
tunnel source Loopback0 tunnel destination x.y.z.125
R2
R3 interface Tunnel1
interface Tunnel1 ip address 1.1.1.125 255.255.255.0
ip address 1.1.1.31 tunnel source Loopback0
255.255.255.0 tunnel destination x.y.z.110
tunnel source Loopback0 interface Tunnel3
tunnel destination x.y.z.160 ip address 1.1.1.125 255.255.255.0
tunnel source Loopback0
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Question 44
An engineer must allow R1 to advertise the 192.168.1.0/24 network to R2. R1 must perform this
action without sending OSPF packets to SW1. Which command set should be applied?
A. R1(config)#router ospf 1
R1(config-router)#no passive-interface gig0/0
B. R1(config)#interface gig0/0
R1(config-if)#ip ospf hello-interval 0
C. R1(config)#router ospf 1
R1(config-router)#passive-interface gig0/0
D. R1(config)#interface gig0/0
R1(config-if)#ip ospf hello-interval 65535
Answer: C
Question 45
What is an OVF?
A. a package of files that is used to describe a virtual machine or virtual appliance

B. an alternative form of an ISO that is used to install the base operating system of a virtual
machine
C. the third step in a P2V migration
D. a package that is similar to an IMG and that contains an OVA file used to build a virtual
machine
Answer: A
Explanation
Open Virtualization Format (OVF) is an open-source standard for packaging and distributing
software applications for virtual machines (VM). An OVF package contains multiple files in a
single directory.
================================ New Questions (added on 27th-Mar-

2022) ================================
Question 46
How do stratum levels relate to the distance from a time source?
A. Stratum 1 devices are connected directly to an authoritative time source

B. Stratum 15 devices are an authoritative time source
C. Stratum 0 devices are connected directly to an authoritative time source
D. Stratum 15 devices are connected directly to an authoritative time source
Answer: A
Explanation
NTP uses the concept of a stratum to describe how many hops (routers) away a machine is from
an authoritative time source, usually a reference clock. A reference clock is a stratum 0 device
that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers
cannot be used on the network but they are directly connected to computers which then operate
as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.
Question 47
What is one main REST security design principle?
A. confidential algorithms
B. separation of privilege
C. OAuth
D. password hashing
Answer: B
Explanation
REST Security Design Principles

…
Separation of Privilege: Granting permissions to an entity should not be purely based on a single
condition, a combination of conditions based on the type of resource is a better idea.
Reference: https://restfulapi.net/security-essentials/
Question 48
https://192.168.43.103/restconf/data/ietf-interfaces/interfaces/interface-
Loopback100
What does the response “204 No Content” mean for the REST API request?
A. Interface loopback 100 is removed from the configuration.

B. Interface loopback 100 is not removed from the configuration.
C. The DELETE method is not supported.
D. Interface loopback 100 is not found in the configuration.
Answer: A
Explanation
The 204 status code means that the request was received and understood, but that there is no
need to send any data back. The server has fulfilled the request but does not need to return an
entity-body, and might want to return updated meta information.
Note: HTTP status code of 2xx means “Success”, which indicates that the client’s request was
accepted successfully.
Question 49
Which LISP component decapsulates messages and forwards them to the map server responsible
for the egress tunnel routers?
A. Map Resolver
B. Router Locator
C. Proxy ETR
D. Ingress Tunnel Router
Answer: A
Explanation
The function of the LISP Map Resolver (MR) is to accept encapsulated Map-Request messages
from ingress tunnel routers (ITRs), decapsulate those messages, and then forward the messages
to the MS responsible for the egress tunnel routers (ETRs) that are authoritative for the
requested EIDs.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/15-
mt/irl-15-mt-book/irl-overview.pdf
In the example below, R3 works as a Map-resolver (MR) to receive and process the EID-to-
RLOC mapping lookup queries and provides the mappings to requester.
MS & MR functions are often included in a single device, which is referred to as an MR/MS
device. If MS and MR are two separate devices, MR is responsible to forward the Map-Request
messages to the correct MS.
Question 50
Which character formatting is required for DHCP Option 43 to function with current AP models?
A. MD5
B. ASCII
C. Hex
D. Base64
Answer: C
Question 51
Where are operations related to software images located in the Cisco DNA Center GUI?
A. Provisioning
B. Services
C. Design
D. Assurance
Answer: C
Explanation
Cisco DNA Center stores all of the software images, software maintenance updates (SMUs),
subpackages, ROMMON images, and so on for the devices in your network. Image Repository
provides the following functions:
Image Repository: Cisco DNA Center stores all the unique software images according to image
type and version. You can view, import, and delete software images.
In the Cisco DNA Center GUI, click the Menu icon () and choose Design > Image Repository.
automation-and-management/dna-center/2-1-2/user_guide/b_cisco_dna_center_ug_2_1_2/
b_cisco_dna_center_ug_2_1_1_chapter_0100.html
Question 52
Which benefit is provided by the Cisco DNA Center telemetry feature?
A. aids in the deployment network configurations

B. inventories network devices
C. improves the user experience
D. provides improved network security
Answer: B
Explanation
The categories of data collected in the product usage telemetry are the Cisco.com ID, system
telemetry, feature usage telemetry and network device (for example, switch or router)
inventory, and license entitlement.
Reference: https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-
center/nb-06-dna-center-data-sheet-cte-en.html#Productusagetelemetry
Question 53
What is one requirement when mobility tunnels are used between WLCs?
A. There must not be a firewall between the WLCs.

B. The WLCs must use the same DHCP server.
C. WLC IP ranges must be on the same subnet.
D. Mobility tunnels must be created over Layer 3 networks.
Answer: D
Question 54
Which two Cisco SD-WAN components exchange OMP information? (Choose two)
A. WAN Edge
B. vsmart
C. vBond
D. vAnalytics
E. vManage

Answer: A B
Question 55
Which two prerequisites must be met before Cisco DNA Center can provision a device? (Choose
two)
A. Cisco DNA Center must have the software image for the provisioned device in its image
repository.
B. The provisioned device must be put into bootloader mode.
C. The provisioned device must be configured with cli and snmp credentials that are known to
DNA center.
D. Cisco DNA Center must have IP connectivity to the provisioned device.
E. The provisioned device must recognize Cisco DNA Center as its LLDP neighbor.
Answer: C D
Explanation
Before using Plug and Play provisioning, do the following:

…
Ensure that Cisco network devices to be provisioned have a supported software release and are
in a factory default state -> Answer A is not correct as Cisco DNA Center does not need to have
the software image but only need to support that version.
Planned Provisioning
…
Define the device credentials (CLI and SNMP) for the devices you are deploying -> Answer C is
correct.
automation-and-management/dna-center/2-1-2/user_guide/b_cisco_dna_center_ug_2_1_2/
b_cisco_dna_center_ug_2_1_1_chapter_01101.html
Also it is obvious that the DNA Center must have IP connectivity to the provisioned device to
manage it.
Question 56
What are two benefits of implementing a traditional WAN instead of an SD-WAN solution?
(Choose two)
A. simplified troubleshooting
B. comprehensive configuration standardization
C. faster fault detection
D. lower control plane abstraction
E. lower data plane overhead
Answer: D E
Question 57
Drag and drop the characteristics from the left onto the configuration models on the right.

Answer:
Procedural
+ Administrators require deep syntax and context knowledge for the configured entities
+ This model defines a set of commands that must be executed in a certain order for the system
to achieve the desired state
Declarative
+ This model states what is wanted but not how it is achieved
+ Puppet is tool that uses this configuration model
Explanation
Chef and Ansible encourage a procedural style where you write code that specifies, step-by-step,
how to achieve some desired end state. Terraform, SaltStack, and Puppet all encourage a more
declarative style where you write code that specifies your desired end state, and the IAC tool
itself is responsible for figuring out how to achieve that state.
Question 58
Drag and drop the automation characteristics from the left onto the appropriate tools on the
right.
Answer:
Ansible
+ assesses the impact of changes before applied
+ agentless automation platform
Puppet
+ provides intent-based networking feedback loop
+ agent or agentless automation platform
Question 59
Drag and drop the characteristics from the left onto the correct places on the right.
Answer:
CTS: Fabric Security Policy

LISP: Fabric control Plane
VXLAN: Fabric data plane
BGP: external connectivity from fabric
Explanation
Note: CTS is short for Cisco Trust Security
Question 60
What is the recommended minimum SNR for data applications on wireless networks?
A. 10
B. 25
C. 15
D. 20
Answer: D
Explanation
Generally, a signal with an SNR value of 20 dB or more is recommended for data networks
where as an SNR value of 25 dB or more is recommended for networks that use voice
applications.
Question 61
What does the destination MAC on the outer MAC header identify in a VXLAN packet?
A. the next hop

B. the remote spine
C. the remote switch
D. the leaf switch
Answer: A
Question 62
What is one method for achieving REST API security?
A. using HTTPS and TLS encryption

B. using a MD5 hash to verify the integrity
C. using built-in protocols known as Web Services Security
D. using a combination of XML encryption and XML signatures
Answer: A
Question 63
Which action occurs during a Layer 3 roam?
A. Client receives a new ip address after getting authenticated

B. The client is marked as “Foreign” on the original controller
C. Client database entry is moved from the old controller to the new controller
D. Client traffic is tunneled back to the original controller after a Layer 3 roam occurs
Answer: D
Explanation
In instances where the client roams between APs that are connected to different WLCs and the
WLC WLAN is connected to a different subnet, a Layer 3 roam is performed, and there is an
update between the new WLC (foreign WLC) and the old WLC (anchor WLC) mobility databases.
If this is the case, return traffic to the client still goes through its originating anchor WLC. The
anchor WLC uses Ethernet over IP (EoIP) to forward the client traffic to the foreign WLC, to
where the client has roamed. Traffic from the roaming client is forwarded out the foreign WLC
interface on which it resides; it is not tunneled back. (-> Answer D is not correct). But this is
contradict to what is said in the Official Cert Guide book:
“A Layer 3 intercontroller roam consists of an extra tunnel that is built between the client’s
original controller and the controller it has roamed to. The tunnel carries data to and from the
client as if it is still associated with the original controller and IP subnet.”
The client begins with a connection to AP B on WLC 1. This creates an ANCHOR entry in the WLC
client database. As the client moves away from AP B and makes an association with AP C, WLC 2
sends a mobility announcement to peers in the mobility group looking for the WLC with the client
MAC address. WLC 1 responds to the announcement, handshakes, and ACKs. Next the client
database entry for the roaming client is copied to WLC 2, and marked as FOREIGN. Included
PMK data (master key data from the RADIUS server) is also copied to WLC 2. This provides fast
roam times for WPA2/802.11i clients because there is no need to re-authenticate to the RADIUS
server.
After a simple key exchange between the client and AP, the client is added to the WLC 2
database and is similar, except that it is marked as FOREIGN.
Reference: https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/
TechArch.html
In Layer 3 roaming, no IP address refresh needed (although client must be re-authenticated and
new security session established) -> Answer A is not correct.
In summary, the “Mobility State” of a client is described below:

+ Before roaming: Mobility State = Local
+ After roaming: Mobility State on Old Database = Anchor; Mobility State on New Database =
Foreign
Therefore the client entry on the original controller is not passed to the database totally. The
client entry is still on the old controller but it is marked “Anchor” (not “Foreign”) -> Answer B is
not correct.
Answer C is not correct as the “Client database entry is not moved, but copied to the new
controller.
-> Therefore the best choice should be answer D.
Question 64
What is a characteristic of the overlay network in the Cisco SD-Access architecture?
A. It uses a traditional routed access design to provide performance and high availability to the
network
B. It provides multicast support to enable Layer 2 flooding capability in the Underlay
C. It consists of a group of physical routers and switches that are used to maintain the network
D. It provides isolation among the virtual networks and independence from the physical network
Answer: D
Question 65
What is one characteristic of Cisco DNA Center and Manage northbound APIs?
A. They are RESTful APIs

B. They implement the NETCONF protocol
C. They push configuration changes down to devices
D. They exchange XML-formatted content
Answer: A
Question 66
A company requires a wireless solution to support its main office and multiple branch locations.
All sites have local Internet connections and a link to the main office for corporate connectivity.
The branch offices are managed centrally. Which solution should the company choose?
A. Cisco DNA Spaces

B. Cisco Mobility Express
C. Cisco Unified Wireless Network
D. Cisco Catalyst switch with embedded controller
Answer: C
Question 67
A system must validate access rights to all its resources and must not rely on a cached
permission matrix. If the access level to a given resource is revoked but is not reflected in the
permission matrix, the security is violated. Which term refers to this REST security design
principle?
A. least common mechanism

B. separation of privilege
C. Economy mechanism
D. Complete mediation
Answer: D
Explanation
The principle of complete mediation requires that all accesses to objects be checked to ensure
that they are allowed.
Whenever a subject attempts to read an object, the operating system should mediate the action.
First, it determines if the subject is allowed to read the object. If so, it provides the resources for
the read to occur. If the subject tries to read the object again, the system should check that the
subject is still allowed to read the object. Most systems would not make the second check. They
would cache the results of the first check and base the second access on the cached results.
Reference: https://www.informit.com/articles/article.aspx?p=30487&seqNum=2
Question 68
An administrator is configuring NETCONF using the following XML string. What must the
administrator end the request with?
A. </rpc-reply>
B. </rpc>]]>]]>
C. <pc message-id=”9.0″><notification-off/>
D. </rpc>
Answer: B
Explanation
Use the following XML string to enable the NETCONF network manager application to send and
receive NETCONF notifications:
Example:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cns/configuration/15-e/cns-15-
e-book/cns-netconf.html
Question 69
Which configuration enables a Cisco router to send information to a TACACS+ server for
individual EXEC commands associated with privilege level 15?
A. Router(config)# aaa accounting exec default start-stop group tacacs+

B. Router(config)# aaa authorization exec default group tacacs+
C. Router(config)# aaa accounting commands 15 default start-stop group tacacs+
D. Router(config)# aaa authorization commands 15 default group tacacs+
Answer: C
Explanation
Authorization–Provides fine-grained control over user capabilities for the duration of the user’s
session, including but not limited to setting autocommands, access control, session duration, or
protocol support. You can also enforce restrictions on what commands a user may execute with
the TACACS+ authorization feature.
Accounting–Collects and sends information used for billing, auditing, and reporting to the
TACACS+ daemon. Network managers can use the accounting facility to track user activity for a
security audit or to provide information for user billing. Accounting records include user
identities, start and stop times, executed commands (such as PPP), number of packets, and
number of bytes.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_tacacs/configuration/
xe-16/sec-usr-tacacs-xe-16-book/sec-cfg-tacacs.html
Question 70
An engineer must configure the wireless endpoints to authenticate using Active Directory
credentials in an encrypted tunnel in addition to using a hashed password. Which action is
required?
A. Configure PEAP with GTC

B. Configure EAP-TLS with MSCHAP v2
C. Configure PEAP with MSCHAP v2
D. Configure EAP-TLS with GTC
Answer: C
Explanation
EAP-Transport Layer Security (EAP-TLS) requires an exchange of proof of identities through

public key cryptography (such as digital certificates). EAP-TLS secures this exchange with
an encrypted TLS tunnel, which helps to resist dictionary or other attacks.
EAP-PEAP is a protocol that creates an encrypted (and more secure) channel before the
password-based authentication occurs. The PEAP authentication creates an encrypted SSL/TLS
tunnel between client and authentication server.
-> Therefore both PEAP and EAP-TLS can be used to create an encrypted tunnel so both of them
are correct.
Generic Token Card (GTC) enables the exchange of clear-text authentication credentials across
the network -> Answers with “GTC” are not correct.
Reference: https://www.arubanetworks.com/techdocs/ClearPass/6.9/PolicyManager/Content/
CPPM_UserGuide/Auth/AuthMethod_eap-gtc.htm
If you use EAP-MSCHAPv2, it means that your clients doesn’t need to have a certificate, but your
authentication server (NPS) has a certificate. Passwords from the clients are send using hashes
to the authentication server.
You can use PEAP-EAP-MSCHAPv2 which use a certificate on the authentication server
(NPS) and a password for clients. (-> Therefore answer C is correct). You can use PEAP-
EAP-TLS which use a certificate on the authentication server and a certificate on the client.
Reference: https://social.technet.microsoft.com/Forums/Lync/en-US/7962d24d-7aa2-4413-
97da-4f03793f2405/very-confused-on-authenciation-concepts-eap-peap-eapmschapv2-?
forum=winserversecurity
Question 71

A network engineer checks connectivity between two routers. The Engineer can ping the remote
endpoint but cannot see the arp entry. why is there no arp entry?
A. Interface Fastethernet 0/0 is configured in vrf CUST-A so the arp entry is also in that VRF.
B. When VRFs are used, ARP protocol must be enabled in each VRF.
C. When VRFs are used, ARP protocol is disabled in the global routing table.
D. The ping command must be executed in the global routing table.
Answer: A
Question 72
A network engineer must configure the router to use the ISE-Servers group for authentication. If
both ISE servers are unavailable, the local username database must be used. If no usernames
are defined in the configuration, then the enable password must be the last to log in. which
config must be applied to achieve this result?
A. aaa authentication log error-enable

aaa authentication login default group enable local ISE-Server
B. aaa authentication login default group ISE-Servers local enable.
C. aaa authentication login default group enable local ISE-Server.
D. aaa authorization exec default group ISE-Servers local enable
Answer: B
Question 73
Which python snippet should be used to store the device data structure in a JSON file?
import json
Devices= {'Switches':[{'name': 'AccSW1',
'ip':'2001:db8:db8:db8::1'},
{'name': 'AccSW2',
'ip':'2001:db8:db8:db8::2'}],
'Routers': [{'name': 'CE1', 'ip':'2001:db8:db8:db8::1'},
{'name': 'CE2', 'ip':'2001:db8:db8:db8::2'}
]
}
A. with open(“devices.json”,”w”) as OutFile:

Devices = json.load(OutFile)
B. OutFile = open(“devices.json”,”w”)
json.dump(Devices, OutFile)
OutFile.Close()
C. with open(“devices.json”,”w”) as OutFile:

json.dumps(Devices)
D. OutFile = open(“devices.json”,”w”)
OutFile.write(str(Devices))
OutFile.close()
Answer: D
Explanation
Only one answer has the “write” function to write to a file so it is the correct answer.
Question 74
Refer to the Exhibit.
Users cannot reach the webserver at 192.168.100.1. what is the root cause of the failure?
A. The gateway cannot translate the server domain.

B. The server is attempting to load balance between links 10.100.100.1 an 10.100.200.1
C. The server is out of service
D. There is loop in the path to the server

Answer: D
Question 75
Drag and drop the configs from the bottom onto the correct places.
Answer:
1. [event syslog pattern]

2. [“enable”]
3. [|append flash]
Question 76
Answer:
MAC Address table

+ used to make layer 2 forwarding decisions
+ records MAC address, port of arrival, vlan and timestamps
TCAM table
+ used to build IP Routing tables
+ stores ACL, QOS and other upper layer information
Question 77
Answer:
RLOC: IPV4 or IPV6 address of an egress tunnel router that is internet facing or network core
facing
map resolver: receives map-request messages from ITR and searches for appropriate ETR by
consulting mapping database
ITR: Encapsulates LISP packets coming from inside of LISP site to destinations outside of the
site
Question 78
An engineer must design a wireless network to primarily support 5-GHz clients. The clients do
not support the UNII-2c portion of the 5-GHz band. Due to application bandwidth requirements,
the engineer uses 40-MHz channels. Which design consideration must be made in this scenario?
A. There are 12 overlapping channels available.

B. There are four non overlapping channel available.
C. There are 25 overlapping channels available.
D. There are six non-overlapping channels available.
Answer: B
Explanation
5 Ghz offers significantly more bandwidth than 2.4 GHz. All of the 5 GHz channels offered
support at least 20MHz channel width without overlap.
When using 5 GHz, it is recommended to use at least 40 MHz channel width, as some client
devices may not prefer 5 GHz unless it offers a greater channel width than 2.4 GHz.
If using 40 MHz channel width, the bandwidth of the following channel is used:
36 – 40
44 – 48
149 – 153
157 – 161
Note: There are 6 non-overlapping channels but 2 channels are reserved for DFS.
“However, due to the coexistence of both radar and Wi-Fi networks in the same area of
spectrum, the Wi-Fi standard (IEEE 802.11) was designed to incorporate a spectrum sharing
mechanism on 5GHz to ensure that Wi-Fi networks do not operate on frequencies (hence
causing interference) that are used by nearby radar stations. This mechanism is known as
Dynamic Frequency Selection (DFS) and is designed to mitigate interference to 5GHz radar by
WLANs.”
============================= New Questions (added on 3rd-Apr-2022)

=============================
Question 79

After configuring the BGP network, an engineer verifies that the path between Server1 and
Server2 is functional. Why did RouterSF choose the route from RouterDAL instead of the route
from RouterCHI?
A. The Router-ID for Router DAL is lower than the Router-ID for RouterCHI.
B. The route from RouterDAL has a lower MED.
C. BGP is not running on RouterCHI.
D. There is a static route in RouterSF for 10.0.0.0/24.
Answer: A
Explanation
From the output of “show bgp 10.0.0.0” command, we see that two paths have the same
localpref 100, same AS path length, same Origin IGP. We don’t have information about the
Weight so we can guess the Router ID is used to choose the BGP best path.
Note: BGP Path Selection Attributes: (highest) Weight > (highest) Local Preference > Originate
> (shortest) AS Path > Origin > (lowest) MED > External > IGP Cost > eBGP Peering > (lowest)
Router ID
Question 80
What is a characteristic of a Type 1 hypervisor?
A. It is installed on an operating system and supports other operating systems above it.
B. It is completely independent of the operating system.
C. Problems in the base operating system can affect the entire system.
D. It is referred to as a hosted hypervisor.
Answer: B
Question 81
An engineer must configure an eBGP neighborship to Router B on Router A. The network that is
connected to G0/1 on Router A must be advertised to Router B. Which configuration should be
applied?
A. router bgp 65001

redistribute static
B. router bgp 65002

network 10.0.2.0 255.255.255.0
C. router bgp 65001

network 10.0.1.0 255.255.255.0
D. router bgp 65001
network 10.0.2.0 255.255.255.0
Answer: D
Question 82
An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs
10, 20, and 30. Which command must be added to complete this configuration?
A. Device(config-mon-erspan-src-dst)# mtu 1460

B. Device(config-mon-erspan-src-dst)# no vrf 1
C. Device(config-mon-erspan-src-dst)# erspan id 6
D. Device(config-mon-erspan-src)# no filter vlan 30
Answer: D
Explanation
The command “filter vlan 30” limits to monitor only VLAN 30 so we will not see any traffic for
VLAN 10 and 20. Therefore we must remove this command.
Question 83

How should the script be completed so that each device configuration is saved into a JSON-
formatted file under the device name?
A. Append to the body of the for loop:

with open(f”{Hostname}.json”, “w”) as OutFile:
OutFile.write(Response.text)
B. Insert after the for loop:

OutFile.write(json.dumps(Response.text))
C. Insert after the for loop:

OutFile.write(Response)
D. Insert immediately before the for loop:

OutFile.write(json.load(Devices))
Answer: A
Explanation
We need to write the Response in the for loop because the Response would change for every
element of the loop. “Insert after the for loop” in Python means the for loop ends before our
code is executed.
Question 84

Which EEM script generates a critical-level syslog message and saves a copy of the running
configuration to the bootflash when an administrator saves the running configuration to the
startup configuration?
A. action 1.0 cli command “enable”

action 2.0 cli command “configure terminal”
action 3.0 cli command “file prompt quiet”
action 4.0 cli command “end”
action 5.0 cli command copy running-config bootflash:/current_config.txt
action 6.0 cli command “configure terminal”
action 7.0 cli command “no file prompt quiet”
action 8.0 syslog priority critical msg “Configuration saved and copied to bootflash”
B. action 1.0 cli command copy running-config bootflash:/current_config.txt

action 2.0 syslog msg “Configuration saved and copied to bootflash”
C. action 1.0 cli command copy running-config bootflash:/current_config.txt

D. action 1.0 cli command “enable”

action 2.0 cli command “file prompt quiet”
action 3.0 cli command copy running-config bootflash:/current_config.txt
action 4.0 cli command “no file prompt quiet”
Answer: A
Explanation
When we use the “copy” command , the device asks many parameters although we provided it
in the command. For example:
Router#copy system:running-config tftp://10.0.0.2/fw-test

Source filename [running-config]?
Address or name of remote host [10.0.0.2]?
Destination filename [fw-test]?
!!
2009 bytes copied in 0.604 secs (3326 bytes/sec)
Therefore we can disable the annoying questions with the file prompt quiet configuration
command. This command is under global configuration mode:
Therefore we must enter the “configure terminal” command first.
Question 85
What is achieved by this code?
A. It displays the loopback interface

B. It renames the loopback interface
C. It deletes the loopback interface
D. It unshuts the loopback interface
Answer: D
Question 86

A network engineer must block Telnet traffic from hosts in the range of 10.100.2.248 to
10.100.2.255 to the network 10.100.3.0 and permit everything else. Which configuration must
the engineer apply?
A. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 22

RouterB(config)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in
B. RouterB(config)# access-list 101 deny icmp 10.100.2.0 0.0.0.248 10.100.2.0 0.0.0.248

RouterB(config)#access-list 101 permit any any
RouterB(config)#int g0/0/2
C. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23

RouterB(conrig)# access-list 101 permit any any
D. RouterB(config)# access-list 101 permit tcp 10.100.2.0 0.0.0.252 10.100.3.0 0.0.0.255

Answer: C
========================== New Questions (added on 7th-Apr-2022)

==========================
Question 87
What is a characteristics of a vSwitch?
A. enables VMs to communicate with each other within a virtualized server

B. supports advanced Layer 3 routing protocols that are not offered by a hardware switch
C. has higher performance than a hardware switch
D. operates as a hub and broadcasts the traffic toward all the vPorts
Answer: A
Explanation
Hypervisors provide virtual switch (vSwitch) that Virtual Machines (VMs) use to communicate

with other VMs on the same host. The vSwitch may also be connected to the host’s physical NIC
to allow VMs to get layer 2 access to the outside world.
Each VM is provided with a virtual NIC (vNIC) that is connected to the virtual switch. Multiple
vNICs can connect to a single vSwitch, allowing VMs on a physical host to communicate with one
another at layer 2 without having to go out to a physical switch.
Although vSwitch does not run Spanning-tree protocol but vSwitch implements other loop
prevention mechanisms. For example, a frame that enters from one VMNIC is not going to go
out of the physical host from a different VMNIC card.
Question 88
event manager applet config-alert

event cli pattern “conf t.*” sync
yes
A network engineer must be notified when a user switches to configuration mode. Which script
should be applied to receive an SNMP trap and a critical-level log message?
A. action 1.0 snmp-trap strdata “Configuration change alarm”

action 2.0 syslog msg “Configuration change alarm”
B. action 1.0 snmp-trap strdata “Configuration change critical alarm”
C. action 1.0 snmp-trap strdata “Configuration change alarm”

action 1.0 syslog priority critical msg “Configuration change alarm”
D. action 1.0 snmp-trap strdata “Configuration change alarm”

action 1.1 syslog priority critical msg “Configuration change alarm”
Answer: D
Explanation
We need to create critical-level log so our action must include “priority critical”. Also we need to
define two different action (1.0 and 1.1).
Question 89
Drag and drop the characteristics from the left onto the deployment types on the right.
Answer:
On-Premises
+ It is responsible for hardware maintenance
+ Scalability requires time and effort
Cloud-Based
+ It provides on-demand scalability
+ Maintenance is handled by a third party
Question 90
Which option works with a DHCP server to return at least one WLAN management interface IP
address during the discovery phase and is dependent upon the VCI of the AP?
A. Option 43
B. Option 42
C. Option 125
D. Option 15
Answer: A
Explanation
The DHCP client sends option code 60 in a DHCPREQUEST to the DHCP server. When the server
receives option 60, it sees the VCI, finds the matching VCI in its own table, and then it returns
option 43 with the value (that corresponds to the VCI), thereby relaying vendor-specific
information to the correct client. Both the client and server have knowledge of the VCI.
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/dhcp/
dhcp-options/dhcp-options-43-55-and-60-and-other-customized-options
The AP boots up, performs POST, and then sends a DHCP request. The switch should send out a
DHCP offer, an IP address to use, a default gateway to use, and also the option 43 TLV . The TLV
should contain the IP address of the WLC, with which the AP needs to be associated.
Reference: https://supportportal.juniper.net/s/article/EX-How-to-associate-the-Cisco-AP-with-
WLC-via-DHCP-Option-43?language=en_US
Question 91

An engineer tries to log in to router R1. Which configuration enables a successful login?
A.
R1#username admin privilege 15
aaa authorization exec default local
netconf-yang
B.
R1# netconf-yang
username admin privilege 15 secret cisco123
aaa new-model
C.
R1# aaa new-model
enable aaa admin privilege 15
D.
R1# username admin privilege 15

Answer: B
Explanation
In the exhibit above, we are trying to SSH to R1 over NETCONF. In order to use NETCONF we
have to use the command “netconf-yang” command. Also from the exhibit we learn the
username/password should be admin/cisco123.
Note: The above output is the hello message that includes all of R1 capabilities.
Question 92
Which component transports data plane traffic across a Cisco SD-WAN network?
A. vSmart
B. vManage
C. cEdge
D. vBond
Answer: C
Question 93
Which type of tunnel is required between two WLCs to enable intercontroller roaming?
A. mobility
B. LWAPP
C. iPsec
D. CAPWAP
Answer: A
Explanation
There are two types of intercontroller roaming: Intercontroller Layer 2 Roaming and
Intercontroller Layer 3 Roaming. But the first one does not require tunnel between two WLCs.
The second one requires mobility tunnel:
Question 94

An attacker can advertise OSPF fake routes from 172.16.20.0 network to the OSPF domain and
black hole traffic. Which action must be taken to avoid this attack and still be able to advertise
this subnet into OSPF?
A. Configure 172.16.20.0 as a stub network.

B. Configure graceful restart on the 172.16.20.0 interface.
C. Configure a passive interface on R2 toward 172.16.20.0.
D. Apply a policy to filter OSPF packets on R2.
Answer: C
Explanation
In this question an attacker advertises OSPF fake routes so it must establish OSPF neighbor
relationship with R2. Therefore we can disable this relationship by configuring a passive interface
on e0/1 of R2.
Question 95

ip sla 100
udp-echo 10.10.10.15 6336
frequency 30
An engineer has configured an IP SLA for UDP echo’s. Which command is needed to start the IP
SLA to test every 30 seconds and continue until stopped?
A. ip sla schedule 100 life forever

B. ip sla schedule 30 start-time now life forever
C. ip sla schedule 100 start-time now life 30
D. ip sla schedule 100 start-time now life forever
Answer: D
Question 96
Which two characteristics apply to the endpoint security aspect of the Cisco Threat Defense
architecture? (Choose two)
A. outbound URL analysis and data transfer controls

B. detect and block ransomware in email attachments
C. cloud-based analysis of threats
D. blocking of fileless malware in real time
E. user context analysis
Answer: A D
Explanation
The goal of the Cyber Threat Defense solution is to introduce a design and architecture that can
help facilitate the discovery, containment, and remediation of threats once they have penetrated
into the network interior.
Cisco Cyber Threat Defense version 2.0 makes use of several solutions to accomplish its
objectives:
..
* Content Security Appliances and Services

– Cisco Web Security Appliance (WSA) and Cloud Web Security (CWS)
– Dynamic threat control for web traffic
– Outbound URL analysis and data transfer controls
– Detection of suspicious web activity
– Cisco Email Security Appliance (ESA)
– Dynamic threat control for email traffic
– Detection of suspicious email activity
* Cisco Identity Services Engine (ISE)

– User and device identity integration with Lancope StealthWatch
– Remediation policy actions using pxGrid
Reference: https://www.cisco.com/c/dam/en/us/td/docs/security/network_security/ctd/ctd2-0/
design_guides/ctd_2-0_cvd_guide_jul15.pdf
=============================== New Questions (added on 9th-Apr-

2022) ===============================
Question 97
What is a characteristics of traffic policing?

A. lacks support for marking or remarking
B. can be applied in both traffic directions
C. must be applied only to outgoing traffic
D. queues out-of-profile packets until the buffer is full
Answer: B
Explanation
Policing: is used to control the rate of traffic flowing across an interface. During a bandwidth
exceed (crossed the maximum configured rate), the excess traffic is generally dropped or
remarked. The result of traffic policing is an output rate that appears as a saw-tooth with crests
and troughs. Traffic policing can be applied to inbound and outbound interfaces. Unlike traffic
shaping, QoS policing avoids delays due to queuing. Policing is configured in bytes.
Question 98
How does NETCONF YANG represent data structures?
A. in an XML tree format

B. as strict data structures defined by RFC 6020
C. in an HTML format
D. as modules within a tree
Answer: A
Question 99
What is generated by the script?
A. the router processes

B. the routing table
C. the cdp neighbors
D. the running configuration
Answer: D
Explanation
Reference: https://developer.cisco.com/codeexchange/github/repo/ncclient/ncclient/
Question 100
Which VXLAN component is used to encapsulate and decapsulate Ethernet frames?
A. VTEP
B. GRE
C. EVPN
D. VNI

Answer: A
Explanation
VTEPs connect between Overlay and Underlay network and they are responsible for
encapsulating frame into VXLAN packets to send across IP network (Underlay) then
decapsulating when the packets leaves the VXLAN tunnel.
Question 101
A Cisco DNA Center REST API sends a PUT to the /dna/intent/api/v1/network-device endpoint. A
response code of 504 is received. What does the code indicate?
A. The response timed out based on a configured interval

B. The user does not have authorization to access this endpoint
C. The username and password are not correct
D. The web server is not available
Answer: A
Explanation
This error response (504) is given when the server is acting as a gateway and cannot get a
response in time.
Question 102

A network engineer must load balance traffic that comes from the NAT Router and is destined to
10.10.110.10, to several FTP servers. Which two commands sets should be applied? (Choose
two)
A. interface gig0/0
ip address 10.10.110.1 255.255.255.0
ip nat inside
interface gig0/1
ip address 172.16.1.1 255.255.255.252
ip nat outside
B. interface gig0/0
ip address 10.10.110.1 255.255.255.0
ip nat outside
interface gig0/1
ip address 172.16.1.1 255.255.255.252
ip nat inside
C. ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary

access-list 23 permit 10.10.110.10
ip nat inside destination-list 23 pool ftp-pool
D. ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0 type rotary

ip nat outside destination-list 23 pool ftp-pool
E. ip nat pool ftp-pool 10.10.110.2 10.10.110.9 netmask 255.255.255.0

ip nat inside destination-list 23 pool ftp-pool
Answer: A C
Explanation
The purpose of this question is when someone tries to access the IP 10.10.110.10, the IP
addresses from 10.0.0.2 to 10.0.0.9 will be handed out in a rotary fashion. This performs a basic
form of load balancing. In order to do this, we need “type rotary” in the “ip nat pool …”
statement -> Answer C is correct.
Also Gi0/0 interface must be the NAT inside interface -> Answer A is correct.
Question 103
A large campus network has deployed two wireless LAN controllers to manage the wireless
network. WLC1 and WLC2 have been configured as mobility peers. A client device roams from
AP1 on WLC1 to AP2 on WLC2, but the controller’s client interfaces are on different VLANs. How
do the wireless LAN controllers handle the inter-subnet roaming?
A. WLC2 marks the client with a foreign entry in its own database. The database entry is copied
to the new controller and marked with an anchor entry on WLC1
B. WLC2 marks the client with an anchor entry in its own database. The database entry is copied
to the new controller and marked with a foreign entry on WLC1
C. WLC1 marks the client with a foreign entry in its own database. The database entry is copied
to the new controller and marked with an anchor entry on WLC2
D. WLC1 marks the client with an anchor entry in its own database. The database entry is copied
to the new controller and marked with a foreign entry on WLC2
Answer: D
Explanation
In instances where the client roams between APs that are connected to different WLCs and the
WLC WLAN is connected to a different subnet, a Layer 3 roam is performed, and there is an
update between the new WLC (foreign WLC) and the old WLC (anchor WLC) mobility databases.
If this is the case, return traffic to the client still goes through its originating anchor WLC. The
anchor WLC uses Ethernet over IP (EoIP) to forward the client traffic to the foreign WLC, to
where the client has roamed. Traffic from the roaming client is forwarded out the foreign WLC
interface on which it resides; it is not tunneled back.
The client begins with a connection to AP B on WLC 1. This creates an ANCHOR entry in the
WLC client database. As the client moves away from AP B and makes an association with AP C,
WLC 2 sends a mobility announcement to peers in the mobility group looking for the WLC with
the client MAC address. WLC 1 responds to the announcement, handshakes, and ACKs. Next the
client database entry for the roaming client is copied to WLC 2, and marked as FOREIGN.
Included PMK data (master key data from the RADIUS server) is also copied to WLC 2. This
provides fast roam times for WPA2/802.11i clients because there is no need to re-authenticate
to the RADIUS server.
After a simple key exchange between the client and AP, the client is added to the WLC 2
database and is similar, except that it is marked as FOREIGN.
Reference: https://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob30dg/
TechArch.html
Question 104

An administrator troubleshoots intermittent connectivity from internal hosts to an external public
server. Some internal hosts can connect to the server while others receive an ICMP Host
Unreachable message and these hosts change over time. What is the cause of this issue?
A. The translator does not use address overloading

B. The NAT pool netmask is excessively wide
C. The NAT ACL and NAT pool share the same name
D. The NAT ACL does not match all internal hosts
Answer: A
Explanation
As we can see there is the line “type generic, total addresses 2, allocated 2(100%), missed 7”.
This means all the IP addresses for NAT have been allocated and 7 requests were missed. It
means this is NAT 1:1, not PAT so answer A is correct.
Answer D is not correct as the NAT ACL covers internal hosts 10.0.3.1 but it still failed to
allocated address so we cannot say it does not match all internal hosts.
Question 105

Which configuration must be added to enable GigabitEthemet 0/1 to participate in OSPF?
A. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 1

B. SF_router (config)# network 10.10.1.0 0.0.0.255 area 1
C. SF_router (config-router)# network 10.10.1.0 0.0.0.255 area 0
D. SF_router (config-router)# network 10.10.1.0 255.255.255.0 area 0
Answer: A
Question 106
Which configuration creates a CoPP policy that provides unlimited SSH access from client
10.0.0.5 and denies access from all other SSH clients?
Option A Option B
access-list 100 permit tcp host 10.0.0.5 any !

eq 22 access-list 100 permit tcp host 10.0.0.5 any
access-list 100 deny tcp any any eq 22 eq 22
! access-list 100 deny tcp any any eq 22
class-map match-all telnet_copp !
match access-group 100 class-map match-all telnet_copp
! match access-group 100
policy-map CoPP !
class telnet_copp policy-map CoPP
police 8000 class telnet_copp
! drop
control-plane !
service-policy input CoPP control-plane
! service-policy input CoPP
!
Option C Option D
! access-list 100 permit tcp any any eq 22

access-list 100 deny tcp host 10.0.0.5 any access-list 100 deny tcp host 10.0.0.5 any
eq 22 eq 22
access-list 100 permit tcp any any eq 22 !
! class-map match-all telnet_copp
class-map match-all telnet_copp match access-group 100
match access-group 100 !
! policy-map CoPP
policy-map CoPP class telnet_copp
class telnet_copp police 8000
drop !
! control-plane
control-plane service-policy input CoPP
service-policy input CoPP !
!
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation
A strange thing here is we have to “deny” source 10.0.0.5 in the ACL so that it is excluded from
“policy-map CoPP”. It will be matched by the “class-default” which is implemented implicitly at
the end of the policy-map. This default class will match all the traffic and allows them by default.
Question 107
Which python code parses the response and prints “18:32:21.474 UTC sun Mar 10 2019?
A. print(response[‘result’][0][‘simple_time’])
B. print(response[result’][‘body’][‘simple_time’])
C. print(response[‘body’][‘simple_time’])
D. print(response[‘result’][‘body’][‘simple_time’])

Answer: D
Explanation
From the “Mastering Python Networking” book:
When we executed it, we simply received the system version. So we should use the same syntax
to get the simple time.
Question 108
The Gig0/0 interface of two routers is directly connected with a 1G Ethernet link. Which
configuration must be applied to the interface of both routers to establish an OSPF adjacency
without maintaining a DR/BDR relationship?
A. interface Gig0/0
ip ospf network point-to-multipoint
B. interface Gig0/0
ip ospf network non-broadcast
C. interface Gig0/0
ip ospf network broadcast
D. interface Gig0/0
ip ospf network point-to-point
Answer: D
Question 109
The port channel between the switches does not work as expected. Which action resolves the
issue?
A. Interface Gi0/0 on Switch2 must be configured as passive.

B. Interface Gi0/1 on Switch1 must be configured as desirable.
C. Interface Gi0/1 on Switch2 must be configured as active.
D. Trunking must be enabled on both interfaces on Switch2.
Answer: C
Explanation
With above configuration, the Port-channel 1 of Switch1 is in trunking mode “on”:

We try changing the Etherchannel mode of Gi0/1 on Switch2 to “active” and it worked.
This is because one side is mode “On” while the other side is mode “active”.
Question 110
By default, which virtual MAC address does HSRP group 14 use?
A. 04.16.19.09.4c.0e
B. 00:05:5e:19:0c:14
C. 00:05:0c:07:ac:14
D. 00:00:0c:07:ac:0e
Answer: D

Preguntas ENCOR Quiz Part 9

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Preguntas ENCOR Quiz Part 9

Uploaded by

Copyright:

Available Formats

Question 1

Which IPv4 packet field carries the QoS IP classification marking?

Refer to the exhibit.

A. the username “cisco” and the password “cisco123”

A. Deploy a separate network for the wireless environment.

Refer to the exhibit.

A. router bgp 1200

B. router bgp 1200

C. router bgp 1200

D. router bgp 1200

Refer to the exhibit.

What is the API keys option for REST API authentication?

A. a predetermined string that is passed from client to server

Refer the exhibit.

A. SW4(config)#spanning-tree vlan 1 priority 32768

C. SW4(config)#spanning-tree vlan 1 priority 0

D. SW4(config)#spanning-tree vlan 1 priority 0

A. with open(“ifaces.json”, “w”) as OutFile:

B. with open(“ifaces.json”, “w”) as OutFile:

C. with open(“ifaces.json”, “w”) as OutFile:

D. with open(“ifaces.json”, “w”) as OutFile:

The json() method of the Response interface takes a Response stream and reads it to

Response.text returns the content of the response (string), in unicode so we can write it to a

Refer to the exhibit.

A. Device(config)# monitor session 1 type erspan-source

B. Device(config)# monitor session 1 type erspan-destination

C. Device(config)# monitor session 1 type erspan-source

D. Device(config)# monitor session 1 type erspan-source

For the source session, we have to configure:

========================= New Questions (added on 3rd-March-2022)

Refer to the exhibit.

A. Reload the switch to force EtherChannel renegotiation

This cron runs from Sunday to Thursday -> 0-4

Which definition describes JWT in regard to REST API security?

A. an encrypted JSON token that is used for authentication

========================== New Questions (added on 5th-Mar-2022)

What happens when a FlexConnect AP changes to standalone mode?

A. All controller dependent activities stops working except DFS

A. network data platform

========================== New Questions (added on 8th-Mar-2022)

What is one difference between EIGRP and OSPF?

Refer to the exhibit.

A. Allow all VLANs on the trunk links

A. as delay-sensitive traffic in a low latency queue

Refer to the exhibit.

show ip sla statistics 6 show ip protocol

A. Cisco ISE and Enterprise Directory Services

Refer to the exhibit.

What is the result of the API request?

What is a TLOC in a Cisco SD-WAN deployment?

A. Authentication Down/Switching Down

A FlexConnect WLAN, depending on its configuration and network connectivity, is classified as

Refer to the exhibit.

Router(config)#access-list 10 permit tcp any Router(config)#access-list 100 permit udp

Router(config)#access-list 100 permit tcp Router(config)#access-list 100 permit tcp

Refer to the exhibit.

B. show ip interface brief

C. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp

class-map match-all CoPP-management

D. show policy-map control-plane

A. distribute-list prefix OFFICE in under the OSPF process

A. Native Fabric Multicast

What is one characteristic of the Cisco SD-Access control plane?

Refer to the exhibit.