Scribd Logo
Upload

Welcome to Scribd!

  • MultipleChoice 627q

    Uploaded by

    Hannibal Imter
    44 views1,327 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    44 views1,327 pages

    MultipleChoice 627q

    Uploaded by

    Hannibal Imter

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 1327
    ey item 1 0f627 (Choice, 1) ‘What does @ YANG model provide? © A creation of transport protocols and ther interaction withthe OS: © B.standardized data structure that can be used only with NETCONF or RESTCONF transport protacols © C.standardized data structure independent of the transport protocols © D.user access to interact directly withthe CLI of the device to receive or modify network configurations: sia (te [Real = P yowneie ro seat Ca 3 ey item 1 0f627 (Choice, 1) ‘What does @ YANG model provide? ‘creation of transport protocols and their interaction withthe OS 8 standardized data strctie that can be used only with NETCONF or RESTCONF ttanspon protéeols C.standardized data structure independent of the transport protocols D.user access to interact directly withthe CLI ofthe device to receive or modify network configurations ‘Answer: C Poi CO] | eee P yowneie ro seat Ca 3 ey =a _® Item 2 of 627 (Choice, 02) | Sowtnoe Refer to the exhibit. Which two commands are required on router R1 to block FTP and alow al other traffic from the Branch 2 network? (Choose two) UW A.accessiist 101 deny tep 10.0:2.0 0.0.0.255 host 10.0.101.9 eq f-data ‘access-ist 101 permit ip any any. TB.accessiist 101 deny tep 10.0.2.0 0.0.0.255 hest 10.0.101.3 eq ftp ‘accessuist 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq fip-data ‘access-ist 101 permit ip any any 1 C.interface Gigabitethemet0/0 ‘paddress 10.0.101.1 255.255.255.252 ‘paceess-group 101 in 1 D.interface Gigabitetheset0/0 Ipaddress 10.0.0.1 255.255.255.252 Did mecgemerrrem TSE as bs C$ 3 3 x sara se ss 1 Prieg| WE] [Rea a = SseSessin | EM Eam TS cps fen anyon =a _® anaoa.y ) ee 3 Refer to the exhibit. Which io commands are requifed on router R1 to block FTP and ditow all other tafe from the Branch 2 network? (Choose two.) TA accessiist 101 deny top 10.0.2.0 0.0.0.255 host 10.0.101.9 eq ftr-data ‘access-ist 101 permit ip any any 1 B.accessiist 101 deny top 10.0.2,0 0.0.0.255 host 10.0.101.5 eq fp ‘accessuist 101 deny tcp 10.020 0.0.0.255 host 10.0.101)3 ea fipdata ‘access-ist 101 permit ip any any 1 G interface GigabitEthemet010 ‘paddress 10.0.101.1 255.255.255.252 ‘paceess-group 101 in 1 D interface Gigabitethemet0/0 |p address 10.0.0.1 255.255.255.252 ‘paccess-group 101 out U E.accesstist 101 deny tep 10.0.2.0 0.0.0.255 host 10.0.101.3 eq fp ‘access-ist 101 permit ip any any rai at ss 1 Pie | We [ Ream a= SseSessin | EM Eam PD ypenaer0 sera or 6a TS cps fen anyon =a _® a8, | sontoat anaoa.y ) ee 3 Refer to the exhibit. Which io commands are requifed on router R1 to block FTP and aitow all other tafe from the Branch 2 network? (Choose two.) A accessuist 101 deny top 10.0.2.0 0.0.0.255 host 10.0.101.3 eq fip-data ‘access-ist 101 permit ip any any B,accessiist 101 deny top 10.0.2.0 0.0.0.255 host 10.0,101.3 ea tp ‘accessuist 101 denty tcp-10.0.2.0 0,0.0.255 host 10.0,101)3 eq fipdata, ‘access-ist 101 permit ip any any. C interface GigabitEthermet0/0 Ipaddress 10.0.101.1 255.255.255.252 ip access-group 101 in D interface Gigabitethemet0/0. |p address 10.0.0.1 255.255.255.252 ‘paccess-group 101 out E.accesstlst 101 deny top 10.0.2.0 0.0.0.285 host 10.0.101.3 eq fp ‘access-ist 101 permit ip any any rai at ss 1 Pie | WE] [Ream = SseSessin | EM Eam PD ypenaer0 sera or 6a ey Item 3 of 627 (Choice, 03) ‘What is @ fact about Cisco EAP-FAST? © A.itrequires a cient certificate. 0 B.ltis an IETF standard, © C.ltoperates in transparent mode © Dit does not require a RADIUS server certificate. rio | tbe] [Rea = PD ypenaer0 sera or 6a Bamiapmaceune item 3 of 627 (Choice, @3) ‘What i a fact about Cisco EAP-FAST? A. It requires a client certificate B.ltis an ETF standare C.lt operates in transparent mode D.lt does not require a RADIUS server certificate. ‘Answer: D sin wat i i om 1 Pros | ibe] [Reo = Soe Sein | EME PD ypenaer0 sera or 6a ey Item 4 of 627 (Choice, 4) Sn ‘A-company plans to implement intent-based networking in its campus infrastructure. Which design facilitates a migration from a traditional campus {design to a programmable fabric design? © A.threedtier © B.layer2 access © C.twostier © Dyrouted access errr = 1 Fries [tne] | Reweat = Soria ea 6a PD ypenaer0 sera or ey item 4 0f627 (Choice, 4) ‘A-company plans to implement intent-based networking in its campus infrastructure. Which design facilitates a migration from a traditional campus {design to a programmable fabric design? Acthreestien B.Layer2 access Ctwo-tier Dirouted access: “Answer: D) x hitos:www ciscolive.comcldanvriciscolivelus/docs/20 1 T/pdBRKCRS-2612.pdt ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey =a _® Item 5 of 627 (Choice, Q5) | Sowtnoe ‘RIF stv run [begin ine con es ‘ge evel 15 Jogging synchronous: stops 1 te aixo si oak. *pavoge vel 15 Jogging synchronous, stops $ hrowyod oh agg 748002150028 st 6 oe Refer to the exhibit. Which privilege level is assigned to VTY users? TS cident Dyan ‘vege evel 13 egg. synchronous stopbs tne aco siiogut 0.0 “rege level 15, Yogging synchronous stopbis ino WyO4 > ck ose 045002150028 in a no vy 538, password 7045002150028 Rt# sh un | include aaa | enable ‘no aaa new. model Rie Refer to the exhibit. Which privilege level is assigned to VTY users? oat oB7 0613 oD45 nial] CW [Rea 6a 15 cpp ona an =a Sop F Ine au so pect 00 *pamloge kel 15 topping Synetronous Stops T inewyo4 ck raged BHSEO21HICIE ee) line vty 518 password 7 04580215002E 20] oe AR1# str run | include aaa | enable ‘Ro aaa new. model Riz Refer fo the exhibit Which privilege level is assigned to VTY users? at 87 c13 DAs ‘Answer: A We | [Resa = PD ypenaer0 sera or 6a ey Item 6 of 627 (Choice, 06) ‘Which resource must a hypervisor make available tothe virtual machines? OALIP address: 0 B.secure access © C.Storage © D Bandwidth rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 6 of 627 (Choice, 06) Which resource must a hypervisor make available to the vitual machines? AIP address B.seture access C.Storage Bandwidth ‘Answer: C errr a 1 Fries [tne] | Reweat = Soria ea PD ypenaer0 sera or 6a ey Item 7 of 627 (Choice, Q7) x Ina Cisco Catalyst switch equipped with two supervisor modules, an administrator must temporarily remove the active supervisor from the chassis to perform hardware maintenance on i Which mechanism ensures that the active supervisor removal is not disruptive to the network operation? ©A.SSO © B.NSFINSR © C.VRRP, OD.HSRP errr a 1 Fries [tne] | Reweat = Soria ea P yowneie ro seat Ca 3 ey item 7 of 627 (Choice, 7) Ina Cisco Catalyst switch equipped with two supervisor modules, an administrator must temporarily remove the active supervisor from the chassis to perform hardware maintenance on i Which mechanism ensures that the active supervisor removal is not disruptive to the network operation? ASSO B.NSFINSR C.VRRP D.HSRP “Answer: A x ss 1 rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey =a _® Item 8 of 627 (Choice, Q8) es ‘Show Anoner An engineer must configure interface and sensor monitoring on a router. The NMS server is located ina trusted zone with IP address 10.15.2.19. ‘Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must ‘be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply? © Alp accessuist extended nms permit 1 host 10.15.2,19 any ‘snmp-server view ro internet included ‘snmp-server viewro iEntry included ‘snmp-server group nms v3 priv notify ro access nm ‘srimp-server user user! nms v3 encrypled auth md5 Password! pri 3des Password123 © Bip accessiist standard nme permit 10.15.2.19 0.0.00 ‘snmp-server view rw iso included ‘snmp-server view rw iEntry included ‘snmp-server group nms v3 auth write rw access nms, ‘snmp-server user user! nms v3 auth des Passwordi pri des Password123 © Gp accessiist standard nms permit 10.15.2.19.0.0.0.0 ‘snmp-server view ro iso included ‘snmp-server view ro ifEntry Included ‘snmp-server group nms v3 priv read ro access nms ‘snmp-server user user! nms v3 auth sha Password! pri aes 258 Password123 © Dip accessiist standard nms permit 10.15.2.19 255.255.256.255 ‘snmp-server view ro cisco included ‘srimp-server view ro Entry included ‘snmp-server group nms v3 priv read ro access nms ‘snmp-server user user! nms v3 auth 3des Password1 pri aes 192 Passwordi23. sina earaae ve 1 Fries [tne] | Reweat = spars ey Item 8 of 627 (Choice, 08) An engineer must configure interface and sensor monitoring on a router. The NMS server is located ina trusted zone with IP address 10.15.2.19. ‘Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must ‘be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply? Alp accessiist extended nms permit 1 host 10.15.2.19 any ‘snmp-server view ro internet included ‘snmp-server view Fo ifEntry included ‘snmp-Server group nms v3 priv notify ro access nm ‘snmip-server user usert nis v3 encrypted auth md5 Passwordt pri 3des Password123 B ip accesstlist standard nims ermit 10.15.2.19 0.0.0.0 ‘snmp-server view rw igo included ‘snmp-server view tw iEntry included ‘shmp-server group-nms v3 auth write rw access ms ‘snmp-server user user! ms v3 auth des Passwordt pri des Password123 lp accessiist standard nms Permit 10.152.19.00.0.0 ‘snmp-server view ro iso include. ‘shimp-server View ro fEntry included ‘snmp-server group nms v3 priv read ro access nms ‘snmp-server user user! nms v3 auth sha Password! pri aes 258 Password123 Dlpaccessiist standard nms Permit 10.15.2.19 255.255.255.255 ‘snmp-sefver view ro cisco included ‘srimp-Server view ro Entry included ‘snmp-server group nms v3 priv read ro access nms ‘snmp-server user user! nms v3 auth 3des Password! pri aes 192 Password123. Rosia toe] [eee BD one ne 6a ey item 9 0f627 (Choice, 8) ‘What i the dliference between a RIB and a FIB? © A.The FIB is where all IP routing information is stored, © B.The RIB is used to make IP source prefix-based switching decisions, © C.The RIB maintains a miror image of the FIB. © D-The FIB is populated based on RIB content rio |[_— tine] Ream = PD ypenaer0 sera or ey item 9 0f627 (Choice, 8) ‘What isthe diference between a RIB and a FIB? ‘A. The FIBis where ll IP routing information is stored B. The RIB \s used to make IP source prefixbased switching decisions, .The RIB maintains a mirror image of the FB. -The FIB is populated based on RIB content “Answer: D rio |[_— tine] Ream = PD ypenaer0 sera or ey item 10 of 627 (Choice, 010) Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Ciseo IOS device? © A The device received a valid NETCONF request and serviced it without error. © B.The NETCONF running datastore is currently locked © G-ANETCONF request was made for a data model that does not exist. © D.NETCONE message with valid content based on the YANG data models was made, but the request falled Preis [ioe] [ra = PD ypenaer0 sera Cy ey item 10 of 627 (Choice, 010) Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Ciseo IOS device? ‘A The device received a valid NETCONF request and serviced it without error. B.The NETCONF running datastore is currently locked CANETCONF request was made for a data model that does not exist. D.NETCONE message with valid content based on the VANG data models yas ade, but the request fled, ‘Answer: C hitpssiwww.cisco.comie/en/us/supporvdocs!storage-networking/management/200933- YANG-NETCONF-Cenfiguration-Validation himitanc42 Preis [ioe] [ra = PD ypenaer0 sera Cy ey =a _® Item 11 of 627 (Choice, 211) | Sowtnoe Refer fo the exhib. The WLC adminlatrator sees thal the controler fo which a roaming client associates has Mobilty Role Anchor configured under Gents > Detail. Which type of roaming is supported? sin wot ee A ei 5 S 3 Scion 1 Pio |[-— be] [Rew a = SseSessin | EM Eam BD one a2 6a TS cde Aen Dyan =a _® eo ae ane = of gash, co ca Refer fo the exhibit, The WLC administrator sees that the controler fo which a roaming client associates has Mobility Role Anchor configured under Clients > Detail. Which type of roaming is supported? OA inttacontroter © B.Layer 3 intereontroler © G.Layer 2 intercontroler © Dindreet rie Woe | Reawa = SseSessin | EM Eam PD ypenaer0 sera or 6a TS cde Aen Dyan =a _® eo ae ane = of gash, co ca Refer fo the exhibit, The WLC administrator sees that the controler fo which a roaming client associates has Mobility Role Anchor configured under Clients > Detail. Which type of roaming is supported? A.istragontroner B.Layer3 iniercontroller Layer 2 intercontrofer Diindirect sia wat eS A i i i i 3 e som 1 Pros [in] [Reel SoeSetin| Eds PD ypenaer0 sera or 6a ey Item 12 of 627 (Choice, 212) ‘Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture? © A.VPN routing forwarding 0 B.easy virtual network © C.overlay network © D.undertay network rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune Item 12 of 627 (Choice, 212) ‘Which technology is used to provide Layer 2 and Layer 3 logical networks in the Cisco SD-Access architecture? A.VPN routingiforwarding Beaty virtual network C.overlay network D.underiay network “Answer: sin wat a i i som 1 Pros [in] [Reel Soe Sein | EME PD ypenaer0 sera or 6a ey item 13 of 627 (Choice, 013) loci gual ey Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up ‘when there is @ problem with the IP SLA. Which configuration should the engineer use? © Acevent manager applet EEM_IP_SLA ‘event sla 10 state down © B.event manager applet EEM.IP_SLA ‘event sla 10 state unreachable © C.event manager applet EEM,IP_SLA ‘event track 10 state unread © D.event manager applet EEM_IP_SLA ‘event track 10 state down srs wat eS som 1 Pros [in] [Reel SoeSetin| Eds DB Wpenereo sear Cy 6a ey item 13 of 627 (Choice, 013) ‘when there is @ problem with the IP SLA. Which configuration should the engineer use? ‘Acevent manager applet EEM_IP_SLA ‘event sla 10 state down event manager applet EM. IP_SLA ‘event sla 10 state unreachable CC.event manager applet EEM, |P_SLA ‘event track 10 state unreact event manager applet EEM_IPLSLA ‘event track 10 state down ‘Answer: D Preis [ioe] [ra = PD ypenaer0 sera or 6a ey Item 14 of 627 (Choice, 14) ‘What isthe recommended MTU size for a Cisco SD-Access Fabric? ©A.1500 08.1704 06.8100 0 D4464 rio |[_— tine] Ream = PD ypenaer0 sera or 6a Sqn item 14 of 627 (Choice, O14) ‘What isthe recommended MTU sie fora Cisco SD-Access Fabric? ‘A.1500 8.17014 ¢.8100 D.4464 ‘Answer: C errr a 1 Fries [tne] | Reweat = Soria ea PD ypenaer0 sera or 6a ey item 15 of 627 (Choice, 215) ‘What is one characteristic of Cisco DNA Center and vManage northbound APIs? © A.They are RESTIUI APIs, 0B. They exchange XML-formiatted content. ‘© G.They implement the NETCONF protocol © D-They push configuration changes down to devices. rio |[_— tine] Ream = PD ypenaer0 sera ey Item 15 of 627 (Choice, 015) ‘What is one characteristic of Cisco DNA Center and vManage northbound APIs? A They afe RESTIUAPIs, They exchange XML-forriatted content. .They implement the NETCONF protocol. D-They push configuration changes down to devices, “Answer: A rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 16 of 627 (Choice, 016) =e ‘Annetwork engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate Certificate authority. Which configuration commands are required to issue a certificate signing request from the core switch? © A.Core-Suiteh(configyt crypto pki enioll Core-Switch ‘Cote-Switeh(config ip hitp secure-trustpoint Core-Switch ‘© B.Core-Switeh(configy# crypto pki trstpoint Core-Switch ‘Core-Switeh(ca-trustpoint}# enrolment terminal Core-Switeh(config erypto pki enroll Core-Suiteh © C.Core-Switeh(configy# ip http secure-trustpoint Core-Switth ‘Core-Switeh(configh crypto pki enrol Core-Switch ‘©.D.Core-Switeh(configi# crypto pki tustpoint Core-Switeh CCore-Switeh(ca-trustpoint}# enrolment terminal Core-Switch(configyt ip hitp secure-trustpoint Core-Switch Pree |Win] | Rea a ‘Saw Sein | [Eder PD ypenaer0 sera or 6a ey Item 18 of 627 (Choice, 216) ‘Annetwork engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which configuration commands are required to issue a certificate signing request from the core switch? A.Gore-Switeh(contigi# crypto pki €nfol Core-Switch, ‘Core-Switeh(config}ip http secure-trustpoint Core-Switeh 8. Core-Switch(config)# crypto pki trustpoint Core-Switch ‘Core-Switeh(ca-trustpoint}# enrollment terminal Core-Switch(configi# crypto pki enroll Core-Switch C.Core-Suitch(configi ip http Sectire-trustpoint Core-Switehi ‘Core-Switeh(config}#t crypto pki enroll Core-Switch .Core-Switch(configi#t crypto pki trustpoint Core-Switch Core-Switeh(ea-trustpoint}# enrolment terminal Core-Switch(configit ip hitp secure-trustpoint Core-Switch ‘AnswerB a hitps:iwww-cisco.comlcfen/us/ididecs/iosfios_xe/sec_secure_connectivty/configuration/guide/convertisec_pki_xe_3s_bookl sec_cert_enrol_pki_xe html Pree |Win] | Rea a PD ypenaer0 sera or 6a ey Item 17 of 627 (Choice, 017) Which devices does Cisco DNA Center configure when deploying an IP-based access control policy? © A.selected individual devices © B.allwited devices © Calldevices in selected sites © Dalldevices integrating with ISE rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 17 of 627 (Choice, 017) ‘Which devices does Cisco DNA Center configure when deploying an IP-based access control policy? ‘A.selected individual devices Ball wired devices C.alldevices in selected sites D.alldevices integrating with ISE “Answer: sin wat a i i som 1 Pros [in] [Reel Soe Sein | EME PD ypenaer0 sera or 6a ey Item 18 of 627 (Choice, 218) ‘What is @ characteristic of VLAN? © A.Itis a multitenant solution, © B.ltuses TCP for transport © G.lthas a 12-byte packet header, © Diltextends Layer 2 and Layer 3 overlay networks over a Layer 2 underlay. rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 18 of 627 (Choice, 018) ‘What isa characteristic of VLAN? A [tis @ muiti-tenant solution. B.tuses TCP for transport C.lthas a 12-byte packet header, D.ltextends Layer 2 and Layer 3 overlay networks over a Layer 2 underiay, ‘Answer: A sin wat a i i som 1 Pros [in] [Reel Soe Sein | EME PD ypenaer0 sera or 6a ey Item 19 of 627 (Choice, 019) Which device makes the decision for a wireless client to roam? ‘© A.WCS location server © B.wireless LAN controller © C.access point © D.wireless elient rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 19 of 627 (Choice, 019) ‘Which device makes the decision for awiteless client to roam? A.WCS location server B.wireless LAN controller C.access point D.wireless elient “Answer: D sin wat a i i som 1 Pros [in] [Reel Soe Sein | EME PD ypenaer0 sera or 6a 1 cymacgaceutien tena baeycomason =a _® Item 20 of 627 (Choice, 220) | Sowtnoe 1 172.16.250.1 2 mee REN mses 172 16400:24 & a se at sei tote ee . no See Tee Serene eel, cay ee emaetter Eesti gael teat ert On) Se eer oe © eo ehaae pean goes tate, oat a eect antag chit sehen 2S Nous Tidiae dvorae (i1epieas) waa 1273695071, COsa9-08, cigse wedaeeaiG)O (ioy7eds} win 192 16-250.8) o0/39!08; Guganie wenecnat 0/8 08 Refer to the exhibit. Cienis are reporting an issue with the voice trafic from the branch site to the central site. What is the cause ofthis issue? ©. The voice traffic ie sine rio |[_ tine] [_Reana = SseSessin | EM Eam © aap Re yarn eu racing the cote ioshNe 3.2 wa tiis04 00 1 172.16.250.1 2 athe 372.16.250.5 5 meao 12600017 ne f.16.20 mvwrome [9 tre tena x - aoe nl Rpetpet coh ae ih: Pe En ae ee tae . RE eet Lat . Peta arse Settee ote Be eee when SR ere Gaue torn: meee Refer to the exhibit. Olenis are reporting an issue with the voice Wraffe from the branch site fo he central site. What isthe cause ofthis issue? © A. The Voice traffic is using the link with less available bandwidth, © B Trafic is load-balancing over both links, causing packets to arrive out of order. © C-There is a routing loop on the network. © D.There is a high delay on the WAN inks, ‘ee [Raa lal > 5 cs b fa ey racing the cote ioshNe 3.2 1 172.16.250.1 2 athe 372.16.250.5 5 meao 2 1600.09 nie f.16.20 waseo24 mvwrome [9 tre tena a6 x sae oes “ FO eee 8 smn Sen Leo Onc OO AY “elt Rt Pe En ae ee tae aot » oan RE eet Lath 2 gaat Peta arse Settee ote Be eee when SR ere Gaue torn: meee Refer to the exhibit. Olenis are reporting an issue with the voice Wraffe from the branch site fo he central site. What isthe cause ofthis issue? ‘A. The Voice tat i using the link with less avaliable bandit. 6 Traffic s load-balancing ever both links, causing packets to arrive out of order. CC-There is a routing loop on the network. _D.There isa high delay onthe WAN links rio | ibe] | rna = Sasa ey item 21 of 627 (Choice, 021) ‘What is one diference between SaltStack and Ansible? © A.SaltStack uses the Ansible agent on the box, whereas Arsible uses a Telnet server on the box 0 B.SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus © G.SaltStack is constructed with minion, whereas Ansible is constructed with YAML. © D.SaltStack uses an API proxy agent to program Cisco boxes in agent mode, whereas Ansible uses a Telnet connection, rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey item 21 of 627 (Choice, 021) ‘What is one diference between SaliStack and Ansible? ‘A.SaltStack uses the Ansible agent on the'Box, whereas Ansible ties a Telnet server on'the box B.SaltStack uses SSH to interact with Cisco devices; whereas Ansible uses fan event bus C.SaltStack is constructed with minion, whereas Ansibe is constructed with YAML. D.SaltStack uses an API proxy agent to program Cisco boxes in agent mode, whereas Ansible uses a Telnet connection, ‘Answer: C Preis [ioe] [roa = P yowneie ro seat Ca 3 ey =a _® Item 22 of 627 (Choice, 022) = ip nat inside source static 192,188, 10.17182 1868.27.42 ‘Which command set should be added to complete the configuration? OA. R1(configi interface Gigabitéthernet 010 Ri(config#ip pat inside FRi(configi# interface Gigabitthernet 0/1 Ri(configi ip pat outside © B.R1 config} interface Gigabitéthernet O10 ‘Ri(configi# ip pa outside Ri (config interface GigabitEtheret 0/1 Riconfigyip pat inside © C.RI(confg}# interface Gigabitéthemet O10 (config: ip nat outside Ri (config interface Gigabitéthemet O/1 Ri (configf ip nat inside © D.R1(configyt interface GigabitEtheret O10 Ri (config ip nat inside Ricontgi interface GigabiEthernet 0/4 (config: ip nat outside Preis |[ Wn] | Rea a ey Item 22 of 627 (Choice, 022) ae ip nat inside source static 192,188, 10.17182 1868.27.42 ‘Which command set should be added to complete the configuration? A.RI (Config interface Gigabitéthernet 0/0 Ri(config ip pat inside Ri(configi interface GigabitEthernet 0/1 Ri(contigy ip pat outside B.R1 (Contig) interface GigabitEthernet 0/0 Ri(config ip pat outside Rt(config interface GigabitEthernet 0/1 Ricontig) ip pat inside ‘CRI (config interface Gigabitethernet 0/0 RI (config ip nat outside Ri(configh interface GigabitEtheret 0/1 (config. ip nat insige D.Ri(configi# interface GigabitEihemet 10 Ri(contig-N ip nat inside Ri(eonfight interface GigabitEthernet 0/1 Ri(contig-if ip nat outside ‘Answer: C Preis |[ Wn] | Rea a ey Item 23 of 627 (Choice, 023) ‘Which version of NetFlow does Cisco Threat Defense utlize to obtain visibility into the network? © ANBAR? 0 B.flexble © C.IPFIK ope rio |[_— tine] Ream = PD ypenaer0 sera or 6a Sqn Item 23 of 627 (Choice, 023) ‘Which version of NetFlow does Cisco Threat Defense utiize to obtain viibilty into the network? ANBAR2 B.fexible C.IPFIK De ‘Answer: B ates a 1 Frees [Hoe] | Rowe = Soria ea PD ypenaer0 sera or 6a ey item 24 of 627 (Choice, O24) Ina campus network design, what are two benefits of using BFD for failure detection? (Choose two.) 'D.A.BFD enables netivork peers to continue forwarding packets in the event of a restart 1 B.BFD provides faut tolerance by enabling multiple routers to appear as-a single virtual router. 10 C.BFD provides path failure detection in less than a second. 1 D.BFD speeds up routing convergence time. 1 E.BFD is an efficient way to reduce memory and CPU usage. ita pal Preis |[__tine || Rea = 6a PD ypenaer0 sera or ey item 24 of 627 (Choice, O24) Ina campus network design, what are two benefits of using BFD for failure detection? (Choose two.) A.BED enables netilork peers to:continue Forwarding packets in the event of a restart. B.BFD provides faut tolerance by enabling multiple routers to appear asa Single virtual router. .BFD provides path fallure detection in less than a second. D.BFD speeds up routing convergence time. E.BFD is an efficient way to reduce memory and CPU usage. “Answer: CD ita pal Preis [ioe] [eA = PD ypenaer0 sera Cy ey item 25 of 627 (Choice, 025) ‘Where isthe wireless LAN controler located ina mobilly express deployment? ‘© A.There is no wireless LAN controller in the network. © B.The wireless LAN controler exists In the cloud, © G.The wireless LAN controler is embedded into the access point © D-The wireless LAN controler exists in a server thatis dedicated for this purpose. rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 25 of 627 (Choice, 025) ‘Where isthe wireless LAN controler located ina mobilly express deployment? ‘A. There is no wirelées LAN controler in the network B. The Wireless LAN controller exists'n the cloud. C.The wireless LAN controler is embedded into the access point. D.The wireless LAN controler exists in a server that is dedicated for this purpose. ‘Answer: C Preis [ioe] [roa = P yowneie ro seat Ca 3 ey Item 26 of 627 (Choice, 026) ‘Which two methods are used by an AP that is trying to 1D A.DHCP Option 43 (3 B.DNS lookup CISCO-DNA-PRIMARY localdomaint 1 €.cisc0 Discovery Protocol neighbor 1 Daquerying other APs 1 E broadcasting on the local subnet over a wireless LAN controller? (Choose two.) ita pa rio | tbe] [Rea = PD ypenaer0 sera or ey Item 26 of 627 (Choice, 026) ‘Which two methods are used by an AP that is trying to ‘A.DHCP Option 43) DNS lookup CISCO-DNA-PRIMARY localdomaid €.Cisco Discovery Protocol neighbor D.querying other APs broadcasting on the local subnet over a wireless LAN controller? (Choose two.) ‘Answer: AE A ita pal Preis |[__tine || Rea = PD ypenaer0 sera Ey ey Item 27 of 627 (Choice, 27) A system must validate access rights to al its resources and must not rely on a cached permission matrix. Ifthe access levelto a given resource is revoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle? © A.economy of mechanism © B.least common mechanism © Cseparation of privilege © D.complete mediation rio |[_— tine] Ream = PD ypenaer0 sera ey item 27 of 627 (Choice, 027) A system must validate access rights to al its resources and must not rely on a cached permission matrix. Ifthe access levelto a given resource is ‘evoked but is not reflected in the permission matrix, the security is violated. Which term refers to this REST security design principle? A.economy of mechanism B.leaet common mechanism separation of privilege D.complete mediation. “Answer: D) x ss 1 rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 28 of 627 (Choice, 028) Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control lst that is applied on SW2 port GO/0 in the inbound direction? © A.perit ep host 192.168.0.5 it €080 host 172.16.0.2 © B.permit tep host 172. 16.0.2 host 192.168.0.5 eq 8080 © C.permit tep host 192.188 0.5 host 172, 16.0.2 eq 8080 © D permit tep host 192.168.0.5 eq 8080 host 172.16.0.2 Preis |[ Wn] | Rea a P yowneie ro seat Ca 3 ey item 28 of 627 (Choice, 028) a Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control lst that is applied on SW2 port GO/0 in the inbound direction? ‘A.permit tep host 192:168.0.5 I 8080 host 172.16.0.2 ® permit fep host 172.16.0.2 host 192,168.0,5 eq 8080 permit tep host 192.168.0,5 host 172, 16,0.2 eq 8080 D permit tp host 182.168.0.5 eq 8080 host 172.16.0.2 ‘Answer: O Preis |[ Wn] | Rea a ‘Saw Sein | [Eder 6a PD ypenaer0 sera or ey =e Item 28 of 627 (Choice, 029) Sone ‘An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL? © A.accessiist 10 permit ep any any eq 21 established © B.access:ist 110 permit tep any any eq 21 tep-ack © C.access-list 110 permit tep any any eq 21 established © Daaceesslist 10 permit ip any any eq 21 tep-ack ates a 1 Frees [Hoe] | Rowe = spars P yowneie ro seat Ca 3 ey =a _® Item 28 of 627 (Choice, 029) i se ‘An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL? A.accessHist 10 permit tcp any any eq 21 established B.accesslst 110 permit tep any any eq 21 tep-ack C.accessilist 110 permit tep any any eq 21 established Daccessulist 10 permitip any any eq 21 tep-ack ‘Answer: sin wat an i i i som 1 Pros [in| [Reo = Soe Sein | EME P yowneie ro seat Ca 3 ey Item 30 of 627 (Choice, 030) ‘Which feature is provided by Cisco Mobility Services Engine in a Cisco Wireless Unified Network architecture? © A.Itadds client packet capturing © B.It enables NetFlow data collection © C.ltadds client tracking and location API © D.ttidentiies authentication problems. rio |[_— tine] Ream = PD ypenaer0 sera ey Item 30 of 627 (Choice, 030) ‘Which feature is provided by Cisco Mobility Services Engine in a Cisco Wireless Unified Network architecture? A. It adds tient packet eapturing B.tKenables NetFiow data collection C.ltadds client tracking and location API D.ltidentiies authentication problems. ‘Answer: C rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey =a _® Item 34 of 627 (Choice, 031) | Sowtnoe so OR ee sets aunee 1121620724 dn ia v9 tnt ian 072 Refer fo the exhibit An engines’ must alow the FTP traffic from users'on 172.16.1.0/24 to 172.16.2.0124 and block all other traffic. Which configuration must be applied? © A.R1(Configy# accessilist 120 permit ep 172.18.1.0 0.0.0.285 172.16.2.00.0.0.255 20 (config access-list 120 permit icp 172 16.1.0 0.0.0 255 172 16.2.00.0.0.285 21 Ri(configi interface giga 0/2 (contig ip access-group 120 in OBR (configh# accesssist 120 permit tep 172.18. 1.0 0.0.0.255 21 172.16.2.0 0.0.0.255 R(configi# access-list 120 permit udp 172, 16.1.0 0.0.0.255 21 172.16.2.0.0.0.0.255 Ri(configy interface giga 0/2 x % 8 (ie ] eae ees ey =a _® Refer to the exhib. An engineer must alow the FTP traffic from users on 172.16.1.0/24 to 172.16.2.0124 and block all other traffic. Which configuration must be applied? © A.RMconfigh# access-ist 120 permit tep 172.16.1.0 0.0.0.255 172 16.2.00.00.25520 Ri(configit access-list 120 permit ep 172.16. 1.0 0,0.0.285 172.16.2.00.0.0.285 21 Ri(configi interface giga 0/2 (configu ip access-group 120 in © B.Ri(configi# access-ist 120 permit tep 172.16.1,0 0.0,0.255 21.172. 16.2.0 0.0.0.255 Ri(configi# accessuist 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.00.0.0.255 Ri(configh interface giga 0/2 Ri (config: ip access-group 120 out C.Ri(configy# accessiist 120 deny any any Ri(config}# access-list 120 permit tep 172.16.1,0 0.0,0.255 172.16.2.00.0.0.255 21 Ri(config interface giga 0/0 (configs ip access-group 120 out © D.R1(config# access-ist 120 permit tep 172.16.1.0 0.010.255 21 172.16.2.0 0.0.0.255 Ri (config interface giga 0/2 Ri(config: inf ip access-group 120 in nial] CW [Rea ees PD ypenaer0 sera or 6a ey =a _® Refer to the exhib. An engineer must alow the FTP traffic from users on 172.16.1.0/24 to 172.16.2.0124 and block all other traffic. Which configuration must be applied? A.RiWcontigl#access-st 120 permittep 172.16.1.0 0.0.0.255 172.162.0000 25520 Ri(confight access-list 120 permit tep 172.16. 1.0 0,0.0.285 172.16.2.00.0.0.255 21 Ri(config interface giga 0/2 Ricontig-ft ip access-group 120 in B.Ri(config# access-list 120 permit top 172.18.1.0 0.0,0.255 21.172.16.2.0 0.0.0.255 Riconfig}# accessilst 120 permit udp 172, 16.1.0 0.0.0.255 21 172 16.2.00.00.255 Ri(configh interface giga 0/2 (config: ip access-group 120 out CRI(configi# accessiist 120 deny any any Ri(configit access-Ist 120 permit ep 172.16. 1,0 0.0,0.255 172.16,2.00.0.0,255 21 Ri(configt interface giga 0/0 Ri(config:if# ip access-group 120 out D.Ri(contigi# accessilst 120 permit top 172.16.1.0 0.0.0.255 21 172.16 2.0 0.0.0.255, Ri(config interface giga 0/2 Ri(config. ini ip access-group 120 in riots] Reema = Sta PD ypenaer0 sera or 6a ey Item 32 of 627 (Choice, 032) A wireless administrator must create a new web authentication corporate SSID that wil be using ISE as the external RADIUS server. The guest VLAN ‘must be specified after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN? © A.Set RADIUS Profing © B.Set AAA Policy name, © C.Enable Network Access Control State. © D.Enable AAA Override. rio |[_— tine] Ream = PD ypenaer0 sera ey Item 32 of 627 (Choice, 032) A wireless administrator must create a new web authentication corporate SSID that wil be using ISE as the external RADIUS server. The guest VLAN ‘must be specified after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN? A. Set RADIUS Profiling B.Set AAA Policy name. Enable Network Access Control State. D.Enable AAA Override. “Answer: D) x ss 1 rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey Item 38 of 627 (Choice, 033) ‘Which exhibit displays aval JSON fle? “interfaces”: { "Gigabitethernett/1", “Gigabit€thernett/2", "Gigabit€thernet1/3", k } ope *GigabitEtnemet1/2", “Gigabit€thernet1/3" "GigabitEthernet1/1" *Gigabit€thernet1/2" “Gigabitéthemet 1/3" 1 } opt hostname": "edge_router_1 “interfaces”: { rio |[_— tine] Ream = PD ypenaer0 sera or 6a 1 cymagaaceutian tear base Comason = osname eage_rourer =r; “interfaces”: { “Gigabit€thernett/1", "GigabitEthernet/2", “Gigabitethernett/3", ‘edge_router_1", “interfaces”: [ “"Gigabitethemett/1", *GigabitEthernett/2", “GigabitEthernet1/3" 1 } eet “hostname’: "edge _router_? “interfaces”: [ "GigabitEthernet1/1" “GigabitEthemet 1/2" “GigabitEthernet 1/3" ‘edge_router_1" “interfaces”: { "Gigabitethernet 1/1" "GigabitEthernet 1/2" “GigabitEthernet 1/3" ) } nial] CW [Rea P yowneie ro seat Ca 3 ey =e ‘nostname~eage_rourer ‘interfaces”:{ qabitEthernet "GigabitEthemet/2", ‘GigabitEthemet 1/3", *:edge_router_1" l “Gigabitéthemett/1", *Gigabit€thernett/2", “GigabitEthernet1/3" } xe hostname": “edge router “interfaces”: [ qabitEthernet 1/1" ‘GigabitEthemet 12" "GigabitEthemet 1/3" i ) Df “hostname: "edge_souter_1" “imerfaces": { iqabitéthernet 1/1" igabitEthernett/ igabitEthernet 3" } Preis [ioe] [roa = P yowneie ro seat Ca 3 ey Item 34 of 627 (Choice, 034) If the noise floor is -80 dBm and the wireless client is receiving a signal of -75 dBm, what is the SNR? A165 08.18 oG12 ops rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune Item 34 of 627 (Choice, 034) Ifthe noise floor is -80 dBm and the wireless client is receiving a signal of -75 dBm, what is the SNR? A185 8.18 o12 D.a3 ‘Answer: B rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 36 of 627 (Choice, 035) esr plage conte pam Conta Planes seg com 00 clas map clas ent atc) Opachats, Obytas Sminueoered rate bps, drop rate Ops bth acter gon 100 pelce "a 00000 ps be 3125 ye J. eormed 0 packs, 0 tyes tons: need packets Obytes scons dre Salaried 3s ecred Obs te eptdfa(mac-ap-- Senile opps tyes 3 1S tne fered bpp rt Obs Nica osterestow access st 160 extended access ist 400 TO parm tanger an oa ttt Refer to the exhibit. Which commands are required to alow SSH connections to the router? © A. Router(configi accessuist 100 permit tep any any €q 22 Router(configit access list 101 permit tep any any eq 22, Router(configi# class-map class-ssh Router(config-omap)# match access-group 101 Router(confial# policy-map CoPP Preis |[ Wn] | Rea a < ey rth tt 100 ended anf TO permit an ule Reterio the exnbi. Wich commands ae required to alow SSH connections tothe outer? © A.Router(configlt access-ist 100 permit tep any any eq 22 Router(configh# accessuist 101 permit tcp any any eq 22 Router(configi# class-map class-ssh Router(config-cmap}# match access-group 101 Router(contig# poicy-map CoPP Router(config-pmap}# class class-ssh Router(config-pmap-¢}# police 100000 conform-action transmit © B.Router(config# accessiist 100 permit udp any any eq 22 Rovier(configi# access-list 101 permit tep any any eq 22 Router(configi# class-map class-ssh ‘Router(config-emap}# match access-group 101 Router(config# poicy-map COPP Router(config-pmap}# police 100000 conformaction transmit © C.Router(config# access-list 10 permit tep any eq 22 any Rovler(confighclass-map class-ssh FRouter(config-cmap}# match access-group 10 Router(conigi poley-map CoPP Router(config-pmap}# class class-ssh Router(config-pmap-¢}# police 100000 confomaction transmit © D.Router(configl access-ist 100 permit tep any eq 22 any Router(confighclass-map class-ssh Router(config-cmap}# match access-group 10 Router(config# polcy-map CoPP Router(contig-pmap}# class class-ssh Router(config-pmap-c}# police 100000 conformaction transmit nial] CW [Rea PD ypenaer0 sera ey rth tt 100 ended anf TO permit an ule Feferio the exnbi. Wich commands ae required to alow SSH connections tothe outer? ‘A-Router(configit access-list 100 permit tep any any eq 22 Router(configi# accessuist 101 permit tep any any eq 22 Router(config)# class-map class-sshi Router(config-omap)# match access-group 107 Router(contg}# policy-map CoPP Router(config-pmap# class class-ssh Router(config-pmap-c}# police 100000 conform-action transmit 8. Router(config# access-st 100 permit udp any any eq 22 ‘Router(configi# access ist 101 permit ep any any eq 22 Router(configi# class-map class-ssh Router(config-cmap}# match access-group 104 Router(config# polcy-map CoPP Router(confg-pmap}# police 100000 conform-action transmit C.Router(configi# access-list 10 permit tep any eq 22 any Router(config)# class-map clagsssh Router(confg-cmap}# match access-group 10 FRouter(config# poley-map CoPP Router(config-pmap)# class clas-ssh Router(config-pmap-¢}# police 100000 conform-action transmit .Router(configy# access-ist 100 permit tep any eq 22 any Router(conlig)# class-map clase-ssh Router(config-cmap}# match access-group 10 Router(configi poley-map CoPP Router(config-pmapi# class clase-ssh Router(config-pmap-¢}# police 100000 canformaction transmit, Preis |[ Wn] | Rea a ey =e Item 36 of 627 (Choice, 036) ne ‘A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal? © A installa trusted third-party certificate on the contractor devices. © B Install an intemal CA signed cerifcate on the contractor devices, © C.nstall an Internal CA signed certificate on the Cisco ISE. © D installa trusted thir-party certlicate on the Cisco ISE: lita es ale a 1 Frees [Hoe] | Rowe = spars PD ypenaer0 sera or 6a ey item 36 of 627 (Choice, 036) ‘A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal is also used by employees. A solution is implemented, but contractors receive a certificate error when they attempt to access the portal. Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal? ‘A Install trusted third-party certificate on the contractor devices. B install an intemal CA signed certfcate on the contractor devices. Clnstall an Internal CA signed certificate on the Cisco ISE. D.installa trusted thtd-party certificate on the Cisco ISE: ‘Answer: B sis wat eS i som 1 Pras [od] [Resa = SoeSetin| Eds DB Wpenereo sear Cy ey Item 37 of 627 (Choice, @37) ‘Which Python library is used to work with YANG data models via NETCONF? © A.Postman 0 B.URL © Curequests © D.neelient rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 37 of 627 (Choice, 037) ‘Which Python library is used fo work with YANG data models via NETCONF? ‘A Postman B.cURL C.requests Dineelient ‘Answer: D rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 38 of 627 (Choice, 038) ‘What is one role ofthe VTEP in a VXLAN environment? © Ato provide EID-te-RLOC mapping © B.to maintain VLAN configuration consistency © C.to encapsulate the tunnel © Dto forward packets to non-LISP sites rio |[_— tine] Ream = PD ypenaer0 sera or 6a Sqn item 38 of 627 (Choice, 038) ‘What is one cole ofthe VTEP in a VXLAN environment? ‘Ato provide E1D-to-RLOC mapping B.t6 maintain VLAN configuration consistency, Cito encapsulate the tunnel Dito forward packets to non-LISP sites ‘Answer: C rio |[_— tine] Ream = PD ypenaer0 sera or 15 cpp ona Ban item 39 of 627 (Choice, 038) ‘Which behavior ean be expected when the HSRP version is changed from 1 102? ‘© A.Each HSRP group reinitiaizes because the multicast address has changed. © B.Each HSRP group reinitilizes because the virtual MAC address has changed. ‘© G.No changes occur because the standby router is upgraded before the active router. © D.No changes occur because version 1 and 2 use the same virtual MAC OUI rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 39 of 627 (Choice, 038) ‘Which behavior can be expected when the HSRP version is changed from 1 102? ‘A. Each HSRP group reintiaizes because the multicast address hae changed. B.Each HSRP group reinitilizes because the virtual MAC address has changed C.No changes occur because the standby router is upgraded before the active router. D.No changes occur because version 1 and 2 use the same virtual MAC OUI ‘Answer: B hitps:/iwwwciseo.comlelen(usitdldecs/ios-xmioslipapp_fypiconfigurationh 5F59-COS94685F7F5 sl thp-xé-3s-book thp-hsrp-v2.html#GUID-BOBBD2FE-41B4.4339- S ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey Item 40 of 627 (Choice, 240) Refer to the exhibit. Hosts PCT, PC2, and PC3 must access resources on Server’. An engineer configures NAT on Router Rt to enable the: communication and enters the show command to verify operation. Which IP address is used by the hosts when they communicate globally to ‘Server? ‘© A.thelr own address in the 10:10,10,0/24 range © B.random addresses in the 155.1.7.0124 range 06.155.1.15 6.155.111 licton a ates A vi i ES A eS % S A me 1 Preis [ine] [rw = ey Item 40 of 627 (Choice, 240) ‘Server? ‘A.thelc’ovmn address in the 10:40,10:0/24 range B.random addresses in the 185.1.7.0/24 range 6.155.115 Dt88.4 Refer to the exhibit. Hosts PCT, PC2, and PC3 must access resources on Server’. An engineer configures NAT on Router Rt to enable the: communication and enters the show command to verify operation. Which IP address is used by the hosts when they communicate globally to ‘Answer: D Preis [ine] [rw = 6a ey Item 41 of 627 (Choice, 241) Sn ‘What isthe function of the LISP map resolver? ‘© A.to connect a site'to the LISP-capatle part of @ core network, publish the ED-to-RLOC mappings for the site and respond to map-request messages © B.to advertise routable non-USP traffic from one address family to LISP sites in a ailferent address family © C.to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable EDs as packet sources © Dito decapsulate map-request messages from ITRs and forward the messages to the MS. rio |[_— tine] Ream = 6a PD ypenaer0 sera or ey item 41 of 627 (Choice, 241) ‘What i the function of the LISP map resolver? ‘A.to connect a siteto the LISP-capable part of a core network, publish the EID-o-RLOC mappings forthe site and respond to'map-request messages B.to advertise routable non-USP traffic from one address family to LISP sites in aeifferent address family Co send trafic to non-LISP sites when connected to a service provider that does not accept nonroutable ElDs as packet sources Dito decapsulate map-request messages fiom ITRs and forward the messages to the MS “Answer: D) hitps:iwww cisco.comic/en(us/ididecs/ios-xmiios/iproute_isp/configuration/xe-Ssir-xe-3s-booW/r-overview htmi#GUID-89888034-698F-430E- (8743-85720357C083 Preis |[ Wn] | Rea a PD ypenaer0 sera or 6a ey Item 42 of 627 (Choice, 042) ‘What is used to perform QoS packet classification? ‘© A.the Options field in the Layer header © B.the Type field in the Layer 2 frame © Cathe Flags field in the Layer 3 header © D.the TOS field in the Layer 3 header rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey item 42 of 627 (Choice, 042) ‘What is used to perform QoS packet classification? ‘A.the Options field the Layer 3header B.the Type field in the Layer 2 ame: Che Flags field in the Layer 3 header ithe TOS field in the Layer 3 header ‘Answer: D pn sled conflensdiece/iitchesanGatl te400/sotwarteledselt@btcontguatih guldeloes_166_qob_ 6400, pe ieegos_0400_.chapler OL Rfooneepl Wau mze Bib Preis [ioe] [roa = PD ypenaer0 sera Cy 1 cymacgaceutien tena baeycomason =a _® Item 43 of 627 (Choice, 043) | Sowtnoe “Switch (confi © switch (eonfig-mon- dat ee Re dt : aaa wadveas 172156.10.10 Refer {othe exhibit. An engineer must configure an ERSPAN tunnel that mirrs traffic from Linux1 on Switeht to Linux2 on Switch2.Which command ‘must be added to the source configuration to.enable the ERSPAN tunnel? Peis] ] [ReaD = satan] (ea, — 1 cymacgaaceutian tena baseyComason coe ES © geitehi¥enow ip int be Tneestace Te-Addrens OR Method status sa sate 201 8 man wp eer Hialeah So imo tp ae "ee oes ‘nual or meh oy a io rie er ce Xs co sigebitephecnies > ese? ; “ suiteht(config-mon-erepanazo~dat) ferapan a5 1 : Switcht (config-nonexspan“are-dat) #20 OS ‘Suitchd (config-mon-ezapan-src-dat) forigia ip address 172,16.10.10 sana lenis teontor stent eye aS E Reisen, piece | Guitona tconfig-non-erapen-det~are) ferapan-ia 110 x | Sueitch2 (config-non-erepan-dat-arc) $ip address 10.10,10,20, a ‘Switch? (config-non-erspan-dat—mrc) Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux on Switcht to Linux2 on Switch2.Which command ‘must be added to the source configuration to enable the ERSPAN tunnel? ©.A.(config-mon-erspan-sre-dst}ino shut © B (contig-mon-erspan-sro-dst}traffic bidirectional © © (config-mon-erspan-sre-dst#ip address 10, 10.10.10 © D (contig-mon-erspan-src-dst)monitor session 1 activate sin wot ce S S i eS % e if Gin 1 Pre | Wd Resa = Soe Sein | EME TS cps fon Dyan a = Ea Fas a | Sigancexenes 7246-40-10 | yes somal seminine, Ses sasaki e Riles aa 5 sys eae coe Gigemscettenbees ayactennac Sgibaalegeeers ~ G7s ae 0 30,18-10.40 "switch! (config-mon-erspan-aro-dst) §. I Raa oe Sileacna ee reetetni ae sateen Sheetal Sa 110 Referto he exhib. An enghesr mst aa, av ERGPAN tne that mirars tafe fo Lino on Sieh to Link on Sich Which command ‘must be added fo the source configuration to enable the ERSPAN tunnel? ‘A.(config-mon-erspan-sfe-dst}#no shut B.(config-mon-ersparrsre-dst traffic bidirectional .(contig-monverspan-sro-dst ip address 10, 10.10.10 D (config:mon-erspar-sre-detjmonitor session 1 activate ‘Answer: C Pie] Wbe || Reawa = SseSessin | EM Eam ey Item 44 of 627 (Choice, 044) ‘When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to alow APs to successfuly discover the wie? ‘© A. CAPWAP-CISCO-CONTROLLER © B.CONTROLLER-CAPWAP-CISCO © ©.CISCO-CONTROLLER-CAPWAP © D.CISCO-CAPWAP-CONTROLLER rio |[_— tine] Ream = PD ypenaer0 sera or ey item 44 of 627 (Choice, O44) ‘When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to alow APs to successfuly discover the wie? A.CAPWAP“CISCO-CONTROLLER B CONTROLLER-CAPWAP:CISCO” C.CISCO-CONTROLLER-CAPWAP .CISCO-CAPWAP-CONTROLLER “Answer: D) x ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey item 45 of 627 (Choice, 045) ‘An engineer must create an EEM script to enable OSPF debugging n the apply? © Acevent manager applet ENABLE OSPF DEBUG ‘event sysiog pattern "SKOSPF-5-ADJCFHG: Process 5, Nbr 1.1.1.1 on Serlai0/O from LOADING to FULL” ‘action 1.0 el command "debug ip ospf event” action 2.0 ci command "debug ip ospf ad" action 3.0 sysog priority informational msg "ENABLE_OSPF_DEBUG" © B event manager applet ENABLE OSPF DEBUG ‘event syslog pattern "%OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1.on Seral0/0 from FULL to DOWN" ‘action 1.0 ell command "enable" ‘action 2.0 cil command "debug ip ospf event” ‘action 3.0 cl command "debug ip ospf ad" ‘action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG" event manager applet ENABLE_OSPF_DEBUG ‘event syslog pattern "%SOSPF-f-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN? ‘action 1.0 el command “debug ip ospf event” action 2.0 el command "debug ip ospf ag” ‘action 3.0 syslog priority informational msg "ENABLE_OSPF_DEBUG" © D.event manager applet ENABLE_OSPF_DEBUG. ‘event syslog pattern"GOSPF-S-ADJCFG: Process 5, Nbr 1.1.1.1 on SerialOO from LOADING to FULL” action 1.0 el command "enable" action 2.0 cl command “debug Ip ospf event” ‘action 3.0 ell command "debug ip ospf ad" action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG” Preis |[ Wn] | Rea a nt the OSPF neighborship goes down. Which seript must the engineer ey Item 45 of 627 (Choice, 045) ‘An engineer must create an EEM script to enable OSPF debugging n the apply? ‘A.event mafiager applet ENABLE OSPF DEBUG ‘event sysiog pattern "SKOSPF-5-ADJCFHG: Process 5, Nbr 1.1.1.1 on Seriai0/O from LOADING to FULL” ‘ction 1.0 ol command "debug ip ospf event” action 2.0 ci command "debug ip ospf ad" ‘action 3.0 sys]og priority informational msg "ENABLE_OSPF_DEBUG" BB event manager applet ENABLE OSPF DEBUG ‘event sysiog pattetn "OSPF-S-ADJCHG! Process 6, Nbr 1.1.1.1\0n Serald/0 trom FULL to DOWN" ‘ction 1.0 ell command "enable" ‘action 2.0 cil command "debug ip ospf event” ‘action 3.0 cl command "debug ip ospf ad" ‘action 4.0 syslog priority informational msg "ENABLE. OSPF_DEBUG" ‘C.event manager applet ENABLE_OSPF_DESUG ‘event syslog pattern "MOSPF-T-ADJCHG: Process 8, Nbr 1.1.1.1 6n Serial0/0 from FULL to DOWN’ action 1.0 cl command "debug ip ospf event” ‘action 2.0 ¢8 command "debug ip ospf a action 3.0 syslog priority informational msg "ENABLE JOSPF_DEBUG" event manager applet ENABLE_OSPF_DEBUG ‘event syslog pattern"GOSPF-5"ADJCFG: Process 5, Nbr 1.1.1.1 on SerialOl0 from LOADING to FULL” ‘action 1.0 el command "enable action 2.0 el command "debug Ip ospf event” action 3.0 el command "debug ip ospf adi" action 4.0 syslog priority informational msg "ENABLE_OSPF_DEBUG' “answer: B riots] Reema = nt the OSPF neighborship goes down. Which seript must the engineer ey Item 48 of 627 (Choice, 246) ‘Which LISP component is required for a LISP site to communicate with a non-LISP site? © A.Proxy ITR OB. Proxy ETR OG.TR ODETR rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 46 of 627 (Choice, 046) ‘Which LISP component is required for @ LISP site to communicate with a nomLISP site? Proxy [TR 8.Prowy ETR CIT DETR “Answer: B rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 47 of 627 (Choice, 247) ‘When configuring WPA2 Enterprise on a WLAN, which adaitional security component configuration is required? OAPKI server © B.RADIUS server © G.TAGAGS server OD.NTP server rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 47 of 627 (Choice, 247) ‘When configuring WPA2 Enterprise on a WLAN, which adaitional security component configuration is required? APKisener B.RADIUS server C.TAGAGS server DNTP server “Answer: B rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 48 of 627 (Choice, 048) BER “aces nee Se Refer fo the exhib An users. The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected, Which WLC configuration change resolves the issue? © A.Enable AAA Overrise. © B.Change NAC state to ISE NAC ‘©.C.SetMFP client protection to Required, © D.Enable Aironet IE Preis |[-—be] [Rema = ~Seesssie| Ena lal > 5 cs fa ey Item 48 of 627 (Choice, 048) Refer fo the exhib An users. The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected, Which WLC configuration change resolves the issue? ‘A. Enable AAA Overrige 'B.Change NAC state to ISE NAC. C.SetMFP client protection to Required. Enable Aironet IE ® t Preis [ine] [rw = & 6a ey Item 49 of 627 (Choice, 049) Fp wat pool Tntarnce TOTO TOT TO IO TOTO netaaek GSE TO fe mt mtu Seung route-map ners wei ince oot ngSScceni list stan ers Ho permit 192.268-1,0 0,0,0.255 f route-nap users, permit 30 atch ip adareds Users Refer ou © A.Configure a mateh-host type NAT pool ‘0 B Reconfigure the pool to use the 192. 168.1.0 address range, ©.C.Configure a one-to-one type NAT pool © D.lncrease the NAT pool size to support 254 usable addresses, hi: Which aio complles the enfguiton to achieve a Gyaecontinuus mapped NAT for ll usr? Preis [ioe] [roa = PD ypenaer0 sera or 6a ey Item 49 of 627 (Choice, 049) Fp wat pool Tntarnce TOTO TOT TO IO TOTO netaaek GSE TO Fe mt {optue sures route-apouers wei ince oot ngSScceni list stan ers Ho permit 192.268-1,0 0,0,0.255 f route-nap users, permit 30 atch ip adareds Users a Refer ou hi: Which aio complles the enfguiton to achieve a Gyaecontinuus mapped NAT for ll usr? ‘A.Conigue a match hos ypé NAT poo 'B. Reconfigure the pool to use the 192.168.1.0 address fange. €.Confgare a one-to-one pe NAT pool D inetaase the NAT poo stn to supper 254 usable adiesses, anced S ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey Item 50 of 627 (Choice, Q50) ‘Which capability does a distibuted virtual switch have? © Ato use floating static routes © B.to provide centralized management for virtual switches: © G.to run dynamic routing protocols © Dito use advanced IPsee eneryption algorithms rio |[_— tine] Ream = PD ypenaer0 sera or 6a Sopaiagencna tom tein Item 50 of 627 (Choice, 050) Which capability does a dstibuted vitual suiteh have? Ato use floating static routes 8.0 provide centralizes management for virtual switches: C-to run dynamic routing protocols Dito use advanced IPsec eneryption algorithms “Answer: B rio |[_— tine] Ream = PD ypenaer0 sera or ey Item 51 of 627 (Choice, 051) Jimport requests... BSo ROS Goa % S #42578 authentication part w'bmited for brevity siposes URL.» “aeps://nac/dna/intent/api/v1/topology /lan/vlan-names” | VianNames = requests.get(URL, headers=Header),jsonQ) e Re So eat eho Sion AS [eae Senet po Se ee ‘response’: [ Vian!’ ‘Vlan3002’, 'Vian3003", 'Vian1023", 'Vian2046., Vian3009", ‘Vian3999)], version’: 1.07)| Refer to the exhibi. How should the programmer access the Ts of VLANs that were received via the API call? © A.VianNames(0} ‘© B.VianNamesfresponse'] © C.VianNamesf'Viant] © Dlis(VlanNames) 6a ey Item 51 of 627 (Choice, 251) (ieee sea anses a ess Se Seca cna for irenivsliee [URL = “https://dnac/na tntent/api/v1 /topology /vlan/vlan-names* | VianNames = requests get(URL. headers-Header) json() prine(Vlan! z a X ee see abe oo age a0 Se e (‘response’: ['Vian1’, Vlan3002’, 'Vian3003’, 'Vian1023’, 'Vlan2046’, 'Vian3009", 'Vian3999’], ‘version’: "1.0°}| Refer to the exhibi. How should the programmer access the Ts of VLANs that were received via the API call? ‘A.VianNames{0] 'B.VianNamesf'response'] C.VianNames{Vian1] D.list(VlanWvames) Answer: B & 6a ey Item 52 of 627 (Choice, 052) Using the EIRP formula, what parameter is subtracted to determine the EIRP value? © A.antenna cable loss © B.signalto-noise ratio © Caantenna gain © Ditransmitter power rio |[_— tine] Ream = PD ypenaer0 sera or 6a Bamiapmaceune item 52 of 627 (Choice, 052) Using the EIRP formula, what parameter is subtracted to determine the EIRP value? ‘A.antenna cable loss B.signalto-noise ratio C.antenna gain D.transmitter power ‘Answer: A rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 53 of 627 (Choice, 053) ‘An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type? OA. PEAP © B.LDAP © CEAP-FAST © D.EAP-TLS rio |[_— tine] Ream = PD ypenaer0 sera 6a or ey item 53 of 627 (Choice, 053) ‘An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type? APEAP B.LDAP, C.EAP-FAST D.EAP-TLS Answer AW rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey Item 54 of 627 (Choice, 254) ‘An engineer must protect their company against ransonmare attacks. Which solution allows the engineer to block the execution stage and prevent fle encryption? ‘© A.Use Cisco AMP deployment with the Exploit Prevention engine enabled © B.Use Cisco Firepower and block traffic to TOR networks. © C.Use Cisco AMP deployment with the Malicious Activity Protection engine enabled. © D.Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation, Preis [ioe] [roa = 6a PD ypenaer0 sera or ey item 54 of 627 (Choice, O54) ‘An engineer must protect their company against ransonmare attacks. Which solution allows the engineer to block the execution stage and prevent fle encryption? ‘A.Use Cised.AMP deployment with the Exploit Prevention erigine enabled. B.Use Cisco Firepower and block traffic to TOR networks. ‘C.Use Cisco AMP deployment with the Malicious Activity Protection engine enabled. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation “Answer: C) 6 hitps:wwu.cisco.com/cldam/ents/products/colaterallsecurity/amp-fr-endpoints(uhite-paper-ct1-740880. pd sis wat eS i som 1 Pras [od] [Resa = SoeSetin| Eds DB Wpenereo sear Cy ey Item 55 of 627 (Choice, 055) ‘An engineer must configure an EXEC authorization list that first checks a AAA server then a local usemmame. If both methods fail, the user is denied ‘Which configuration should be applied? © A.aaa athorization exec default local group tacacs © B.aaa authorization exee default local group radius none © C.aaa authorization exec default group radius local none © D.aaa authorization exec defauit group radius local rio |[_— tine] Ream = PD ypenaer0 sera ey Item 55 of 627 (Choice, O55) ‘An engineer must configure an EXEC authorization list that first checks a AAA server then a local usemmame. If both methods fail, the user is denied ‘Which configuration should be applied? ‘A.aaa alithottdation exec default o¢al group tacacs+ Baza authorization exee default local group radius none aaa authorization exec default group radius local none aaa authorization exes default group radius local “Answer: D) x S ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey Item 56 of 627 (Choice, O56) ‘Annetwork engineer is configuring Flexible NetFlow and enters these commands: ‘sampler NetFlow! mode random one-out-of 100 Interface fastethernet 1/0 flow-sampler NetFlowt What are tho feéults of implementing this feature instead of traditional NetFlow? (Chodse two.) A The data export flow is more secure. 1D B.Only the flows of top 100 takers are exported. 0. C.CPU and memory utilization are reduced. 1D DThe number of packets to be analyzed are reduced, TI E-The accuracy of the data to be analyzed is improved. ita pal Preis [ioe] [eA = P yowneie ro seat Ca 3 ey Item 56 of 627 (Choice, O56) eae ‘Annetwork engineer is configuring Flexible NetFlow and enters these commands: ‘sampler NetFlow! mode random one-out-of 100 Interface fastethernet 1/0 flow-sampler NetFlowt What are tho Feéults of implementing ths feature instead of traditional NetFlow? (Chodse two.) ‘A The data expor flow is more secure. BB Only the flows of top 100 takers are exported ‘C.CPU and memory utilization are reduced The numberof packets to be analyzed are reduced, The aceuracy of the data to be analyzed is inproved. ‘Answer: CD hitpsiwwww cisco. comlelen/us/td/dees/ios-xmi/ios/inetfow/configuration/t -mvnf-15-mt-bock/use-fnflaw-redce-cpuhimi#GUID-E01F4D58-3EAB- “4CD1-9D61-657587989A58 ai apa a 1 Frees (Tne ] | Reweat = spars 6a PD ypenaer0 sera or ey Item 57 of 627 (Choice, Q57) ‘Which function is performed by vSmart in the Cisco SD-WAN architecture? © A.redistribution between OMP and other routing protocols © facilitation of NAT detection and traversal © C.distribution of IPsec keys © Deexecution of localized policies rio |[_— tine] Ream = PD ypenaer0 sera ey Item 57 of 627 (Choice, Q57) ‘Which function is performed by vSmart in the Cisco SD-WAN architecture? ‘A.redistribution betiveen OMP and other ruting protocols B faction of NAT detection and traversal C.distrbuton of IPsec keys D.execution of localized policies “Answer: C rio |[_— tine] Ream = PD ypenaer0 sera or 6a ey item 58 of 627 (Choice, 058) ‘What isa consideration when designing a Cisco SD-Access underlay network? © A.Static routing is @ requirement, © B.tt must support IPv4 and IPV6 underlay networks. © G.The underiay switches provide endpoint physical connectivity for users. © D.End user subnets and endpoints are part ofthe underlay network rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 58 of 627 (Choice, 058) ‘What isa consideration when designing a Cisco SD-Access underlay network? A. Static routing is @ requirement, B.tt must support IPv4 and IPv6 underiay networks C.The underiay switches provide endpoint physical connectivity for users. .End user subnets and endpoints are part ofthe underlay network ‘Answer: C rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 59 of 627 (Choice, 059) ‘What isa characteristic of a Type 1 hypervisor? © A. Problems inthe base operating system can affect the entire system, © B.ltis completely independent of the operating system. © C.1tis installed on an operating system and supports other operating systems above it. © Diltis referred to as a hosted hypervisor. rio |[_— tine] Ream = P yowneie ro seat Ca 3 ey item 59 of 627 (Choice, 059) ‘What isa characteristic of a Type 1 hypervisor? ‘A. Problems in the base operating system Gan affect the entire system. B.'s completely independent ofthe operating system. G.lts installed on an operating system and supports other operating systems above it Diltis referred to as a hosted hypervisor. “Answer: B Preis [ioe] [roa = P yowneie ro seat Ca 3 1 cymacgaceutien tena baeycomason Item 60 of 627 (Choice, 260) A company recently decided to use RESTCONF instead of NETCONF. and many of thelr NETCONF Seripts contain the operation (operation="create"). Which RESTCONF operation must be used to replace these statements? ‘© A.POST OB.PUT oC.GET © D.CREATE rio |[_— tine] Ream = PD ypenaer0 sera ey Item 60 of 627 (Choice, 060) ‘A company recently decided to use RESTCONF instead of NETCONF, and many of thelr NETCONF Seripts contain the operation (operation="create"). Which RESTCONF operation must be used to replace these statements? A.PosT B.PUT c.GeT D.CREATE “Answer: A hitps:/tools.ietforgidldraf-etf-netcont-restconf-01 xmitoperations ss 1 rio |[_— tine] Ream = PD ypenaer0 sera Cy ey Item 61 of 627 (Choice, 261) [Seaman =~ (ceemntintereneteeniaremeental {

    You might also like