Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-410Free trial

By cisco

Verified

25Q per page

Question 26

Which OSI model is used to insert an MPLS label?

A: between Layer 2 and Layer 3
B: between Layer 5 and Layer 6
C: between Layer 1 and Layer 2
D: between Layer 3 and Layer 4

—

Question 27

Which function does LDP provide in an MPLS topology?

A: It enables a MPLS topology to connect multiple VPNs to P routers.
B: It provides hop-by-hop forwarding in an MPLS topology for LSRs.
C: It exchanges routes for MPLS VPNs across different VRFs.
D: It provides a means for LSRs to exchange IP routes.

—

Question 28

Which mechanism provides traffic segmentation within a DMVPN network?

A: BGP
B: IPsec
C: MPLS
D: RSVP

—

Question 29

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

—

Question 30

Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser.
What is needed to fix the problem?

A: permit tcp port 443
B: permit udp port 465
C: permit tcp port 465
D: permit tcp port 22

—

Question 31

DRAG DROP -
Drag and drop the packet types from the left onto the correct descriptions on the right.
Select and Place:

—

Question 32

DRAG DROP -
Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right.
Select and Place:

—

Question 33

Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+.
Which action produces the desired configuration?

A: Add the aaa authentication login default none command to the global configuration.
B: Replace the capital ג€Cג€ with a lowercase ג€cג€ in the aaa authentication login Console local command.
C: Add the aaa authentication login default group tacacs+ local-case command to the global configuration.
D: Add the login authentication Console command to the line configuration

—

Question 34

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting.
Which command must be used in configuration mode to enable SSH on the device?

A: no ip ssh disable
B: ip ssh enable
C: ip ssh version 2
D: crypto key generate rsa

—

Question 35

Refer to the exhibit. In which circumstance does the BGP neighbor remain in the idle condition?

A: if prefixes are not received from the BGP peer
B: if prefixes reach the maximum limit
C: if a prefix list is applied on the inbound direction
D: if prefixes exceed the maximum limit

—

Question 36

Which statement about IPv6 ND inspection is true?

A: It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
B: It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
C: It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
D: It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

—

Question 37

While troubleshooting connectivity issues to a router, these details are noticed:
✑ Standard pings to all router interfaces, including loopbacks, are successful.
✑ Data traffic is unaffected.
✑ SNMP connectivity is intermittent.
✑ SSH is either slow or disconnects frequently.
Which command must be configured first to troubleshoot this issue?

A: show policy-map control-plane
B: show policy-map
C: show interface | inc drop
D: show ip route

—

Question 38

Refer to the exhibit. Why is user authentication being rejected?

A: The TACACS+ server expects ג€userג€, but the NT client sends ג€domain/userג€.
B: The TACACS+ server refuses the user because the user is set up for CHAP.
C: The TACACS+ server is down, and the user is in the local database.
D: The TACACS+ server is down, and the user is not in the local database.

—

Question 39

Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?

A: policy-map SHAPE_BGP
B: policy-map LIMIT_BGP
C: policy-map POLICE_BGP
D: policy-map COPP

—

Question 40

Which statement about IPv6 RA Guard is true?

A: It does not offer protection in environments where IPv6 traffic is tunneled.
B: It cannot be configured on a switch port interface in the ingress direction.
C: Packets that are dropped by IPv6 RA Guard cannot be spanned.
D: It is not supported in hardware when TCAM is programmed.

—

Question 41

An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing.
Which two actions resolve the issue? (Choose two.)

A: Configure transport input ssh command on the console.
B: Configure a domain name.
C: Configure a crypto key to be generated.
D: Configure a source port for the SSH connection to initiate.
E: Configure a TACACS+ server and enable it.

—

Question 42

When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device.
Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?

A: Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
B: Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
C: Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
D: Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.

—

Question 43

In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)

A: by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
B: by various IPv6 guard features to validate the data link layer address
C: by the recovery mechanism to recover the binding table in the event of a device reboot
D: by IPv6 routing protocols to securely build neighborships without the need of authentication
E: by storing hashed keys for IPsec tunnels for the built-in IPsec features

—

Question 44

Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1.
Which configuration allows Router2 to establish a Telnet connection to Router1?

A: ipv6 unicast-routing
B: permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
C: permit ip any any on access list EGRESS2 on Router1
D: IPv6 address on GigabitEthernet0/0

—

Question 45

An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?

A: ip verify unicast source reachable-via l2-src
B: ip verify unicast source reachable-via allow-default
C: ip verify unicast source reachable-via any
D: ip verify unicast source reachable-via rx

—

Question 46

Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber?

A: shared risk link group-disjoint
B: linecard-disjoint
C: lowest-repair-path-metric
D: interface-disjoint

—

Question 47

Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary traffic through the interface
Which command must be configured to resolve the issue?

A: ip access-group INTERNET in
B: ipv6 traffic-filter INTERNET in
C: ipv6 access-class INTERNET in
D: access-class INTERNET in

—

Question 48

Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?

A: VACL blocking broadcast frames from nonauthorized hosts
B: PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
C: PVLANs with community ports associated to route advertisements and isolated ports for nodes
D: IPv4 ACL blocking route advertisements from nonauthorized hosts

—

Question 49

Refer to the exhibit.
Which action resolves the failed authentication attempt to the router?

A: Configure aaa authorization console global command
B: Configure aaa authorization console command on line vty 0 4
C: Configure aaa authorization login command on line console 0
D: Configure aaa authorization login command on line vty 0 4

—

Question 50

Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server.
Which action resolves this issue?

A: Correct the timeout value.
B: Match the authentication port.
C: Correct the shared secret.
D: Match the accounting port.

—

Page 2 of 25 • Questions 26-50 of 617

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!