Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-410Free trial

By cisco

Verified

25Q per page

Question 51

Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only partial information.
What action should be taken to resolve this issue?

A: Modify the CoPP policy to increase the configured exceeded limit for SNMP.
B: Modify the access list to include snmptrap.
C: Modify the CoPP policy to increase the configured CIR limit for SNMP.
D: Modify the access list to add a second line to allow udp any any eq snmp.

—

Question 52

Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log config all.
Which router configuration is needed to resolve this issue?

A: MASS-RTR(config)#aaa authentication arap
B: MASS-RTR(config-archive-log-cfg)#password encryption aes
C: MASS-RTR(config)#service password-encryption
D: MASS-RTR(config-archive-log-cfg)#hidekeys

—

Question 53

Refer to the exhibit. BGP is flapping after the CoPP policy is applied.
What are the two solutions to fix the issue? (Choose two.)

A: Configure a higher value for CIR under the Class COPP-CRITICAL-7600.
B: Configure a higher value for CIR under the default class to allow more packets during peak traffic.
C: Configure BGP in the COPP-CRITICAL-7600 ACL.
D: Configure IP CEF for CoPP policy and BGP to work.
E: Configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600.

—

Question 54

Refer to the exhibit. A network administrator configured an IPv6 access list to allow TCP return traffic only, but it is not working as expected.
Which changes resolve this issue?
A.

—

Question 55

What are two functions of IPv6 Source Guard? (Choose two.)

A: It works independent from IPv6 neighbor discovery.
B: It denies traffic from unknown sources or unallocated addresses.
C: It uses the populated binding table to allow legitimate traffic.
D: It denies traffic by inspecting neighbor discovery packets for specific patterns.
E: It blocks certain traffic by inspecting DHCP packets for specific sources.

—

Question 56

Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the clock on the device does not correspond to the time stamp of the log entries.
Which action ensures consistency between the two times?

A: Configure the service timestamps log uptime command in global configuration mode.
B: Configure the logging clock synchronize command in global configuration mode.
C: Configure the service timestamps log datetime localtime command in global configuration mode.
D: Make sure that the clock on the device is synchronized with an NTP server.

—

Question 57

Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.)

A: Remove class-map ANY from service-policy CoPP.
B: Configure transport output ssh on line vty and remove sequence 20 from access list 100.
C: Configure transport input ssh on line vty and remove sequence 30 from access list 100.
D: Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199.
E: Configure transport output ssh on line vty and remove sequence 10 from access list 199.

—

Question 58

Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets?

A: Decrease the committed burst size of the mgmt class map.
B: Increase the CIR of the mgmt class map.
C: Add one new entry in the ACL 120 to permit the UDP port 161.
D: Add a new class map to match TCP traffic.

—

Question 59

DRAG DROP -

Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used.
Select and Place:

—

Question 60

Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time.
Which action resolves the issue?

A: Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list.
B: Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list.
C: Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.
D: Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.

—

Question 61

Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface.
Which action resolves the issue?

A: Modify line 10 of the access list to permit instead of deny.
B: Remove line 60 from the access list.
C: Modify line 30 of the access list to permit instead of deny.
D: Remove line 70 from the access list.

—

Question 62

Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SSH.
Which action should be taken to resolve this issue?

A: Modify the access list to use the correct IP address.
B: Configure the correct time range.
C: Modify the access list to correct the subnet mask.
D: Configure the access list in the outbound direction.

—

Question 63

Refer to the exhibit.

A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123
Which command will resolve this problem when WAN connectivity is down?

A: aaa authentication login console group tacacs+ enable
B: aaa authentication login default group tacacs+ local
C: aaa authentication login default group tacacs+ enable
D: aaa authentication login default group tacacs+ console

—

Question 64

Refer to the exhibit.

An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend.
Which configuration resolves the issue?

A: R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
B: R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30
C: R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30
D: R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor

—

Question 65

What are two characteristics of IPv6 Source Guard? (Choose two.)

A: requires the user to configure a static binding
B: used in service provider deployments to protect DDoS attacks
C: requires that validate prefix be enabled
D: requires IPv6 snooping on Layer 2 access or trunk ports
E: recovers missing binding table entries

—

Question 66

DRAG DROP -
Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right.
Select and Place:

—

Question 67

Refer to the exhibit. What is the result of applying this configuration?

A: The router can form BGP neighborships with any other device.
B: The router cannot form BGP neighborships with any other device.
C: The router cannot form BGP neighborships with any device that is matched by the access list named ג€BGPג€.
D: The router can form BGP neighborships with any device that is matched by the access list named ג€BGPג€.

—

Question 68

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results.
Which set of configurations resolves this issue?

A: no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any
B: control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
C: no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
D: control-plane no service-policy input PM-CoPP service-policy input PM-CoPP

—

Question 69

Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected.
Which command set is used to troubleshoot and resolve this issue?

A: line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec
B: line con 0 aaa authorization console ! line vty 0 4 authorization exec
C: line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh
D: line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh

—

Question 70

Refer to the exhibit. An engineer is troubleshooting a TACACS problem.
Which action resolves the issue?

A: Configure a matching TACACS server IP.
B: Configure a matching preshared key.
C: Generate authentication from a relative source interface.
D: Apply a configured AAA profile to the VTY.

—

Question 71

The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any
!
class-map CM-ADMIN
match access-group 100
!
policy-map PM-COPP
class CM-ADMIN
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
CoPP failed to capture the desired traffic and the CPU load is getting higher.
Which two configurations resolve the issue? (Choose two.)

A: interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP
B: policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP
C: no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80
D: no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443
E: policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit

—

Question 72

Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured.
Which command resolves this issue?

A: access-class INTERNET in
B: ip access-group INTERNET in
C: ipv6 traffic-filter INTERNET in
D: ipv6 access-class INTERNET in

—

Question 73

Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success.
Which configuration resolves the issue?

A: tacacs server prod address ipv4 10.221.10.10 exit
B: ip route 10.221.10.10 255.255.255.255 ethernet 0/1
C: ip route 10.221.0.11 255.255.255.255 ethernet 0/1
D: tacacs server prod address ipv4 10.221.10.11 exit

—

Question 74

An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two.)

A: Copy the file to the destination router with the copy tftp: flash: command
B: Enable the TFTP server on the source router with the tftp-server flash: <filename> command
C: TFTP is not supported in recent IOS versions, so an alternative method must be used
D: Configure a user on the source router with the username tftp password tftp command
E: Configure the TFTP authentication on the source router with the tftp-server authentication local command

—

Question 75

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day.
Which action fixes the issue within the current resources?

A: Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool
B: Configure the DHCP lease time to a smaller value
C: Configure the DHCP lease time to a bigger value
D: Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool

—

Page 3 of 25 • Questions 51-75 of 617

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!