Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

350-401 by Cisco - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Question 4

Which resource must the hypervisor make available to the virtual machines?

A bandwidth
B IP address
C processor
D secure access

Question 5

Which two items are found in YANG data models? (Choose two.)

A HTTP return codes
B rpc statements
C JSON schema
D container statements
E XML schema

Question 6

The Radio Resource Management software that is embedded in the Cisco WLC acts as a manager to constantly monitor over-the-air metrics. Which other factor does the Radio Resource Management software detect?

A presence of rogue APs or malicious SSIDs
B unauthorized wireless network access
C repeated attempts to authenticate to a wireless network
D end-node vulnerabilities

Question 7

An engineer must configure HSRP for VLAN 1200 on SW1. The second switch is configured by using the last usable IP address in the network as the virtual IP. Which command set accomplishes this task?

A SW1(config)# interface vlan 1200 SW1(config-if)# ip address 172.12.0.254 255.255.255.0 SW1(config-if)# standby version 2 SW1(config-if)# standby 1200 ip 172.12.0.2 SW1(conflg-it)# standby 1200 preempt
B SW1(config)# interface vlan 1200 SW1(config-if)# ip address 172.12.0.2 255.255.255.0 SW1(config-if)# standby version 2 SW1(config-if)# standby 1200 ip 172.12.0.254 SW1(conflg-it)# standby 1200 preempt
C SW1(config)# interface vlan 1200 SW1(config-if)# ip address 172.12.0.2 255.255.255.0 SW1(config-if)# standby 1200 ip 172.12.0.254 SW1(config-if)# standby 1200 timers 5 15 SW1(conflg-it)# standby 1200 preempt
D SW1(config)# interface vlan 1200 SW1(config-if)# ip address 172.12.0.1 255.255.255.0 SW1(config-if)# standby 1200 ip 172.12.0.254 SW1(config-if)# standby 1200 timers 5 15 SW1(conflg-it)# standby 1200 preempt

Question 8

Which action occurs during a Layer 3 roam?

A The client receives a new IP address after authentication occurs.
B The client is marked as "Foreign" on the original controller.
C The client database entry is moved from the old controller to the new controller.
D Client traffic is tunneled back to the original controller after a Layer 3 roam occurs.

Question 9

What are two benefits of using Cisco TrustSec? (Choose two.)

A consistent network segmentation
B end-to-end traffic encryption
C advanced endpoint protection against malware
D simplified management of network access
E unknown file analysis using sandboxing

Question 10

Question 11

Question 12

What is used by vManage to interact with Cisco SD-WAN devices in the fabric?

A IPsec
B northbound API
C RESTCONF
D southbound API

Question 13

Which feature does Cisco DNA Center Assurance provide?

A application policy configuration
B device onboarding and configuration
C software upgrade and management
D data correlation and analysis

Question 14

DRAG DROP -
Drag and drop the virtual components from the left onto their descriptions on the right.
Select and Place:

Question 15

What is a common trait between Ansible and Chef?

A Both rely on a declarative approach.
B Both are used for mutable infrastructure.
C Both require a client to be installed on hosts.
D Both rely on NETCONF.

Question 16

An engineer must configure a router to allow users to run specific configuration commands by validating the user against the router database. Which configuration must be applied?

A aaa authentication network default local
B aaa authorization network default local
C aaa authentication exec default local
D aaa authorization exec default local

Question 17

What is a characteristic of traffic shaping?

A lacks support for marking or remarking
B must be applied only to outgoing traffic
C can be applied in both traffic directions
D queues out-of-profile packets until the buffer is full

Question 18

An engineer adds a new switch to a Cisco StackWise stack. The switch that was active before the switch was added is elected as the active switch again. Which action does the active switch take?

A It suspends traffic forwarding until the new switch is updated with the current running configuration of the stack.
B It checks the IOS and running configuration of the new switch and updates them if necessary to match the other switches in the stack.
C It removes any Layer 3 configuration on the new switch to maintain normal Layer 2 functionality on the stack.
D It clears the MAC table of the stack and relearns the attached devices.

Question 19

Question 20

Question 21

When the “deny” statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated?

A Traffic is routed to the null 0 interface of the router and discarded.
B Traffic is returned to the normal forwarding behavior of the router.
C An additional sequential route-map line is needed to divert the traffic to the router's normal forwarding behavior.
D An additional sequential route-map line is needed to policy route this traffic.

Question 22

A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which action meets this requirement?

A Configure the CCMP256 encryption cipher.
B Configure the CCMP128 encryption cipher.
C Configure the GCMP256 encryption cipher.
D Configure the GCMP128 encryption cipher.

Question 23

Which tunnel type allows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC?

A Mobility
B IPsec
C VPN
D Ethernet over IP

Question 24

Which element enables communication between guest VMs within a virtualized environment?

A hypervisor
B virtual router
C vSwitch
D pNIC

Question 25

Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address?

A mobility tunnel
B mobile IP
C LWAPP tunnel
D GRE tunnel

Page 1 of 43 • Questions 1-25 of 1062

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

What is the difference between a RIB and a FIB?

A The FIB is populated based on RIB content.
B The RIB maintains a mirror image of the FIB.
C The RIB is used to make IP source prefix-based switching decisions.
D The FIB is where all IP routing information is stored.

What are two device roles in Cisco SD-Access fabric? (Choose two.)

A edge node
B vBond controller
C access switch
D core switch
E border node

Refer to the exhibit. A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?

A The tunnel keepalive is configured incorrectly because they must match on both sites.
B The tunnel destination will be known via the tunnel interface.
C The tunnel will be established and work as expected.
D The default MTU of the tunnel interface is 1500 bytes.

Refer to the exhibit. An administrator must enable RESTCONF access to a router. Which two commands or command sets must be added to the existing configuration? (Choose two.)

A aaa authentication login default local aaa authorization exec default local
B restconf
C line vty 0 15
D netconf-yang
E username restconf privilege 0

Refer to the exhibit. What is achieved by this Python script?

A It reads access list statements into a dictionary list.
B It displays access list statements on a terminal screen.
C It configures access list statements.
D It converts access list statements to a human-readable format.

Refer to the exhibit. What is the result of the IP SLA configuration?

A The operation runs 5000 times.
B IP SLA is scheduled to run at 3 a.m.
C The operation runs 300 times a day.
D The rate is configured to repeat every 5 minutes.

Refer to the exhibit. Which configuration enables password checking on the console line, using only a password?

A router(config)# line con 0 router(config-line)# login
B router(config)# line con 0 router(config-line)# exec-timeout 0 0
C router(config)# line vty 0 4 router(config-line)# login
D router(config)# line con 0 router(config-line)# login local

350-401Preview