Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

350-401Free trialFree trial

By cisco
Aug, 2025

Verified

25Q per page

Question 51

Which configuration creates a CoPP policy that provides unlimited SSH access from client 10.0.0.5 and denies access from all other SSH clients?

  • A:
  • B:
  • C:
  • D:

Question 52

Which access control feature does MAB provide?

  • A: simultaneous user and device authentication
  • B: allows devices to bypass authentication
  • C: network access based on the physical address of a device
  • D: user access based on IP address

Question 53

What is provided to the client to identify the authenticated session in subsequent API calls after authenticating to the Cisco DNA Center API?

  • A: authentication token
  • B: client X.509 certificate
  • C: session cookie
  • D: username and password

Question 54

Image 1

Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

  • A: action 1.0 snmp-trap strdata “Configuration change alarm” action 1.0 syslog priority critical msg “Configuration change alarm”
  • B: action 1.0 snmp-trap strdata “Configuration change alarm” action 2.0 syslog msg “Configuration change alarm”
  • C: action 1.0 snmp-trap strdata “Configuration change alarm” action 1.1 syslog priority critical msg “Configuration change alarm”
  • D: action 1.0 snmp-trap strdata “Configuration change critical alarm”

Question 55

How does the Cisco SD-Access control plane simplify traditional routing environments?

  • A: Routing adjacencies are no longer required.
  • B: Separation of EID and RLOC reduces the size of routing tables.
  • C: Routers query all routes to the map server.
  • D: Full routing tables are shared and ensure that all routers know all paths within the underlay fabric and overlay.

Question 56

Which template is used when multiple templates are grouped together to run in succession in Cisco DNA Center?

  • A: project
  • B: regular
  • C: configuration
  • D: composite

Question 57

In a wireless network environment, what is calculated using the numerical values of the transmitter power level, cable loss, and antenna gain?

  • A: SNR
  • B: RSSI
  • C: EIRP
  • D: dBi

Question 58

Which method requires a client to authenticate and has the capability to function without encryption?

  • A: WEP
  • B: PSK
  • C: open
  • D: WebAuth

Question 59

An engineer must update the local web authentication details on a Cisco 5520 WLC. The engineer has one active SSID configured for web authentication and plans to update the virtual interface with a nonroutable IP address. Which command must the engineer apply?

  • A: config wlan create wlan_idname
  • B: config interface address virtual 1.1.1.1
  • C: config interface address dynamic-interface virtual 192.0.2.1
  • D: config interface address virtual 192.0.2.1

Question 60

Image 1

Refer to the exhibit. What is achieved when this Python script is executed?

  • A: All devices that are looped through in the devices.txt file are put into a list that is appended to the parent dictionary.
  • B: All devices that are looped through in the devices.txt file are put into a single dictionary that is appended to the parent list.
  • C: Each device that is looped through in the devices.txt file is put into its own list that is appended to the parent dictionary.
  • D: Each device that is looped through in the devices.txt file is put into its own dictionary that is appended to the parent list.

Question 61

Image 1

Refer to the exhibit. Why does OSPF fail to establish an adjacency between R1 and R2?

  • A: authentication mismatch
  • B: interface MTU mismatch
  • C: timers mismatch
  • D: area mismatch

Question 62

SIMULATION

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.

Topology

Image 1

Tasks

The operations team started configuring network devices for a new site. Complete the configurations to achieve these goals:

  1. Configure Rapid PVST+ on SW20.
  2. The trunk between SW20 and SW30 is not operational. Troubleshoot the issue and ensure PC3 can ping PC1 (10.10.100.10) across the link.
  3. The LACP port channel between SW10 and SW20 is not operational. Troubleshoot the issue and ensure PC3 can ping PC2 (10.10.100.20) across the port channel.

Note: No access is provided to SW10 or SW30. Resolve these issues by making changes only to SW20. Traffic on all trunks should be restricted to only active VLANs.

Image 2

Question 63

What is a characteristic of Layer 3 roaming?

  • A: It provides seamless roaming between APs that are connected to different Layer 3 networks and different mobility groups.
  • B: It is only supported on controllers that run SSO.
  • C: Clients must obtain a new IP address when they roam between APs.
  • D: It provides seamless client roaming between APs in different Layer 3 networks but within the same mobility group.

Question 64

An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?

  • A: RouterX(config)# line aux 0 - RouterX(config-line)# password cisco RouterX(config-line)# login -
  • B: RouterX(config)# aaa new-model - RouterX(config)# aaa authentication login auth-list local
  • C: RouterX(config)# line vty 0 4 - RouterX(config-line)# login - RouterX(config-line)# end -
  • D: RouterX(config)# line vty 0 4 - RouterX(config-line)# login local RouterX(config-line)# end

Question 65

Which configuration enables a device to be configured via NETCONF over SSHv2?

  • A:
  • B:
  • C:
  • D:

Question 66

SIMULATION

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary pre-configurations have been applied.
• Do not remove any existing configurations from the devices, only those necessary to make the appropriate changes required to fulfill the listed tasks.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.

Topology

Image 1

Tasks

Configure R1 according to the topology to achieve these results:

  1. Configure eBGP using Loopback 0 for the router-id. Do not use the address-family command to accomplish this.
  2. Advertise R1’s Loopback 100 and Loopback 200 networks to AS200 and AS300.
Image 2

Question 67

Image 1

Refer to the exhibit. An engineer must configure PAT to provide internet access to all users by using one global address for many local addresses. Which command set completes the configuration?

  • A: RouterA(config)# ip nat inside source static 172.16.1.1 172.16.1.2
  • B: RouterA(config)# ip nat inside source list 1 pool cisco
  • C: RouterA(config)# ip nat inside source static 172.16.1.1 193.64.64.1
  • D: RouterA(config)# ip nat inside source list 1 pool cisco overload

Question 68

What does the LAP send when multiple WLCs respond to the CISCO-CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

  • A: unicast discovery request to the first WLC that resolves the domain name
  • B: broadcast discovery request
  • C: join request to all the WLCs
  • D: unicast discovery request to each WLC

Question 69

A network engineer must configure the VTY lines on a router to achieve these results:

• Remote access should be permitted for all feasible protocols.
• Only a password should be required for device authentication.
• All idle EXEC sessions must be terminated in 60 minutes.

Which configuration should be applied?

  • A: line vty 0 15 password Cisco123 transport input ssh exec-timeout 60
  • B: line vty 0 15 login password Cisco123 transport input all absolute-timeout 60
  • C: line vty 0 15 password Cisco123 transport input all exec-timeout 60
  • D: line vty 0 15 transport input telnet ssh rlogin login local absolute-timeout 60

Question 70

What is a characteristic of Wi-Fi channels?

  • A: The 2.4-GHz band has 24 non-overlapping channels.
  • B: Devices that connect to the same Wi-Fi channel reside in the same collision domain.
  • C: Wi-Fi channels are spaced 30 MHz apart.
  • D: The 5-GHz band offers 11 different channels for Wi-Fi clients.

Question 71

Which function is handled by vManage in the Cisco SD-WAN fabric?

  • A: Establishes IPsec tunnels with nodes.
  • B: Performs remote software upgrades for WAN Edge, vSmart, and vBond.
  • C: Distributes policies that govern data forwarding.
  • D: Establishes BFD sessions to test liveliness of links and nodes.

Question 72

SIMULATION

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.

Topology

Image 1

Tasks

OSPF is preconfigured on all devices except R20. Configure R20 to complete these tasks.

Task 1:

Configure OSPF according to the topology using these requirements:

• Use Process ID 10.
• Use Loopback1 for the Router ID.
• Advertise all networks into OSPF.

o Use network statements under the OSPF process to accomplish this task.

Task 2:

Configure a /20 summary route for Area 40.

• Advertise only Type 3 LSAs into Area 0.

R20

Image 2

Question 73

Which JSON script is properly formatted?

  • A:
  • B:
  • C:
  • D:

Question 74

What is a benefit of MACsec in a multilayered LAN network design?

  • A: Application flows between hosts on the LAN to remote destinations can be encrypted.
  • B: Layer 2 trunk links between switches can be secured.
  • C: There is no requirement to run IEEE 802.1X when MACsec is enabled on a switch port.
  • D: Layer 3 links between switches can be secured.

Question 75

SIMULATION

Guidelines

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.

Topology

Image 1

Tasks

The operations team started configuring network devices for a new site. R10 and R20 are preconfigured with the CORP VRF. R10 has network connectivity to R20. Complete the configurations to achieve these goals:

  1. Extend the CORP VRF between R10 and R20 using Tunnel0.
  2. Protect Tunnel0 using the preconfigured profile.
Image 2
Page 3 of 43 • Questions 51-75 of 1063
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!