Refer to the exhibit. A network architect has partially configured static NAT. Which commands should be added to complete the configuration? A. R1(config)# interface GigabitEthernet 0/0
R1(config)# ip pat inside -
R1(config)# interface GigabitEthernet 0/1
R1(config)# ip pat outside -
B. R1(config)# interface GigabitEthernet 0/0
R1(config)# ip pat outside -
R1(config)# interface GigabitEthernet 0/1
R1(config)# ip pat inside -
C. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip nat inside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip nat outside -
D. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip nat outside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip nat inside.
Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied? A. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1 (config)#interface giga 0/2 -
R1 (config-if)#ip access-group 120 in
B. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 20
R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21
R1(config)#interface giga 0/2 -
R1 (config-if)#ip access-group 120 in
C. R1 (config)# access-list 120 deny any any
R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 21
R1 (config)#interface giga 0/0 -
R1(config-if)#ip access-group 120 out
D. R1(config)# access-list 120 permit tcp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1(config)# access-list 120 permit udp 172.16.1.0 0.0.0.255 21 172.16.2.0 0.0.0.255
R1 (config)#interface giga 0/2 -
R1(config-if)#ip access-group 120 out
.
High bandwidth utilization is occurring on interface Gig0/1 of a router. An engineer must identify the flows that are consuming the most bandwidth. Cisco DNA Center is used as a flow exporter and is configured with the IP address 192.168.23.1 and UDP port 23000. Which configuration must be applied to set NetFlow data export and capture on the router? A B C D.
address permit next-hop set.
Which DNS record type is required to allow APs to discover a WLC by using DNS on IPv4? A. NS
B. A
C. SOA
D. MX
.
What is modularity in network design? A. ability to bundle several functions into a single layer of the network
B. ability to create self-contained, repeatable sections of the network
C. ability to self-heal the network to prevent service outages
D. ability to scale and accommodate future needs of the network.
Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable access? A. R1 (config)# ip tacacs source-interface Gig 0/0
B. R1 (config)# tacacs server prod -
R1(config-server-tacacs)# port 1020
C. R1 (config)# aaa authorization exec default group tacacs+ local
D. R1 (config)# tacacs server prod -
R1(config-server-tacacs)# key cisco123
.
A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop their connections and change IP addresses when roaming. Which action resolves this issue? A. Configure high availability.
B. Enable fast roaming.
C. Configure mobility groups.
D. Enable client load balancing
.
What is one difference between the RIB and the FIB? A. The RIB keeps all routing information received from peers, and the FIB keeps the minimum information necessary to make a forwarding decision.
B. The RIB works at the data plane, and the FIB works at the control plane.
C. The FIB contains routing prefixes, and the RIB contains the Layer 2 and Layer 3 information necessary to make a forwarding decision.
D. The RIB is known as the CEF table, and the FIB is known as the routing table.
.
What is a characteristic of an AP operating in FlexConnect mode? A. All traffic traverses the WLC to ensure policy enforcement on client traffic.
B. Forwarding for locally switched traffic continues when the AP loses connectivity to the WLC.
C. APs connect in a mesh topology and elect a root AP
D. FlexConnect enables an AP to connect to multiple WLCs.
.
What is the benefit of using TCAM for IP forwarding decisions versus using the CAM table? A. TCAM finds results based on binary, and CAM uses the longest match to find results
B. TCAM processes lookups in a hardware CPU. and CAM relies on binary masks to find results.
C. TCAM finds results based on masks, and CAM finds results basing on exact match.
D. TCAM uses low cost hardware memory to store addresses, and CAM uses expensive hardware memory.
.
Refer to the exhibit. Two indirectly connected routers fail to form an OSPF neighborship. What is the cause of the issue? A. failing hello packets between the two routers
B. DR/BDR selection dispute
C. MTU mismatch
D. OSPF network type mismatch
.
Which feature is provided by Cisco Mobility Services Engine in a Cisco Wireless Unified Network architecture? A. It adds client packet capturing.
B. It enables NetFlow data collection.
C. It adds client tracking and location API.
D. It identifies authentication problems.
.
Which unit of measure is used to measure wireless RF SNR? A. dBi
B. dB
C. dBm
D. mW
.
Drag and drop the components of the Cisco SD-Access fabric architecture from the left onto the correct descriptions on the right. Not all options are used. fabric mode AP CP node border node edge node fabric wireless controller.
In a campus network design, what are two benefits of using BFD for failure detection? (Choose two.) A. BFD speeds up routing convergence time.
B. BFD is an efficient way to reduce memory and CPU usage.
C. BFD provides fault tolerance by enabling multiple routers to appear as a single virtual router.
D. BFD provides path failure detection in less than a second.
E. BFD enables network peers to continue forwarding packets in the event of a restart.
.
Refer to the exhibit. A network engineer issues the debug command while troubleshooting a network issue. What does the output confirm? A. ACL 100 is tracking ICMP traffic from 10.1.1.1 destined for 1.1.1.1.
B. ACL100 is tracking all traffic from 10.1.1.1 destined for 1.1.1.1.
C. ACL100 is tracking ICMP traffic from Serial1/0 destined for Serial3/0.
D. ACL100 is tracking ICMP traffic from 1.1.1.1 destined for 10.1.1.1.
.
Refer to the exhibit. An engineer must update the existing configuration to achieve these results:
• Only administrators from the 192.168.1.0/24 subnet can access the vty lines.
• Access to the vty lines using clear-text protocols is prohibited.
Which command set should be applied? A. access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 15
access-class 1 in
transport input none B. access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 15
access-class 1 in
transport input telnet ssh C. access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 15
access-class 1 in
transport input ssh D. access-list 1 permit 192.168.1.0 255.255.255.0
line vty 0 15
access-class 1 in
transport input telnet rlogin.
Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network? A. NBAR2
B. IPFIX
C. 8
D. flexible
.
Refer to the exhibit. What is printed to the console when this script is run? A. a key-value pair in tuple type
B. an error
C. a key-value pair in list type
D. a key-value pair in string type
.
What is a difference between Chef and other automation tools? A. Chef is an agentless tool that uses playbooks, and Ansible is an agent-based tool that uses cookbooks.
B. Chef is an agentless tool that uses a primary/minion architecture, and SaltStack is an agent-based tool that uses a primary/secondary architecture
C. Chef is an agent-based tool that uses cookbooks, and Ansible is an agentless tool that uses playbooks.
D. Chef uses Domain Specific Language, and Puppet uses Ruby.
.
An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement? A. 802.1X and Fast Transition
B. FT PSK and Fast Transition
C. 802.1X and SUITEB-1X
D. FT PSK and SUITEB-1X
.
Refer to the exhibit. An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users. The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected. Which WLC configuration change resolves the issue? A. Enable AAA Override.
B. Enable Aironet IE.
C. Set MFP client protection to Required.
D. Change NAC state to ISE NAC.
.
What is one role of the VTEP in a VXLAN environment? A. to maintain VLAN configuration consistency
B. to forward packets to non-LISP sites
C. to provide EID-to-RLOC mapping
D. to encapsulate the tunnel
.
Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some options may be used twice. 192.168.1.1 192.168.1.2 65000 65001.
How is CAPWAP data traffic encapsulated when running an Over the Top WLAN in a Cisco SD-Access wireless environment? A. LISP
B. VXLAN
C. GRE
D. IPsec
.
Refer to the exhibit. What does the Python code accomplish? A. It configures interface e1/32 to be in an admin down state
B. It generates a status code of 403 because the type is incorrect.
C. It configures interface e1/32 to be in an err-disable state.
D. It returns data in JSON-RPC format.
.
Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device? A. Enable the NETCONF service.
B. Enable the SSH service.
C. Enable the IOX service.
D. Enable the HTTPS service.
Which JSON script is properly formatted?
A B C D.
Which technology is used as the basis for the Cisco SD-Access data plane? A. LISP
B. 802.1Q
C. VXLAN
D. IPsec
.
How is OAuth framework used in REST API? A. as a framework to hash the security information in the REST URL
B. by providing the external application a token that authorizes access to the account
C. as a framework to hide the security information in the REST URL
D. by providing the user credentials to the external application
.
What is a characteristic of Cisco DNA southbound APIs? A. implements monitoring by using the SOAP protocol
B. enables orchestration and automation of network devices based on intent
C. utilizes REST API
D. simplifies management of network devices.
Where is the wireless LAN controller located in a mobility express deployment? A. The wireless LAN controller exists in a server that is dedicated for this purpose.
B. The wireless LAN controller is embedded into the access point.
C. The wireless LAN controller exists in the cloud.
D. There is no wireless LAN controller in the network.
.
Refer to the exhibit. A network engineer must permit administrators to automatically authenticate if there is no response from either of the AAA servers. Which configuration achieves these results? A. aaa authentication enable default group radius local
B. aaa authentication login default group radius
C. aaa authentication login default group tacacs+ line
D. aaa authentication login default group radius none
.
Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources? A. native
B. bare metal
C. type 1
D. type 2.
Refer to the exhibit. The NETCONF object is sent to a Cisco IOS XE switch. What is the purpose of the object? A. Discover the IP address of interface GigabitEthernet1
B. Remove the IP address from interface GigabitEthernet1
C. Set the description of interface GigabitEthernet1 to "1"
D. View the configuration of all GigabitEthernet interfaces
.
Which protocol does Cisco SD-WAN use to protect control plane communication? A. STUN
B. OMP
C. IPsec
D. DTLS.
Which security option protects credentials from sniffer attacks in a basicAPI authentication? A. next-generation firewall
B. TLS or SSL for communication
C. VPN connection between client and server
D. AAA services to authenticate the API
.
Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality? A. WebAuth
B. MACsec
C. private VLANs
D. port security
.
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be applied? A. aaa authentication exec default radius local
B. aaa authentication exec default radius
C. aaa authorization exec default radius local
D. aaa authorization exec default radius
.
What does the Cisco WLC Layer 3 roaming feature allow clients to do? A. maintain their IP address when roaming to an AP or controller with a different client VLAN assignment
B. maintain their connection between APs even when the AP management VLANs are different
C. maintain their connection even if the client IP address changes when roaming
D. roam seamlessly between controllers even when the controller management VLANs are different
.
Which JSON script is properly formatted? A B C D.
What is the function of Cisco DNA Center in a Cisco SD-Access deployment? A. It is responsible for the design, management, deployment, provisioning, and assurance of the fabric network devices
B. It is responsible for routing decisions inside the fabric
C. It provides integration and automation for all nonfabric nodes and their fabric counterparts
D. It possesses information about all endpoints, nodes, and external networks related to the fabric
.
How do the MAC address table and TCAM differ? A. TCAM is populated from the ARP file, and the MAC address table is populated from the switch configuration file
B. TCAM stores Layer 2 forwarding information, and the MAC address table stores QoS information
C. TCAM lookups can match only 1s and 0s, and MAC address lookups can match 1s, 0s and a third "care/don't care" state
D. TCAM is a type of memory and the MAC address table is a logical structure.
Which technology provides an overlay fabric to connect remote locations utilizing commodity data paths and improves network performance, boosts security, and reduces costs? A. InfiniBand
B. VTEP
C. SD-WAN
D. VXLAN
.
Which two actions are recommended as security best practices to protect REST API? (Choose two.) A. Enable dual authentication of the session
B. Use a password hash
C. Use SSL for encryption
D. Use TACACS+ authentication
E. Enable out-of-band authentication
.
Drag and drop the code snippets from the bottom onto the blanks in the PHP script to convert a PHP array into JSON format. Not all options are used. $encodedJSON $inputArray = array json_decode $inputArray json_encode.
Refer to the exhibit. An engineer is configuring WebAuth on a Cisco Catalyst 9800 Series WLC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use it on the WebAuth splash page. What must be configured so that the clients do not receive a certificate error? A. Virtual IPv4 Hostname must match the CN of the certificate
B. Virtual IPv4 Address must be set to a routable address
C. Web Auth Intercept HTTPs must be enabled
D. Trustpoint must be set to the management certificate of the WLC
.
Refer to the exhibit. Which configuration must be added to enable remote access only using SSHv1 or SSHv2 to this router? A. R1(config)# ip ssh version 2
R1(config)# line vty 0 15
R1(config-line)# transport input ssh
R1(config-line)# transport output ssh B. R1(config)# crypto key generate rsa modulus 2048
R1(config)# line vty 0 15
R1(config-line)# transport input ssh C. R1(config)# line vty 0 15
R1(config-line)# transport input ssh
R1(config-line)# transport output ssh A. R1(config)# crypto key generate rsa modulus 2048
R1(config)# ip ssh version 2
R1(config)# line vty 0 15
R1(config-line)# transport input all.
|
