An engineer must configure interface and sensor monitoring on a router. The NMS server is located in a trusted zone with IP address 10.15.2.19. Communication between the router and the NMS server must be encrypted and password-protected using the most secure algorithms. Access must be allowed only for the NMS server and with the minimum permission levels needed. Which configuration must the engineer apply? A. ip access-list extended nms
permit 1 host 10.15.2.19 any
snmp-server view ro internet included
snmp-server view ro ifEntry included
snmp-server group nms v3 priv notify ro access nms
snmp-server user user1 nms v3 encrypted auth md5 Password1 pri 3des Password123
B. ip access-list standard nms
permit 10.15.2.19 0.0.0.0
snmp-server view ro iso included
snmp-server view ro ifEntry included
snmp-server group nms v3 priv read ro access nms
snmp-server user user1 nms v3 auth sha Password1 pri aes 256 Password123
C. ip access-list standard nms
permit 10.15.2.19 0.0.0.0
snmp-server view rw iso included
snmp-server view rw ifEntry included
snmp-server group nms v3 auth write rw access nms
snmp-server user user1 nms v3 auth des Password1 pri des Password123
D. ip access-list standard nms
permit 10.15.2.19 255.255.255.255
snmp-server view ro iso included
snmp-server view ro ifEntry included
snmp-server group nms v3 priv read ro access nms
snmp-server user user1 nms v3 auth 3des Password1 pri aes 192 Password123
.
Refer to the exhibit. An engineer attempts to configure standby group 512 on interface GigabitEthernet0/1, but the configuration is not accepted. Which command resolves this problem? A. standby redirects
B. standby 512 priority 100
C. standby 512 preempt
D. standby version 2
.
Which mechanism does OAuth use to strengthen REST API security when compared to BasicAuth? A. Token
B. SSL
C. Authentication
D. TLS
.
What is the API keys option for REST API authentication? A. a predetermined string that is passed from client to server B. a one-time encrypted token
C. a credential that is transmitted unencrypted
D. a username that is stored in the local router database
.
Refer to the exhibit. The web server is configured to listen only to TCP port 8080 for all HTTP requests. Which command is required to allow Internet users to access the web server on HTTP port 80? A. ip nat outside static tcp 10.1.1.100 8080 10.1.1.100 80
B. ip nat inside static tcp 10.1.1.100 80 10.1.1.100 8080
C. ip nat inside static tcp 10.1.1.100 8080 10.1.1.100 80
D. ip nat outside static tcp 10.1.1.100 80 10.1.1.100 8080
.
Refer to the exhibit. What is achieved by this Python script? A. It loads JSON data into an HTTP request.
B. It converts JSON data to an HTML document.
C. It counts JSON data from a website.
D. It reads JSON data into a formatted list.
.
Refer to the exhibit. An engineer must configure router R1 to allow only NETCONF connections from the management VLAN. Which command completes this configuration? A. R1(config-if)# ip access-group netconfacl in
B. R1(config)# netconf-yang ipv4 access-list name netconfacl
C. R1(config)#ip http secure-server
R1(config)# ip http accounting commands 12 default
D. R1(config-if)#ip access-group netconfacl out
.
Which configuration saves the running configuration to the startup configuration and logs a “saving configuration automatically” message when a syslog message that contains “SYS-5-CONFIG_I” is received? A B C D.
Refer to the exhibit. An engineer applies this configuration to R1: ip nat inside source static 192.168.10.17 192.168.27.42
Which command set should be added to complete the configuration? A. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip nat outside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip nat inside -
B. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip pat outside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip pat inside -
C. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip pat inside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip pat outside -
D. R1(config)# interface GigabitEthernet 0/0
R1(config-if)# ip nat inside -
R1(config)# interface GigabitEthernet 0/1
R1(config-if)# ip nat outside
.
Which type of roaming event occurs when a client roams across multiple mobility groups? A. Layer1
B. Layer7
C. Layer3
D. Layer2
.
A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue? A. Open CAPWAP UDP port 12222 in the network firewall.
B. Open CAPWAP UDP ports 5246 and 5247 in the network firewall.
C. Enable the UDP Lite feature on the WLC.
D. Ensure that the controller is connected to a AAA server.
.
Which technique is used to protect end user devices and data from unknown file behavior? A. crypto file ransomware protection using a file hash calculation
B. file retrospection using continuous scan and analyses
C. file sandboxing using a protected environment to analyze and simulate the behavior of unknown files
D. phishing file quarantine using an internal environment to store attached files
.
A client requests a wireless solution for remote branch offices to eliminate the need for a local controller at each branch. The branch users require local termination in a specifc VLAN for local internet breakout. Which solution must be deployed? A. central switched
B. FlexConnect local switching
C. auto-anchor mobility
D. asymmetric tunneling
.
Which type of tunnel is required between two WLCs to enable intercontroller roaming? A. CAPWAP
B. LWAPP
C. mobility
D. IPsec
.
Refer to the exhibit. Which command must be applied to complete the configuration and enable RESTCONF? A. ip http server
B. ip http client username restconf
C. ip http secure-port 443
D. ip http secure-server
.
Which device, in a LISP router architecture, receives LISP map requests and determines which ETR should handle the map request? A. proxy ETR
B. routing locator
C. map resolver
D. map server
.
How does a WLC achieve stateful switchover for APs and clients? A. The active WLC establishes a CAPWAP tunnel to the AP, and the standby WLC establishes a LWAPP tunnel to the AP.
B. The active WLC establishes a CAPWAP tunnel with the AP, and the standby WLC copies the AP database and the client database from the active WLC.
C. The active WLC establishes a CAPWAP tunnel with the AP and standby WLC to share the AP database information.
D. The active and standby WLCs establish separate CAPWAP tunnels to the AP.
.
Refer to the exhibit. What is the purpose of the configuration? A. The router will function in NTP in client mode.
B. The router will use 172.16.1.1 as the source for NTP packets.
C. The router is allowed to receive NTP broadcast packets.
D. The router will function as an authoritative NTP server.
.
What is a consideration when designing a Cisco SD-Access underlay network? A. It must support IPv4 and IPv6 underlay networks.
B. End user subnets and endpoints are part of the underlay network.
C. Static routing is a requirement.
D. The underlay switches provide endpoint physical connectivity for users.
.
Which JSON script is properly formatted? A B C D.
Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality? A. MAC Authentication Bypass
B. MACsec
C. private VLANs
D. port security
.
Which NTP concept is used to measure the distance from a device to its authoritative time source? A. stratum
B. NTP peer
C. GPS
D. atomic clock
.
Which JSON script is properly formatted? A B C D.
In a Cisco SD-Access environment, which function is performed by the border node? A. Connect users and devices to the fabric domain.
B. Group endpoints into IP pools.
C. Provide reachability information to fabric endpoints.
D. Provide connectivity to traditional Layer 3 networks.
What is a characteristic of the overlay network in the Cisco SD-Access architecture? A. It provides multicast support to enable Layer 2 flooding capability in the underlay network.
B. It provides isolation among the virtual networks and independence from the physical network.
C. It uses a traditional routed access design to provide performance and high availability to the network.
D. It consists of a group of physical routers and switches that are used to maintain the network.
.
What gives priority on an egress interface, for database traffic that connected on an ingress interface, without changing the CoS value? A. QoS group
B. policy map
C. CoS map
D. class map
.
In which way are EIGRP and OSPF similar? A. Both protocols support autosummarization.
B. Both protocols use hello packets to discover neighbors.
C. Both protocols support unequal-cost load balancing.
D. Both protocols send updates using unicast addresses.
.
What is a difference between TCAM and the MAC address table? A. The MAC address table supports partial matches. TCAM requires an exact match.
B. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables.
C. The MAC address table is contained in CAM. ACL and QoS information is stored in TCAM.
D. Router prefix lookups happens in CAM. MAC address table lookups happen in TCAM.
.
Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100.2.248 to 10.100.2.255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply? A. RouterB(config)# access-list 101 permit tcp 10.100.2.0 0.0.0.252 10.100.3.0 0.0.0.255
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in B. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23
RouterB(config)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in C. RouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 22
RouterB(config)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in D. RouterB(config)# access-list 101 deny icmp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.248
RouterB(config)# access-list 101 permit any any
RouterB(config)# int g0/0/2
RouterB(config-if)# ip access-group 101 in.
Refer to the exhibit. What does the response "204 No Content" mean for the REST API request? A. Interface loopback 100 is removed from the configuration.
B. Interface loopback 100 is not removed from the configuration.
C. Interface loopback 100 is not found in the configuration.
D. The DELETE method is not supported.
.
An engineer uses the Design workflow to create a new network infrastructure in Cisco DNA Center. How is the physical network device hierarchy structured? A. by organization
B. by hostname naming convention
C. by location
D. by role
.
What are two characteristics of vManage APIs? (Choose two.) A. Northbound API is based on RESTCONF and JSON.
B. Southbound API is based on NETCONF and XML.
C. Southbound API is based on RESTCONF and JSON.
D. Southbound API is based on OMP and DTLS.
E. Northbound API is RESTful using JSON.
.
Which API does Cisco DNA Center use to retrieve information about images? A. SWIM
B. Img-Mgmt
C. PnP
D. Client Health
.
What is a characteristic of the Cisco DNA Center Template Editor feature? A. It provides a high-level overview of the health of every network device.
B. It facilitates software upgrades to network devices from a central point.
C. It uses a predefined configuration through parameterized elements or variables.
D. It facilitates a vulnerability assessment of the network devices.
.
Which tunnel type allows clients to perform a seamless Layer 3 roam between a Cisco AireOS WLC and a Cisco IOS XE WLC? A. CAPWAP
B. IPsec
C. VPN
D. Ethernet over IP
.
Refer to the exhibit. CR2 and CR3 are configured with OSPF. Which configuration, when applied to CR1, allows CR1 to exchange OSPF information with CR2 and CR3 but not with other network devices or on new interfaces that are added to CR1? A. router ospf 1
network 10.0.0.0 255.255.255.255 area 0
passive-interface gig0/2 B. router ospf 1
network 10.165.231.0 0.0.0.255 area 0
network 172.27.206.0 0.0.0.255 area 0
network 172.24.206.0 0.0.0.255 area 0
passive-interface gig0/2 C. interface gig0/2
ip ospf 1 area 0
router ospf 1
passive-interface gig0/2 D. router ospf 1
network 10.0.0.0 0.255.255.255 area0
network 172.16.0.0 0.15.255.255 area 0
passive-interface gig 0/2.
What is a characteristic of vManage? A. It leverages the overlay management protocol to interface with WAN Edge devices.
B. It supports protocols such as OSPF to integrate with legacy network devices.
C. It requires a public IP address to allow WAN Edge devices to discover fabric components.
D. It uses NETCONF to configure vSmart devices to build the overlay network data plane.
.
Refer to the exhibit. An engineer constructs an EEM applet to prevent anyone from entering configuration mode on a switch. Which snippet is required to complete the EEM applet? A. sync yes skip yes
B. sync no skip yes
C. sync no skip no
D. sync yes skip no
.
Refer to the exhibit. What are two results of the NTP configuration? (Choose two.) A. It uses other systems as an authoritative time source.
B. It distributes the time via NTP broadcast and multicast packets.
C. It distributes the time via NTP broadcast packets.
D. It forms a peer association with another system.
E. It uses the hardware clock as an authoritative time source.
Drag and drop the code snippets from the bottom onto blanks in the Python script so that the program changes the IP address and saves it as a new JSON file on the disk. Not all options are used. write () loads () dumps () open () read ().
What is the purpose of data modeling languages? A. to describe a data schema convertible into any data encoding format
B. to provide a framework to describe data flow patterns in networks
C. to specify algorithms necessary to decode binary-encoded protocol data units
D. to translate encoded data for interoperability between different CPU architectures
.
Which characteristic applies to a traditional WAN solution but not to a Cisco SD-WAN solution? A. time consuming configuration and maintenance
B. centralized reachability, security, and application policies
C. low complexity and increased overall solution scale
D. operates over DTLS/TLS authenticated and secured tunnels
.
Refer to the exhibit. An engineer must prevent VLAN 20 routes from appearing in the routing table of Switch-1. Which command set must be applied? On Switch-1:
A. router ospf 1
distribute-list 1 out
access-list 1 deny 192.168.2.0 0.0.0.255 On Switch-2
B. router ospf 1
distribute-list 1 in
access-list 1 deny 192.168.2.0 0.0.0.255 On Switch-2
C. router ospf 1
distribute-list 1 out
access-list 1 permit 192.168.2.0 0.0.0.255 On Switch-1
D. router ospf 1
distribute-list 1 in
access-list 1 deny 192.168.2.0 0.0.0.255.
Drag and drop the characteristics of Cisco SD-WAN from the left onto the right. Not all options are used. manual secure tunnel configuration uses unique per device feature templates centralized distribution of policies throughout the network operates over DTLS/TLS authenticated and secured tunnels control plane connections between routers provides flexibility and scalability through a hub and spoke architecture.
Which policy feature is used with TrustSec to provide endpoint entitlement in an enterprise network? A. security group tags
B. access control lists
C. virtual local area network
D. virtual routing and forwarding
.
Refer to the exhibit. After unsuccessfully configuring an EtherChannel link, an engineer enables debugging. Which action will resolve the issue? A. Configure the EtherChannel members in desirable mode.
B. Set the EtherChannel to mode on.
C. Set the EtherChannel to mode active.
D. Configure the EtherChannel members in passive mode.
.
Refer to the exhibit. What is achieved by this code? A. It unshuts the loopback interface.
B. It displays the loopback interface.
C. It renames the loopback interface.
D. It deletes the loopback interface.
.
Which collection contains the resources to obtain a list of fabric nodes through the vManage API? A. device inventory
B. administration
C. device management
D. monitoring
.
Which Cisco DNA Center Assurance feature verifies host reachability? A. path trace
B. application experience
C. detail information
D. network time travel
.
Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file. Not all options are used. dumps print dump open r w.
|
