ExamGecko
Search Search Login
Home Home / Cisco / 300-410

Cisco 300-410 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Refer to the exhibit. Refer to the exhibit. R1 uses SP1 as the primary path. A network engineer must force all SSH traffic generated from R1 toward SP2. Which configuration accomplishes the task?
Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table by using the configuration that is shown. The route is still present in the routing table as an OSPF route. Which action blocks the route?
LAB SIMULATION WAN CORE MGMT
An engineer configured a router with this configuration ip access-hst DENY TELNET 10 deny tcp any any eq 23 log-input The router console starts receiving log message :%SEC-6-IPACCESSLOGP: list DENY_TELNET denied tcp 192.168.1.10(1022)(FastEthernet1/0 D508.89gb.003f) ->192.168.2.20(23), 1 packet" Which action stops messages on the console while still denying Telnet?
Refer to the exhibit. Users in the branch network of 2001:db8:0:4::/64 report that they cannot access the Internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this issue?
Refer to the exhibit. Refer to the exhibit After an engineer modified the configuration for area 7 to permit type 1 2 and 7 LSAs only users connected to router R9 reported that they could no longer access the internet. Which configuration restores internet access to users on R9 and permits only LSA type 1,2, and 7? A) B) C) D)
Refer to the exhibit. Refer to the exhibit. Which configuration resolves the issue? A) B) C) D)
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route reflector learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3. What is the reason the route is not advertised?
Refer to the exhibit. An engineer configures a static route on a router, but when the engineer checks the route to the destination, a different next hop is chosen. What is the reason for this?
Refer to the exhibit. Refer to the exhibit. The R1 routing table has the prefixes for the FTP1 and FTP2 file servers. A network engineer must configure the R1 with these requirements: Host1 must use the FTP1 fileserver. Host2 must use the FTP2 fileserver. Which configuration meets the requirement on R1?

Question 31

Report
Export
Collapse

Refer to the exhibits.

Phase-3 tunnels cannot be established between spoke-to-spoke in DMVPN. Which two commands are missing? (Choose two.)

A.

The ip nhrp redirect command is missing on the spoke routers.

A.

The ip nhrp redirect command is missing on the spoke routers.

Answers
B.

The ip nhrp shortcut command is missing on the spoke routers.

B.

The ip nhrp shortcut command is missing on the spoke routers.

Answers
C.

The ip nhrp redirect commands is missing on the hub router.

C.

The ip nhrp redirect commands is missing on the hub router.

Answers
D.

The ip nhrp shortcut commands is missing on the hub router.

D.

The ip nhrp shortcut commands is missing on the hub router.

Answers
E.

The ip nhrp map command is missing on the hub router.

E.

The ip nhrp map command is missing on the hub router.

Answers
Suggested answer: B, C

Question 32

Report
Export
Collapse

Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used?

A.

NHRP

A.

NHRP

Answers
B.

IPsec

B.

IPsec

Answers
C.

MP-BGP

C.

MP-BGP

Answers
D.

OSPF

D.

OSPF

Answers
Suggested answer: A

Question 33

Report
Export
Collapse

Refer to the exhibit.

Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

A.


A.


Answers
B.


B.


Answers
C.


C.


Answers
D.


D.


Answers
Suggested answer: A

Question 34

Report
Export
Collapse

Refer to the exhibit.

During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?

A.

permit tcp port 443

A.

permit tcp port 443

Answers
B.

permit udp port 465

B.

permit udp port 465

Answers
C.

permit tcp port 465

C.

permit tcp port 465

Answers
D.

permit tcp port 22

D.

permit tcp port 22

Answers
Suggested answer: A

Question 35

Report
Export
Collapse

Refer to the exhibit.

An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+. Which action produces the desired configuration?

A.

Add the aaa authentication login default none command to the global configuration.

A.

Add the aaa authentication login default none command to the global configuration.

Answers
B.

Replace the capital "C" with a lowercase "c" in the aaa authentication login Console local command.

B.

Replace the capital "C" with a lowercase "c" in the aaa authentication login Console local command.

Answers
C.

Add the aaa authentication login default group tacacs+ local-case command to the global configuration.

C.

Add the aaa authentication login default group tacacs+ local-case command to the global configuration.

Answers
D.

Add the login authentication Console command to the line configuration

D.

Add the login authentication Console command to the line configuration

Answers
Suggested answer: D

Explanation:

Reference:

https://community.cisco.com/t5/switching/how-to-define-login-local-for-console-0/td-p/2949493

Question 36

Report
Export
Collapse

Refer to the exhibit.

An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?

A.

no ip ssh disable

A.

no ip ssh disable

Answers
B.

ip ssh enable

B.

ip ssh enable

Answers
C.

ip ssh version 2

C.

ip ssh version 2

Answers
D.

crypto key generate rsa

D.

crypto key generate rsa

Answers
Suggested answer: D

Question 37

Report
Export
Collapse

Which statement about IPv6 ND inspection is true?

A.

It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

A.

It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

Answers
B.

It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.

B.

It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.

Answers
C.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

C.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

Answers
D.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

D.

It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Answers
Suggested answer: B

Explanation:

IPv6 ND inspection learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery messages that do not have valid bindings are dropped. A neighbor discovery message is considered trustworthy if its IPv6-to-MAC mapping is verifiable.

This feature mitigates some of the inherent vulnerabilities for the neighbor discovery mechanism, such as attacks on duplicate address detection (DAD), address resolution, device discovery, and the neighbor cache.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdf

Question 38

Report
Export
Collapse

While troubleshooting connectivity issues to a router, these details are noticed:

Standard pings to all router interfaces, including loopbacks, are successful.

Data traffic is unaffected.

SNMP connectivity is intermittent.

SSH is either slow or disconnects frequently.

Which command must be configured first to troubleshoot this issue?

A.

show policy-map control-plane

A.

show policy-map control-plane

Answers
B.

show policy-map

B.

show policy-map

Answers
C.

show interface | inc drop

C.

show interface | inc drop

Answers
D.

show ip route

D.

show ip route

Answers
Suggested answer: A

Question 39

Report
Export
Collapse

Refer to the exhibit.

Why is user authentication being rejected?

A.

The TACACS+ server expects "user", but the NT client sends "domain/user".

A.

The TACACS+ server expects "user", but the NT client sends "domain/user".

Answers
B.

The TACACS+ server refuses the user because the user is set up for CHAP.

B.

The TACACS+ server refuses the user because the user is set up for CHAP.

Answers
C.

The TACACS+ server is down, and the user is in the local database.

C.

The TACACS+ server is down, and the user is in the local database.

Answers
D.

The TACACS+ server is down, and the user is not in the local database.

D.

The TACACS+ server is down, and the user is not in the local database.

Answers
Suggested answer: D

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controlleraccesscontrol-system-tacacs-/13864-tacacs-pppdebug.html

Question 40

Report
Export
Collapse

Refer to the exhibit.

Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?

A.

policy-map SHAPE_BGP

A.

policy-map SHAPE_BGP

Answers
B.

policy-map LIMIT_BGP

B.

policy-map LIMIT_BGP

Answers
C.

policy-map POLICE_BGP

C.

policy-map POLICE_BGP

Answers
D.

policy-map COPP

D.

policy-map COPP

Answers
Suggested answer: D
Total 570 questions
Go to page: of 57
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms