Ask Question
Cisco 300-410 Practice Test - Questions Answers, Page 4
Add to Whishlist
List of questions
Question 31
Refer to the exhibits.
Phase-3 tunnels cannot be established between spoke-to-spoke in DMVPN. Which two commands are missing? (Choose two.)
The ip nhrp redirect command is missing on the spoke routers.
The ip nhrp shortcut command is missing on the spoke routers.
The ip nhrp redirect commands is missing on the hub router.
The ip nhrp shortcut commands is missing on the hub router.
The ip nhrp map command is missing on the hub router.
Question 32
Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used?
NHRP
IPsec
MP-BGP
OSPF
Question 33
Refer to the exhibit.
Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?
Question 34
Refer to the exhibit.
During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?
permit tcp port 443
permit udp port 465
permit tcp port 465
permit tcp port 22
Question 35
Refer to the exhibit.
An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+. Which action produces the desired configuration?
Add the aaa authentication login default none command to the global configuration.
Replace the capital "C" with a lowercase "c" in the aaa authentication login Console local command.
Add the aaa authentication login default group tacacs+ local-case command to the global configuration.
Add the login authentication Console command to the line configuration
Reference:
https://community.cisco.com/t5/switching/how-to-define-login-local-for-console-0/td-p/2949493
Question 36
Refer to the exhibit.
An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?
no ip ssh disable
ip ssh enable
ip ssh version 2
crypto key generate rsa
Question 37
Which statement about IPv6 ND inspection is true?
It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.
IPv6 ND inspection learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. IPv6 ND inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery messages that do not have valid bindings are dropped. A neighbor discovery message is considered trustworthy if its IPv6-to-MAC mapping is verifiable.
This feature mitigates some of the inherent vulnerabilities for the neighbor discovery mechanism, such as attacks on duplicate address detection (DAD), address resolution, device discovery, and the neighbor cache.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdf
Question 38
While troubleshooting connectivity issues to a router, these details are noticed:
Standard pings to all router interfaces, including loopbacks, are successful.
Data traffic is unaffected.
SNMP connectivity is intermittent.
SSH is either slow or disconnects frequently.
Which command must be configured first to troubleshoot this issue?
show policy-map control-plane
show policy-map
show interface | inc drop
show ip route
Question 39
Refer to the exhibit.
Why is user authentication being rejected?
The TACACS+ server expects "user", but the NT client sends "domain/user".
The TACACS+ server refuses the user because the user is set up for CHAP.
The TACACS+ server is down, and the user is in the local database.
The TACACS+ server is down, and the user is not in the local database.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controlleraccesscontrol-system-tacacs-/13864-tacacs-pppdebug.html
Question 40
Refer to the exhibit.
Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?
policy-map SHAPE_BGP
policy-map LIMIT_BGP
policy-map POLICE_BGP
policy-map COPP
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question