Cisco 350-401 Practice Test - Questions Answers, Page 22

Reference: https://www.cisco.com/c/en/us/products/collateral/security/advanced-waf-bot-aag.pdf

> Cisco® Secure Web Application Firewall (WAF) and bot protection defends your

> online presence and ensures that website, mobile applications, and APIs

> are secure, protected, and "always on."

To configure multiple NetFlow export destinations to a router, use the following commands in global configuration mode:

Step 1: Router(config)# ip flow-export destination ip-address udp-port Step 2: Router(config)# ip flow-export destination ip-address udp-port The following example enables the exporting of information in NetFlow cache entries: ip flow-export destination 10.42.42.1 9991 ip flow-export destination 10.0.101.254 1999

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html

Reference: https://www.cisco.com/c/en/us/products/collateral/security/amp-appliances/datasheetc78-733182.html"File analysis and sandboxing: Secure Malware Analytics' highly secure environment helps youexecute, analyze, and test malware behavior to discover previously unknown ZERO-DAY threats. Theintegration of Secure Malware Analytics' sandboxing technology into Malware Defense results inmore dynamic analysis checked against a larger set of behavioral indicators. "

The following different OSPF types are compatible with each other:

+ Broadcast and Non-Broadcast (adjust hello/dead timers)

+ Point-to-Point and Point-to-Multipoint (adjust hello/dead timers)

Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible.

A GRE interface definition includes: + An IPv4 address on the tunnel + A tunnel source + A tunnel destination Below is an example of how to configure a basic GRE tunnel: interface Tunnel 0 ip address 10.10.10.1 255.255.255.0 tunnel source fa0/0 tunnel destination 172.16.0.2 In this case the “IPv4 address on the tunnel” is 10.10.10.1/24 and “sourced the tunnel from an Ethernet interface” is the command “tunnel source fa0/0”. Therefore it only needs a tunnel destination, which is 172.16.0.2.Note: A multiple GRE (mGRE) interface does not require a tunnel destination address.

The '>' shown in the output above indicates that the path with a next hop of 192.168.101.2 is the current best path.

Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID BGP prefers the path with highest weight but the weights here are all 0 (which indicate all routes that are not originated by the local router) so we need to check the Local Preference. Answer '192.168.101.18' path without LOCAL_PREF (LocPrf column) means it has the default value of 100.

Therefore we can find the two next best paths with the next hop of 192.168.101.18 and 192.168.101.10.

We have to move to the next path selection attribute: Originate. BGP prefers the path that the local router originated (which is indicated with the "next hop 0.0.0.0"). But none of the two best paths is self-originated.

The AS Path of the next hop 192.168.101.18 is shorter than the AS Path of the next hop 192.168.101.10 then the next hop 192.168.101.18 will be chosen as the next best path.