ExamGecko
Search Search Login
Home Home / Cisco / 350-401

Cisco 350-401 Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two differences between the RIB and the FIB? (Choose two.)
Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?
An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?
An engineer must update the local web authentication details on a Cisco 5520 WLC. The engineer has one active SSID configured for web authentication and plans to update the virtual interface with a nonroutable IP address. Which command must the engineer apply?
Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco iOS switch?
Refer to the Exhibit. Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device?
Refer to the exhibit. An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?
Refer to the Exhibit. Refer to the exhibit An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected Which WLC configuration change resolves the issue?
A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?
Which configuration allows administrators to configure the device through the console port and use a network authentication server? A) B) C) D)

Question 71

Report
Export
Collapse

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

A.

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

A.

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

Answers
B.

logging host 10.2.3.4 vrf mgmt transport udp port 6514

B.

logging host 10.2.3.4 vrf mgmt transport udp port 6514

Answers
C.

logging host 10.2.3.4 vrf mgmt transport tcp port 514

C.

logging host 10.2.3.4 vrf mgmt transport tcp port 514

Answers
D.

logging host 10.2.3.4 vrf mgmt transport udp port 514

D.

logging host 10.2.3.4 vrf mgmt transport udp port 514

Answers
Suggested answer: A

Explanation:

The TCP port 6514 has been allocated as the default port for syslog over Transport Layer Security (TLS).

Reference: https://tools.ietf.org/html/rfc5425

Question 72

Report
Export
Collapse

At which Layer does Cisco DNA Center support REST controls?

A.

EEM applets or scripts

A.

EEM applets or scripts

Answers
B.

Session layer

B.

Session layer

Answers
C.

YMAL output from responses to API calls

C.

YMAL output from responses to API calls

Answers
D.

Northbound APIs

D.

Northbound APIs

Answers
Suggested answer: D

Question 73

Report
Export
Collapse

Refer to the exhibit.

Which troubleshooting a routing issue, an engineer issues a ping from S1 to S2. When two actions from the initial value of the TTL? (Choose two.)

A.

The packet reaches R3, and the TTL expires

A.

The packet reaches R3, and the TTL expires

Answers
B.

R2 replies with a TTL exceeded message

B.

R2 replies with a TTL exceeded message

Answers
C.

R3 replies with a TTL exceeded message.

C.

R3 replies with a TTL exceeded message.

Answers
D.

The packet reaches R2 and the TTL expires

D.

The packet reaches R2 and the TTL expires

Answers
E.

R1 replies with a TTL exceeded message

E.

R1 replies with a TTL exceeded message

Answers
F.

The packet reaches R1 and the TTL expires.

F.

The packet reaches R1 and the TTL expires.

Answers
Suggested answer: A, D

Explanation:

Source MAC in the capture is VMWare, MAC is Cisco. Routers first check the TTL before any further process, subtract 1 at R1. Send to R2, subtract and you have ZERO. Discard packet and reply with ICMP Time Exceeded message from that point, don't even bother checking the Route table for further processing.

Question 74

Report
Export
Collapse

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

A.

MACsec

A.

MACsec

Answers
B.

IPsec

B.

IPsec

Answers
C.

SSL

C.

SSL

Answers
D.

Cisco Trustsec

D.

Cisco Trustsec

Answers
Suggested answer: A

Explanation:

MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using outofband methods for encryption keying. The MACsec Key Agreement (MKA) Protocol provides the

Question 75

Report
Export
Collapse

Refer to the exhibit. An engineer is configuring an EtherChannel between Switch1 and Switch2 and notices the console message on switch2. Based on the output, which action resolves this issue?

A.

Configure less member ports on Switch2.

A.

Configure less member ports on Switch2.

Answers
B.

Configure the same port channel interface number on both switches

B.

Configure the same port channel interface number on both switches

Answers
C.

Configure the same EtherChannel protocol on both switches

C.

Configure the same EtherChannel protocol on both switches

Answers
D.

Configure more member ports on Switch1.

D.

Configure more member ports on Switch1.

Answers
Suggested answer: C

Explanation:

In this case, we are using your EtherChannel without a negotiation protocol on Switch2. As a result, if the opposite switch is not also configured for EtherChannel operation on the respective ports, there is a danger of a switching loop. The EtherChannel Misconfiguration Guard tries to prevent that loop from occuring by disabling all the ports bundled in the EtherChannel.

Question 76

Report
Export
Collapse

Which entity is responsible for maintaining Layer 2 isolation between segments In a VXLAN environment?

A.

switch fabric

A.

switch fabric

Answers
B.

VTEP

B.

VTEP

Answers
C.

VNID

C.

VNID

Answers
D.

host switch

D.

host switch

Answers
Suggested answer: C

Explanation:

VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NXOS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NXOS_VXLAN_Configuration_Guide_7x_chapter_010.html

Question 77

Report
Export
Collapse

Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?

A.

Option 43

A.

Option 43

Answers
B.

Option 60

B.

Option 60

Answers
C.

Option 67

C.

Option 67

Answers
D.

Option 150

D.

Option 150

Answers
Suggested answer: A

Question 78

Report
Export
Collapse

Refer the exhibit.

Which router is the designated router on the segment 192.168.0.0/24?

A.

This segment has no designated router because it is a nonbroadcast network type.

A.

This segment has no designated router because it is a nonbroadcast network type.

Answers
B.

This segment has no designated router because it is a p2p network type.

B.

This segment has no designated router because it is a p2p network type.

Answers
C.

Router Chicago because it has a lower router ID

C.

Router Chicago because it has a lower router ID

Answers
D.

Router NewYork because it has a higher router ID

D.

Router NewYork because it has a higher router ID

Answers
Suggested answer: B

Question 79

Report
Export
Collapse

What are two differences between the RIB and the FIB? (Choose two.)

A.

The FIB is derived from the data plane, and the RIB is derived from the FIB.

A.

The FIB is derived from the data plane, and the RIB is derived from the FIB.

Answers
B.

The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface for each packet.

B.

The RIB is a database of routing prefixes, and the FIB is the Information used to choose the egress interface for each packet.

Answers
C.

FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for each packet.

C.

FIB is a database of routing prefixes, and the RIB is the information used to choose the egress interface for each packet.

Answers
D.

The FIB is derived from the control plane, and the RIB is derived from the FIB.

D.

The FIB is derived from the control plane, and the RIB is derived from the FIB.

Answers
E.

The RIB is derived from the control plane, and the FIB is derived from the RIB.

E.

The RIB is derived from the control plane, and the FIB is derived from the RIB.

Answers
Suggested answer: B, E

Question 80

Report
Export
Collapse

Which algorithms are used to secure REST API from brute attacks and minimize the impact?

A.

SHA-512 and SHA-384

A.

SHA-512 and SHA-384

Answers
B.

MD5 algorithm-128 and SHA-384

B.

MD5 algorithm-128 and SHA-384

Answers
C.

SHA-1, SHA-256, and SHA-512

C.

SHA-1, SHA-256, and SHA-512

Answers
D.

PBKDF2, BCrypt, and SCrypt

D.

PBKDF2, BCrypt, and SCrypt

Answers
Suggested answer: D

Explanation:

One of the best practices to secure REST APIs is using password hash. Passwords must always be hashed to protect the system (or minimize the damage) even if it is compromised in some hacking attempts. There are many such hashing algorithms which can prove really effective for password security e.g. PBKDF2, bcrypt and scrypt algorithms.

Other ways to secure REST APIs are: Always use HTTPS, Never expose information on URLs

(Usernames, passwords, session tokens, and API keys should not appear in the URL), Adding Timestamp in Request, Using OAuth, Input Parameter Validation.

Reference: https://restfulapi.net/security-essentials/

Total 983 questions
Go to page: of 99
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms