ExamGecko
Search Search Login
Home Home / Cisco / 350-401

Cisco 350-401 Practice Test - Questions Answers, Page 85

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?
What are two differences between the RIB and the FIB? (Choose two.)
An engineer must update the local web authentication details on a Cisco 5520 WLC. The engineer has one active SSID configured for web authentication and plans to update the virtual interface with a nonroutable IP address. Which command must the engineer apply?
An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?
Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco iOS switch?
Reter to the exhibit. Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?
Refer to the exhibit. An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?
Refer to the Exhibit. Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device?
An engineer must configure a multicast UDP jitter operation. Which configuration should be applied? A) B) C) D)
Refer to the Exhibit. Refer to the exhibit An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users The engineer has confirmed that ISE is sending the correct values, but name resolution is not functioning as expected Which WLC configuration change resolves the issue?

Question 841

Report
Export
Collapse

A customer requires their wireless network to be fully functional, even if the wireless controller fails. Which wireless design supports these requirements?

A.

FlexConnect

A.

FlexConnect

Answers
B.

mesh

B.

mesh

Answers
C.

centralized

C.

centralized

Answers
D.

embedded

D.

embedded

Answers
Suggested answer: A

Explanation:

This is because FlexConnect is a feature that allows wireless access points to operate in standalone mode when they lose connectivity to the wireless LAN controller. FlexConnect enables the access points to switch the data traffic locally, without sending it to the controller, and to perform local authentication, without relying on the central server. FlexConnect also allows the access points to maintain the wireless network functionality, such as SSIDs, security policies, and QoS, even if the wireless controller fails. FlexConnect is suitable for branch locations or remote offices that have limited WAN bandwidth or reliability. The source of this answer is the Cisco ENCOR v1.1 course, module 7, lesson 7.3: Implementing FlexConnect.

Question 842

Report
Export
Collapse

A technician is assisting a user who cannot connect to a website. The technician attempts to ping the default gateway and DNS server of the workstation. According to troubleshooting methodology, this is an example of:

A.

a divide-and-conquer approach.

A.

a divide-and-conquer approach.

Answers
B.

a bottom-up approach.

B.

a bottom-up approach.

Answers
C.

a top-to-bottom approach.

C.

a top-to-bottom approach.

Answers
D.

implementing a solution.

D.

implementing a solution.

Answers
Suggested answer: C

Explanation:

This is because a top-to-bottom approach is a troubleshooting methodology that starts from the highest layer of the OSI model and works its way down to the lowest layer. The technician is using this approach by first testing the network layer connectivity with the ping command, which uses the ICMP protocol. If the ping is successful, the technician can move on to the next layer, such as the transport layer or the application layer. If the ping fails, the technician can troubleshoot the lower layers, such as the data link layer or the physical layer. The source of this answer is the Cisco ENCOR v1.1 course, module 10, lesson 10.3: Applying Troubleshooting Methodologies.

Question 843

Report
Export
Collapse

Which of the following protocols has a default administrative distance value of 90?

A.

RIP

A.

RIP

Answers
B.

EIGRP

B.

EIGRP

Answers
C.

OSPF

C.

OSPF

Answers
D.

BGP

D.

BGP

Answers
Suggested answer: B

Explanation:

This is because EIGRP is an advanced distance vector routing protocol that uses a composite metric to calculate the best path to a destination. EIGRP has a default administrative distance value of 90, which means that it is more trustworthy than RIP (120) or OSPF (110), but less trustworthy than BGP (20). The source of this answer is the Cisco ENCOR v1.1 course, module 4, lesson 4.1: Implementing EIGRP.

Question 844

Report
Export
Collapse

Which of the following security methods uses physical characteristics of a person to authorize access to a location?

A.

Access control vestibule

A.

Access control vestibule

Answers
B.

Palm scanner

B.

Palm scanner

Answers
C.

PIN pad

C.

PIN pad

Answers
D.

Digital card reader

D.

Digital card reader

Answers
E.

Photo ID

E.

Photo ID

Answers
Suggested answer: B

Explanation:

This is because a palm scanner is a type of biometric security method that uses the physical characteristics of a person's palm, such as the shape, size, and vein patterns, to authorize access to a location. A palm scanner is more reliable and secure than other methods, such as a PIN pad or a digital card reader, which can be easily stolen, lost, or shared. A palm scanner is also more hygienic and convenient than other biometric methods, such as a fingerprint scanner or a facial recognition system, which can be affected by dirt, oil, or lighting conditions. The source of this answer is the Cisco ENCOR v1.1 course, module 2, lesson 2.2: Implementing Device Access Control.

Question 845

Report
Export
Collapse

Which of the following attacks becomes more effective because of global leakages of users' passwords?

A.

Dictionary

A.

Dictionary

Answers
B.

Brute-force

B.

Brute-force

Answers
C.

Phishing

C.

Phishing

Answers
D.

Deauthentication

D.

Deauthentication

Answers
Suggested answer: A

Explanation:

This is because a dictionary attack is a type of password cracking attack that uses a list of common or previously leaked passwords to guess the credentials of a user. A dictionary attack becomes more effective because of global leakages of users' passwords, as the attacker can use the leaked passwords as a source for the dictionary. The source of this answer is the Cisco ENCOR v1.1 course, module 2, lesson 2.3: Implementing Wireless Security.

Question 846

Report
Export
Collapse

A company's office has publicly accessible meeting rooms equipped with network ports. A recent audit revealed that visitors were able to access the corporate network by plugging personal laptops into open network ports. Which of the following should the company implement to prevent this in the future?

A.

URL filters

A.

URL filters

Answers
B.

VPN

B.

VPN

Answers
C.

ACLs

C.

ACLs

Answers
D.

NAC

D.

NAC

Answers
Suggested answer: D

Explanation:

This is because NAC stands for network access control, which is a security mechanism that allows or denies access to a network based on the identity and compliance of the device. NAC can prevent unauthorized visitors from accessing the corporate network by plugging personal laptops into open network ports, as NAC can enforce policies such as authentication, authorization, posture assessment, and remediation. The source of this answer is the Cisco ENCOR v1.1 course, module 2, lesson 2.4: Implementing Network Access Control.

Question 847

Report
Export
Collapse

Users have reported an issue connecting to a server over the network. A workstation was recently added to the network and configured with a shared USB printer. Which of the following is most likely causing the issue?

A.

The switch is oversubscribed and cannot handle the additional throughput.

A.

The switch is oversubscribed and cannot handle the additional throughput.

Answers
B.

The printer is tying up the server with DHCP discover messages.

B.

The printer is tying up the server with DHCP discover messages.

Answers
C.

The web server's back end was designed for only single-threaded applications.

C.

The web server's back end was designed for only single-threaded applications.

Answers
D.

The workstation was configured with a static IP that is the same as the server.

D.

The workstation was configured with a static IP that is the same as the server.

Answers
Suggested answer: D

Explanation:

The workstation was configured with a static IP that is the same as the server. This is because if two devices on the same network have the same IP address, they will cause an IP address conflict, which will prevent them from communicating with other devices on the network. The users who were moved to different desks may have been assigned static IP addresses that were not updated after the move, and they may have accidentally used the same IP address as the server. The source of this answer is the Cisco ENCOR v1.1 course, module 3, lesson 3.1: Implementing IPv4 and IPv6 Addressing.

Question 848

Report
Export
Collapse

A company recently rearranged some users' workspaces and moved several users to different desks. The network administrator receives a report that all of the users who were moved are having connectivity issues. Which of the following is the most likely reason?

A.

Ports are error disabled.

A.

Ports are error disabled.

Answers
B.

Ports are administratively down.

B.

Ports are administratively down.

Answers
C.

Ports are having an MDIX issue.

C.

Ports are having an MDIX issue.

Answers
D.

Ports are trunk ports.

D.

Ports are trunk ports.

Answers
Suggested answer: A

Explanation:

This is because ports can become error disabled when they detect certain errors or violations on the network, such as a loop, a security breach, or a duplex mismatch. When a port is error disabled, it shuts down and stops forwarding traffic until it is manually re-enabled by the administrator. The users who were moved to different desks may have plugged their devices into ports that were configured with different settings or security policies than their original ports, and this may have triggered the error disable state. The source of this answer is the Cisco ENCOR v1.1 course, module 3, lesson 3.3: Implementing EtherChannel.

Question 849

Report
Export
Collapse

Refer to the exhibit.

A network engineer issues the debug command while troubleshooting a network issue. What does the output confirm?

A.

ACL100 is tracking ICMP traffic from 1.1.1.1 destined for 10.1.1.1.

A.

ACL100 is tracking ICMP traffic from 1.1.1.1 destined for 10.1.1.1.

Answers
B.

ACL100 is tracking all traffic from 10.1.1.1 destined far 1.1.

B.

ACL100 is tracking all traffic from 10.1.1.1 destined far 1.1.

Answers
C.

ACL100 is tracking ICMP traffic from 10.1.1.1 destined for 11.1.1

C.

ACL100 is tracking ICMP traffic from 10.1.1.1 destined for 11.1.1

Answers
D.

ACL100 is tracking ICMP traffic from Serial 1/0 destined for Serial3/0.

D.

ACL100 is tracking ICMP traffic from Serial 1/0 destined for Serial3/0.

Answers
Suggested answer: A

Question 850

Report
Export
Collapse

Refer to the Exhibit.

Refer to Ihe exhibit. An engineer must update the existing configuation to achieve these resu ts:

* Only administrators from the 192.168 1.0.'?4 subnet can access the vty lines.

* Access to the vty lines using clear-text protocols is prohibited.

Which command set should be appled?

A)

B)

C)

D)

A.

Option A

A.

Option A

Answers
B.

Option B

B.

Option B

Answers
C.

Option C

C.

Option C

Answers
D.

Option D

D.

Option D

Answers
Suggested answer: B

Explanation:

Option B is the correct command set to update the existing configuration to achieve the desired results.The configuration steps are as follows12:

Define a standard access list that permits only the administrators from the 192.168.1.0/24 subnet to access the vty lines. In this case, the access list is namedADMINand it allows any host with an IP address in the range of 192.168.1.1 to 192.168.1.254 to access the vty lines:ip access-list standard ADMINandpermit 192.168.1.0 0.0.0.255.

Apply the access list to the vty lines using theaccess-classcommand. This command restricts incoming and outgoing connections between a particular vty and the addresses in the access list. In this case, the access listADMINis applied to the vty lines 0 to 15 in the inbound direction, which means that only the hosts that match the access list can initiate a connection to the vty lines:line vty 0 15andaccess-class ADMIN in.

Disable the clear-text protocols such as Telnet for the vty lines using thetransport inputcommand. This command specifies which protocols are allowed for incoming connections. In this case, only SSH is allowed for the vty lines, which is a secure protocol that encrypts the data between the client and the server:transport input ssh.

Option A is incorrect because it does not apply the access list to the vty lines, which is required to restrict the access to the administrators from the 192.168.1.0/24 subnet.Without theaccess-classcommand, any host can attempt to connect to the vty lines12.

Option C is incorrect because it does not disable the clear-text protocols for the vty lines, which is required to prohibit the access to the vty lines using unsecure protocols.Without thetransport input sshcommand, both Telnet and SSH are allowed for the vty lines by default12.

Option D is incorrect because it uses an extended access list instead of a standard access list, which is not recommended for controlling access to the vty lines. An extended access list requires more configuration and processing than a standard access list, and it cannot be applied directly to the vty lines.It has to be applied to each interface that can be used to access the vty lines, which increases the complexity and the possibility of errors12.Reference:1:Controlling Access to a Virtual Terminal Line,2:Configuring Secure Shell

Total 983 questions
Go to page: of 99
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms