Home

Home / Cisco / 350-401

Question list

List of questions

Question 1

(0)

What are two benefits of YANG? (Choose two.)

Question 2

(0)

Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP legs in. Which configuration change is required?

Question 3

(0)

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the connection re-establishes automatically

Question 4

(0)

Refer to the exhibit. An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound di

Question 5

(0)

What is used to perform OoS packet classification?

Question 6

(0)

What is the recommended MTU size for a Cisco SD-Access Fabric?

Question 7

(0)

Refer to the exhibit. After configurating an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?

Question 8

(0)

Refer to the exhibit. Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?

Question 9

(0)

A customer requests a network design that supports these requirements: Which protocol does the design include?

Question 10

(0)

Which two network problems Indicate a need to implement QoS in a campus network? (Choose two.)

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which option works with a DHCP server to return at least one WLAN management interface IP address during the discovery phase and is dependent upon the VCI of the AP?

What are two differences between the RIB and the FIB? (Choose two.)

An engineer must update the local web authentication details on a Cisco 5520 WLC. The engineer has one active SSID configured for web authentication and plans to update the virtual interface with a nonroutable IP address. Which command must the engineer apply?

An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?

Which port is required to allow APs to join a WLC when directed broadcasts are used on a Cisco iOS switch?

Refer to the Exhibit. Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device?

An engineer must configure a multicast UDP jitter operation. Which configuration should be applied? A) B) C) D)

Reter to the exhibit. Refer to the exhibit. A network engineer must be notified when a user switches to configuration mode. Which script should be applied to receive an SNMP trap and a critical-level log message?

Refer to the exhibit. An engineer must allow R1 to advertise the 192 168.1 0/24 network to R2 R1 must perform this action without sending OSPF packets to SW1 Which command set should be applied?

A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and 9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?

Question 397 - 350-401 discussion

Report

An engineer must configure an ACL that permits packets which include an ACK in the TCP header Which entry must be included in the ACL?

A.

access-list 10 permit ip any any eq 21 tcp-ack

B.

access-list 110 permit tcp any any eq 21 tcp-ack

C.

access-list 10 permit tcp any any eq 21 established

D.

access-list 110 permit tcp any any eq 21 established

Suggested answer: D

Explanation:

The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only. Let’s see an example below:

Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an - ”established” access-list like this:

access-list 100 permit tcp any any established

access-list 101 permit tcp any any eq telnet

!

interface S0/0

ip access-group 100 in

ip access-group 101 out

Note: Suppose host A wants to start communicating with host B using TCP. Before they can send real data, a three-way handshake must be established first. Let‘s see how this process takes place:

1. First host A will send a SYN message (a TCP segment with SYN flag set to 1, SYN is short for

SYNchronize) to indicate it wants to setup a connection with host B. This message includes a sequence (SEQ) number for tracking purpose. This sequence number can be any 32-bit number

(range from 0 to 232) so we use -”x” to represent it.

2. After receiving SYN message from host A, host B replies with SYN-ACK message (some books may call it -SYN/ACK? or -SYN, ACK? message. ACK is short for ACKnowledge). This message includes a SYN sequence number and an ACK number:

+ SYN sequence number (let‘s called it “y”) is a random number and does not have any relationship with Host A‘s SYN SEQ number.

+ ACK number is the next number of Host A‘s SYN sequence number it received, so we represent it with “x+1". It means -I received your part. Now send me the next part (x + 1)”.

The SYN-ACK message indicates host B accepts to talk to host A (via ACK part). And ask if host A still wants to talk to it as well (via SYN part).

3. After Host A received the SYN-ACK message from host B, it sends an ACK message with ACK number “y+1” to host B. This confirms host A still wants to talk to host B.

Show Answer

asked 10/10/2024

Mario Perez Hervas

34 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first