Categories
300-410 Dumps

300-410 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.31

Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used?

  1. NHRP

  2. IPsec

  3. MP-BGP

  4. OSPF

Correct Answer: A

Question No.32

Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in DMVPN. Which two commands are missing? (Choose two.)

image

  1. The ip nhrp redirect command is missing on the spoke routers.

  2. The ip nhrp shortcut command is missing on the spoke routers.

  3. The ip nhrp redirect command is missing on the hub router.

  4. The ip nhrp shortcut command is missing on the hub router.

  5. The ip nhrp map command is missing on the hub router.

Correct Answer: BC

Question No.33

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

image

image

A.

B.

C.

D.

Correct Answer: A

Question No.34

Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?

image

  1. permit tcp port 443

  2. permit udp port 465

  3. permit tcp port 465

  4. permit tcp port 22

Correct Answer: A

Question No.35

Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS . Which action produces the desired configuration?

image

  1. Add the aaa authentication login default none command to the global configuration.

  2. Replace the capital 鈥淐鈥?with a lowercase 鈥渃鈥?in the aaa authentication login Console local command.

  3. Add the aaa authentication login default group tacacs local-case command to the global configuration.

  4. Add the login authentication Console command to the line configuration.

Correct Answer: D

Question No.36

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?

image

  1. no ip ssh disable

  2. ip ssh enable

  3. ip ssh version 2

  4. crypto key generate rsa

Correct Answer: D

Question No.37

Which statement about IPv6 ND inspection is true?

  1. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

  2. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.

  3. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

  4. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Correct Answer: B

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s- book/ip6-snooping.pdf

Question No.38

While troubleshooting connectivity issues to a router, these details are noticed:

image

image

Standard pings to all router interfaces, including loopbacks, are successful. Data traffic is unaffected.

image

SNMP connectivity is intermittent.

image

SSH is either slow or disconnects frequently.

Which command must be configured first to troubleshoot this issue?

  1. show policy-map control-plane

  2. show policy-map

  3. show interface | inc drop

  4. show ip route

Correct Answer: A

Question No.39

Refer to the exhibit. Why is user authentication being rejected?

image

  1. The TACACS server expects 鈥渦ser鈥? but the NT client sends 鈥渄omain/user鈥?

  2. The TACACS server refuses the user because the user is set up for CHAP.

  3. The TACACS server is down, and the user is in the local database.

  4. The TACACS server is down, and the user is not in the local database.

Correct Answer: D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access- control-system-tacacs-/13864-tacacs-pppdebug.html

Question No.40

Which statement about IPv6 RA Guard is true?

  1. It does not offer protection in environments where IPv6 traffic is tunneled.

  2. It cannot be configured on a switch port interface in the ingress direction.

  3. Packets that are dropped by IPv6 RA Guard cannot be spanned.

  4. It is not supported in hardware when TCAM is programmed.

Correct Answer: A

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16- book/ip6-ra-guard.pdf

Get Full Version of 300-410 Dumps

Categories
300-410 Dumps

300-410 Real Exam Dumps Questions and answers 41-50

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.41

An engineer is trying to copy an IOS file from one router to another router by using TFTP. Which two actions are needed to allow the file to copy? (Choose two.)

  1. Copy the file to the destination router with the copy tftp: flash: command

  2. Enable the TFTP server on the source router with the tftp-server flash: lt;filenamegt; command

  3. TFTP is not supported in recent IOS versions, so an alternative method must be used

  4. Configure a user on the source router with the username tftp password tftp command

  5. Configure the TFTP authentication on the source router with the tftp-server authentication local command

Correct Answer: AB

Question No.42

Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?

image

  1. policy-map SHAPE_BGP

  2. policy-map LIMIT_BGP

  3. policy-map POLICE_BGP

  4. policy-map COPP

Correct Answer: D

Question No.43

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?

image

  1. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool

  2. Configure the DHCP lease time to a smaller value

  3. Configure the DHCP lease time to a bigger value

  4. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool

Correct Answer: B

Question No.44

Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP SLA tracking output on the router console. Which command is missing from the IP SLA configuration?

image

  1. Start-time 00:00

  2. Start-time 0

  3. Start-time immediately

  4. Start-time now

Correct Answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt- book/sla_icmp_echo.html

Question No.45

Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock. What is the reason for this error?

image

  1. An authentication error with the NTP server results in an incorrect timestamp.

  2. The keyword localtime is not defined on the timestamp service command.

  3. The NTP server is in a different time zone.

  4. The system clock is set incorrectly to summer-time hours.

Correct Answer: B

Question No.46

A network engineer is investigating a flapping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output currently does not show the time of the flap. Which command allows the logging on the switch to show the time of the flap according to the clock on the device?

  1. service timestamps log uptime

  2. clock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00

  3. service timestamps log datetime localtime show-timezone

  4. clock calendar-valid

Correct Answer: C

Question No.47

When provisioning a device in Cisco DNA Center, the engineer sees the error message 鈥淐annot select the device. Not compatible with template鈥? What is the reason for the error?

  1. The template has an incorrect configuration.

  2. The software version of the template is different from the software version of the device.

  3. The changes to the template were not committed.

  4. The tag that was used to filter the templates does not match the device tag.

Correct Answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and- management/dna-center/1-2- 10/user_guide/b_cisco_dna_center_ug_1_2_10/b_dnac_ug_1_2_10_chapter_0111.html

Question No.48

While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading?

  1. The device must be resynced to Cisco DNA Center.

  2. The software image for the device is in install mode.

  3. The device has lost connectivity to Cisco DNA Center.

  4. The software image for the device is in bundle mode.

Correct Answer: B

Explanation:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and- management/dna-center/1-2- 10/user_guide/b_cisco_dna_center_ug_1_2_10/b_dnac_ug_1_2_10_chapter_0100.html

Question No.49

An engineer configured the wrong default gateway for the Cisco DNA Center enterprise interface during the install. Which command must the engineer run to correct the configuration?

  1. sudo maglev-config update

  2. sudo maglev install config update

  3. sudo maglev reinstall

  4. sudo update config install

Correct Answer: A

Question No.50

Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in. Which action ensures that debug messages are displayed for remote logins?

image

  1. Enter the transport input ssh configuration command.

  2. Enter the terminal monitor exec command.

  3. Enter the logging console debugging configuration command.

  4. Enter the aaa new-model configuration command.

Correct Answer: C

Get Full Version of 300-410 Dumps

Categories
300-410 Dumps

300-410 Real Exam Dumps Questions and answers 1-10

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.1

Refer to the exhibit. Users in the branch network of 2001:db8:0:4::/64 report that they cannot access the Internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this issue?

image

  1. Issue the eigrp stub command on R1.

  2. Issue the no eigrp stub command on R1.

  3. Issue the eigrp stub command on R2.

  4. Issue the no eigrp stub command on R2.

Correct Answer: B

Question No.2

R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:

image

What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1.1) by using the neighbor 1.1.1.1 route-map OUT out command?

  1. R1 sees 192.168.130.0/24 as two AS hops away instead of one AS hop away.

  2. R1 does not accept any routes other than 192.168.130.0/24

  3. R1 does not forward traffic that is destined for 192.168.30.0/24

  4. Network 192.168.130.0/24 is not allowed in the R1 table

Correct Answer: A

Question No.3

Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that is sourced from the 192.168.130.0/24 network to R2?

image

image

A.

B.

C.

image

D.

Correct Answer: D

Question No.4

Which method changes the forwarding decision that a router makes without first changing the routing table or influencing the IP data plane?

  1. nonbroadcast multiaccess

  2. packet switching

  3. policy-based routing

  4. forwarding information base

Correct Answer: C

Question No.5

Refer to the exhibit. The output of the trace route from R5 shows a loop in the network. Which configuration prevents this loop?

image

image

A.

B.

image

C.

D.

Correct Answer: A

Question No.6

Refer to the exhibit. An engineer configures a static route on a router, but when the engineer checks the route to the destination, a different next hop is chosen. What is the reason for this?

image

  1. Dynamic routing protocols always have priority over static routes.

  2. The metric of the OSPF route is lower than the metric of the static route.

  3. The configured AD for the static route is higher than the AD of OSPF.

  4. The syntax of the static route is not valid, so the route is not considered.

Correct Answer: C

Question No.7

Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network 10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary route missing?

image

  1. The summary-address command is used only for summarizing prefixes between areas.

  2. The summary route is visible only in the OSPF database, not in the routing table.

  3. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated.

  4. The summary route is not visible on this router, but it is visible on other OSPF routers in the same area.

Correct Answer: C

Question No.8

Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table by using the configuration that is shown. The route is still present in the routing table as an OSPF route. Which action blocks the route?

image

  1. Use an extended access list instead of a standard access list.

  2. Change sequence 10 in the route-map command from permit to deny.

  3. Use a prefix list instead of an access list in the route map.

  4. Add this statement to the route map: route-map RM-OSPF-DL deny 20.

Correct Answer: B

Question No.9

What is a prerequisite for configuring BFD?

  1. Jumbo frame support must be configured on the router that is using BFD.

  2. All routers in the path between two BFD endpoints must have BFD enabled.

  3. Cisco Express Forwarding must be enabled on all participating BFD endpoints.

  4. To use BFD with BGP, the timers 3 9 command must first be configured in the BGP routing process.

Correct Answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1043332

Question No.10

Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route reflector learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3. What is the reason the route is not advertised?

image

  1. R2 does not have a route to the next hop, so R2 does not advertise the prefix to other clients.

  2. Route reflector setup requires full IBGP mesh between the routers.

  3. In route reflector setup, only classful prefixes are advertised to other clients.

  4. In route reflector setups, prefixes are not advertised from one client to another.

Correct Answer: A

Get Full Version of 300-410 Dumps

Categories
300-410 Dumps

300-410 Real Exam Dumps Questions and answers 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.11

Refer to the exhibit. An engineer is trying to redistribute OSPF to BGP, but not all of the routes are redistributed. What is the reason for this issue?

image

  1. By default, only internal routes and external type 1 routes are redistributed into BGP.

  2. Only classful networks are redistributed from OSPF to BGP.

  3. BGP convergence is slow, so the route will eventually be present in the BGP table.

  4. By default, only internal OSPF routes are redistributed into BGP.

Correct Answer: D

Question No.12

Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber?

  1. shared risk link group-disjoint

  2. linecard-disjoint

  3. lowest-repair-path-metric

  4. interface-disjoint

Correct Answer: A

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/asr1000/ire- xe-3s-asr1000/ire-ipfrr.html

Question No.13

Refer to the exhibit. In which circumstance does the BGP neighbor remain in the idle condition?

image

  1. if prefixes are not received from the BGP peer

  2. if prefixes reach the maximum limit

  3. if a prefix list is applied on the inbound direction

  4. if prefixes exceed the maximum limit

Correct Answer: D

Question No.14

Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the clock on the device does not correspond to the time stamp of the log entries. Which action ensures consistency between the two times?

image

  1. Configure the service timestamps log uptime command in global configuration mode.

  2. Configure the logging clock synchronize command in global configuration mode.

  3. Configure the service timestamps log datetime localtime command in global configuration mode.

  4. Make sure that the clock on the device is synchronized with an NTP server.

Correct Answer: C

Question No.15

Refer to the exhibit. What is the result of applying this configuration?

image

  1. The router can form BGP neighborships with any other device.

  2. The router cannot form BGP neighborships with any other device.

  3. The router cannot form BGP neighborships with any device that is matched by the access list named 鈥淏GP鈥?

  4. The router can form BGP neighborships with any device that is matched by the access list named 鈥淏GP鈥?

Correct Answer: A

Question No.16

Which command displays the IP routing table information that is associated with VRF-Lite?

  1. show ip vrf

  2. show ip route vrf

  3. show run vrf

  4. show ip protocols vrf

    Correct Answer: B

    Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12- 2/50sg/configuration/guide/Wrapper-46SG/vrf.html#wp1045708

    Question No.17

    Refer to the exhibit. Which subnet is redistributed from EIGRP to OSPF routing protocols?

    image

    A.

    10.2.2.0/24

    B.

    10.1.4.0/26

    C.

    10.1.2.0/24

    D.

    10.2.3.0/26

    Correct Answer: A

    Question No.18

    Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family configuration?

    1. router ospfv3 1 address-family ipv4

    2. Router(config-router)#ospfv3 1 ipv4 area 0

    3. Router(config-if)#ospfv3 1 ipv4 area 0

    4. router ospfv3 1 address-family ipv4 unicast

Correct Answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s- book/ip6-route-ospfv3-add-fam-xe.html

Question No.19

Refer to the exhibit. Which statement about R1 is true?

image

  1. OSPF redistributes RIP routes only if they have a tag of one.

  2. RIP learned routes are distributed to OSPF with a tag value of one.

  3. R1 adds one to the metric for RIP learned routes before redistributing to OSPF.

  4. RIP routes are redistributed to OSPF without any changes.

Correct Answer: B

Question No.20

Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface. The route has changed to flow through router R2. Which debug command is used to troubleshoot this issue?

image

  1. debug ip flow

  2. debug ip sla error

  3. debug ip routing

  4. debug ip packet

Correct Answer: C

Get Full Version of 300-410 Dumps

Categories
300-410 Dumps

300-410 Real Exam Dumps Questions and answers 21-30

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.21

Which configuration enabled the VRF that is labeled 鈥淚net鈥?on FastEthernet0/0?

  1. R1(config)# ip vrf Inet

    R1(config-vrf)#ip vrf FastEthernet0/0

  2. R1(config)#ip vrf Inet FastEthernet0/0

  3. R1(config)# ip vrf Inet

    R1(config-vrf)#interface FastEthernet0/0 R1(config-if)#ip vrf forwarding Inet

  4. R1(config)#router ospf 1 vrf Inet

R1(config-router)#ip vrf forwarding FastEthernet0/0

Correct Answer: C

Question No.22

Refer to the exhibit. After redistribution is enabled between the routing protocols; PC2, PC3, and PC4 cannot reach PC1. Which action can the engineer take to solve the issue so that all the PCs are reachable?

image

  1. Set the administrative distance 100 under the RIP process on R2.

  2. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.

  3. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP.

  4. Redistribute the directly connected interfaces on R2.

Correct Answer: B

Question No.23

Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?

  1. multi-paths eibgp 2

  2. maximum-paths 2

  3. maximum-paths ibgp 2

  4. multi-paths 2

Correct Answer: C

Explanation: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/mpls/configuration/guide/mpls_cg/mp_vpn_multipath.html

Question No.24

Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing. Which two actions resolve the issue? (Choose two.)

image

  1. Change the mode from mode tunnel to mode transport on R3.

  2. Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3.

  3. Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.

  4. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.

  5. Change the mode from mode transport to mode tunnel on R2.

Correct Answer: AD

Question No.25

Which statement about route distinguishers in an MPLS network is true?

  1. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.

  2. Route distinguishers are used for label bindings.

  3. Route distinguishers make a unique VPNv4 address across the MPLS network.

  4. Route distinguishers define which prefixes are imported and exported on the edge router.

Correct Answer: C

Question No.26

Which statement about MPLS LDP router ID is true?

  1. If not configured, the operational physical interface is chosen as the router ID even if a loopback is configured.

  2. The loopback with the highest IP address is selected as the router ID.

  3. The MPLS LDP router ID must match the IGP router ID.

  4. The force keyword changes the router ID to the specified address without causing any impact.

Correct Answer: B

Question No.27

Refer to the exhibit. Which interface configuration must be configured on the spoke A router to enable a dynamic DMVPN tunnel with the spoke B router?

image

image

A.

B.

image

C.

D.

Correct Answer: B

Question No.28

Which list defines the contents of an MPLS label?

  1. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL

  2. 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL

  3. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit

  4. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit

Correct Answer: A

Question No.29

Which transport layer protocol is used to form LDP sessions?

  1. UDP

  2. SCTP

  3. TCP

  4. RDP

Correct Answer: C

Question No.30

Refer to the exhibit. What does the imp-null tag represent in the MPLS VPN cloud?

image

  1. Pop the label

  2. Impose the label

  3. Include the EXP bit

  4. Exclude the EXP bit

Correct Answer: A

Get Full Version of 300-410 Dumps