350-401 ENCOR:Implementing Cisco Enterprise Network Core Technologies Update:2026年2月8日 Questions and Answers: 376 Q&A 1. How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API? A. Add a timestamp to the request in the API header. B. Use a password hash. C. Add OAuth to the request in the API header. D. Use HTTPS. None 2. Which unit of measure is used to measure wireless RF SNR? A. mw B. dbm C. db D. dBi None 3. Simulation 24 Solution: Sw10 config t no int po20 int et0/0 channel-group 20 mode active no shut spanning-tree vlan 20 pri 0 wr Verification:- None 4. What is a characteristic of a virtual machine? A. It shares the host OS kernel, binaries, and libraries B. It is more resource efficient than a container C. It provides an environment completely isolated from the host OS D. It is more lightweight than a container None 5. Drag and drop the command snippets from the right onto the blanks in the configuration to create an EEM applet that will enable interface Loopback0 and log a message when the logging message -Interface Loopback0. changed state to administratively down" is received. Not all commands are used. None 6. A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violates Which term refers to this REST security design principle? A. economy of mechanism B. complete mediation C. separation of privilege D. least common mechanism None 7. Which Cisco Catalyst SD-WAN component is responsible for distributing data plane traffic policies? A. vBond B. vManage C. vSmart D. WAN edge None 8. Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.) A. local B. rogue detector C. monitor D. FlexConnect E. sniffer 9. Which exhibit displays a valid JSON file? A. B. C. D. None 10. Based on the configuration in this WLAN security setting,Which method can a client use to authenticate to the network? A. text string B. username and password C. certificate D. RADIUS token None 11. Which solution supports end-to-end line-rate encryption between two sites? A. TrustSec B. MACsec C. IPsec D. GRE None 12. Drag and drop the code snippets from the bottom onto blanks m the Python script so that the program changes the IP address and saves It as a new JSON Me on the disk Not all options are used A. None 13. Simulation 8 Solution:R3 Copy run start Verification: None 14. A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which action meets this requirement? A. Configure the GCMP256 encryption cipher. B. Configure the CCMP128 encryption cipher. C. Configure the GCMP128 encryption cipher. D. Configure the CCMP256 encryption cipher. None 15. Which two characteristics apply to Type 1 hypervisors? (Choose two.) A. They are widely available to license for free. B. They provide a platform for running bare metal operating systems. C. They can be used to create and manage virtual storage D. They are a software layer that runs on top of a virtual server. E. They provide a platform for running guest operating systems. 16. Why are stateless calls executed by REST API useful in cloud applications? A. They use HTTPS to implement all calls. B. They control URL decoding. C. They are easy to redeploy and to scale. D. They rely on data stored on the server for calls. None 17. A customer reports occasional brief audio dropouts on its Cisco Wi-Fi phones. The environment consists of a Cisco Catalyst 9800 Series WLC with Catalyst 9120 APs running RRM. The phones connect on the 5-GHz band. Which action resolves this issue? A. Enable Media Stream Multicast-direct. B. Disable Coverage Hole Detection. C. Set WMM Policy to Required. D. Enable Defer Priority 6. None 18. When should the MAC authentication bypass feature be used on a switch port? A. when authentication is required, but the attached host does not support 802.1X B. when the attached host supports 802.1X and must authenticate itself based on its MAC address instead of user credentials C. when authentication should be bypassed for select hosts based on their MAC address D. when the attached host supports limited 802.1X None 19. An engineer must create a script that appends the output of the show process cpu sorted command to a file. event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3 get-type next entry-op gt entry-val 80 poll-interval 5!action 1.0 cli command "enable"action 2.0 syslog msg "high cpu"action 3.0 cli command "term length 0" A. action 4.0 syslog command "show process cpu sorted | append flash:high-cpu-file" B. action 4.0 cli command "show process cpu sorted | append flash:high-cpu-file" C. action 4.0 ens-event "show process cpu sorted | append flash:high-cpu-file" D. action 4.0 publish-event "show process cpu sorted | append flash:high-cpu-file" None 20. What is the purpose of a data modeling language? A. to establish a framework to process data by using an object-oriented programming approach B. to specify the rules for transcoding between text and binary data encodings C. to standardize the procedures that are executed when parsing sent and received data D. to describe the structure and meaning of exchanged data None 21. What is output by this code? for x in range(0,5): print(x) A. 012345 B. (0.5) C. 05 D. 01234 None 22. Simulation 10 Solution: Copy run start Verification: None 23. The key value pairs must be extracted by iterating through a list of tuples. Which statement completes the snippet and prints each key value pair as a tuple? A. for device, value In device_ip.items(): print(device) B. for device in device_ip.items(): print(device) C. for device in device_ip.values(): print(device) D. for device in deviceip: print(device) None 24. Which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues? A. SE-connect mode B. sensor mode C. client mod D. sniffer mode None 25. What is used by vManage to interact with Cisco SD-WAN devices in the fabric? A. northbound API B. RESTCONF C. sounthbound API D. IPsec None 26. What is determined from the output? A. 10.0.0.100 is managed by Cisco Catalyst Center (formerly DNA Center). B. The URL for the second query is syntactically incorrect. C. The authentication for the second query fails. D. 10.0.0.200 is known to DNA Center, but its ID is an empty string. None 27. A company recently decided to use RESTCONF instead of NETCONF. and many of their NETCONF scripts contain the operation (operation-create). Which RESTCONF operation must be used to replace these statements? A. CREATE B. POST C. GET D. PUT None 28. Simulation 25 Solution: R2 config t username NetworkAdmin privilege 15 password CiscoENCOR line vty 0 4 login local transport input telnet rlogin exec-timepit 20 None 29. What is one characteristic of an AP that is operating in Mobility Express mode? A. It is recommended for large scale deployments. B. It requires a centralized WLC. C. At least three APs are needed for WLC redundancy. D. It requires an AP to act as a WLC. None 30. What is achieved by this Python script? A. It displays the output from show lldp neighbors into a standard output. B. It reads the neighbor count from show lldp neighbors into a dictionary list. C. It displays the Layer 3 neighbors from show lldp neighbors on the terminal screen. D. It reads the output from show lldp neighbors into an array object. None 31. An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement? A. 802.1XandSUITEB-1X B. FT PSK and Fast Transition C. 802.1X and Fast Transition D. FTPSKandSUITEB-1X None 32. A script contains the statement •white loop != 999 ’ Which value terminates the loop? A. A value equal to 999. B. A value not equal to 999. C. A value greater than or equal to 999. D. A value less than or equal to 999. None 33. Which command set is required on router R1 to allow the network administrator to authenticate via RADIUS'? A.aaa new-modelaaa authentication login default group radius B.aaa new-modelaaa authentication login console C.aaa new-modelaaa authentication login default D.aaa new-modelaaa authorization exec default group radius None 34. When using a Cisco Catalyst 9800 Series WLC, which tag/profile can be applied to APs to change the mode to FlexConnect in a specific location? A. policy tag B. site tag C. AP join profile D. flex profile None 35. Drag and drop the REST API authentication methods from the left onto their descriptions on the right. A. None 36. The existing configuration must be updated to terminate all EXEC sessions after 120 minutes. Which command set should be applied? Router≠sh run b vtyline vty 0 4 1ogin local line vty 5 15 1ogin local A. line vty 0 15session-limit 120 B. line vty 0 15exec-timeout 120 C. line vty 0 15absolute-timeout 120 D. line vty 0 15session-timeout 120 None 37. What is achieved by this Python script? A. It configures access list statements B. It reads access list statements into a dictionary list C. It displays access list statements on a terminal screen. D. It converts access list statements to a human-readable format. None 38. What is used to measure the total output energy of a Wi-Fi device? A. dBi B. EIRP C. mW D. dBm None 39. Drag and drop the command snippets from the right onto the boxes to create an EEM applet that will enable interface LoopbackO when the logging message 'Interface Loopback0. changed state to administratively down" is received. Not all commands are used and some commands are used more than once. A. None 40. A company hires a network architect to design a new OTT wireless solution within a Cisco SDAccess Fabric wired network. The architect wants to register access points to the WLC to centrally switch the traffic. Which AP mode must the design include? A. Bridge B. Fabric C. FlexConnect D. local None 41. How does SSO work with HSRP to minimize network disruptions? A. It enables HSRP to elect another switch in the group as the active HSRP switch. B. It ensures fast failover in the case of link failure. C. It enables data forwarding along known routes following a switchover, white the routing protocol reconverges D. It enables HSRP to failover to the standby RP on the same device. None 42. A response code of 404 is received while using the REST API on Cisco UNA Center to POST to this URI.What does the code mean? /dna/intent/api/v1 /template-programmer/project A. The client made a request a resource that does not exist. B. The server has not implemented the functionality that is needed to fulfill the request. C. The request accepted for processing, but the processing was not completed. D. The POST/PUT request was fulfilled and a new resource was created, Information about the resource is in the response body. None 43. Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration? event manager applet config-alertevent cli pattern "write mem."sync yes A.action 1.0 cli command copy running-config bootflash:/current_config.txtaction 2.0 syslog msg"Configuration saved and copied to bootflash B.action 1.0 cli command"enable"action 2.0 cli command "configure terminalaction 3.0 cli command "file prompt quiet"action 4.0 cli command"end"action 5.0 cli command copy running-config bootflash:/current_config.txtaction 6.0 cli command "configure terminalaction 7.0 cli command "no fle prompt quiet"action 8.0 syslog priority critical msg"Configuration saved and copied to bootflash" C.action 1.0 cli command "enable"action 2.0 cli command "file prompt quiet"action 3.0 cli command copy running-config bootflash:/current_config.txtaction 4.0 cli command "no file prompt quiet"action 5.0 syslog priority critical msg"Configuration saved and copied to bootflash" D.action 1.0 cli command copy running-config bootflash:/current_config,txtaction 2.0 syslog priority critical msg"Configuration saved and copied to bootflash" None 44. Why does the vBond orchestrator have a public IP? A. to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space B. to facilitate downloading and distribution of operational and security patches C. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal D. to provide access to Cisco Smart Licensing servers for license enablement None 45. Which RF value represents the decline of the RF signal amplitude over a given distance"? A. signal-to-noise ratio B. received signal strength indicator C. free space path loss D. effective isotropic radiated power None 46. Which mechanism is used to protect the confidentiality of sensitive information exchanged over REST APIs? A. TLS B. 802.1X C. SSH D. IPsec None 47. Simulation 10 Solution: Copy run start None 48. What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.) A. Summarize routes from the aggregation layer toward the core layer. B. Summarize from the access layer toward the aggregation layer. C. Configure passive-interface on nontransit links. D. Implement security features at the core. E. Tune Cisco Express Forwarding load balancing hash for ECMP routing. 49. Why would a network engineer configure an AP in SE-Connect mode? A. to redirect WLAN traffic to an endpoint for protocol analysis B. to monitor the VLAN traffic for rogue APs C. to connect the wired LAN with the wireless infrastructure D. to analyze the RF spectrum surrounding the AP None 50. What is one primary REST security design principle? A. fail-safe defaults B. password hash C. adding a timestamp in requests D. OAuth None 51. In a virtual environment, what is a VMDK file? A. A file containing information about snapshots of a virtual machine. B. A zip file connecting a virtual machine configuration file and a virtual disk. C. A configuration file containing settings for a virtual machine such as a guest OS. D. A file containing a virtual machine disk drive. None 52. Which function is performed by vSmart in the Cisco Catalyst SD-WAN architecture? A. facilitation of NAT detection and traversal B. redistribution between OMP and other routing protocols C. distribution of IPsec keys D. execution of localized policies None 53. Simulation 20 Solution: R30 Config t router ospf 100 router-id 10.0.1.30 int ran lo0 , e0/0-1 ip ospf 100 a 0 exit int et0/2 ip ospf 100 a 50 exit router ospf 30 area 50 range 10.10.0.0 255.255.192.0 area 50 range 10.50.0.0 255.255.192.0 end wr None 54. Simulation 6 See the solution below in Explanation: Solution: R3 Int e0/1 Ip ospf priority 255 End Copy run start R2 Int e0/1 Ip ospf network point-to-point End Copy run start R10 Int e0/0 Ip ospf network point-to-point End Copy run start None 55. What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process? A. broadcast discover request B. join request to all the WLCs C. unicast discovery request to each WLC D. Unicast discovery request to the first WLS that resolves the domain name None 56. Which HTTP request produced the REST API response that was returned by the Cisco Catalyst Center (formerly DNA Center) platform? A. POST /auth/token B. GET /network-device C. GET /template-programmer/template/version/42a3df73-3ef4-49e2-b4f0-6927bbd4bf52 D. POST /discovery None 57. What is the data policy in a Cisco SD-WAN deployment? A. list of ordered statements that define node configurations and authentication used within the SD-WAN overlay B. set of statements that defines how data is forwarded based on IP pocket information and specific VPNs C. detailed database mapping several kinds of addresses with their corresponding location D. group of services tested to guarantee devices and links liveliness within the SD-WAN overlay None 58. What is a benefit of MACsec in a multilayered LAN network design? A. There is no requirement to run IEEE 802.1X when MACsec is enabled on a switch port. B. Layer 2 trunk links between switches can be secured. C. Application flows between hosts on the LAN to remote destinations can be encrypted. D. Layer 3 links between switches can be secured. None 59. What is the base unit of definition in YANG? A. module B. include statement C. stanza D. node None 60. In a fabric-enabled wireless network, which device is responsible for maintaining the endpoint ID database? A. fabric border node B. fabric edge node C. fabric wireless controller D. control plane node None 61. A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected? A. Static WEP B. WPA2 + WPA3 C. None D. WPA + WPA2 None 62. What is the recommended minimum SNR for data applications on wireless networks? A. 15 B. 20 C. 25 D. 10 None 63. When deploying Cisco SD-Access Fabric APs, where does the data plane VXLAN tunnel terminate? A. on the first-hop fabric edge switch B. on the WLC node C. on the fabric border node switch D. directly on the fabric APs None 64. Which security feature does stateless authentication and authorization use for REST API calls? A. OAuth 2 tokens B. cookie-based session authentication C. API keys D. SSL/TLS certificate encryption None 65. Which feature allows clients to perform Layer 2 roaming between wireless controllers? A. SSO B. N+1 high availably C. mobility groups D. RF grouping None 66. A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement? A. Identity PSK B. Fast Transition C. Central Web Authentication D. Cisco Centralized Key Management None 67. Drag and drop the automation characteristics from the left onto the corresponding tools on the right. Not all options are used. A. None 68. Which solution supports end to end line-rate encryption between two sites? A. IPsec B. TrustSec C. MACSec D. GRE None 69. What is one characteristic of Cisco SD-Access networks? A. Devices are assigned to virtual networks based on their VLAN membership. B. Scalable group tags are used for macrosegmentatlon. C. Virtual networks are used for microsegmentation. D. All traffic is Layer 3 within the fabric. None 70. In which two ways does PIM dense mode function in the network? (Choose two.) A. It waits to forward multicast traffic until a downstream router requests the traffic. B. It utilizes the designated forwarder election to avoid multicast packet loops. C. It receives traffic from only one Reverse Path Forwarding interface. D. It forwards multicast traffic on all interfaces until a downstream router requests that forwarding stop E. It uses a push method, and fallback occurs when RP information is lost. 71. When a wireless client roams between two different wireless controllers, a network connectivity outage is experience for a period of time. Which configuration issue would cause this problem? A. Not all of the controllers in the mobility group are using the same mobility group name. B. All of the controllers within the mobility group are using the same virtual Interface IP address. C. Not all of the controllers within the mobility group are using the same virtual interface IP address D. All of the controllers in the mobility group are using the same mobility group name None 72. Which architectural component enables a zero-trust security model? A. management plane B. plug-and-play C. data plane D. control plane None 73. Drag anti drop the characteristics from the ten onto the configuration models on the right. None 74. Drag and drop the characteristics of PIM Sparse Mode from the left to the right. Not all options are used. None 75. Which two pieces of information are necessary to compute SNR? (Choose two.) A. EIRP B. noise floor C. antenna gai D. RSSI E. transmit power 76. Which data is properly formatted with JSON? A.{"name":"Peter""age":"25""likesJson":true""characteristics":["small","strong",18] B.{"name":"Peter","age":"25","lkesJson":true,"characteristics”["small,"strong","18"]. C.{"name":"Peter,"age":"25","likesJson":true,"characteristics":["small","strong",18]} D.{"name":Peter,"age":25,"likesJson":true,"characteristics":['small","strong","18"],} None 77. Simulation1 See the solution below in Explanation R10 Copy run start R20Copy run start Verification: None 78. What is required for a VXLAN tunnel endpoint to operate? A. a VXLAN tunnel endpoint identifier B. at least one Layer 2 interface and one Layer 3 interlace C. at least one IP for the transit network and one IP for endpoint connectivity D. a VXLAN network identifier None 79. What is the value of the variable list after the code is run? list =[1,2]list =list*3.print(List). A. [1,2.1.2.1,2] B. [1,2] * 3 C. [3,6] None 80. Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right. A. None 81. Running the script causes the output in the exhibit. What should be the first line of the script? A. import manager B. ncclient manager import C. from ncclient import * D. from ncclient import manager None 82. An engineer deploys a script to retrieve the running configuration from a NETCONF-capable CiscoIOSXE device that Is configured with default settings. The script fails.Which configuration must be applied to retrieve the configuration using NETCONF? print(netconf_host.get_config('show running')) device_params={'name':'ios-xe'"}) port=830 hostkey_verify=True, None 83. What are two methods of ensuring that the multicast RPF check passes without changing the unicast routing table? (Choose two.) A. disabling the interface of the router back to the multicast source B. implementing MBGP C. disabling BGP routing protocol D. implementing static mroutes E. implementing OSPF routing protocol 84. Drag and drop the code snippets from the bottom onto the blanks in the Python script to convert a Python object into a JSON string. Not all options are used. A. None 85. An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionally? A. CCKM B. WPA2 policy C. Local Policy D. Web Policy None 86. What is a characteristic of an AP that operates in FlexConnect mode? A. Configuration is done directly on the AP rather than on a controller. B. Dot1x authentication is not supported for AP clients in this mode. C. Client authentication is always performed on the A P. D. FlexConnect groups are required to support 802.11 r fast roaming. None 87. Simulation 23 SOLUTIONS: Sw10 Config t no int po1 default int ran et0/0-2 int ran e0/0-2 switchport trunk encap dot1q switchport mode trunk channel-group 1 mode active no shutwr None 88. Which type of API enables Cisco Catalyst Center (formerly DNA Center) to focus on outcome instead of the individual steps that are required to achieve the outcome? A. southbound Multivendor Support B. westbound Integration C. northbound Intent D. eastbound Events and Notifications None 89. A corporate policy mandates that a certificate-based authentication system must be implemented on the wireless infrastructure. All corporate clients will contain a certificate that will be used in conjunction with ISE and user credentials to perform authentication before the clients are allowed to connect to the corporate Wi-Fi. Which authentication key option must be selected to ensure that this authentication can take place? A. none B. PSK C. 802.1x D. CCKM None 90. Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session? A. HTTP Status Code 200 B. HTTP Status Code 302 C. HTTP Status Code 401 D. HTTP Status Code: 504 None 91. What is a TLOC in a Cisco SD-WAN deployment? A. value that identifies a specific tunnel within the Cisco SD-WAN overlay B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay C. attribute that acts as a next hop for network prefixes D. component set by the administrator to differentiate similar nodes that offer a common service None 92. Which First Hop Redundancy Protocol should be used to meet a design requirements for more efficient default bandwidth usage across multiple devices? A. GLBP B. LCAP C. HSRP D. VRRP None 93. Which action controls the maximum cell size in a high-density wireless environment? A. Statically set TX power on access points to max. B. Disable low data rates. C. Set mandatory data rates. D. Decrease TX power on access points. None 94. Drag and drop the configuration management tools from the left onto the configuration styles they use on the right A. None 95. Which DNS record type is needed to allow a Cisco AP to discover a WLC when using IPv4? A. CNAME record B. A record C. NS record D. SOA record None 96. An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use? event manager applet LogMessage event routing network 172.30.197.0/24 type all A. action 1 syslog send "OSPF ROUTING ERROR" B. action 1 syslog pattern "OSPF ROUTING ERROR" C. action 1 syslog write "OSPF ROUTING ERROR" D. action 1 syslog msg "OSPF ROUTING ERROR" None 97. What are two device roles in Cisco SD-Access fabric? (Choose two.) A. core switch B. vBond controller C. edge node D. access switch E. border node 98. In a Cisco SD-Access wireless architecture, which device manages endpoint ID to edge node bindings? A. fabric control plane node B. fabric edge node C. fabric border node D. fabric wireless controller None 99. Which two conditions occur when the primary route processor fails on a switch thatisusing dual route processors with stateful switchover? (Choose two.) A. Data forwarding is stopped until the routing protocols reconverge after the switchover. B. The standby route processor initialization is started when the primary router processor fails. C. The standby route processor is fully initialed and state information is maintained. D. User sessions are immediately recreated on the new active route processor. E. Data forwarding can continue along known paths until routing protocol information is restored. 100. Which device is responsible for finding EID-to-RLOC mappings when traffic is sent to a LISPcapable site? A. ingress tunnel router B. map resolver C. egress tunnel router D. map server None 101. How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name? A.Insert after the for loop:with open(f"{Hostname}.json","w")as OutFile:OutFile.write(Response) B.Insert after the for loop:with open(f"{Hostname}.json","w")as OutFile:OutFile.write(json.dumps(Response.text)) C.Append to the body of the for loop:with open(f"{Hostname}.json","w")as OutFile:OutFile.write(Response.text) D.Insert immediately before the for loop:with open(f"{Hostname}.json","w")as OutFile:OutFile.write(json.load(Devices)) None 102. An engineer configuring WebAuth on a Cisco Catalyst 9000 Series WIC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use bit on the WebAuth splash page What must be configured so that the clients do not receive a certificate error? A. Virtual IPv4 Address must be set to a routable address. B. Virtual IPv4 Hostname must match the CN of the certificate. C. Trustpoint must be set to the management certificate of the WLC. D. Web Auth Intercept HTTPs must be enabled. None 103. Drag and drop the code snippets from the bottom onto the blanks in the script to convert a Python object into a JSON string. Not all options are used A. None 104. Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually? A. event manager applet ondemandevent registeraction 1.0 syslog priority critical msg 'This is a message from ondemand' B. event manager applet ondemandevent manualaction 1.0 syslog priority critical msg 'This is a message from ondemand' C. event manager applet ondemandevent noneaction 1.0 syslog priority critical msg 'This is a message from ondemand D. event manager applet ondemandaction 1.0 syslog priority critical msg 'This is a message from ondemand None 1 out of 104 Name Email Time is Up!
