350-401 ENCOR:Implementing Cisco Enterprise Network Core Technologies

Update：2026年4月18日

Questions and Answers: 376 Q&A

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

A. VXIAN

B. IS-IS

C. 802.1

D. CTS

None

Drag and drop the code snippets from the bottom onto the blanks in the Python script to convert a Python object into a JSON string. Not all options are used.

None

Drag and drop the characteristics from the left onto the orchestration tools they describe on the right.

None

An engineer attempts to connect to another device from Route1’s console port. Which configuration is needed to allow telnet connections?

Router1#telnet 192.168.1.1
%telnet connections not pemitted from this terminal

A.
Router1(config)#access-list 100 permit tcp any any eq telnet
Router1(config)#line console 0
Router1(config-line)#access-class 100 in

B.
Router1(config)#access-list 100 permit tcp any any eq telnet
Router1(config)#line vty
Router1(config-line)#access-class 100 out

C.
Router1(config)#line vty 015
Router1(config-line)#transport output telnet

D.
Router1(config)#line console 0
Router1(config-ine)#transport output telnet

None

What is one advantage of using a data modeling language to develop an API client application?

A. Increase in compatibility

B. easier feature extensibility

C. stronger security properties

D. lower resource requirements

None

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

None

Which unit measures the power of a radio signal with reference to 1 milliwatt?

A. dBi

B. mW

C. dBw

D. dBm

None

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

A. SSH

B. TLS

C. HTTPS

D. JWT

None

Which method requires a client to authenticate and has the capability to function without encryption?

A. open

B. WEP

C. WebAuth

D. PSK

None

10.

Why would a network engineer configure an AP in SE-Connect mode?

A. to redirect WLAN traffic to an endpoint for protocol analysis

B. to monitor the VLAN traffic for rogue APs

C. to connect the wired LAN with the wireless infrastructure

D. to analyze the RF spectrum surrounding the AP

None

11.

Which message type is valid for IGMPv3?

A. leave group

B. hello

C. graft

D. source-specific membership report

None

12.

With IGMPv2, which multicast group address does the IGMP querier use to send query messages to all hosts on the LAN?

A. 239.0.0.2

B. 224.0.0.1

C. 239.0.0.1

D. 224.0.0.2

None

13.

Which action reduces sticky clients in dense RF environments?

A. Decrease radio channel widths to 40 MHz.

B. Increase the mandatory minimum data rates.

C. Decrease the mandatory minimum data rates.

D. Increase radio channel widths to 160 MHz.

None

14.

What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

A. A NETCONF request was made for a data model that does not exist.

B. The device received a valid NETCONF request and serviced it without error.

C. A NETCONF message with valid content based on the YANG data models was made, but the request failed.

D. The NETCONF running datastore is currently locked.

None

15.

In a wireless Cisco SD-Access deployment, which roaming method is used when a user moves from one access point to another on a different access switch using a single WLC?

A. Layer 3

B. inter-xTR

C. auto anchor

D. fast roam

None

16.

Drag and drop the REST API authentication methods from the left onto their descriptions on the right.

None

17.

Drag and drop the command snippets from the right onto the blanks in the configuration to create an EEM applet that will enable interface Loopback0 and log a message when the logging message -Interface Loopback0. changed state to administratively down" is received. Not all commands are used.

None

18.

Which language defines the structure or modelling of data for NETCONF and RESTCONF?

A. JSON

B. YANG

C. XML

D. YAML

None

19.

What is used to measure the total output energy of a Wi-Fi device?

A. dBi

B. EIRP

C. mW

D. dBm

None

20.

What is a benefit of implementing stateful switchover?

A. modularity

B. resiliency

C. flexibility

D.scalability

None

21.

Which antenna type should be used for a site-to-site wireless connection?

A. omnidirectional

B. patch

C. dipole

D. Yagi

None

22.

What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution?

A. real-time threat management to stop DDoS attacks to the core and access networks

B. malware control

C. real-time awareness of users, devices, and traffic on the network

D. dynamic threat control for web traffic

None

23.

Simulation 25

Solution:

show ip access-list

config t

ip access-list extended 151

5 permit eigrp any any

config t

ip access-list extended 100

permit tcp 192.168.211.0 0.0.0.255 any eq 22

class-map match-any SSH

match access-group 100

policy-map CoPP

class SSH

police 8000 conform-action transmit exceed-action drop

control-plane

service-policy input CoPP

None

24.

Which two pieces of information are necessary to compute SNR? (Choose two.)

A. EIRP

B. noise floor

C. antenna gai

D. RSSI

E. transmit power

25.

Simulation 18

Solution:

R22

config t

int tunn0

vrf forwarding FINANCE

ip add 10.11.22.2 255.255.255.0

tunn so e0/0

tunn dest 209.165.200.230

no shut

int et0/1

vrf forward FINANCE

ip add 10.22.22.1 255.255.255.252

no shut

ip route vrf FINANCE 10.10.111.0 255.255.255.0 tunn0

None

26.

What is the data policy in a Cisco SD-WAN deployment?

A. list of ordered statements that define node configurations and authentication used within the SD-WAN overlay

B. set of statements that defines how data is forwarded based on IP pocket information and specific VPNs

C. detailed database mapping several kinds of addresses with their corresponding location

D. group of services tested to guarantee devices and links liveliness within the SD-WAN overlay

None

27.

Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

None

28.

Simulation 20

Solution:

R30

Config t

router ospf 100

router-id 10.0.1.30

int ran lo0 , e0/0-1

ip ospf 100 a 0

exit

int et0/2

ip ospf 100 a 50

exit

router ospf 30

area 50 range 10.10.0.0 255.255.192.0

area 50 range 10.50.0.0 255.255.192.0

end

None

29.

Simulation 10

Solution:

Copy run start

Verification:

None

30.

What is a characteristic of Layer 3 roaming?

A. Clients must obtain a new IP address when they roam between APs.

B. It provides seamless roaming between APs that are connected to different Layer 3 networks and different mobility groups

C. It is only supported on controllers that run SSO.

D. It provides seamless client roaming between APs in different Layer 3 networks but within the same mobility group.

None

31.

What is the value of the variable list after the code is run?

list =[1,2]
list =list*3.
print(List).

A. [1,2.1.2.1,2]

B. [1,2] * 3

C. [3,6]

None

32.

What is the structure of a JSON web token?

A. header and payload

B. three parts separated by dots: version, header, and signature

C. payload and signature

D. three parts separated by dots: header, payload. and signature

None

33.

Which python code snippet prints the descriptions of disabled interface only?

>>>netconf_data["GigabitEthernet"][O]["enabled"]u'false'
>>>netconf_data"GigabitEthernet"[1]["enabled"]u'true'
>>>netconf_data["GigabitEthernet"][2]["enabled"]u'false'
>>>netconf_data["GigabitEthernet"[O]["description"]u'my description'

A.
for interface in netconf_data["GigabitEthernet"]
if interface["enabled"]l=true'
print(interface["description"])

B.
for interface in netconf_data"GigabitEthemet]
if interface"enabled]=false'
print(interface["description")

C.
for interface in netconf_data["GigabitEthernet]:
if interface["enabled]='true'
print(interface["description")

D.
for interface in netconf_data["GigabitEthernet]:
print(interface["enabled"T)
print(interface["description")

None

34.

Which technology collects location information through data packets received by the APs instead of using mobile device probes?

A. detect and locate

B. FastLocate

C. hyperlocatio

D. RF fingerprinting

None

35.

Which method displays text directly into the active console with a synchronous EEM applet policy?

A. event manager applet boomevent syslog pattern 'UP'action 1.0 gets 'logging directly to console'

B. event manager applet boomevent syslog pattern 'UP'action 1.0 syslog priority direct msg 'log directly to console'

C. event manager applet boomevent syslog pattern 'UP'action 1.0 puts 'logging directly to console'

D. event manager applet boomevent syslog pattern 'UP'action 1.0 string 'logging directly to console'

None

36.

How should the script be completed so that each device configuration is saved into a JSON-formatted file under the device name?

A.
Insert after the for loop:
with open(f"{Hostname}.json","w")as OutFile:OutFile.write(Response)

B.
Insert after the for loop:
with open(f"{Hostname}.json","w")as OutFile:OutFile.write(json.dumps(Response.text))

C.
Append to the body of the for loop:
with open(f"{Hostname}.json","w")as OutFile:OutFile.write(Response.text)

D.
Insert immediately before the for loop:
with open(f"{Hostname}.json","w")as OutFile:OutFile.write(json.load(Devices))

None

37.

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

A. broadcast discover request

B. join request to all the WLCs

C. unicast discovery request to each WLC

D. Unicast discovery request to the first WLS that resolves the domain name

None

38.

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows:

Until interrupted from the keyboard, the script reads in the hostname of a device, its management

IP address, operating system type, and CLI remote access protocol.

After being interrupted, the script displays the entered entries and adds them to the JSON

formatted file, replacing existing entries whose hostname matches.

The contents of the JSON-formatted file are as follows

Drag and drop the statements onto the blanks within the code to complete the script. Not all

options are used.

An engineer must create a script to append and modify device entries in a JSON-formatted file. The script must work as follows:

None

39.

Where is radio resource management performed in a Cisco SD-Access wireless solution?

A. DNA Center

B. wireless controller

C. Cisco CM

D. control plane node

None

40.

Simulation 24

Solution:

Sw10

config t

no int po20

int et0/0

channel-group 20 mode active

no shut

spanning-tree vlan 20 pri 0

Verification:-

None

41.

When should the MAC authentication bypass feature be used on a switch port?

A. when authentication is required, but the attached host does not support 802.1X

B. when the attached host supports 802.1X and must authenticate itself based on its MAC address instead of user credentials

C. when authentication should be bypassed for select hosts based on their MAC address

D. when the attached host supports limited 802.1X

None

42.

Which two characteristics apply to Type 1 hypervisors? (Choose two.)

A. They are widely available to license for free.

B. They provide a platform for running bare metal operating systems.

C. They can be used to create and manage virtual storage

D. They are a software layer that runs on top of a virtual server.

E. They provide a platform for running guest operating systems.

43.

A network administrator is preparing a Python script to configure a Cisco IOS XE-based device on the network. The administrator is worried that colleagues will make changes to the device while the script is running. Which operation of the NC client manager prevents colleagues from making changes to the devices while the script is running?

A. m.freeze(config-running')

B. m.freeze(target-running')

C. m.lock(config='running')

D. m.lock(target-running')

None

44.

Drag and drop the characteristics from the left onto the orchestration tools that they describe on the right.

None

45.

Which authorization framework gives third-party applications limited access to HTTP services?

A. IPsec

B. GRE

C. Basic Aut

D. OAuth 2.0

None

46.

How does SSO work with HSRP to minimize network disruptions?

A. It enables HSRP to elect another switch in the group as the active HSRP switch.

B. It ensures fast failover in the case of link failure.

C. It enables data forwarding along known routes following a switchover, white the routing protocol reconverges

D. It enables HSRP to failover to the standby RP on the same device.

None

47.

A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP load balancing method supports this environment?

A. host dependent

B. weighted

C. least connection

D. round robin

None

48.

In a Cisco SD-Access network architecture, which access layer cabling design is optimal for the underlay network?

A. Switches are cross-finned at the same layer and have a single connection to each upstream distribution device

B. Switches are connected to each upstream distribution and core device.

C. Switches are connected to each upstream distribution device.

D. Switches are cross-linked to devices at the same layer and at the upstream and downstream devices.

None

49.

A company recently decided to use RESTCONF instead of NETCONF. and many of their NETCONF scripts contain the operation (operation-create). Which RESTCONF operation must be used to replace these statements?

A. CREATE

B. POST

C. GET

D. PUT

None

50.

Which JSON syntax is derived from this data?

Person#1:First Name is JohnnyLast Name is TableHobbies are.

Rumning
Video games

Person#2:First Name is BilyLast Name is SmithHobbies are:

Napping
Reading

{[First Name':Johnny,Las:Name':“Table,Mobies':Running.Hobies'Vdeo ganes”.[Frst Nane'Baly,Lat Name?Smn;,Hobbles'Nappreg.Hobes:Reacing

(Person:I[Frst Name:Jonny,Lat Name'Tabe:16obies:Runing:Vdeo gome].(Fr Name:BDy,Last Name:Smm:Hobies:Naping,Readng)

(Persom:FEs Name:Jotnny,Last Name'Table.Hobes:Runing.Veo games].{Fust Name'Buy,Las Name:5m;,Hobles:[Napng.ReadingTy

{[First Name':Johny,Las:Name:Tabe,Hobties:[Ruming.Video games].(Finst Name:Bily,Las Name:Smir,Hobies:Naping,Reading)

None

51.

A customer reports occasional brief audio dropouts on its Cisco Wi-Fi phones. The environment consists of a Cisco Catalyst 9800 Series WLC with Catalyst 9120 APs running RRM. The phones connect on the 5-GHz band. Which action resolves this issue?

A. Enable Media Stream Multicast-direct.

B. Disable Coverage Hole Detection.

C. Set WMM Policy to Required.

D. Enable Defer Priority 6.

None

52.

The key value pairs must be extracted by iterating through a list of tuples. Which statement completes the snippet and prints each key value pair as a tuple?

A. for device, value In device_ip.items(): print(device)

B. for device in device_ip.items(): print(device)

C. for device in device_ip.values(): print(device)

D. for device in deviceip: print(device)

None

53.

What is determined from the output?

A. 10.0.0.100 is managed by Cisco Catalyst Center (formerly DNA Center).

B. The URL for the second query is syntactically incorrect.

C. The authentication for the second query fails.

D. 10.0.0.200 is known to DNA Center, but its ID is an empty string.

None

54.

What is a TLOC in a Cisco Catalyst SD-WAN deployment?

A. component set by the administrator to differentiate similar nodes that offer a common service

B. value that identifies a specific tunnel within the Cisco Catalyst SD-WAN overlay

C. identifier that represents a specific service offered by nodes within the Cisco Catalyst SD-WAN overlay

D. attribute that acts as a next hop for network prefixes

None

55.

In a high-density AP environment, which feature can be used to reduce the RF cell size and not demodulate radio packets above a given threshold?

A. RX-SOP

B. FRA

C. 80211k

D. RRM

None

56.

Which controller is the single plane of management for Cisco SD-WAN?

A. vBond

B. vEdge

C. vSmart

D. vManage

None

57.

Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?

A. economy of mechanism

B. fail-safe defaults

C. complete mediation

D. least privilege

None

58.

An engineer is installing a new pair of routers in a redundant configuration. Which protocol ensures that traffic is not disrupted in the event of a hardware failure?

A. HSRPv1

B. GLBP

C. VRRP

D. HSRPv2

None

59.

Which two components are needed when a Cisco SD-Access fabric is designed? (Choose two.)

A. Cisco Catalyst Center (formerly DNA Center) application

B. Firepower Threat Defense

C. Identity Service Engine

D. Cisco Data Center Network Manager

E. Cisco Prime Infrastructure

60.

A client requests a new SSID that will use web-based authentication and external RADIUS servers. Which Layer 2 security mode must be selected?

A. Static WEP

B. WPA2 + WPA3

C. None

D. WPA + WPA2

None

61.

Authentication for users must first use RADIUS, and fall back to the local database on the router if the RADIUS server is unavailable Which two configuration sets are needed to achieve this result? (Choose two.)

A.aaa authentication login group2 group radius none

B.line vty 04login authentication group2

C.aaa authentication login group2 group radius enable

D.aaa authentication login group2 group radius local

E.line con 0login authentication group2

62.

Which mechanism is used to protect the confidentiality of sensitive information exchanged over REST APIs?

A. TLS

B. 802.1X

C. SSH

D. IPsec

None

63.

Drag and drop the code snippets from the bottom onto the blanks in the Python script to print the device model to the screen and write JSON data to a file. Not all options are used

None

64.

Drag and drop the automation characteristics from the left onto the appropriate tools on the right. Not all options are used.

None

65.

Which device makes the decision for a wireless client to roam?

A. wireless client

B. Wireless LAN controller

C. access poin

D. WCS location server

None

66.

Which DNS record type is needed to allow a Cisco AP to discover a WLC when using IPv4?

A. CNAME record

B. A record

C. NS record

D. SOA record

None

67.

Which method ensures the confidentiality of data exchanged over a REST API?

A. Use TLS to secure the underlying HTTP session.

B. Use me POST method Instead or URL-encoded GET to pass parameters.

C. Deploy digest-based authentication to protect the access to the API.

D. Encode sensitive data using Base64 encoding.

None

68.

An engineer must configure a Cisco WLC with WPA2 Enterprise mode and avoid global server lists. Which action is required?

A. Enable EAP parameters.

B. Apply CISCO ISE default settings.

C. Disable the RADIUS server accounting interim update.

D. Select a RADIUS authentication server.

None

69.

At which plane does vBond operate in Cisco SD-WAN solutions?

A. control plane

B. data plane

C. orchestration plane

D. management plane

None

70.

Which feature works with SSO to continue forwarding packets after a route processor failure until the control plane recovers?

A. ECMP

B. HSRP

C. RSVP

D. NSF

None

71.

To support new clients in the environment, an engineer must enable Fast Transition on the corporate WLAN. Which command must be applied on a Cisco Catalyst 9800 Series WLC?

A. security ft adaptive

B. security wpa akm dotlx

C. security wpa akm psk

D. security wpa akm ft psk

None

72.

Why is a Type 1 hypervisor more efficient than a Type 2 hypervisor?

A. Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques.

B. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS.

C. Type 1 hypervisor enables other operating systems to run on it.

D. Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources.

None

73.

What are two benefits of using Cisco TrustSec? (Choose two.)

A. unknown file analysis using sandboxing

B. advanced endpoint protection against malware

C. end-to-end traffic encryption

D. simplified management of network access

E. consistent network segmentation

74.

Which security feature does stateless authentication and authorization use for REST API calls?

A. OAuth 2 tokens

B. cookie-based session authentication

C. API keys

D. SSL/TLS certificate encryption

None

75.

Drag and drop the command snippets from the right onto the boxes to create an EEM applet that will enable interface LoopbackO when the logging message 'Interface Loopback0. changed state to administratively down" is received. Not all commands are used and some commands are used more than once.

None

76.

Which method is used by an AP to join HA controllers and is configured in NVRAM?

A. Primary/Secondary- Tertiary/Backup

B. stored WLC information

C. DNS

D. IP Helper Addresses

None

77.

What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.)

A. Summarize routes from the aggregation layer toward the core layer.

B. Summarize from the access layer toward the aggregation layer.

C. Configure passive-interface on nontransit links.

D. Implement security features at the core.

E. Tune Cisco Express Forwarding load balancing hash for ECMP routing.

78.

Which two southbound interfaces originate from Cisco Catalyst Center (formerly DNA Center) and terminate at fabric underlay switches'? (Choose two.)

A. ICMP Discovery

B. UDP67 DHCP

C. TCP 23 Telnet

D. UDP6007 NetFlow

E. UDP 162 SNMP

79.

Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two.)

A. custom headers

B. authentication

C. authorizatio

D. request management

E. accounting

80.

Why would an architect use an OSPF virtual link?

A. to allow a stub area to transit another stub area

B. to merge two existing Area 0s through a nonbackbone

C. to connect two networks that have overlapping private IP address space

D. to connect a nonbackbone area to Area 0 through another nonbackbone area

None

81.

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?

A. line vty 0 15absolute-timeout 600

B. line vty 0 15exec-timeout

C. line vty 01 5exec-timeout 10 0

D. line vty 0 4exec-timeout 600

None

82.

Which characteristic applies to Cisco SD-Access?

A. It uses dynamic routing the discover and provision access switches.

B. It uses VXLAN for the control plane

C. It uses VXLAN for the data plane

D. It uses dynamic routing to discover and provision border switches

None

83.

POSTMAN is showing an attempt to retrieve network device information from Cisco Catalyst Center (formerly DNA Center) API. What is the issue?

A. The token has expired

B. The URI string is incorrect

C. Authentication has failed

D. The JSON payload contains the incorrect UUID

None

84.

A company hires a network architect to design a new OTT wireless solution within a Cisco SDAccess Fabric wired network. The architect wants to register access points to the WLC to centrally switch the traffic. Which AP mode must the design include?

A. Bridge

B. Fabric

C. FlexConnect

D. local

None

85.

Which definition describes JWT in regard to REST API security?

A. an encrypted JSON token that is used for authentication

B. an encrypted JSON token that is used for authorization

C. an encoded JSON token that is used to securely exchange information

D. an encoded JSON token that is used for authentication

None

86.

Which feature is offered by the Cisco Advanced Malware Protection for Endpoints solution?

A. DNS Protection

B. NetFlow

C. Trustsec

D. File Sandboxing

None

87.

Which two namespaces does the LISP network architecture and protocol use? (Choose two.)

A. TLOC

B. RLOC

C. DNS

D. VTEP

E. EID

88.

An engineer must configure a new 6 Ghz only SSID on a cisco catalyst 9800 series WLC, with these requirements:

Provide 802.11ax data rates for supported devices

All users authenticate using a certificate

Which wireless layer 2 security mode meets the requirements?

A. WPA2 Enterprise

B. WPA3 Personal

C. WPA2 Personal

D. WPA3 Enterprise

None

89.

How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?

A. Add a timestamp to the request in the API header.

B. Use a password hash.

C. Add OAuth to the request in the API header.

D. Use HTTPS.

None

90.

An engineer is configuring RADIUS-Based Authentication with EAP. MS-CHAPv2 is configured on a client device. Which outer method protocol must be configured on the ISE to support this authentication type?

A. EAP-TLS

B. EAP-FAST

C. LDAP

D. PEAP

None

91.

A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop their connections and change IP addresses when roaming. Which action resolves this issue?

A. Enable client load balancing

B. Enable fast roaming.

C. Configure high availability.

D. Configure mobility groups.

None

92.

What is a characteristic of VXLAN?

A. It extends Layers 2 and Layer 3 overlay network over a Layer 2 underly.

B. It has a 12-byte packet header.

C. Its frame encapsulation is performed by MAC-in-UDP.

D. It uses TCP for transport

None

93.

Which function is performed by vSmart in the Cisco Catalyst SD-WAN architecture?

A. facilitation of NAT detection and traversal

B. redistribution between OMP and other routing protocols

C. distribution of IPsec keys

D. execution of localized policies

None

94.

What is two characteristic of Cisco DNA Center and vManage northbound APIs?(choose two）

A. They exchange XML-formatted content

B. They exchange JSON-kxmatted content.

C. They implement the RESTCONF protocol.

D. They implement the NETCONF protocol.

E. They exchange protobuf-formatted content.

95.

What is a characteristic of the Cisco Catalyst Center (formerly DNA Center) Template Editor feature?

A. It facilitates software upgrades to network devices from a central point.

B. It facilitates a vulnerability assessment of the network devices.

C. It uses a predefined configuration through parameterized elements or variables.

D. It provides a high-level overview of the health of every network device.

None

96.

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

A. advertisement of network prefixes and their attributes

B. configuration of control and data policies

C. gathering of underlay infrastructure data

D. delivery of crypto keys

E. segmentation and differentiation of traffic

97.

What are two device roles in Cisco SD-Access fabric? (Choose two.)

A. core switch

B. vBond controller

C. edge node

D. access switch

E. border node

98.

A system must validate access rights to all its resources and must not rely on a cached permission matrix. If the access level to a given resource is revoked but is not reflected in the permission matrix, the security is violates Which term refers to this REST security design principle?

A. economy of mechanism

B. complete mediation

C. separation of privilege

D. least common mechanism

None

99.

What does the snippet of code achieve?

with manager.connect(host=192.168.0.1,port=22,

username='admin,password='password1',hostkey_verify=True,

device_params={name'nexus'})asm:

A. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.

B. It opens a tunnel and encapsulates the login information, if the host key is correct.

C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.

D. It creates an SSH connection using the SSH key that is stored, and the password is ignored.

None

100.

What does a next-generation firewall that is deployed at the data center protect against?

A. signature-based malware

B. DMZ web server vulnerabilities

C. zero-day attacks

D. DDoS

None

101.

What is a TLOC in a Cisco SD-WAN deployment?

A. value that identifies a specific tunnel within the Cisco SD-WAN overlay

B. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay

C. attribute that acts as a next hop for network prefixes

D. component set by the administrator to differentiate similar nodes that offer a common service

None

102.

Which First Hop Redundancy Protocol should be used to meet a design requirements for more efficient default bandwidth usage across multiple devices?

A. GLBP

B. LCAP

C. HSRP

D. VRRP

None

103.

Which task Is mandatory when provisioning a device through the plug-and-play workflow in Cisco DNA Center?

A. site assignment

B. slack serial number assignment

C. golden image upgrade

D. template configuration application

None

104.

Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list?

None

1 out of 104

Name

Time is Up!