[Q100-Q123] Try 100% Updated 350-401 Exam Questions [2024]

Share

Try 100% Updated 350-401 Exam Questions [2024]

Pass 350-401 Exam - Real Questions and Answers


Security (20%)

  • Configuring and verifying the security features of infrastructure;
  • Configuring and verifying the features of wireless security.
  • Defining the components of the design of network security;
  • Describing REST API security;
  • Configuring and verifying password protection & lines as well as authorization & authentication using AAA;

Cisco 350-401 (Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)) Exam is an essential certification exam for IT professionals who want to advance their careers in the networking field. It covers a wide range of topics, including network architecture, automation, security, routing, switching, and wireless technologies. Passing 350-401 exam demonstrates a high level of proficiency in enterprise network technologies and opens up many career opportunities for IT professionals.

 

NEW QUESTION # 100
Refer to the exhibit.

Which action resolves the EtherChannel issue between SW2 and SW3?

  • A. Configure switchport mode trunk on SW2.
  • B. Configure channel-group 1 mode desirable on both interfaces.
  • C. Configure switchport nonegotiate on SW3
  • D. Configure channel-group 1 mode active on both interfaces.

Answer: D


NEW QUESTION # 101

Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?
A)

B)

C)

D)

  • A. Option C
  • B. Option B
  • C. Option A
  • D. Option D

Answer: A


NEW QUESTION # 102
Which method of account authentication does OAuth 2.0 within REST APIs?

  • A. access tokens
  • B. basic signature workflow
  • C. cookie authentication
  • D. username/role combination

Answer: A

Explanation:
The most common implementations of OAuth (OAuth 2.0) use one or both of these tokens:
+ access token: sent like an API key, it allows the application to access a user's data; optionally, access tokens can expire.
+ refresh token: optionally part of an OAuth flow, refresh tokens retrieve a new access token if they have expired. OAuth2 combines Authentication and Authorization to allow more sophisticated scope and validity control.


NEW QUESTION # 103
A network administrator applies the following configuration to an IOS device.

What is the process of password checks when a login attempt is made to the device?

  • A. A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADUIS server is checked.
  • B. A TACACS+server is checked first. If that check fail, a database is checked?
  • C. A local database is checked first. If that check fails, a TACACS+server is checked.
  • D. A TACACS+server is checked first. If that check fail, a RADIUS server is checked. If that check fail. a local database is checked.

Answer: C


NEW QUESTION # 104
Refer to the exhibit.

Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and router2 take over the forwarding role. Which command on router1 causes it to take over the forwarding role when it return to service?

  • A. standby 2 timers
  • B. standby 2 priority
  • C. standby 2 preempt
  • D. standby 2 track

Answer: C


NEW QUESTION # 105
A customer has recently implemented a new wireless infrastructure using WLC-5520S at a site directly next to a large commercial airport Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes Which two actions fix this issue? (Choose two)

  • A. Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 Ghz band only
  • B. Disable DFS channels to prevent interference writ) Doppler radar
  • C. Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list
  • D. Restore the OCA default settings because this automatically avoids channel interference
  • E. Enable DFS channels because they are immune to radar interference

Answer: B,C

Explanation:
Explanation
In the 5GHz spectrum some of the channels used by 802.11 are subject to Dynamic Frequency Selection (DFS) requirements. This is due to our clients coexistence with other RF technologies such as Maritime, Aviation and Weather RADAR.
Dynamic Frequency Selection (DFS) is the process of detecting radar signals that must be protected against interference from 5.0 GHz (802.11a/h) radios, and upon detection switching the operating frequency of the 5.0 GHz (802.11a/h) radio to one that is not interfering with the radar systems.
Reference: https://www.cisco.com/en/US/docs/routers/access/wireless/software/guide/RadioChannelDFS.pdf Although DFS helps reduce interference with radar systems but "DFS channels" refer to the 5GHz channels that require DFS check. In other words, DFS channels are channels that may interfere with radar signal.
Therefore we should disable these DFS channels -> Answer C is correct.
UNII-2 (5.250-5.350 GHz and 5.470-5.725 GHz) which contains channels 52, 56, 60, 64, 100, 104, 108, 112,
116, 120, 124, 128, 132, 136, and 140 are permitted in the United States, but shared with radar systems.
Therefore, APs operating on UNII-2 channels are required to use Dynamic Frequency Selection (DFS) to avoid interfering with radar signals. If an AP detects a radar signal, it must immediately stop using that channel and randomly pick a new channel.
Reference:
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Channel_Planning_Best_Practices


NEW QUESTION # 106
An engineer uses the Design workflow to create a new network infrastructure in Cisco DNA Center. How is the physical network device hierarchy structured?

  • A. by organization
  • B. by hostname naming convention
  • C. by location
  • D. by role

Answer: C

Explanation:


NEW QUESTION # 107
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

Explanation:


NEW QUESTION # 108
A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is logged to the console of router R1:

Which two configuration allow peering session to from between R1 and R2? Choose two.)

  • A. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco
  • B. R1(config-router)#neighbor 10.10.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco
  • C. R2(config-router)#neighbor 10.10.10.1 peer-group CORP R2(config-router)#neighbor PEER password Cisco
  • D. R1(config-router)#neighbor 10.120.10.1 peer-group CORP R1(config-router)#neighbor CORP password Cisco
  • E. R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Answer: B,E


NEW QUESTION # 109
What are two variants of NTPv4? (Choose two.)

  • A. unicast
  • B. asymmetric
  • C. multicast
  • D. client/server
  • E. broadcast

Answer: D,E


NEW QUESTION # 110
A local router shows an EBGP neighbor in the Active state. Which statement is true about the local router?

  • A. The local router is receiving prefixes from the neighboring router and adding them in RIB-IN
  • B. The local router is attempting to open a TCP session with the neighboring router.
  • C. The local router has BGP passive mode configured for the neighboring router
  • D. The local router has active prefixes in the forwarding table from the neighboring router

Answer: B


NEW QUESTION # 111
Refer to the exhibit.

After running the code in the exhibit. Which step reduces the amount of data that NETCONF server returns to the NETCONF client, to only the interface's configuration?

  • A. Use the txml library to parse the data returned by the NETCONF server for the interface's configuration
  • B. Use the JSON library to parse the data returned by the NETCONF server for the interface's configuration
  • C. Create an XML filter as a string and pass it to get_config() method as an argument
  • D. Create a JSON filter as a string and pass it to the get_config() method as an argument

Answer: B


NEW QUESTION # 112
Question: 3
Which action is the vSmart controller responsible for in an SD-WAN deployment?

  • A. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
  • B. gather telemetry data from vEdge routers
  • C. distribute security information for tunnel establishment between vEdge routers
  • D. onboard vEdge nodes into the SD-WAN fabric

Answer: C

Explanation:
+ Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay (-> Therefore answer "onboard vEdge nodes into the SD-WAN fabric" mentioned about vBond). The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.
+ Management plane (vManage) is responsible for central configuration and monitoring. The vManage controller is the centralized network management system that provides a single pane of glass GUI interface to easily deploy, configure, monitor and troubleshoot all Cisco SD-WAN components in the network. (-> Answer "manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric" and answer "gather telemetry data from vEdge routers" are about vManage)
+ Control plane (vSmart) builds and maintains the network topology and make decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies and distributes data plane policies to network devices for enforcement (-> Answer "distribute security information for tunnel establishment between vEdge routers" is about vSmart)


NEW QUESTION # 113
Refer to the exhibit.

The EtherChannel between SW2 and SW3 is not operational which action resolves this issue?

  • A. Configure the channel-group mode on SW2 Gi0/1 and Gi0/1 to on.
  • B. Configure the channel-group mode on SW3 Gi0/1 to active
  • C. Configure the mode on SW2 Gi0/0 to trunk
  • D. Configure the mode on SW2 Gi0/1 to access.

Answer: C


NEW QUESTION # 114
Which statement about Cisco EAP-FAST is true?

  • A. It requires a client certificate.
  • B. It operates in transparent mode.
  • C. It is an IETF standard.
  • D. It does not require a RADIUS server certificate.

Answer: B

Explanation:
Explanation
The Cisco switch was configured with PAgP, which is a Cisco proprietary protocol so non-Cisco switch could not communicate.


NEW QUESTION # 115
An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right.

Answer:

Explanation:


NEW QUESTION # 116
Refer to the exhibit.

Which command must be applied to R2 for an OSPF neighborship to form?

  • A. network 20.1.1.2.0.0.0.0 area 0
  • B. network 20.1.1.2.0.0.255.255 area 0
  • C. network 20.1.1.2 255.255.0.0. area 0
  • D. network 20.1.1.2 255.255.255 area 0

Answer: A

Explanation:
The -network 20.0.0.0 0.0.0.255 area 0 || command on R2 did not cover the IP address of Fa1/1 interface of R2 so OSPF did not run on this interface. Therefore we have to use the command -network 20.1.1.2 0.0.255.255 area 0 || to turn on OSPF on this interface.
Note: The command -network 20.1.1.2 0.0.255.255 area 0 || can be used too so this answer is also correct but answer C is the best answer here.
The -network 0.0.0.0 255.255.255.255 area 0 || command on R1 will run OSPF on all active


NEW QUESTION # 117
What mechanism does PIM use to forward multicast traffic?

  • A. PIM sparse mode uses receivers to register with the RP.
  • B. PIM sparse mode uses a flood and prune model to deliver multicast traffic.
  • C. PIM dense mode uses a pull model to deliver multicast traffic.
  • D. PIM sparse mode uses a pull model to deliver multicast traffic.

Answer: D

Explanation:
PIM dense mode (PIM-DM) uses a push model to flood multicast traffic to every corner of the network. This push model is a brute-force method of delivering data to the receivers. This method would be efficient in certain deployments in which there are active receivers on every subnet in the network. PIM-DM initially floods multicast traffic throughout the network. Routers that have no downstream neighbors prune the unwanted traffic. This process repeats every 3 minutes.
PIM Sparse Mode (PIM-SM) uses a pull model to deliver multicast traffic. Only network segments with active receivers that have explicitly requested the data receive the traffic. PIM-SM distributes information about active sources by forwarding data packets on the shared tree. Because PIM-SM uses shared trees (at least initially), it requires the use of an RP. The RP must be administratively configured in the network.
Answer C seems to be correct but it is not, PIM spare mode uses sources (not receivers) to register with the RP. Sources register with the RP, and then data is forwarded down the shared tree to the receivers.


NEW QUESTION # 118
Drag and drop the threat defense solutions from the left onto their descriptions on the right.

Answer:

Explanation:


NEW QUESTION # 119
A local router shows an EBGP neighbor in the Active state. Which statement is true about the local router?

  • A. The local router is receiving prefixes from the neighboring router and adding them in RIB-IN
  • B. The local router has active prefix in the forwarding table from the neighboring router
  • C. The local router is attempting to open a TCP session with the neighboring router.
  • D. The local router has BGP passive mode configured for the neighboring router

Answer: C

Explanation:
The BGP session may report in the following states
1 - Idle: the initial state of a BGP connection. In this state, the BGP speaker is waiting for a BGP start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state.
2 - Connect: In this state, BGP is waiting for the TCP connection to be formed. If the TCP connection completes, BGP will move to the OpenSent stage; if the connection cannot complete, BGP goes to Active
3 - Active: In the Active state, the BGP speaker is attempting to initiate a TCP session with the BGP speaker it wants to peer with. If this can be done, the BGP state goes to OpenSent state.
4 - OpenSent: the BGP speaker is waiting to receive an OPEN message from the remote BGP speaker
5 - OpenConfirm: Once the BGP speaker receives the OPEN message and no error is detected, the BGP speaker sends a KEEPALIVE message to the remote BGP speaker
6 - Established: All of the neighbor negotiations are complete. You will see a number, which tells us the number of prefixes the router has received from a neighbor or peer group.


NEW QUESTION # 120
Which three statements about EVCs are true? (Choose three.)

  • A. PAGP is supported on EVC ports.
  • B. Spanning Tree must use RSTP mode on EVC ports.
  • C. Spanning Tree must use MST mode on EVC ports.
  • D. Bridge domain routing is required.
  • E. Layer 2 multicast framing is supported.
  • F. LACP is supported on EVC ports.

Answer: A,C,F

Explanation:
Explanation/Reference:


NEW QUESTION # 121
An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use?

  • A. action 1 syslog pattern "OSPF ROUTING ERROR"
  • B. action 1 syslog send "OSPF ROUTING ERROR"
  • C. action 1syslog write "OSPF ROUTING ERROR"
  • D. action 1 syslog msg "OSPF ROUTING ERROR"

Answer: D


NEW QUESTION # 122
Refer to me exhibit.

Refer to the exhibit. An engineer must create a script that appends the output of the show process cpu sorted command to a file.

  • A. action 4.0 ens-event "show process cpu sorted | append flash:high-cpu-file"
  • B. action 4.0 cli command "show process cpu sorted | append flash:high-cpu-file"
  • C. action 4.0 syslog command "show process cpu sorted | append flash:high-cpu-file"
  • D. action 4.0 publish-event "show process cpu sorted | append flash:high-cpu-file"

Answer: B


NEW QUESTION # 123
......


Cisco 350-401 exam is a challenging test that requires a deep understanding of network technologies and protocols. IT professionals who pass 350-401 exam demonstrate their ability to design, implement, and manage complex enterprise network solutions, making them valuable assets to their organizations. Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) certification obtained from passing 350-401 exam is recognized worldwide and can open up many career opportunities for IT professionals in the networking field.

 

350-401 Exam Questions Get Updated [2024] with Correct Answers: https://www.exams4collection.com/350-401-latest-braindumps.html

Free Cisco 350-401 Test Practice Test Questions Exam Dumps: https://drive.google.com/open?id=1scC53XNTd_Jv8PS0GibIym0wQKCflh3H