• Home
  • Blogs
  • [Oct-2021] CCNP Enterprise 350-401 Exam Practice Dumps [Q124-Q144]

[Oct-2021] CCNP Enterprise 350-401 Exam Practice Dumps [Q124-Q144]

Share

[Oct-2021] CCNP Enterprise 350-401 Exam Practice Dumps

2021 350-401 Premium Files Test pdf - Free Dumps Collection

NEW QUESTION 124
Based on the output below, which Python code shows the value of the "upTime" key?

A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 125
Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?

  • A. under interface saturation condition
  • B. under all network condition
  • C. under network convergence condition
  • D. under traffic classification and marking conditions.

Answer: A

 

NEW QUESTION 126
Refer to the exhibit. Which troubleshooting a routing issue, an engineer issues a ping from S1 to S2. When two actions from the initial value of the TTL? (Choose two.)

  • A. R2 replies with a TTL exceeded message
  • B. The packet reaches R3, and the TTL expires
  • C. R1 replies with a TTL exceeded message
  • D. R3 replies with a TTL exceeded message.
  • E. The packet reaches R1 and the TTL expires.
  • F. The packet reaches R2 and the TTL expires

Answer: B,D

 

NEW QUESTION 127
Which statement about an RSPAN session configuration is true?

  • A. A fitter mutt be configured for RSPAN Regions
  • B. Only incoming traffic can be monitored
  • C. Only one session can be configured at a time
  • D. A special VLAN type must be used as the RSPAN destination.

Answer: D

Explanation:
Explanation
The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for thatRSPAN session in all participating switches -> This VLAN can be considered a special VLAN type -> Answer'A special VLAN type must be used as the RSPAN destination' is correct.
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configura

 

NEW QUESTION 128
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two.)

  • A. Communication between vSwitch and network switch is multicast based.
  • B. vSwitch must interrupt the server CPU to process the broadcast packet.
  • C. Communication between vSwitch and network switch is broadcast based.
  • D. The Layer 2 domain can be large in virtual machine environments.
  • E. Virtual machines communicate primarily through broadcast mode.

Answer: B,D

Explanation:
Broadcast radiation refers to the processing that is required every time a broadcast is received on a host.Although IP is very efficient from a broadcast perspective when compared to traditional protocols such as Novell Internetwork Packet Exchange (IPX) Service Advertising Protocol (SAP), virtual machines and the vswitch implementation require special consideration. Because the vswitch is software based, as broadcastsare received the vswitch must interrupt the server CPU to change contexts to enable the vswitch to processthe packet. After the vswitch has determined that the packet is a broadcast, it copies the packet to all theVMNICs, which then pass the broadcast packet up the stack to process. This processing overhead can have a tangible effect on overall server performance if a single domain is hosting a large number of virtual machines.
Note: This overhead effect is not a limitation of the vswitch implementation. It is a result of the software-basednature of the vswitch embedded in the ESX hypervisor.

 

NEW QUESTION 129
Refer to the exhibit.

Which type of antenna is show on the radiation patterns?

  • A. Dipole
  • B. Yagi
  • C. Omnidirectional
  • D. Patch

Answer: A

Explanation:
A dipole antenna most commonly refers to a half-wavelength (1/2) dipole. The physical antenna (not the package that it is in) is constructed of conductive elements whose combined length is about half of a wavelength at its intended frequency of operation. This is a simple antenna that radiates its energy out toward the horizon (perpendicular to the antenna). The patterns shown are those resulting from a perfect dipole formed with two thin wires oriented vertically along the z-axis.

 

NEW QUESTION 130
Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some options may be used twice.

Answer:

Explanation:

Explanation
Graphical user interface, text, application, email Description automatically generated

 

NEW QUESTION 131
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)

  • A. APs that operate in FlexConnect mode cannot detect rogue Aps.
  • B. FlexConnect mode is a wireless solution for branch office and remote office deployments.
  • C. FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.
  • D. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller.
  • E. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.

Answer: B,D

Explanation:
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office.
The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication.

 

NEW QUESTION 132
Which configuration restricts the amount of SSH that a router accepts 100 kbps?
A)

B)

C)

D)

  • A. Option D
  • B. Option C
  • C. Option A
  • D. Option B

Answer: B

 

NEW QUESTION 133
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

  • A. security group tag number assigned to each port on a network
  • B. security group tag number assigned to each user on a switch
  • C. security group tag ACL assigned to each port on a switch
  • D. security group tag ACL assigned to each router on a network

Answer: B

 

NEW QUESTION 134
Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

  • A. The packet is discarded on router B
  • B. The packet is discarded on router A
  • C. The packet arrives on router C fragmented.
  • D. The packet arrives on router C without fragmentation.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 135
An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

  • A. Use Cisco Firepower and block traffic to TOR networks.
  • B. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.
  • C. Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled.
  • D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.

Answer: C

Explanation:
Explanation
Ransomware are malicious software that locks up critical resources of the users.
Ransomware uses well-established public/private key cryptography which leaves the only way of recovering the files being the payment of the ransom, or restoring files from backups.
Cisco Advanced Malware Protection (AMP) for Endpoints Malicious Activity Protection (MAP) engine defends your endpoints by monitoring the system and identifying processes that exhibit malicious activities when they execute and stops them from running. Because the MAP engine detects threats by observing the behavior of the process at run time, it can generically determine if a system is under attack by a new variant of ransomware or malware that may have eluded other security products and detection technology, such as legacy signature-based malware detection. The first release of the MAP engine targets identification, blocking, and quarantine of ransomware attacks on the endpoint.
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/security/ampfor- endpoints/white-paper-c11-740980.pdf

 

NEW QUESTION 136
Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.

Answer:

Explanation:

Explanation:
+ accepts LISP encapsulated map requests: LISP map resolver
+ learns of EID prefix mapping entries from an ETR: LISP map server
+ receives traffic from LISP sites and sends it to non-LISP sites: LISP
proxy ETR
+ receives packets from site-facing interfaces: LISP ITR
Explanation
ITR is the function that maps the destination EID to a destination RLOC and then
encapsulates the original packet with an additional header that has the source IP address of
the ITR RLOC and the destination IP address of the RLOC of an Egress Tunnel Router (ETR).
After the encapsulation, the original packet become a LISP packet.
ETR is the function that receives LISP encapsulated packets, decapsulates them and
forwards to its local EIDs. This function also requires EID-to-RLOC mappings so we need to
point out an "map-server" IP address and the key (password) for authentication.
A LISP proxy ETR (PETR) implements ETR functions on behalf of non-LISP sites. A PETR is
typically used when a LISP site needs to send traffic to non-LISP sites but the LISP site is
connected through a service provider that does not accept no routable EIDs as packet
sources. PETRs act just like ETRs but for EIDs that send traffic to destinations at non-LISP
sites.
Map Server (MS) processes the registration of authentication keys and EID-to-RLOC
mappings. ETRs sends periodic Map-Register messages to all its configured Map Servers.
Map Resolver (MR): a LISP component which accepts LISP Encapsulated Map Requests,
typically from an ITR, quickly determines whether or not the destination IP address is part
of the EID namespace

 

NEW QUESTION 137
An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as follows:

Which two statements does the engineer use to explain these values to the customer? (Choose two)

  • A. The signal strength at location B is 10 dB better than location C
  • B. The RF signal strength at location B is 50% weaker than location A
  • C. The signal strength at location C is too weak to support web surfing
  • D. The RF signal strength at location C is 10 times stronger than location B
  • E. Location D has the strongest RF signal strength

Answer: C,D

Explanation:
Reference:
Understanding Signal Strength
The most accurate way to express it is with milliwatts (mW), but you end up with tons of decimal places due to WiFi's super-low transmit power, making it difficult to read. For example, -40 dBm is 0.0001 mW, and the zeros just get more intense the more the signal strength drops.
Ultimately, the easiest and most consistent way to express signal strength is with dBm, which stands for decibels relative to a milliwatt.
You can convert between mW and dBm using the following formulas:
P(dBm) = 10 * log10(P(mW))
For example, a power of 2.5 mW in dBm is:
dBm = 10log2.5 = 3.979
dBm is that we're working in negatives. -30 is a higher (stronger) signal than -80.
Signal Strength
Rating
Required for
-30 dBm
Amazing
Max achievable signal strength. The client can only be a few feet from the AP to achieve this. Not typical or desirable in the real world.
N/A
-67 dBm
Very Good
Minimum signal strength for applications that require very reliable, timely delivery of data packets.
VoIP/VoWiFi, streaming video
-70 dBm
Okay
Minimum signal strength for reliable packet delivery.
Email, web
-80 dBm
Not Good
Minimum signal strength for basic connectivity. Packet delivery may be unreliable.
N/A
-90 dBm
Unusable
Approaching or drowning in the noise floor. Any functionality is highly unlikely.
N/A
3 dB of gain = +3 dB = doubles signal strength (Let's say, the base is P. So 10*log10(P/P)= 0 dB and 10*log10(2P/P) = 10*log10(2) = 3dB -> double signal)
3 dB of loss = -3 dB = halves signal strength strength (10*log(1/2) = -3.0103)
10 dB of loss = -10 dB = 10 times less signal strength (0.1 mW = -10 dBm, 0.01 mW = -20 dBm, etc.)
10 dB of gain = +10 dB = 10 times more signal strength (0.00001 mW = -50 dBm, 0.0001 mW = -40 dBm, etc.)
Simple rule of thumb:
When working with power, 3 dB means double (twice) the factor and 10 dB means 10-fold.

 

NEW QUESTION 138
What does the LAP send when multiple WLCs respond to the
CISCO_CAPWAP-CONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

  • A. broadcast discover request
  • B. Unicast discovery request to the first WLS that resolves the domain name
  • C. unicast discovery request to each WLC
  • D. join request to all the WLCs

Answer: C

Explanation:
Explanation
The AP will attempt to resolve the DNS name CISCO-CAPWAP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Message to the resolved IP address(es). Each WLC that receives the CAPWAP Discovery Request Message replies with a unicast CAPWAP Discovery Response to the AP.
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/107606-dns-wlc-confi

 

NEW QUESTION 139
In an SD-Access solution what is the role of a fabric edge node?

  • A. to connect wired endpoint to the SD-Access fabric
  • B. to connect the fusion router to the SD-Access fabric
  • C. to advertise fabric IP address space to external network
  • D. to connect external Layer 3- network to the SD-Access fabric

Answer: A

Explanation:
Explanation
+ Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.

 

NEW QUESTION 140

Refer to the exhibit. R1 is able to ping the R3 fa0/1 interface. Why do the extended pings fail?

  • A. R3 is missing a return route to 10.99.69.0/30
  • B. The DF bit has been set
  • C. R2 and R3 do not have an OSPF adjacency
  • D. The maximum packet size accepted by the command is 1476 bytes.

Answer: B

Explanation:
Explanation
If the DF bit is set, routers cannot fragment packets. From the output below, we learn that the maximum MTU of R2 is 1492 bytes while we sent ping with 1500 bytes. Therefore these ICMP packets were dropped.
Note: Record option displays the address(es) of the hops (up to nine) the packet goes through.

 

NEW QUESTION 141
Which router is elected the IGMP Querier when more than one router is in the same LAN segment?

  • A. The router with the lowest IP address
  • B. The router with the longest uptime
  • C. The router with the shortest uptime
  • D. The router with the highest IP address

Answer: A

 

NEW QUESTION 142
What is the correct EBGP path attribute list, ordered from most preferred to the least preferred, that the BGP best-path algorithm uses?

  • A. weight, AS path, local preference, MED
  • B. local preference, weight, AS path, MED
  • C. weight, local preference, AS path, MED
  • D. local preference, weight MED, AS path

Answer: C

Explanation:
Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID

 

NEW QUESTION 143
Drag and drop the threat defense solutions from the left onto their descriptions on the right.

Answer:

Explanation:

 

NEW QUESTION 144
......

Get ready to pass the 350-401 Exam right now using our CCNP Enterprise  Exam Package: https://www.pass4leader.com/Cisco/350-401-exam.html

A fully updated 2021 350-401 Exam Dumps exam guide from training expert Pass4Leader: https://drive.google.com/open?id=1bqzDgUkWHDurCVrWTJp24oFdOyFW81e8

Related Blogs

more
Go To 350-401 Questions