Pinpoint Cisco 350-401 Actual Exam Online

NEW QUESTION 1


Refer to the exhibit. Which command allows hosts that are connected to FastEthernet0/2 to access the Internet?

• A. ip nat inside source list 10 interface FastEthernet0/1 overload
• B. ip nat inside source list 10 interface FastEthernet0/2 overload
• C. ip nat outside source list 10 interface FastEthernet0/2 overload
• D. ip nat outside source static 209.165.200.225 10.10.10.0 overload

Answer: A

NEW QUESTION 2

Why would an architect use an OSPF virtual link?

• A. to allow a stub area to transit another stub area
• B. to connect two networks that have overlapping private IP address space
• C. to merge two existing Area Os through a nonbackbone
• D. to connect a nonbackbone area to Area 0 through another nonbackbone area

Answer: D

Explanation:
A virtual link is a logical connection between two OSPF routers that belong to different areas but share a common border with a transit area. A virtual link allows an OSPF router to participate in the backbone area (Area 0) even if it is not physically connected to it. This way, the OSPF network can maintain connectivity and routing consistency across all areas. A virtual link is configured between the OSPF router IDs of the two routers that need to be connected to the backbone area123.
Option A is incorrect because a stub area is an area that does not receive external routes from other autonomous systems or other OSPF areas. A stub area can only transit traffic to and from the backbone area, and it cannot be used as a transit area for a virtual link12. Option B is incorrect because a virtual link does not change the IP address space of the networks that it connects. A virtual link is transparent to the IP layer and only affects the OSPF routing protocol. To connect two networks that have overlapping private IP address space, other solutions such as NAT or VPN are required12.
Option C is incorrect because a virtual link cannot merge two existing Area 0s through a nonbackbone area. A virtual link can only extend an existing Area 0 through a nonbackbone area. If there are two separate Area 0s in an OSPF network, they cannot be merged by a virtual link, and the network is considered to be partitioned. A partitioned network can cause routing loops and inconsistencies, and it should be
avoided12. References: 1: Configure OSPF Connection in a Virtual Link
Environment, 2: How to configure OSPF Virtual Link, 3: Understand OSPF Areas and Virtual Links

NEW QUESTION 3


Refer to the exhibit. An engineer attempts to configure a router on a stick to route packets between Clients, Servers, and Printers; however, initial tests show that this configuration is not working. Which command set resolves this issue?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: C

Explanation:
We must reconfigure the IP address after assigning or removing an interface to a VRF. Otherwise that interface does not have an IP address.

NEW QUESTION 4

A customer wants to connect a device to an autonomous Cisco AP configured as a WGB. The WGB is configured properly: however, it fails to associate to a CAPWAP- enabled AP. Which change must be applied in the advanced WLAN settings to resolve this issue?

• A. Enable Aironet IE.
• B. Enable passive client.
• C. Disable AAA override.
• D. Disable FlexConnect local switching.

Answer: A

NEW QUESTION 5

What is a characteristic of a traditional WAN?

• A. low complexity and high overall solution scale
• B. centralized reachability, security, and application policies
• C. operates over DTLS and TLS authenticated and secured tunnels
• D. united data plane and control plane

Answer: D

NEW QUESTION 6

Which mobility role is assigned to a client in the client table of the new controller after a Layer 3 roam?

• A. anchor
• B. foreign
• C. mobility
• D. transparent

Answer: D

NEW QUESTION 7

What is a benefit of a virtual machine when compared with a physical server?

• A. Multiple virtual servers can be deployed on the same physical server without having to buy additional hardware.
• B. Virtual machines increase server processing performance.
• C. The CPU and RAM resources on a virtual machine cannot be affected by other virtual machines.
• D. Deploying a virtual machine is technically less complex than deploying a physical server.

Answer: A

NEW QUESTION 8

What is one characteristic of Cisco DNA Center and vManage northbound APIs?

• A. They push configuration changes down to devices.
• B. They implement the RESTCONF protocol.
• C. They exchange XML-formatted content.
• D. They implement the NETCONF protocol.

Answer: B

NEW QUESTION 9

Refer to the exhibit.

An engineer must deny Telnet traffic from the loopback interface of router R3 to the Loopback interface of router R2 during, the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times Which command set accomplishes this task?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

Explanation:
We cannot filter traffic that is originated from the local router (R3 in this case) so we can only configure the ACL on R1 or R2. “Weekend hours” means from Saturday morning through Sunday night so we have to configure: “periodic weekend 00:00 to 23:59”.Note: The time is specified in 24-hour time (hh:mm), where the hours range from 0 to 23 and the minutes range from 0 to 59.

NEW QUESTION 10

How are map-register messages sent in a LISP deployment?

• A. egress tunnel routers to map resolvers to determine the appropriate egress tunnel router
• B. ingress tunnel routers to map servers to determine the appropriate egress tunnel router
• C. egress tunnel routers to map servers to determine the appropriate egress tunnel router
• D. ingress tunnel routers to map resolvers to determine the appropnate egress tunnel router

Answer: C

Explanation:
During operation, an Egress Tunnel Router (ETR) sends periodic Map- Register messages to all its configured map servers.

NEW QUESTION 11

What is the centralized control policy in a Cisco SD-WAN deployment?

• A. list of ordered statements that define user access policies
• B. set of statements that defines how routing is performed
• C. set of rules that governs nodes authentication within the cloud
• D. list of enabled services for all nodes within the cloud

Answer: B

NEW QUESTION 12

Refer to the exhibit.

An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root cause for the failure between CORP and ISP#2?

• A. Router ISP#2 is configured to use SHA-1 authentication.
• B. There is a password mismatch between router CORP and router ISP#2.
• C. Router CORP is configured with an extended access control list.
• D. MD5 authorization is configured incorrectly on router ISP#2.

Answer: B

NEW QUESTION 13

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

• A. security group tag ACL assigned to each port on a switch
• B. security group tag number assigned to each port on a network
• C. security group tag number assigned to each user on a switch
• D. security group tag ACL assigned to each router on a network

Answer: B

Explanation:
Cisco TrustSec uses tags to represent logical group privilege. This tag, called a Security Group Tag (SGT), is used in access policies. The SGT is understood and is used to enforce traffic by Cisco
switches, routers and firewalls . Cisco TrustSec is defined in three phases: classification, propagation and enforcement.
When users and devices connect to a network, the network assigns a specific security group. This
process is called classification. Classification can be based on the results of the authentication
or by associating the SGT with an IP, VLAN, or port-profile (-> Answer 'security group tag ACL assigned to each port on a switch' and answer 'security group tag number assigned to each
user on a switch' are not correct as they say “assigned … on a switch” only. Answer 'security group
tag ACL assigned to each router on a network' is not correct either as it says “assigned to each
router”).

NEW QUESTION 14

What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution?

• A. real-time threat management to stop DDoS attacks to the core and access networks
• B. real-time awareness of users, devices and traffic on the network
• C. malware control
• D. dynamic threat control for web traffic

Answer: B

Explanation:
"Cisco Stealthwatch collects and analyzes massive amounts of data to give even the largest, most dynamic networks comprehensive internal visibility and protection. It helps security operations teams gain real-time situational awareness of all users, devices, and traffic on the extended network so they can quickly and effectively respond to threats"
Page 1
https://media.zones.com/images/pdf/cisco-stealthwatch-solution-overview.pdf

NEW QUESTION 15

Refer to the exhibit.

Which action must be taken to configure a WLAN for WPA2-AES with PSK and allow only 802.l1r-capable clients to connect?

• A. Change Fast Transition to Adaptive Enabled and enable FT * PSK
• B. Enable Fast Transition and FT + PSK.
• C. Enable Fast Transition and PSK
• D. Enable PSK and FT + PSK.

Answer: A

Explanation:
This is because Fast Transition (FT) is a feature that allows 802.11r-capable clients to roam faster between access points by reducing the authentication and key exchange time. FT can be configured in two modes: adaptive and over-the-DS. Adaptive mode is recommended for mixed environments where both 802.11r-capable and non- capable clients are present, as it allows the access point to negotiate the FT mode with the client. Over-the-DS mode is only suitable for environments where all clients are 802.11r- capable, as it requires the access point to communicate with the previous access point over the distribution system. FT + PSK is a security option that enables FT with pre-shared key (PSK) authentication, which is a simple and common method of securing wireless networks. WPA2-AES is an encryption standard that provides strong security and privacy for wireless networks. The source of this answer is the Cisco ENCOR v1.1 course, module 7, lesson 7.2: Implementing WPA2 and WPA3.

NEW QUESTION 16
......