Cisco CCNP Enterprise 350-401 Questions & Answers

• Question 1151:

  A customer has recently implemented a new wireless infrastructure using WLC-5520S at a site directly next to a large commercial airport Users report that they intermittently lose Wi-Fi connectivity, and troubleshooting reveals it is due to frequent channel changes Which two actions fix this issue? (Choose two)

  A. Remove UNII-2 and Extended UNII-2 channels from the 5 Ghz channel list

  B. Restore the OCA default settings because this automatically avoids channel interference

  C. Disable DFS channels to prevent interference writ) Doppler radar

  D. Enable DFS channels because they are immune to radar interference

  E. Configure channels on the UNII-2 and the Extended UNII-2 sub-bands of the 5 Ghz band only

  Correct Answer: AC

• Question 1152:

  What is the output of this code?

  

  A. username: cisco

  B. get_credentials

  C. username

  D. cisco

  Correct Answer: D

• Question 1153:

  Refer to the exhibit.

  

  A network engineer configures a GRE tunnel and enters the show interface tunnel command. What does the output confirm about the configuration?

  A. The keepalive value is modified from the default value.

  B. Interface tracking is configured.

  C. The tunnel mode is set to the default.

  D. The physical interface MTU is 1476 bytes.

  Correct Answer: C

  Not A : configure keepalive without define value, it default is 10.

  Not B : Its refer to PHYSICAL interface MTU, what output shown is the MTU of the Tunnel transport MTU

  Not D : It seem to be tracking , but not. The output "source tracking" may lead us to believe it is.

  Actually when define the tunnel source use phyiscal interface, this tunnel source output shown.

  C is correct answer : No tunnel mode define it default is GRE/IP.

• Question 1154:

  A customer requests a network design that supports these requirements:

  1.

  FHRP redundancy

  2.

  multivendor router environment

  3.

  IPv4 and IPv6 hosts

  Which protocol does the design include?

  A. GLBP

  B. VRRP version 2

  C. VRRP version 3

  D. HSRP version 2

  Correct Answer: C

  HSRP and GLBP are Cisco propietary, so they won't work in a multivendor setup. VRRPv3 us multivendor and supports IPv4 and 6.

• Question 1155:

  Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?

  A. under all network conditions

  B. under network convergence conditions

  C. under traffic classification and marking conditions

  D. under interface saturation conditions

  Correct Answer: D

  Marking is done at the edge, QOS performs no useful functions other than marking unless there is congestion.

• Question 1156:

  Which encryption hashing algorithm does NTP use for authentication?

  A. SSL

  B. MD5

  C. AES128

  D. AES256

  Correct Answer: B

  An example of configuring NTP authentication is shown below: Router1(config)#ntp authentication-key 2 md5 certbus Router1(config)#ntp authenticate Router1(config)#ntp trusted-key 2

• Question 1157:

  An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as follows:

  Location A: -72 dBm Location B: -75 dBm Location C: -65 dBm Location D: -80 dBm

  Which two statemets does the engineer use to explain these values to the customer? (Choose two)

  A. The signl strength at location B is 10 dB better than location C

  B. Location D has the strongest RF signal strength.

  C. The signal strength at location C is too weak to support web surfing.

  D. The RF signal strength at location B is 50% weaker than location A

  E. The RF signal strength at location C is 10 times stronger than location B

  Correct Answer: DE

• Question 1158:

  "HTTP/1.1 204 No Content" is returned when the curl -i -X DELETE command is issued. Which situation has occurred?

  A. The object could not be located at the URI path.

  B. The command succeeded in deleting the object.

  C. The object was located at the URI, but it could not be deleted.

  D. The URI was invalid.

  Correct Answer: B

  The HTTP 204 No Content success status response code indicates that a request has succeeded, but that the client doesn't need to navigate away from its current page.

• Question 1159:

  Refer to the exhibit.

  

  Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers through BGP?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  With BGP, we must advertise the correct network and subnet mask in the "network" command (in this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on R2). BGP is very strict in the routing advertisements. In other words, BGP only

  advertises the network which exists exactly in the routing table. In this case, if you put the command "network x.x.0.0 mask 255.255.0.0" or "network x.0.0.0 mask 255.0.0.0" or "network x.x.x.x mask 255.255.255.255" then BGP will not

  advertise anything.

  It is easy to establish eBGP neighborship via the direct link. But let's see what are required when we want to establish eBGP neighborship via their loopback interfaces. We will need two commands:

  +

  the command "neighbor 10.1.1.1 ebgp-multihop 2" on R1 and "neighbor 10.2.2.2 ebgpmultihop 2" on R1. This command increases the TTL value to 2 so that BGP updates can reach the BGP neighbor which is two hops away.

  +

  Answer `R1 (config) #router bgp 1 R1 (config-router) #neighbor 192.168.10.2 remote-as 2 R1 (config-router) #network 10.1.1.0 mask 255.255.255.0 R2 (config) #router bgp 2 R2 (config-router) #neighbor 192.168.10.1 remote-as 1 R2 (config-router) #network 10.2.2.0 mask 255.255.255.0 Quick Wireless Summary Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight + Autonomous: self-sufficient and standalone. Used for small wireless networks. + Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical pair of CAPWAP tunnels. ?Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control messaging for setup, authentication and operations between APs and WLCs. CAPWAP is similar to LWAPP except the following differences: +CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to protect traffic between APs and controllers. LWAPP uses AES. + CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism. + CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages) An LAP operates in one of six different modes:

  +

  Local mode (default mode): measures noise floor and interference, and scans for intrusion detection (IDS) events every 180 seconds on unused channels + FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone client authentication and switch VLAN traffic locally even when it's disconnected to the WLC (Local Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to a centralized WLC (Central Switched).

  +

  Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a sensor for location-based services (LBS), rogue AP detection, and IDS + Rogue detector mode: monitor for rogue APs. It does not handle data at all. + Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues. Strictly used for troubleshooting purposes. + Bridge mode: bridge together the WLAN and the wired infrastructure together. Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps

• Question 1160:

  What does the Cisco DNA REST response Indicate?

  

  A. Cisco DNA Center has the incorrect credentials for cat3850-1

  B. Cisco DNA Center Is unable to communicate with cat9000-1

  C. Cisco DNA Center has the incorrect credentials for cat9000-1

  D. Cisco DNA Center has the Incorrect credentials for RouterASR-1

  Correct Answer: C

  "reachabilityStatus";"Authentication Failed", "hostname":"cat9000-1",