Cisco 350-501 Online Practice Questions and Exam Preparation

Cisco 350-501 Online Questions & Answers

• Question 401:

  An engineer is developing a configuration script to enable dial-out telemetry streams using gRPC on several new devices. TLS must be must the engineer apply on the network?

  A. telemetry model-drivendestination-group ciscotestaddress-family ipv4 192.168.1.0 port 57500encoding self-describing-gpbprotocol grpc tls-hostname ciscotest.comcommit
  B. telemetry model-drivendestination-group DGroup1address-family ipv4 172.0.0.0 port 5432encoding self-describing-gpbprotocol tcpcommit
  C. telemetry model-drivendestination-group ciscotestaddress-family ipv4 192.168.1.0 port 57500encoding self-describing-gpbprotocol grpc no-tlscommit
  D. telemetry model-drivendestination-group ciscotestaddress-family ipv4 192.168.1.0 port 57500encoding self-describing-gpbprotocol grpccommit
  C. telemetry model-drivendestination-group ciscotestaddress-family ipv4 192.168.1.0 port 57500encoding self-describing-gpbprotocol grpc no-tlscommit

  ---

  Explanation

• Question 402:

  How is a telemetry session established for data analytics?

  A. A router initiates a session using the dial-out mode to a destination.
  B. A router requests the data using Telnet.
  C. The destination initiates a session using the dial-out mode to the router.
  D. A destination initiates a session to a router.
  A. A router initiates a session using the dial-out mode to a destination.

  ---

  Explanation

• Question 403:

  You are configuring MPLS traffic-engineering tunnels in the core.

  Which two ways exist for the tunnel path across the core? (Choose two.)

  A. The dynamic path option is supported only with IS-IS.
  B. Tunnels can be configured with dynamic path or explicitly defined path.
  C. A zero bandwidth tunnel is not a valid option.
  D. The bandwidth statement creates a "hard" reservation on the link.
  E. Tunnel links inherit IGP metrics by default unless overridden.
  B. Tunnels can be configured with dynamic path or explicitly defined path.
  E. Tunnel links inherit IGP metrics by default unless overridden.

  ---

  Explanation

  MPLS traffic-engineering tunnels can be configured with dynamic paths or explicitly defined paths across the core network. Tunnel links inherit IGP (Interior Gateway Protocol) metrics by default unless overridden by configurations that specify explicit paths or other criteria for path selection. Dynamic path tunnels use IGP metrics and other parameters like bandwidth availability for automatic path calculation.

  References: Implementing and Operating Cisco Service Provider Network Core Technologies source documents or study guide

• Question 404:

  Refer to the exhibit.

  

  Router 1:

  interface gigabitethernet0/1 ip address 192.168.1.1 255.255.255.0

  router ospf 1 network 192.168.1.0 0.0.0.255 area 1

  Router 2:

  interface gigabitehternet0/1 ip address 192.168.1.2 255.255.255.0

  interface loopback 0 ip address 192.168.2.1 255.255.255.0

  router ospf 2 network 192.168.1.2 0.0.0.0 area 2 network 192.168.2.1 0.0.0.0 area 1

  Router 1 is missing the route for the router 2 loopback 0.

  What should the engineer change to fix the problem?

  A. the area numbers on Router 1 and Router 2 to be similar
  B. the wildcard mask network statement in OSPF of Router 2
  C. Router 1 to be an ABR
  D. the hello timers on Router 1 and Router 2 to be different
  A. the area numbers on Router 1 and Router 2 to be similar

  ---

  Explanation

  The issue with Router 1 missing the route for Router 2's loopback 0 is likely due to the routers being configured in different OSPF areas. For OSPF to properly exchange routing information, routers within the same network should be configured in the same area. Therefore, the engineer should change the area numbers on Router 1 and Router 2 to be the same, ensuring they can exchange routes, including the route for Router 2' s loopback 0.

  Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) documentation and study materials.

• Question 405:

  Refer to the exhibit.

  

  R1#debug ip tcp transactions

  *Jan 13 01:11:47.432: Reserved port 0 in Transport Port Agent for TCP

  *Jan 13 01:11:47.432: TCP: connection attempt to port 179

  *Jan 13 01:11:47.432: TCP: sending RST, seq 0, ack 213234

  *Jan 13 01:11:47.432: TCP: sent RST to 172.16.172.1:41231, from 10.121.123.1:179

  ISP_A and ISP_B use AS numbers 38321 and 16213 respectively. After a network engineer reloaded router R1, the BGP session with R2 failed to establish.

  The engineer confirmed BGP next-hop availability with a connectivity test between the router loopback addresses 10.121.123.2 and 10.121.123.1, as well as between interfaces Gi1/1 and Gi1/2. EBGP multihop has been configured on both routers.

  Which action must the engineer take to resolve the issue?

  A. Configure transport connection-mod?passive on R2.
  B. Configure neighbor 172.16.172.1 authentication on R1
  C. Configure neighbor update-source lo0 on R2
  D. Configure remote-as 16213 on R1.
  C. Configure neighbor update-source lo0 on R2

  ---

  Explanation

  After a router reload, BGP sessions may fail to re-establish due to incorrect source interface configurations for BGP sessions. Since EBGP multihop has been configured, it's essential that the BGP session uses the correct source interface for establishing the connection. By configuring the neighbor update-source command with the loopback interface on R2, the BGP session will use the stable loopback address rather than the physical interface, which can change state. This ensures that the BGP session remains stable and is not affected by interface states.

• Question 406:

  

  Refer to the exhibit. An engineer working for a service provider with an employee ID: 1234:56:789 notices that malicious traffic with a source IP in the RFC1918 range is arriving on the WAN connection to the internet and impacting customer resources on the LAN. Which ACL configuration must the engineer implement on M-CPE-1 to block the malicious traffic?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation

• Question 407:

  SIMULATION

  Guidelines

  This is a lab item in which tasks will be performed on virtual devices.

  1. Refer to the Tasks tab to view the tasks for this lab item.

  2. Refer to the Topology tab to access the device console(s) and perform the tasks.

  3. Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

  4. All necessary preconfigurations have been applied.

  5. Do not change the enable password or hostname for any device.

  6. Save your configurations to NVRAM before moving to the next item.

  7. Click Next at the bottom of the screen to submit this lab and move to the next question.

  8. When Next is clicked, the lab closes and cannot be reopened.

  Topology

  

  Tasks

  Configure the IS-IS routing protocol for R1, R2, and R3 according to the topology to achieve these goals:

  1. Configure HMAC-MD5 authentication for R1, R2, and R3 links that form the IS-IS adjacency using the ISIS commands on the interfaces using these parameters:

  key-chain name: AUTH_ISIS key ID: 2 password: C1sc0!

  2. Configure ISIS metric on R1, R2, and R3 to:

  15 for each level on all interfaces that form adjacency on router R1 20 for each level on all interfaces that form adjacency on router R2 25 for each level on all interface that form adjacency on R3

  3. Configure IS-IS route redistribution for all static routes and connected interfaces on R1, R2, and R3.

  A. See explanation below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See explanation below.

  ---

  Explanation

  R1:

  Key chain AUTH_ISIS Key 2 Key-string C1sc0!

  Router isis authentication mode md5 authentication key-chain AUTH_ISIS redistribute static redistribute connected

  Interface E0/0 isis authentication mode md5 isis metric 20 level-2

  Interface E1/0 isis authentication mode md5 isis metric 25 level-2

  R2:

  Key chain AUTH_ISIS Key 2 Key-string C1sc0!

  Router isis authentication mode md5 authentication key-chain AUTH_ISIS redistribute static redistribute connected

  Interface E0/0 isis authentication mode md5 isis metric 15 level-2

  Interface E1/0 isis authentication mode md5 isis metric 25 level-1

  R3:

  Key chain AUTH_ISIS Key 2 Key-string C1sc0!

  Router isis authentication mode md5 authentication key-chain AUTH_ISIS redistribute static redistribute connected

  Interface E0/0 isis authentication mode md5 isis metric 20 level-1

  Interface E1/0 isis authentication mode md5 isis metric 15 level-2

• Question 408:

  DRAG DROP

  Drag and drop the LDP features from the left onto the correct usages on the right.

  Select and Place:

  

  

  Explanation

  Explanation/Reference:

• Question 409:

  What do Ansible and SaltStack have in common?

  A. They both have agents running on the client machine.
  B. They both can be designed with more than one master server.
  C. They both use DSL configuration language.
  D. They both use YAML configuration language.
  D. They both use YAML configuration language.

  ---

  Explanation

  YAML's readability and straightforward syntax make it an ideal choice for expressing infrastructure as code, which is a core principle in both Ansible and SaltStack for automating and managing IT infrastructure.

  For more detailed information, please refer to the official documentation for Ansible and SaltStack, as well as the Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) course materials.

  https://www.edureka.co/blog/chef-vs-puppet-vs-ansible-vs-saltstack/

• Question 410:

  SNMPv3 provides which three security features?(Choose three)

  A. DES 56-bit encryption
  B. Encrypted user password
  C. Private community information that is exchanged out-of-band
  D. Device hostname that is authenticated via AES algorithm
  E. Message integrity
  F. Authentication that is based on MD5 or SHA algorithms
  A. DES 56-bit encryption
  E. Message integrity
  F. Authentication that is based on MD5 or SHA algorithms

  ---

  Explanation