CCNP ENARSI - Part 4

Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets?. A. Decrease the committed burst size of the mgmt class map. B. Increase the CIR of the mgmt class map. C. Add one new entry in the ACL 120 to permit the UDP port 161. D. Add a new class map to match TCP traffic.

Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used. Select and Place: no password. ocsic. no username. LetMeIn. cisco. LetMeIn.

Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time. Which action resolves the issue?. A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list. B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list. C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list. D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.

Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface. Which action resolves the issue?. A. Modify line 10 of the access list to permit instead of deny. B. Remove line 60 from the access list. C. Modify line 30 of the access list to permit instead of deny. D. Remove line 70 from the access list.

Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SSH. Which action should be taken to resolve this issue?. A. Modify the access list to use the correct IP address. B. Configure the correct time range. C. Modify the access list to correct the subnet mask. D. Configure the access list in the outbound direction.

A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123 Which command will resolve this problem when WAN connectivity is down?. A. aaa authentication login console group tacacs+ enable. B. aaa authentication login default group tacacs+ local. C. aaa authentication login default group tacacs+ enable. D. aaa authentication login default group tacacs+ console.

An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend. Which configuration resolves the issue?. A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor. B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30. C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30. D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor.

What are two characteristics of IPv6 Source Guard? (Choose two.). A. requires the user to configure a static binding. B. used in service provider deployments to protect DDoS attacks. C. requires that validate prefix be enabled. D. requires IPv6 snooping on Layer 2 access or trunk ports. E. recovers missing binding table entries.

DRAG DROP - Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right. Select and Place: host. router. monitor. switch.

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23 ! class-map CoPP-TELNET match access-group 101 ! policy-map PM-CoPP class CoPP-TELNET police 100000 conform transmit exceed drop ! control-plane service-policy input PM-CoPP The network administrator is not getting the desired results. Which set of configurations resolves this issue?. A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any. B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP. C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP. D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP.

Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected. Which command set is used to troubleshoot and resolve this issue?. A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec. B. line con 0 aaa authorization console ! line vty 0 4 authorization exec. C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh. D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh.

Refer to the exhibit. An engineer is troubleshooting a TACACS problem. Which action resolves the issue?. A. Configure a matching TACACS server IP. B. Configure a matching preshared key. C. Generate authentication from a relative source interface. D. Apply a configured AAA profile to the VTY.

The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any ! class-map CM-ADMIN match access-group 100 ! policy-map PM-COPP class CM-ADMIN police 500000 conform-action transmit ! interface E0/0 service-policy input PM-COPP CoPP failed to capture the desired traffic and the CPU load is getting higher. Which two configurations resolve the issue? (Choose two.). A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP. B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP. C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80. D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443. E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit.

Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured. Which command resolves this issue?. A. access-class INTERNET in. B. ip access-group INTERNET in. C. ipv6 traffic-filter INTERNET in. D. ipv6 access-class INTERNET in.

Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success. Which configuration resolves the issue?. A. tacacs server prod address ipv4 10.221.10.10 exit. B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1. C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1. D. tacacs server prod address ipv4 10.221.10.11 exit.

An engineer is trying to copy an IOS file from one router to another router by using TFTP. Which two actions are needed to allow the file to copy? (Choose two.). A. Copy the file to the destination router with the copy tftp: flash: command. B. Enable the TFTP server on the source router with the tftp-server flash: <filename> command. C. TFTP is not supported in recent IOS versions, so an alternative method must be used. D. Configure a user on the source router with the username tftp password tftp command. E. Configure the TFTP authentication on the source router with the tftp-server authentication local command.

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?. A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool. B. Configure the DHCP lease time to a smaller value. C. Configure the DHCP lease time to a bigger value. D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool.

Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP SLA tracking output on the router console. Which command is missing from the IP SLA configuration?. A. Start-time 00:00. B. Start-time 0. C. Start-time immediately. D. Start-time now.

Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock. What is the reason for this error?. A. An authentication error with the NTP server results in an incorrect timestamp. B. The keyword localtime is not defined on the timestamp service command. C. The NTP server is in a different time zone. D. The system clock is set incorrectly to summer-time hours.

DRAG DROP - Drag and drop the DHCP messages from the left onto the correct uses on the right. Select and Place: DHCPACK. DHCPINFORM. DHCPNAK. DHCPDECLINE.