CCNP ENARSI - Part 4

Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets?. A. Decrease the committed burst size of the mgmt class map. B. Increase the CIR of the mgmt class map. C. Add one new entry in the ACL 120 to permit the UDP port 161. D. Add a new class map to match TCP traffic.

Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used. Select and Place: no password. ocsic. no username. LetMeIn. cisco. LetMeIn.

Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time. Which action resolves the issue?. A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list. B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list. C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list. D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.

Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface. Which action resolves the issue?. A. Modify line 10 of the access list to permit instead of deny. B. Remove line 60 from the access list. C. Modify line 30 of the access list to permit instead of deny. D. Remove line 70 from the access list.

Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SSH. Which action should be taken to resolve this issue?. A. Modify the access list to use the correct IP address. B. Configure the correct time range. C. Modify the access list to correct the subnet mask. D. Configure the access list in the outbound direction.

A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123 Which command will resolve this problem when WAN connectivity is down?. A. aaa authentication login console group tacacs+ enable. B. aaa authentication login default group tacacs+ local. C. aaa authentication login default group tacacs+ enable. D. aaa authentication login default group tacacs+ console.

An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend. Which configuration resolves the issue?. A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor. B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30. C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30. D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor.

What are two characteristics of IPv6 Source Guard? (Choose two.). A. requires the user to configure a static binding. B. used in service provider deployments to protect DDoS attacks. C. requires that validate prefix be enabled. D. requires IPv6 snooping on Layer 2 access or trunk ports. E. recovers missing binding table entries.

DRAG DROP - Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right. Select and Place: host. router. monitor. switch.

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23 ! class-map CoPP-TELNET match access-group 101 ! policy-map PM-CoPP class CoPP-TELNET police 100000 conform transmit exceed drop ! control-plane service-policy input PM-CoPP The network administrator is not getting the desired results. Which set of configurations resolves this issue?. A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any. B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP. C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP. D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP.

Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected. Which command set is used to troubleshoot and resolve this issue?. A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec. B. line con 0 aaa authorization console ! line vty 0 4 authorization exec. C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh. D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh.

Refer to the exhibit. An engineer is troubleshooting a TACACS problem. Which action resolves the issue?. A. Configure a matching TACACS server IP. B. Configure a matching preshared key. C. Generate authentication from a relative source interface. D. Apply a configured AAA profile to the VTY.

The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any ! class-map CM-ADMIN match access-group 100 ! policy-map PM-COPP class CM-ADMIN police 500000 conform-action transmit ! interface E0/0 service-policy input PM-COPP CoPP failed to capture the desired traffic and the CPU load is getting higher. Which two configurations resolve the issue? (Choose two.). A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP. B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP. C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80. D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443. E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit.

Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured. Which command resolves this issue?. A. access-class INTERNET in. B. ip access-group INTERNET in. C. ipv6 traffic-filter INTERNET in. D. ipv6 access-class INTERNET in.

Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success. Which configuration resolves the issue?. A. tacacs server prod address ipv4 10.221.10.10 exit. B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1. C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1. D. tacacs server prod address ipv4 10.221.10.11 exit.

An engineer is trying to copy an IOS file from one router to another router by using TFTP. Which two actions are needed to allow the file to copy? (Choose two.). A. Copy the file to the destination router with the copy tftp: flash: command. B. Enable the TFTP server on the source router with the tftp-server flash: <filename> command. C. TFTP is not supported in recent IOS versions, so an alternative method must be used. D. Configure a user on the source router with the username tftp password tftp command. E. Configure the TFTP authentication on the source router with the tftp-server authentication local command.

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?. A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool. B. Configure the DHCP lease time to a smaller value. C. Configure the DHCP lease time to a bigger value. D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool.

Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP SLA tracking output on the router console. Which command is missing from the IP SLA configuration?. A. Start-time 00:00. B. Start-time 0. C. Start-time immediately. D. Start-time now.

Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock. What is the reason for this error?. A. An authentication error with the NTP server results in an incorrect timestamp. B. The keyword localtime is not defined on the timestamp service command. C. The NTP server is in a different time zone. D. The system clock is set incorrectly to summer-time hours.

DRAG DROP - Drag and drop the DHCP messages from the left onto the correct uses on the right. Select and Place: DHCPACK. DHCPINFORM. DHCPNAK. DHCPDECLINE.

A network engineer is investigating a flapping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output currently does not show the time of the flap. Which command allows the logging on the switch to show the time of the flap according to the clock on the device?. A. service timestamps log uptime. B. clock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00. C. service timestamps log datetime localtime show-timezone. D. clock calendar-valid.

When provisioning a device in Cisco DNA Center, the engineer sees the error message `Cannot select the device. Not compatible with template`. What is the reason for the error?. A. The template has an incorrect configuration. B. The software version of the template is different from the software version of the device. C. The changes to the template were not committed. D. The tag that was used to filter the templates does not match the device tag.

While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading?. A. The device must be resynced to Cisco DNA Center. B. The software image for the device is in install mode. C. The device has lost connectivity to Cisco DNA Center. D. The software image for the device is in bundle mode.

An engineer configured the wrong default gateway for the Cisco DNA Center enterprise interface during the install. Which command must the engineer run to correct the configuration?. A. sudo maglev-config update. B. sudo maglev install config update. C. sudo maglev reinstall. D. sudo update config install.

DRAG DROP - Drag and drop the SNMP attributes in Cisco IOS devices from the left onto the correct SNMPv2c or SNMPv3 categories on the right. Select and Place: community string. username and password. authentication. no encryption. privileged. read-only.

Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in. Which action ensures that debug messages are displayed for remote logins?. A. Enter the transport input ssh configuration command. B. Enter the terminal monitor exec command. C. Enter the logging console debugging configuration command. D. Enter the aaa new-model configuration command.

Refer to the exhibit. Network operations cannot read or write any configuration on the device with this configuration from the operations subnet. Which two configurations fix the issue? (Choose two.). A. Configure SNMP rw permission in addition to community ciscotest. B. Modify access list 1 and allow operations subnet in the access list. C. Modify access list 1 and allow SNMP in the access list. D. Configure SNMP rw permission in addition to version 1. E. Configure SNMP rw permission in addition to community ciscotest 1.

Refer to the exhibit. Why is the remote NetFlow server failing to receive the NetFlow data?. A. The flow exporter is configured but is not used. B. The flow monitor is applied in the wrong direction. C. The flow monitor is applied to the wrong interface. D. The destination of the flow exporter is not reachable.

Refer to the exhibit. An engineer has successfully set up a floating static route from the BRANCH router to the HQ network using HQ_R1 as the primary default gateway. When the g0/0 goes down on HQ_R1, the branch network cannot reach the HQ network 192.168.20.0/24. Which configuration resolves the issue?. A. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.1. B. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.2. C. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.5. D. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.1.

An engineer configured a DHCP server for Cisco IP phones to download its configuration from a TFTP server, but the IP phones failed to load the configuration. What must be configured to resolve the issue?. A. BOOTP port 67. B. DHCP option 66. C. BOOTP port 68. D. DHCP option 69.

Refer to the exhibit. The remote server is failing to receive the NetFlow data. Which action resolves the issue?. A. Modify the flow transport command transport udp 2055 to move under flow monitor profile. B. Modify the interface command to ip flow monitor FLOW-MONITOR-1 input. C. Modify the udp port under flow exporter profile to ip transport udp 4739. D. Modify the flow record command record v4_r1 to move under flow exporter profile.

Refer to the exhibit. A network administrator configured NTP on a Cisco router to get synchronized time for system and logs from a unified time source. The configuration did not work as desired. Which service must be enabled to resolve the issue?. A. Enter the service timestamps log datetime clock-period global command. B. Enter the service timestamps log datetime synchronize global command. C. Enter the service timestamps log datetime console global command. D. Enter the service timestamps log datetime localtime global command.

Refer to the exhibits. An engineer filtered messages based on severity to minimize log messages. After applying the filter, the engineer noticed that it filtered required messages as well. Which action must the engineer take to resolve the issue?. A. Configure syslog level 2. B. Configure syslog level 3. C. Configure syslog level 4. D. Configure syslog level 5.

An engineer is troubleshooting on the console session of a router and turns on multiple debug commands. The console screen is filled with scrolling debug messages that none of the commands can be verified if entered correctly or display any output. Which action allows the engineer to see entered console commands while still continuing the analysis of the debug messages?. A. Configure the term no mon command globally. B. Configure the logging synchronous level all command. C. Configure the logging synchronous command. D. Configure the no logging console debugging command globally.

Refer to the exhibit. The DHCP client is unable to receive an IP address from the DHCP server. RouterB is configured as follows: Interface fastethernet 0/0 description Client DHCP ip address 172.31.1.1 255.255.255.0 ! ip route 172.16.1.0 255.255.255.0 10.1.1.2 Which command is required on the fastethernet 0/0 interface of RouterB to resolve this issue?. A. RouterB(config-if)#ip helper-address 172.16.1.1. B. RouterB(config-if)#ip helper-address 255.255.255.255. C. RouterB(config-if)#ip helper-address 172.16.1.2. D. RouterB(config-if)#ip helper-address 172.31.1.1.

Refer to the exhibit. A network administrator added one router in the Cisco DNA Center and checked its discovery and health from the Network Health Dashboard. The network administrator observed that the router is still showing up as unmonitored. What must be configured on the router to mount it in the Cisco DNA Center?. A. Configure router with SNMPv2c or SNMPv3 traps. B. Configure router with the telemetry data. C. Configure router with routing to reach Cisco DNA Center. D. Configure router with NetFlow data.

Refer to the exhibit. NTP is configured across the network infrastructure and Cisco DNA Center. An NTP issue was reported on the Cisco DNA Center at 17:15. Which action resolves the issue?. A. Reset the NTP server to resolve any synchronization issues for all devices. B. Check and resolve reachability between Cisco DNA Center and the NTP server. C. Check and resolve reachability between the WLC and the NTP server. D. Check and configure NTP on the WLC and synchronize with Cisco DNA Center.

Refer to the exhibit. PC-2 failed to establish a Telnet connection to the terminal server. Which configuration resolves the issue?. A. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 25 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet. B. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#no sequence 20 Gateway-Router(config-ipv6-acl)#sequence 5 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet. C. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet. D. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 15 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet.

Refer to the exhibit. A network administrator enables DHCP snooping on the Cisco Catalyst 3750-X switch and configures the uplink port (Port-channel2) as a trusted port. Clients are not receiving an IP address, but when DHCP snooping is disabled, clients start receiving IP addresses. Which global command resolves the issue?. A. ip dhcp relay information trust portchannel2. B. ip dhcp snooping. C. ip dhcp snooping trust. D. no ip dhcp snooping information option.

A customer reports to the support desk that they cannot print from their PC to the local printer id:123456789. Which tool must be used to diagnose the issue using Cisco DNA Center Assurance?. A. device trace. B. ACL trace. C. path trace. D. application trace.

An engineer configured SNMP notifications sent to the management server using authentication and encrypting data with DES. An error in the response PDU is received as "UNKNOWNUSERNAME, WRONGDIGEST". Which action resolves the issue?. A. Configure the correct authentication password using SNMPv3 authNoPriv. B. Configure correct authentication and privacy passwords using SNMPv3 authPriv. C. Configure correct authentication and privacy passwords using SNMPv3 authNoPriv. D. Configure the correct authentication password using SNMPv3 authPriv.

Refer to the exhibit. A network administrator is discovering a Cisco Catalyst 9300 and a Cisco WLC 3504 in Cisco DNA Center. The Catalyst 9300 is added successfully. However, the WLC is showing the error "uncontactable" when the administrator tries to add it in Cisco DNA Center. Which action discovers WLC in Cisco DNA Center successfully?. A. Delete the WLC 3504 from Cisco DNA Center and add it to Cisco DNA Center again. B. Add the WLC 3504 under the hierarchy of the Catalyst 9300 connected devices. C. Copy the .cert file from the Cisco DNA Center on the USB and upload it to the WLC 3504. D. Copy the .pem file from the Cisco DNA Center on the USB and upload it to the WLC 3504.

Refer to the exhibit. A user cannot SSH to the router. What action must be taken to resolve this issue?. A. Configure transport input ssh. B. Configure transport output ssh. C. Configure ip ssh version 2. D. Configure ip ssh source-interface loopback0.

An engineer configured a Cisco router to send reliable and encrypted notifications for any events to the management server. It was noticed that the notification messages are reliable but not encrypted. Which action resolves the issue?. A. Configure all devices for SNMPv3 informs with auth. B. Configure all devices for SNMPv3 informs with priv. C. Configure all devices for SNMPv3 traps with auth. D. Configure all devices for SNMPv3 traps with priv.

Refer to the exhibit. An engineer is monitoring reachability of the configured default routes to ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved?. A. Use the icmp-echo command to track both default routes. B. Use the same AD for both default routes. C. Start IP SLA by matching numbers for track and ip sla commands. D. Start IP SLA by defining frequency and scheduling it.

Refer to the exhibits. An engineer identified a Layer 2 loop using DNAC. Which command fixes the problem in the SF-D9300-1 switch?. A. spanning-tree portfast bpduguard. B. no spanning-tree uplinkfast. C. spanning-tree backbonefast. D. spanning-tree loopguard default.

Refer to the exhibit. An engineer receives this error message when trying to access another router in-band from the serial interface connected to the console of R1. Which configuration is needed on R1 to resolve this issue?. A. R1(config)#line vty 0 R1(config-line)# transport output ssh. B. R1(config)#line console 0 R1(config-line)# transport output ssh. C. R1(config)#line console 0 R1(config-line)# transport preferred ssh. D. R1(config)#line vty 0 R1(config-line)# transport output ssh R1(config-line)# transport preferred ssh.

Refer to the exhibit. The server for the finance department is not reachable consistently on the 200.30.40.0/24 network and after every second month it gets a new IP address. What two actions must be taken to resolve this issue? (Choose two.). A. Configure the server to use DHCP on the network with default gateway 200.30.40.100. B. Configure the server with a static IP address and default gateway. C. Configure the router to exclude a server IP address. D. Configure the server to use DHCP on the network with default gateway 200.30.30.100. E. Configure the router to exclude a server IP address and default gateway.

Refer to the exhibit. A user has set up an IP SLA probe to test if a non SLA host web server on IP address 10.1.1.1 accepts HTTP sessions prior to deployment. The probe is failing. Which action should the network administrator recommend for the probe to succeed?. A. Re-issue the ip sla schedule command. B. Add the control disable option to the tcp connect. C. Modify the ip sla schedule frequency to forever. D. Add icmp-echo command for the host.

Refer to the exhibit. A network administrator is using the DNA Assurance Dashboard panel to troubleshoot an OSPF adjacency that failed between Edge_NYC Interface GigabitEthernet1/3 with Neighbor Edge_SNJ. The administrator observes that the neighborship is stuck in the exstart state. How does the administrator fix this issue?. A. Configure to match the OSPF interface network types on both routers. B. Configure to match the OSPF interface speed and duplex settings on both routers. C. Configure to match the OSPF interface MTU settings on both routers. D. Configure to match the OSPF interface unique IP address and subnet mask on both routers.