option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON CCNP ENCOR 350-401 - part 6

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
CCNP ENCOR 350-401 - part 6

Description:
CCNP ENCOR 350-401 - part 6

Author:
AVATAR
ccnp
Other tests from this author

Creation Date: 20/12/2024

Category: Others

Number of questions: 48
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface? A. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 3 B. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 1 - 2, 4 - 4094 C. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 3 D. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 1- 2, 4 - 4094 .
Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1? A. Specify a different UDP port. B. Specify a different TCP port. C. Configure a version 5 flow-export to the same destination. D. Specify a different flow ID. E. Specify a VRF. .
Refer to the exhibit. After implementing the configuration, 172.20.20.2 stops replying to ICMP echos, but the default route fails to be removed. What is the reason for this behavior? A. The threshold value is wrong. B. The source-interface is configured incorrectly. C. The destination must be 172.30.30.2 for icmp-echo. D. The default route is missing the track feature. .
An engineer is troubleshooting a connectivity issue and executes a traceroute. What does the result confirm? A. The destination port is unreachable. B. The probe timed out. C. The destination server reported it is too busy. D. The protocol is unreachable. .
Which Cisco DNA Center application is responsible for group-based access control permissions? A. Provision B. Design C. Assurance D. Policy .
An engineer is concerned with the deployment of a new application that is sensitive to inter-packet delay variance. Which command configures the router to be the destination of jitter measurements? A. Router(config)# ip sla responder udp-connect 172.29.139.134 5000 B. Router(config)# ip sla responder tcp-connect 172.29.139.134 5000 C. Router(config)# ip sla responder udp-echo 172.29.139.134 5000 D. Router(config)# ip sla responder tcp-echo 172.29.139.134 5000 .
Which NGFW mode blocks flows crossing the firewall? A. tap B. inline C. passive D. inline tap .
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers? A. uses flexible NetFlow B. assigns a VLAN to the endpoint C. classifies traffic based on advanced application recognition D. classifies traffic based on the contextual identity of the endpoint rather than its IP address .
The login method is configured on the VTY lines of a router with these parameters: * The first method for authentication is TACACS * If TACACS is unavailable, login is allowed without any provided credentials Which configuration accomplishes this task? A B C D.
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network? A. security group tag ACL assigned to each port on a switch B. security group tag number assigned to each user on a switch C. security group tag number assigned to each port on a network D. security group tag ACL assigned to each router on a network .
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model? A. SSL B. Cisco TrustSec C. MACsec D. IPsec .
An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the WLAN? A. ISE server B. RADIUS server C. anchor WLC D. local WLC.
Which method does the enable secret password option use to encrypt device passwords? A. MD5 B. PAP C. CHAP D. AES .
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric? A. VXLAN B. LISP C. Cisco TrustSec D. IS-IS .
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device? A. The enable secret password is protected via stronger cryptography mechanisms. B. The enable password cannot be decrypted. C. The enable password is encrypted with a stronger encryption method. D. There is no difference and both passwords are encrypted identically. .
Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80? A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444 B. permit tcp any any range 22 443 deny tcp any any eq 80 C. permit tcp any any eq 80 D. deny tcp any any eq 80 permit tcp any any range 22 443.
A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+ What is the process of password checks when a login attempt is made to the device? A. A TACACS+ server is checked first. If that check fails, a local database is checked. B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked. C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked. D. A local database is checked first. If that check fails, a TACACS+ server is checked. .
Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic? A. the controller management interface B. the controller virtual interface C. the interface specified on the WLAN configuration D. any interface configured on the WLC .
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis? A. Cisco Firepower and FireSIGHT B. Cisco Stealthwatch system C. Advanced Malware Protection D. Cisco Web Security Appliance .
An engineer must protect their company against ransomware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption? A. Use Cisco Firepower and block traffic to TOR networks. B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled. C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation. D. Use Cisco AMP deployment with the Exploit Prevention engine enabled. .
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times. Which command set accomplishes this task? A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in .
Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction? A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080 B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080 C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2 D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2 .
What is the result of applying this access control list? ip access-list extended STATEFUL 10 permit tcp any any established 20 deny ip any any A. TCP traffic with the URG bit set is allowed. B. TCP traffic with the SYN bit set is allowed. C. TCP traffic with the ACK bit set is allowed. D. TCP traffic with the DF bit set is allowed. .
Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1? A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80 D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any.
Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required? A. Add the access-class keyword to the username command. B. Add the autocommand keyword to the aaa authentication command. C. Add the access-class keyword to the aaa authentication command. D. Add the autocommand keyword to the username command.
Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration? A. All traffic will be policed based on access-list 120. B. If traffic exceeds the specified rate, it will be transmitted and remarked. C. Class-default traffic will be dropped. D. ICMP will be denied based on this configuration. .
DRAG DROP - Drag and drop the threat defense solutions from the left onto their descriptions on the right. UMBRELLA AMP4E FTD StealthWatch ESA.
What is the effect of this configuration? A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey. B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+. C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4. D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails. .
Which deployment option of Cisco NGFW provides scalability? A. inline tap B. high availability C. clustering D. tap .
DRAG DROP - Drag and drop the REST API authentication methods from the left onto their descriptions on the right. Select and Place: HTTP basic authentication OAuth secure vault.
In a Cisco SD-Access solution, what is the role of the Identity Services Engine? A. It is leveraged for dynamic endpoint to group mapping and policy definition. B. It provides GUI management and abstraction via apps that share context. C. It is used to analyze endpoint to app flows and monitor fabric status. D. It manages the LISP EID database. .
DRAG DROP - Drag and drop the solutions that compromise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right. Select and Place: StealthWatch Identity Services Engine Web Security Appliance.
DRAG DROP - An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used. R1#sh run | i aaa - aaa new-model aaa authentication login default group ACE group AAA_RADIUS local-case aaa session-id common R1# Select and Place: tacacs servers of group ACE local configured username in non-case-sensitive format local configured username in case-sensitive format AAA servers of ACE group AAA servers of AAA_RADIUS group If no method works, then deny login.
What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution? A. real-time threat management to stop DDoS attacks to the core and access networks B. real-time awareness of users, devices, and traffic on the network C. malware control D. dynamic threat control for web traffic .
An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL? A. access-list 110 permit tcp any any eq 21 tcp-ack B. access-list 10 permit tcp any any eq 21 established C. access-list 110 permit tcp any any eq 21 established D. access-list 10 permit ip any any eq 21 tcp-ack .
A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web server. Which statement allows this traffic? A. permit tcp host 209.165.200.225 lt 80 host 209.165.201.25 B. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80 C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 D. permit tcp host 209.165.200.225 host 209.165.201.25 eq 80 .
Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet? A. permit 10.0.0.0 0.0.0.1 B. permit 10.0.0.1 0.0.0.254 C. permit 10.0.0.1 0.0.0.0 D. permit 10.0.0.0 255.255.255.254 .
An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthernet 0/1. Which configuration command set will allow this traffic without disrupting existing traffic flows? A. config t ip access-list extended EGRESS permit ip 10.1.10.0 255.255.255.0 10.1.2.0 255.255.255.0 B. config t ip access-list extended EGRESS2 permit ip 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255 permit ip 10.1.100.0 0.0.0.255 10.1.2.0 0.0.0.255 deny ip any any ! interface g0/1 no ip access-group EGRESS out ip access-group EGRESS2 out C. config t ip access-list extended EGRESS permit ip 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255 D. config t ip access-list extended EGRESS 5 permit ip 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255.
Refer to the exhibit. What step resolves the authentication issue? A. use basic authentication B. change the port to 12446 C. target 192.168.100.82 in the URI D. restart the vsmart host .
Security policy requires all idle exec sessions to be terminated in 600 seconds. Which configuration achieves this goal? A. line vty 0 15 absolute-timeout 600 B. line vty 0 15 no exec-timeout C. line vty 0 15 exec-timeout 10 0 D. line vty 0 4 exec-timeout 600 .
An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet. What explains this behavior? A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router. B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect. C. Only standard access control lists can block traffic from a source IP address. D. The access control list must contain an explicit deny to block traffic from the router. .
What is a characteristic of a next-generation firewall? A. only required at the network perimeter B. required in each layer of the network C. filters traffic using Layer 3 and Layer 4 information only D. provides intrusion prevention .
Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action resolves this issue? A. implement P2P blocking B. implement MFP client protection C. implement Wi-Fi direct policy D. implement split tunneling .
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue? A. enable AAA override B. set a NAC state C. utilize RADIUS profiling D. require a DHCP address assignment .
Refer to the exhibit. Which single security feature is recommended to provide Network Access Control in the enterprise? A. MAB B. 802.1X C. WebAuth D. port security sticky MAC .
Refer to the exhibit. After configuring an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show? A. VPN peers agreed on parameters for the ISAKMP SA. B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated. C. ISAKMP SA is authenticated and can be used for Quick Mode. D. ISAKMP SA has been created, but it has not continued to form. .
Which two threats does AMP4E have the ability to block? (Choose two.) A. email phishing B. DDoS C. Microsoft Word macro attack D. SQL injection E. ransomware.
An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used? A. username netadmin secret 5 $1$b1Ju$kZbBS1Pyh4QzwXyZ1kSZ2 B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDAx1uV C. username netadmin secret $1$b1Ju$k406689705QzwXyZ1kSZ2 D. line Console 0 password $1$b1Ju$ .
Report abuse