350-401 Exam Questions
1,329 real 350-401 exam questions with expert-verified answers and explanations. Page 12 of 27.
- Question #559
A network engineer configures a WLAN controller with increased security for web access. There is IP connectivity with the WLAN controller, but the engineer cannot start a managemen...
WLAN controller managementWeb GUI accessTLS ciphersTroubleshooting connectivity - Question #560Infrastructure
Refer to the exhibit. An engineer must configure static NAT on R1 lo allow users HTTP access to the web server on TCP port 80. The web server must be reachable through ISP 1 and IS...
NATStatic NATMulti-homed networkingCisco IOS configuration - Question #561
By default, which virtual MAC address does HSRP group 16 use?
HSRPvirtual MAC address - Question #562Architecture
A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP l...
GLBPFHRPLoad BalancingRouter Redundancy - Question #563Architecture
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)
Cisco SD-WANOMPOverlay RoutingControl Plane Security - Question #564Security
A network engineer is enabling HTTPS access to the core switch, which requires a certificate to be installed on the switch signed by the corporate certificate authority. Which conf...
PKICertificate Signing RequestHTTPSDevice Access Control - Question #565Infrastructure
An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication. Which profile must the engineer edit to...
Wireless LAN ControllerSSID ConfigurationPSK AuthenticationCisco 9800 Series - Question #567Infrastructure
Which statement about traffic management when PIM snooping is enabled is true?
PIM snoopingMulticast trafficTraffic management - Question #568
How are map-register messages sent in a LISP deployment?
LISPmap-register messagesLISP message flow - Question #569Infrastructure
Refer to the exhibit. The trunk does not work over the back-to-back link between Switch1 interface Giq1/0/20 and Switch2 interface Gig1/0/20. Which configuration fixes the problem?
VLAN TrunkingSwitchport configurationTrunk troubleshootingDTP - Question #570Automation
Based on the router's API output in JSON format below, which Python code will display the value of the "hostname" key?
PythonJSON ParsingAPI InteractionNetwork Automation - Question #571Infrastructure
Refer to the exhibit. An engineer attempts to bundle interface Gi0/0 into the port channel, but it does not function as expected. Which action resolves the issue?
LACPEtherChannelPort ChannelTroubleshooting - Question #572Security
Refer to the exhibit. An engineer must permit traffic from these networks and block all other traffic. An informational log message should be triggered when traffic enters from the...
Cisco ACLsACL wildcard masksACL logging - Question #573Automation
Refer to the exhibit. After the code is run on a Cisco IOS-XE router, the response code is 204. What is the result of the script?
API configurationHTTP status codesNetwork automationIOS-XE - Question #574Infrastructure
Which two parameters are examples of a QoS traffic descriptor? (Choose two)
QoSTraffic ClassificationDSCPMPLS EXP bits - Question #575
Refer to the exhibit. After configuring HSRP an engineer enters the show standby command. Which two facts are derived from the output? (Choose two.)
HSRPshow standby commandHSRP timersHSRP interface tracking - Question #576Infrastructure
If a client's radio device receives a signal strength of -67 dBm and the noise floor is -85 dBm, what is the SNR value?
WirelessSNR (Signal-to-Noise Ratio)RF fundamentalsdBm - Question #577
Refer to the exhibit. An engineer configures OSPF and wants to verify the configuration. Which configuration is applied to this device?
Cisco IOS CLIInterface configurationOSPF configuration - Question #578
A network monitoring system uses SNMP polling to record the statistics of router interfaces. The SNMP queries work as expected until an engineer installs a new interface and reload...
SNMP pollingRouter interfacesInterface indexing - Question #579Network Infrastructure
In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?
SD-Access extended node802.1Q - Question #580Security
An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail. Which configurati...
Cisco AAAAuthentication failoverLocal authenticationCLI commands - Question #581Security
When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?
Next-Generation FirewallsFirewall featuresMalware protection - Question #582
What does a northbound API accomplish?
Northbound APISDN controllerNetwork programmability - Question #583
Refer to the exhibit. An engineer configures the BGP adjacency between R1 and R2; however, it fails to establish. Which action resolves the issue?
BGP adjacencyBGP troubleshootingBGP configurationAS numbers - Question #584Security
Refer to the exhibit. The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands t...
AAAAuthorizationRADIUSFallback Mechanism - Question #585
What is a characteristic of Cisco StackWise technology?
Cisco StackWiseSwitch stacking - Question #586
Which QoS mechanism is used to implement CoPP?
QoSCoPPMQC - Question #587Automation
Why would an engineer use YANG?
YANGNETCONFData ModelingNetwork Automation - Question #588Infrastructure
Refer to the exhibit. An engineer must create a configuration that prevents R3 from receiving the LSA about 172.16.1.4/32. Which configuration set achieves this goal? A. B. C. D.
OSPFLSA filteringArea Border Router (ABR)Prefix-list - Question #589Infrastructure
Refer to the exhibit. VPN-A sends point-to-point traffic to VPN-B and receives traffic only from VPN-C. VPN-B sends point-to-point traffic to VPN-C and receives traffic only from V...
MPLS VPNVRFRoute TargetVPN Design - Question #590Security
A customer wants to use a single SSID to authenticate IoT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve...
Cisco ISEIdentity PSKWLAN SecurityIoT Authentication - Question #591Infrastructure
Refer to the exhibit. An engineer must prevent the R6 loopback from getting into Area 2 and Area 3 from Area 0. Which action must the engineer take?
OSPFRoute FilteringOSPF ABRLSA Type 3 - Question #592Virtualization
In a Cisco StackWise Virtual environment, which planes are virtually combined in the common logical switch?
Cisco StackWise VirtualNetwork virtualizationControl planeManagement plane - Question #593IP Connectivity – Configure and verify single-area OSPFv2, including network types and interface-level OSPF configuration (Cisco CCNA 200-301 Exam)
Refer to the exhibit. R2 is the neighboring router of R1. R2 receives an advertisement for network 192.168.10.50/32. Which configuration should be applied for the subnet to be adve...
OSPFLoopback InterfaceNetwork TypeRoute Advertisement - Question #594Security
What is one primary REST security design principle?
REST securitySecurity principlesAPI securityFail-safe defaults - Question #595
Which CoPP feature can you configure after applying the control-plane command?
CoPPControl Plane PolicingCisco Router Security - Question #596Infrastructure
Which method is used by an AP to join HA controllers and is configured in NVRAM?
AP discoveryWLC discoveryHigh AvailabilityNVRAM storage - Question #597Network Assurance
Refer to the exhibit. A network engineer is enabling logging to a local buffer, to the terminal and to a syslog server for all debugging level logs filtered by facility code 7. Whi...
LoggingSyslogCisco IOS XENetwork Monitoring - Question #598Security
How can an engineer prevent basic replay attacks from people who try to brute force a system via REST API?
API SecurityReplay AttackTimestampREST API - Question #599Architecture
When is the Design workflow used In Cisco DNA Center?
Cisco DNA CenterDesign WorkflowGreenfield DeploymentNetwork Architecture - Question #600
How does the Cisco SD-Access control plane simplify traditional routing environments?
Cisco SD-AccessSD-Access Control PlaneLISP EID/RLOCRouting Table Simplification - Question #601
An administrator must enable Telnet access to Router X using the router username and password database for authentication. Which configuration should be applied?
Cisco Telnet accessIOS VTY configurationRouter local authentication - Question #602
Refer to the exhibit. An engineer must configure HSRP for VLAN 1000 on SW2. The secondary switch must immediately take over the role of active router If the interlink with the prim...
HSRPFHRPInterface TrackingInter-VLAN Routing - Question #603Infrastructure
Refer to the exhibit. An engineer attempts to establish BGP peering between router CORP and two ISP routers. What is the root cause for the failure between CORP and ISP#2?
BGP peeringBGP authenticationMD5 authenticationTroubleshooting BGP - Question #604Architecture
In which two ways does TCAM differ from CAM? (Choose two.)
CAMTCAMForwarding decisionsHardware architecture - Question #605Architecture
What are two benefits of implementing a Cisco SD-WAN architecture? (Choose two)
SD-WAN benefitsApplication-aware policiesIntegrated securityNetwork architecture - Question #606Automation and Scripting / Infrastructure as Code - Understanding the operational models of configuration management tools including agent-based vs. agentless architectures (CompTIA DevOps+, Linux+, or similar DevOps/SysAdmin certifications)
Drag and Drop Question Drag and drop the tools from the left onto the agent types on the right. Answer:
Configuration ManagementInfrastructure AutomationAgent vs AgentlessDevOps Tools - Question #607
Which two statements about MAC Authentication Bypass are true? (Choose two.)
MAC Authentication BypassMABNetwork Authentication - Question #608Understanding cloud concepts and deployment models, including the differences between on-premises, public cloud, private cloud, and hybrid cloud infrastructures - commonly tested in AWS Cloud Practitioner, CompTIA Cloud+, or Azure Fundamentals certifications.
Drag and Drop Question Drag and drop the characteristics from the left onto the infrastructure deployment models they describe on the right. Answer:
Cloud Deployment ModelsOn-Premises vs CloudInfrastructure CharacteristicsCloud Fundamentals - Question #609Network Programmability and Automation - constructing structured configuration scripts to manipulate routing policies (route maps, prefix lists, and BGP attributes such as local preference) using model-driven or API-based frameworks.
Drag and Drop Question Drag and drop the snippets onto the blanks within the code to construct a script that adds a prefix list to a route map and sets the local preference. Not al...
Route MapsPrefix ListsNetwork AutomationYANG/RESTCONF