350-401 Exam Questions
1,329 real 350-401 exam questions with expert-verified answers and explanations. Page 19 of 27.
- Question #916
What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.)
Layer 3 infrastructure designRoute summarizationCisco Express Forwarding (CEF)Campus network design - Question #917Infrastructure
Refer to the exhibit. Which configuration must be applied to ensure that the preferred path for traffic from AS 65010 toward AS 65020 uses the R2 to R4 path?
BGP path manipulationBGP route policyAS path - Question #918
Refer to the exhibit. An engineer must reduce the number of Type 1 and Type 2 LSAs that are advertised to R4 within OSPF area 0. Which configuration must be applied?
OSPF LSA typesOSPF summarizationOSPF area designOSPF router roles - Question #919Network Assurance
An engineer is connected to a Cisco router through a Telnet session. Which command must be issued to view the logging messages from the current session as soon as they are generate...
Cisco IOS loggingterminal monitorrouter management - Question #920
Refer to the exhibit. Users cannot reach the web server at 192.168.100.1. What is the root cause for the failure?
Network troubleshootingNetwork loopsRouting issues - Question #921
What is one method for achieving REST API security?
REST API securityHTTPSTLS encryption - Question #922Security
What is a benefit of using segmentation with TrustSec?
TrustSecNetwork SegmentationSecurity Group TagsPolicy Management - Question #923Security
Refer to the exhibit. A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be app...
Access Control ListsIP Access ListsRouter traffic filteringWildcard masks - Question #924
How is traffic classified when using Cisco TrustSec technology?
Cisco TrustSecSecurity Group Tags - Question #925Automation
Refer to the exhibit. How should the programmer access the list of VLANs that were received via the API call?
Python dictionariesAPI response parsingData accessJSON data structures - Question #926
An EEM applet contains this command: event snmp oid 1.3.6.1.4.3.8.0.5.8.7.1.3 get-type next entry-op gt entry-val 80 poll-interval 8 What is the result of the command?
Cisco EEMSNMP event monitoringEEM applet configurationOID monitoring - Question #927
Refer to the exhibit. What does this Python script do?
Python scriptingScript analysisFile I/O - Question #928
Refer to the exhibit. What is output by this code?
Programming basicsCode interpretationLoopsPython syntax - Question #929IP Connectivity – Compare and contrast routing protocol characteristics including EIGRP and OSPF (Cisco CCNA Exam Topic 3.0)
Drag and Drop Question Drag and drop the characteristics from the left onto the routing protocols they describe on the right. Answer:
EIGRPOSPFRouting ProtocolsMetric Calculation - Question #930Network Security / Access Control - configuring and implementing access control lists (ACLs) to control and filter network traffic using permit and deny rules.
Drag and Drop Question Drag and drop the code snippets from the bottom onto the blanks in the code to construct a request that configures a deny rule on an access list. Answer:
Access Control ListsNetwork Security PolicyACL ConfigurationDeny Rules - Question #931Cloud Concepts – Understanding cloud deployment models (public, private, hybrid) and their distinguishing characteristics, typically aligned with CompTIA Cloud+, AWS Cloud Practitioner, or Microsoft Azure Fundamentals certification objectives.
Drag and Drop Question Drag and drop the characteristics from the left onto the deployment models on the right. Not all options are used. Answer:
Cloud Deployment ModelsPublic Cloud vs Private CloudCloud Computing FundamentalsCloud Infrastructure - Question #932Infrastructure and Deployment Models - understanding the key differences, trade-offs, and characteristics of cloud vs. on-premises deployment environments, commonly tested in certifications such as CompTIA Cloud+, AWS Cloud Practitioner, or similar IT fundamentals exams.
Drag and Drop Question Drag and drop the characteristics from the left onto the deployment models on the right. Not all options are used. Answer:
Cloud DeploymentOn-Premises InfrastructureDeployment ModelsIT Architecture - Question #933Network Fundamentals - Understanding the architectural separation between the control plane and data plane in network devices, including where routing protocol information is processed and where packet forwarding occurs (relevant to CCNA, CCNP, and similar Cisco certification tracks)
Drag and Drop Question Drag and drop the characteristics from the left onto the deployment models on the right. Not all options are used. Answer:
Control Plane vs Data PlaneNetwork Device ArchitectureCEF/Forwarding TablesRouting Protocols - Question #935
Refer to the exhibit. Two switches are interconnected using interface GigabitEthernet0/0 on both sides. While configuring one of the switches, a network engineer receives the loggi...
Switch trunkingInterface configurationVLANsTroubleshooting connectivity - Question #936Security
Refer to the exhibit. An engineer configures a new WLAN that will be used for secure communications; however, wireless clients report that they are able to communicate with each ot...
WLAN securityClient isolationP2P blockingWireless LANs - Question #937Network Assurance
Which command is required to validate that an IP SLA configuration matches the traffic between the branch office and the central site?
IP SLACisco CLINetwork monitoringTraffic validation - Question #938Network Assurance
Refer to the exhibit. The administrator must extend the configuration of the switch to perform remote logging using syslog according to these requirements: - syslog server: 203.0.1...
Cisco syslog configurationIOS loggingSyslog trap levelsReliable syslog transport - Question #939Infrastructure
Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination c...
ERSPANTraffic MonitoringSwitch Configuration - Question #940
Refer to the exhibit. Which configuration enables fallback to local authentication and authorization when no TACACS+ server is available?
Cisco AAATACACS+Local authenticationAuthentication fallback - Question #941
Refer to the exhibit. Remote users cannot access the Internet but can upload files to the storage server. Which configuration must be applied to allow Internet access?
Cisco ASA ACLsHTTP access controlTCP port configuration - Question #942Automation and Programmability
Refer to the exhibit. What is output by this code?
Code execution tracingLooping constructsScripting output prediction - Question #943Automation and Programmability - Understand and use NETCONF/YANG for device configuration management (CCNP Enterprise / DevNet Associate)
Refer to the exhibit. An engineer must save the configuration of router R2 using the NETCONF protocol. Which script must be used? A. B. C. D.
NETCONFYANG ModelsCisco IOS-XE ProgrammabilityNetwork Automation - Question #944
What is displayed when the code is run?
code executionoutput predictionscripting logicautomation scripting - Question #945Automation
Refer to the exhibit. What is the value of the variable list after the code is run?
Python programminglist manipulationcode executionvariable tracing - Question #946Automation
What is one difference between SaltStack and Ansible?
SaltStack architectureAnsible architectureConfiguration management - Question #948Infrastructure
Lab Simulation 4 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the Top...
VRRPFirst Hop Redundancy Protocols (FHRP)High AvailabilityLayer 3 Switching - Question #949Infrastructure
Lab Simulation 5 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the Top...
OSPF configurationRouting protocolsRouter CLI - Question #950Automation
Lab Simulation 6 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the Top...
EEMNetwork AutomationCisco IOS-XEInterface Management - Question #951Infrastructure Automation and Programmability / Network Management and Monitoring - tests advanced CLI configuration skills for traffic analysis (SPAN, NetFlow) and event-driven automation (EEM) commonly assessed in CCNP Enterprise (ENCOR 350-401) and advanced Cisco certification exams.
Lab Simulation 7 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the Top...
SPAN/RSPAN Traffic MonitoringEmbedded Event Manager (EEM)NetFlow Top TalkersNetwork Automation and Troubleshooting - Question #952Architecture
A company hires a network architect to design a new OTT wireless solution within a Cisco SD- Access Fabric wired network. The architect wants to register access points to the WLC t...
AP ModesWLC OperationsCentralized Data ForwardingCisco Wireless Design - Question #953Architecture
Which two methods are used to interconnect two Cisco SD-Access Fabric sites? (Choose two.)
Cisco SD-AccessMulti-siteTransit ConnectivityFabric Architecture - Question #954DOMAIN_OBJECTIVES_MISSING
What is a characteristic of Cisco SD-WAN?
Cisco SD-WANDTLS/TLSSecure tunnelsSD-WAN security - Question #955
What is the centralized control policy in a Cisco SD-WAN deployment?
Cisco SD-WANSD-WAN Control PolicyRouting Policy - Question #956Architecture
Which function is performed by vSmart in the Cisco SD-WAN architecture?
SD-WANvSmartOMPRouting Redistribution - Question #957Architecture
Which statement describes the Cisco SD-Access plane functionality for fabric-enabled wireless?
SD-Access WirelessControl PlaneData PlaneVXLAN - Question #958Architecture
How do cloud deployments compare to on-premises deployments?
Cloud DeploymentOn-premises DeploymentGlobal User ExperienceDeployment Models - Question #959Infrastructure
When voice services are deployed over a wireless environment, which service must be disabled to ensure the quality of calls?
Wireless QoSVoice over WLANLoad BalancingClient Roaming - Question #960
Which function does a virtual switch provide?
Virtual switchVirtual networkingVM connectivity - Question #961Infrastructure
Which device is responsible for finding EID-to-RLOC mapping when traffic is sent to a LISP- capable site?
LISPIngress Tunnel RouterEID-to-RLOC mappingOverlay Networks - Question #962Security
In which way are EIGRP and OSPF similar?
EIGRPOSPFAuthenticationMD5 - Question #963
By default, which virtual MAC address does HSRP group 12 use?
HSRPVirtual MAC address - Question #964Automation
Which two prerequisites must be met before Cisco DNA Center can provision device? (Choose two.)
Cisco DNA CenterDevice ProvisioningNetwork AutomationManagement Protocols - Question #965Architecture
In Cisco DNA Center, what is used to publish events and notifications to a third-party product such as IPAM?
Cisco DNA CenterRESTful APINorthbound APIIntegration - Question #966Infrastructure
Router R1 must be configured as a UDP responder on port 6336. Which configuration accomplishes this task?
IP SLAUDP ResponderCisco IOS-XENetwork Configuration - Question #967
Which configuration protects the password for the VTY lines against over-the-shoulder attacks?
Cisco IOS securityPassword encryptionVTY lines