Browse Exams Pricing

Exams350-401Questions

350-401 Exam Questions

1,329 real 350-401 exam questions with expert-verified answers and explanations. Page 2 of 27.

Question #53Infrastructure Security / Implementing AAA for Device Access Control (CCNP/CCNA Security or Enterprise Core)
The login method is configured on the VTY lines of a router with these parameters. - The first method for authentication is TACACS - If TACACS is unavailable, login is allowed with...
AAA AuthenticationTACACS+VTY Line ConfigurationIOS Security
Question #54Infrastructure
Which QoS component alters a packet to change the way that traffic is treated in the network?
QoSPacket MarkingTraffic Management
Question #55Infrastructure
Which marking field is used only as an internal marking within a router?
QoSTraffic MarkingInternal ClassificationRouter Configuration
Question #56Architecture
Which statement about a Cisco APIC controller versus a more traditional SDN controller is true?
APIC ArchitectureSDN ConceptsPolicy-based NetworkingCisco ACI
Question #57Infrastructure
Which QoS mechanism will prevent a decrease in TCP performance?
QoSWREDCongestion AvoidanceTCP Performance
Question #58Virtualization
Which statement explains why Type 1 hypervisor is considered more efficient than Type 2 hypervisor?
Hypervisor typesVirtualization architectureBare-metal hypervisorEfficiency
Question #59Virtualization
What are two benefit of virtualizing the server with the use of VMs in data center environment? (Choose two.)
Server VirtualizationVirtual MachinesData Center OptimizationResource Management
Question #60Network Programmability and Automation - Understanding data encoding formats (JSON) used in REST APIs and network automation tools (CCNA/CCNP Domain: Automation and Programmability)
Which exhibit displays a valid JSON file? A. B. C. D.
JSON syntaxData serializationData formatsNetwork automation
Question #61Infrastructure
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
TCP MSSGRE tunnelingPacket fragmentationNetwork optimization
Question #62Infrastructure
Which statement about an RSPAN session configuration is true?
RSPANNetwork MonitoringVLANsSwitching
Question #63Security
Refer to the exhibit. Based on the configuration in this WLAN security setting. Which method can a client use to authenticate to the network?
WLAN SecurityAuthenticationPre-Shared KeyWi-Fi
Question #64Infrastructure
Which two pieces of information are necessary to compute SNR? (Choose two.)
SNRRSSINoise Floor
Question #65Architecture
Refer to the exhibit. The WLC administrator sees that the controller to which a roaming client associates has Mobility Role Anchor configured under Clients > Detail. Which type of...
WLC RoamingMobility AnchorLayer 3 Roaming
Question #66Security
What is the difference between the enable password and the enable secret password when password encryption is enable on an IOS device?
enable passwordenable secretIOS securitypassword encryption
Question #67Network Assurance
When reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?
OSPFOSPF statesMTU mismatchTroubleshooting
Question #68Virtualization
Which two statements about VRF-lite are true? (Choose two)
VRF-liteMulti-tenancyRouting IsolationVirtual Routing
Question #69
Which statement about the default QoS configuration on a Cisco switch is true?
Cisco QoSQoS default configCoS
Question #70Infrastructure
Which IPv6 migration method relies on dynamic tunnels that use the 2002::/16 reserved address space?
IPv66to4TunnelingNetwork Migration
Question #71Architecture
How are the Cisco Express Forwarding table and the FIB related to each other?
Cisco Express Forwarding (CEF)Forwarding Information Base (FIB)Packet ForwardingRouting Architecture
Question #72Automation
Which two operations are valid for RESTCONF? (Choose two.)
RESTCONFHTTP MethodsNetwork AutomationRESTful API
Question #73Infrastructure
What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure deployment?
On-premises infrastructureCloud infrastructureLatencyDeployment models
Question #74Security
How does Cisco Trustsec enable more access controls for dynamic networking environments and data centers?
Cisco TrustSecAccess ControlIdentity-based NetworkingNetwork Segmentation
Question #75Security
Which method does the enable secret password option use to encrypt device passwords?
Cisco IOS securityPassword hashingMD5 algorithmenable secret command
Question #76Security
Refer to the exhibit. Which privilege level is assigned to VTY users?
VTY linesPrivilege levelsDevice access controlCisco IOS
Question #77Virtualization
Refer to the exhibit. Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?
VRF-LiteInterface ConfigurationRouting TablesCE Router
Question #78Security
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
MACsecLayer 2 SecurityOSI ModelData Link Layer
Question #79Automation
Refer to the exhibit. Which HTTP JSON response does the python code output give?
Python JSON parsingREST API outputData extractionNetwork Automation
Question #80Infrastructure
Which two statements about EIGRP load balancing are true? (Choose two.)
EIGRP Load BalancingFeasible SuccessorEIGRP DUALUnequal-cost Routing
Question #81Architecture
Which statement about LISP encapsulation in an EIGRP OTP implementation is true?
EIGRP OTPLISPTunnelingDynamic Multipoint
Question #82Infrastructure
Which EIGRP feature allows the use of leak maps?
EIGRPStub RoutingLeak MapsRoute Advertisement
Question #83Automation
Which statements are used for error handling in Python?
PythonError HandlingException Handling
Question #84Network Assurance
Which feature must be configured to allow packet capture over Layer 3 infrastructure'?
ERSPANSPANPacket CaptureNetwork Monitoring
Question #85Architecture
Which statement about Cisco Express Forwarding is true?
Cisco Express Forwarding (CEF)Data PlaneFIBAdjacency Table
Question #86Virtualization
Which statement about route targets is true when using VRF-Lite?
VRF-LiteRoute TargetsRouting PolicyVPN Routing and Forwarding
Question #87Infrastructure
Which two GRE features are configured to prevent fragmentation? (Choose two.)
GREFragmentationTCP MSSPMTUD
Question #88Infrastructure
Refer to the exhibit. An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the out...
ACLsPacket FlowRouter Behavior
Question #89Infrastructure
Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary?
First Hop Redundancy ProtocolsGLBPNetwork RedundancyLoad Balancing
Question #90Architecture
Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?
LISPETREID-to-RLOC mappingNetwork Protocols
Question #91Security
Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?
Access Control ListsNetwork SecurityTCP FilteringPort Filtering
Question #92Security
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?
Cisco TrustSecSecurity Group Tag (SGT)Network SegmentationIdentity-based Security
Question #93Architecture
Which action is the vSmart controller responsible for in an SD-WAN deployment?
SD-WANvSmartControl PlaneSecurity
Question #94Infrastructure
Refer to the exhibit. Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree...
Spanning Tree Protocol (STP)STP Port PriorityRoot Port ElectionNetwork Redundancy
Question #95Automation
Which requirement for an Ansible-managed node is true?
AnsibleAutomationSSHManaged Node
Question #96Network Assurance
Refer to this output. What is the logging severity level? R1#Feb 14 37:15:12:429: %LINEPROTO-5-UPDOWN Line protocol on interface GigabitEthernet0/1. Change state to up
Cisco SyslogLogging Severity LevelsNetwork MonitoringMessage Interpretation
Question #97Infrastructure
Which DNS lookup does an access point perform when attempting CAPWAP discovery?
CAPWAP discoveryDNSWireless APsWLC
Question #98Automation
At which Layer does Cisco DNA Center support REST controls?
Cisco DNA CenterNorthbound APIsREST APISDN architecture
Question #99Network Assurance
Which two statements about IP SLA are true? (Choose two)
IP SLANetwork MonitoringActive MonitoringPerformance Measurement
Question #100Architecture
Which two statements about Cisco Express Forwarding load balancing are true?
Cisco Express Forwarding (CEF)Load BalancingAdjacency TableHashing
Question #101
What is the main function of VRF-lite?
VRF-liteRouting tablesNetwork segregation
Question #102Infrastructure
Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two.)
Cisco DNA CenterSoftware UpgradeSystem Maintenance

PreviousPage 2 of 27Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.