350-401 Exam Questions
1,329 real 350-401 exam questions with expert-verified answers and explanations. Page 21 of 27.
- Question #1019
Which two functions is an edge node responsible for? (Choose two.)
SD-Access Edge NodeSD-Access Fabric - Question #1020Infrastructure Management and Network Monitoring - Configure and verify device management features including logging, NetFlow, and network visibility tools (maps to Cisco CCNP/ENCOR or Network+ Network Management domain)
Lab Simulation 10 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the To...
Archive LoggingNetFlow Top TalkersNetwork MonitoringIOS Configuration Management - Question #1021
Refer to the exhibit. Which two configurations enable R1 and R2 to advertise routes into OSPF? (Choose two.)
OSPF configurationRoute advertisementRouting protocols - Question #1022Automation
Which Python library is used to work with YANG data models via NETCONF?
Python NETCONF libraryYANG data models - Question #1023Infrastructure
Lab Simulation 11 Guidelines This is a lab item in which tasks will be performed on virtual devices. - Refer to the Tasks tab to view the tasks for this lab item. - Refer to the To...
EtherChannel LACPVLAN TrunkingRapid-PVST+Switching Fundamentals - Question #1025Infrastructure
Refer to the exhibit. An engineer must configure PAT to provide internet access to all users by using one global address for many local addresses. Which command set completes the c...
Cisco NATPAT configurationNAT overloadCisco IOS commands - Question #1026
Refer to the exhibit. An engineer must allow the FTP traffic from users on 172.16.1.0 /24 to 172.16.2.0 /24 and block all other traffic. Which configuration must be applied?
Cisco ACLsExtended ACLsTraffic FilteringFTP filtering - Question #1027Network Management and Monitoring - Configure and verify NetFlow/IPFIX for traffic analysis and export to a flow collector
High bandwidth utilization is occurring on interface Gig0/1 of a router. An engineer must identify the flows that are consuming the most bandwidth. Cisco DNA Center is used as a fl...
NetFlowNetwork MonitoringCisco DNA CenterIOS Configuration - Question #1028Infrastructure
Which DNS record type is required to allow APs to discover a WLC by using DNS on IPv4?
DNS record typesWLC discoveryWireless networkingIPv4 - Question #1029Architecture
What is modularity in network design?
ModularityNetwork Design PrinciplesScalabilityArchitecture - Question #1030
Refer to the exhibit. An engineer configured TACACS+ to authenticate remote users, but the configuration is not working as expected. Which configuration must be applied to enable a...
TACACS+AAA ConfigurationCisco IOSAuthentication Troubleshooting - Question #1031Architecture
A customer has two Cisco WLCs that manage separate APs throughout a building. Each WLC advertises the same SSID but terminates on different interfaces. Users report that they drop...
Wireless LAN ControllerClient RoamingMobility GroupsWLAN Architecture - Question #1032IP Routing
What is one difference between the RIB and the FIB?
RIBFIBCisco Express ForwardingRouting Tables - Question #1033Infrastructure
What is a characteristic of an AP operating in FlexConnect mode?
FlexConnectCisco AP modesWireless LAN - Question #1034Architecture
What is the benefit of using TCAM for IP forwarding decisions versus using the CAM table?
TCAMCAMIP ForwardingHardware Architecture - Question #1035
Refer to the exhibit. Two indirectly connected routers fail to form an OSPF neighborship. What is the cause of the issue?
OSPF troubleshootingOSPF neighborshipMTU mismatch - Question #1036Architecture
Which feature is provided by Cisco Mobility Services Engine in a Cisco Wireless Unified Network architecture?
Cisco Mobility Services EngineWireless NetworkingLocation ServicesClient Tracking - Question #1037Infrastructure
Which unit of measure is used to measure wireless RF SNR?
Wireless RFSNRUnits of MeasureDecibels - Question #1038
In a campus network design, what are two benefits of using BFD for failure detection? (Choose two.)
BFDFailure DetectionRouting Convergence - Question #1039
Refer to the exhibit. A network engineer issues the debug command while troubleshooting a network issue. What does the output confirm?
Cisco DebuggingAccess Control ListsICMP TrafficNetwork Troubleshooting - Question #1040Infrastructure Security / Securing Network Device Access - covering ACL application on VTY lines and enforcement of encrypted management protocols (CCNA: Network Security Fundamentals)
Refer to the exhibit. An engineer must update the existing configuration to achieve these results: - Only administrators from the 192.168.1.0/24 subnet can access the vty lines. -...
VTY Line SecurityAccess Control ListsSSH vs TelnetNetwork Device Hardening - Question #1041Security
Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network?
Cisco Threat DefenseNetFlow versionsNetwork visibility - Question #1042Automation
Refer to the exhibit. What is printed to the console when this script is run?
Python scriptingData typesOutput interpretation - Question #1043
What is a difference between Chef and other automation tools?
ChefAnsibleConfiguration ManagementAgent-based vs Agentless - Question #1044Infrastructure
An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement?
802.11rFast TransitionWLAN SecurityPSK - Question #1045Security
Refer to the exhibit. An engineer is troubleshooting an mDNS issue in an environment where Cisco ISE is used to dynamically assign mDNS roles to users. The engineer has confirmed t...
Cisco WLCCisco ISEmDNSAAA Override - Question #1046
What is one role of the VTEP in a VXLAN environment?
VXLANVTEPEncapsulation - Question #1047
How is CAPWAP data traffic encapsulated when running an Over the Top WLAN in a Cisco SD- Access wireless environment?
CAPWAP encapsulationSD-Access wirelessVXLANOTT WLAN - Question #1048
Refer to the exhibit. What does the Python code accomplish?
Python scriptingNetwork AutomationInterface configuration - Question #1049Automation
Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device?
RESTCONFNetwork Automation ProtocolsHTTPSAPI Management - Question #1050Understanding and validating proper JSON syntax and structure, commonly tested in web development, API integration, and IT Fundamentals certifications such as CompTIA IT Fundamentals (ITF+) or entry-level developer exams.
Which JSON script is properly formatted? A. B. C. D.
JSON formattingdata serializationsyntax validationweb data structures - Question #1051
Which technology is used as the basis for the Cisco SD-Access data plane?
Cisco SD-AccessSD-Access data planeVXLAN - Question #1052Security
How is OAuth framework used in REST API?
OAuthAPI SecurityREST APIAuthorization Tokens - Question #1053
What is a characteristic of Cisco DNA southbound APIs?
Cisco DNASouthbound APIsNetwork AutomationIntent-Based Networking - Question #1054Network Infrastructure
Where is the wireless LAN controller located in a mobility express deployment?
Mobility ExpressCisco WLCEmbedded controller - Question #1055
Refer to the exhibit. A network engineer must permit administrators to automatically authenticate if there is no response from either of the AAA servers. Which configuration achiev...
Cisco AAAAAA authenticationAuthentication fallbackRADIUS authentication - Question #1056
Which hypervisor requires a host OS to run and is not allowed to directly access the hosts hardware and resources?
Hypervisor typesType 2 hypervisorVirtualization concepts - Question #1057
Refer to the exhibit. The NETCONF object is sent to a Cisco IOS XE switch. What is the purpose of the object?
NETCONFNetwork ProgrammabilityOperational State RetrievalInterface IP Address - Question #1058Security
Which protocol does Cisco SD-WAN use to protect control plane communication?
Cisco SD-WANControl Plane SecurityDTLS Protocol - Question #1059
Which security option protects credentials from sniffer attacks in a basicAPI authentication?
API securityTLS/SSLCredential protectionSniffing prevention - Question #1060
Which mechanism can be used to enforce network access authentication against an AAA server if the endpoint does not support the 802.1X supplicant functionality?
Network Access ControlAAA authenticationWebAuth - Question #1061
An engineer must configure router R1 to validate user logins via RADIUS and fall back to the local user database if the RADIUS server is not available. Which configuration must be...
AAA authenticationRADIUS authenticationLocal authenticationAuthentication fallback - Question #1062Infrastructure
What does the Cisco WLC Layer 3 roaming feature allow clients to do?
Cisco WLCLayer 3 RoamingWireless NetworkingWLAN Roaming - Question #1063Automation
Which JSON script is properly formatted? A. B. C. D.
JSON SyntaxData SerializationNetwork AutomationData Formats - Question #1064
What is the function of Cisco DNA Center in a Cisco SD-Access deployment?
Cisco DNA CenterSD-Access - Question #1065
How do the MAC address table and TCAM differ?
MAC address tableTCAM - Question #1066Network Architecture
Which technology provides an overlay fabric to connect remote locations utilizing commodity data paths and improves network performance, boosts security, and reduces costs?
SD-WANWAN architectureNetwork overlays - Question #1067Security
Which two actions are recommended as security best practices to protect REST API? (Choose two.)
REST API securitySSL/TLS encryptionPassword hashing - Question #1068
Refer to the exhibit. An engineer is configuring WebAuth on a Cisco Catalyst 9800 Series WLC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the...
Cisco WebAuthWLC Certificate ManagementCertificate FQDN MatchingWLC Virtual Hostname - Question #1069Network Security – Configuring and verifying device access control using SSH on Cisco IOS routers (CCNA/Network Security fundamentals)
Refer to the exhibit. Which configuration must be added to enable remote access only using SSHv1 or SSHv2 to this router? A. B. C. D.
SSH ConfigurationVTY Line SecurityRSA Key GenerationRemote Access Security