This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Thu May 9 0:24:08 2024 / +0000 GMT ___________________________________________________ Title: [February-2023]High Quality Braindump2go 350-401 PDF Dumps 350-401 907Q Free Share[Q517-Q550] --------------------------------------------------- February/2023 New Braindump2go 350-401 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 350-401 Real Exam Questions!QUESTION 517A network engineer must configure a router to send logging messages to a syslog server based on these requirements:uses syslog IP address: 10.10.10.1uses a reliable protocolmust not use any well-known TCP/UDP portsWhich configuration must be used?A. logging host 10.10.10.1 transport tcp port 1024B. logging origin-id 10.10.10.1C. logging host 10.10.10.1 transport udp port 1023D. logging host 10.10.10.1 transport udp port 1024Answer: AQUESTION 518Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration? A. Device(config)# netconf max-sessions 100B. Device(config)# no netconf ssh acl 1C. Device(config)# netconf lock-time 500D. Device(config)# netconf max-message 1000Answer: DExplanation:Command: netconf max-message <1-2147483> Kbytes. The engineer gets output from the command show line, but not from show running-config, because max-message is too small, it is not enough for data of running-config.QUESTION 519An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionally?A. CCKMB. WPA2 PolicyC. Local PolicyD. Web PolicyAnswer: DExplanation:https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/100787-splash-page-redirect.htmlQUESTION 520An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes down. Which script must the engineer apply?A. Option AB. Option BC. Option CD. Option DAnswer: CQUESTION 521Refer to the exhibit. Router BRDR-1 is configured to receive the 0.0.0.0/0 and 172.17.1.0/24 networks via BGP and advertise them into OSPF area 0. An engineer has noticed that the OSPF domain is receiving only the 172.17.1.0/24 route and default route 0.0.0.0/0 is still missing. Which configuration must an engineer apply to resolve the problem? A. router ospf 1 redistribute bgp 65001 metric 100 route-policy BGP-TO-OSPF endB. router ospf 1 default-information originate endC. router ospf 1 default-metric 100 endD. router ospf 1 default-information originate always endAnswer: DQUESTION 522AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must the engineer perform to complete this task?A. Include a permit statement as the first entryB. Include at least one explicit deny statementC. Remove the implicit deny entryD. Include a permit statement as the last entryAnswer: DQUESTION 523Refer to the exhibit. A network operator is attempting to configure an IS-IS adjacency between two routers, but the adjacency cannot be established. To troubleshoot the problem, the operator collects this debugging output. Which interfaces are misconfigured on these routers? A. The peer router interface is configured as Level 1 only, and the R2 interface is configured as Level 2 onlyB. The R2 interface is configured as Level 1 only, and the Peer router interface is configured as Level 2 onlyC. The R2 interface is configured as point-to-point, and the peer router interface is configured as multipoint.D. The peer router interface is configured as point-as-point, and the R2 interface is configured as multipoint.Answer: BQUESTION 524AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down?A. Disable IP redirects only on outbound interfacesB. Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 networkC. Disable IP redirects on all ingress interfacesD. Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.Answer: BExplanation:https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-5/mpls/configuration/guide/b-mpls-cg-asr9000-75x/implementing-mpls-oam-74x.htmlQUESTION 525An engineer is implementing a Cisco MPLS TE tunnel to improve the streaming experience for the clients of a video-on-demand server. Which action must the engineer perform to configure extended discovery to support the MPLS LDP session between the headend and tailend routers?A. Configure the interface bandwidth to handle TCP and UDP traffic between the LDP peersB. Configure a Cisco MPLS TE tunnel on both ends of the sessionC. Configure an access list on the interface to permit TCP and UDP trafficD. Configure a targeted neighbor session.Answer: BQUESTION 526What occurs when a high bandwidth multicast stream is sent over an MVPN using Cisco hardware?A. The traffic uses the default MDT to transmit the data only if it isa (S,G) multicast route entryB. A data MDT is created to if it is a (*, G) multicast route entriesC. A data and default MDT are created to flood the multicast stream out of all PIM-SM neighbors.D. A data MDT is created to allow for the best transmission through the core for (S, G) multicast route entries.Answer: DQUESTION 527Drag and Drop QuestionAn engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right. Answer: QUESTION 528Drag and Drop QuestionA network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augment its capacity. Network standards require a bundle interface to be taken out of service if one of its member links goes down, and the new link must be added with minimal impact to the production network. Drag and drop the tasks that the engineer must perform from the left into the sequence on the right. Not all options are used. Answer: QUESTION 529Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?A. DTLSB. IPsecC. PGPD. HTTPSAnswer: AQUESTION 530An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?A. username netadmin secret 5 $1$b1JUSkZbBS1Pyh4OzwXyZ1kSZ2B. username netadmin secret $15b1JuSk404850110QzwXyZ1k SZ2C. line Console 0password $15b1Ju$D. username netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuVAnswer: DExplanation:Scrypt is safer than MD5, so answer A is wrong and answer D is correctR1(config)#username user secret ?0 Specifies an UNENCRYPTED secret will follow5 Specifies a MD5 HASHED secret will follow8 Specifies a PBKDF2 HASHED secret will follow9 Specifies a SCRYPT HASHED secret will follow< 0-9> Encryption types not explicitly specifiedLINE The UNENCRYPTED (cleartext) user secretLINE The UNENCRYPTED (cleartext) user secretQUESTION 531Which network devices secure API platform?A. next-generation intrusion detection systemsB. Layer 3 transit network devicesC. content switchesD. web application firewallsAnswer: AQUESTION 532Which threat defence mechanism, when deployed at the network perimeter, protects against zero-day attacks?A. intrusion preventionB. stateful inspectionC. sandboxD. SSL decryptionAnswer: AExplanation:A zero-day (or 0-day) vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. By definition, no patch exists for zero-day vulnerabilities and user systems have no defenses in place, making attacks highly likely to succeed. The name “zero-day” is designed to imply how long since the vulnerability was discovered. The term also indicates that system developers have had zero days to fix it.Intrusion ProtectionWhile the precise methods of a zero-day exploit can't be known in advance, a network intrusion protection system (NIPS) can monitor the firms' network for unusual activity.The advantage of NIPS over a traditional antivirus only system is it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by monitoring the day-to-day patterns of network activity across the network.When traffic or events far out of the ordinary are detected action can be taken to alert system administrators and lock down the firewall. Devices such as USB drives and mobile devices can all introduce threats to the network. They can often make it past the firewall because they are physically introduced to the system.NIPS protects against threats introduced to the network from both external and internal sources.Reference: https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps/QUESTION 533Refer to the exhibit. A company requires that all wireless users authenticate using dynamic key generation.Which configuration must be applied? A. AP(config-if-ssid)# authentication open wep wep_methodsB. AP(config-if-ssid)# authentication dynamic wep wep_methodsC. AP(config-if-ssid)# authentication dynamic open wep_dynamicD. AP(config-if-ssid)# authentication open eap eap_methodsAnswer: DQUESTION 534An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface.Which option also is required on the tunnel interface before it is operational?A. (config-if)#tunnel destination <ip address>B. (config-if)#keepalive <seconds retries>C. (config-if)#ip mtu <value>D. (config-if)#ip tcp adjust-mss <value>Answer: AQUESTION 535What Is a Type 2 hypervisor?A. installed as an application on an already installed operating systemB. runs directly on a physical server and includes its own operating systemC. supports over-allocation of physical resourcesD. also referred to as a "bare metal hypervisor" because it sits directly on the physical serverAnswer: AQUESTION 536Which two statements about static route configuration are true? (Choose two)A. They add to the number of routes in the routing table.B. The distance command modifies the administrative distanceC. The redistribute static command will redistribute classful networks into OSPF.D. They add significant overhead to the router CPU.E. The ip route static bfd command is used for BFD peer discovery.F. The permanent key word allows the route to remain in the route table if the interface goes down.Answer: CFQUESTION 537What is a characteristic of Cisco DNA Northbound APIs?A. They simplify the management of network infrastructure devices.B. They enable automation of network infrastructure based on intent.C. They utilize RESTCONF.D. They utilize multivendor support APIs.Answer: BExplanation:Software-Defined Access (SDA) uses the software-defined architectural model, with a controller and various APIs. At the center sits the Digital Network Architecture (DNA) Center controller. DNA Center is the controller for SDA networks. QUESTION 538Which two items are found in YANG data models? (Choose two.)A. HTTP return codesB. rpc statementsC. JSON schemaD. container statementsE. XML schemaAnswer: BEQUESTION 539What is required for a virtual machine to run?A. a Type 1 hypervisor and a host operating systemB. a hypervisor and physical server hardwareC. only a Type 1 hypervisorD. only a Type 2 hypervisorAnswer: BQUESTION 540An engineer configures GigabitEthernet 0/1 for VRRP group 115. The router must assume the primary role when it has the highest priority in the group. Which command set is required to complete this task?interface GigabitEthernet0/1ip address 10.10.10.2 255.255.255.0vrrp 115 ip 10.10.10.1vrrp 115 authentication 407441579A. Router(config if)# vrrp 115 track 1 decrement 100Router(config-if)# vrrp 115 preemptB. Router(config-if)# vrrp 115 track 1 decrement 10Router(config-if)# vrrp 115 preemptC. Router(config-if)# standby 115 priority 100Router(config-if)# standby 115 preemptD. Router(config-if)# vrrp 115 priority 100Answer: BQUESTION 541An engineer must configure AAA on a Cisco 9800 WLC for central web authentication.Which two commands are needed to accomplish this task? (Choose two.)A. (Cisco Controller) > config wlan aaa-override disable <wlan-id>B. (Cisco Controller) > config radius acct add 10.10.10.12 1812 SECRETC. (Cisco Controller) > config wlan aaa-override enable <wlan-id>D. Device(config-locsvr-da-radius)# client 10.10.10.12 server-key 0 SECRETE. Device(config)# aaa server radius dynamic-authorAnswer: DEExplanation:Answer A and answer C are used to enable/disable AAA Override option but it is just optional so they are not the correct answers. AAA Override enables you to apply VLAN tagging, Quality of Service, and Access Control Lists to individual clients based on the returned RADIUS attributes from the AAA server.According to this Cisco link (under AAA Configuration on 9800 WLCs) section, we need the following commands: Therefore answer D and answer E are correct.https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213919-configure-802-1x-authentication-on-catal.pdfQUESTION 542What is a benefit of Type 1 hypervisors?A. Administrators are able to load portable virtual machine packages in OVA or QCOW2 formats.B. Network engineers are able to create virtual networks o interconnect virtual machines in Layer 2 topologiesC. Operators are able to leverage orchestrators to manage workloads that run on multiple Type 1 hypervisorsD. Storage engineers are able to leverage VMDK files to provide storage to virtual machine.Answer: BQUESTION 543Refer to the exhibit. An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices.Which change on the WLC optimizes QoS for these devices? A. Enable FastlaneB. Set WMM to requiredC. Change the QoS level to PlatinumD. Configure AVC ProfilesAnswer: AExplanation:Apple iOS device mark QoS as per IETF recommendations. With WLC running AireOS8.3, you can enable the Fastlane feature, which enables several beneficial functions:– Your WLC QoS configuration is optimized globally to better support real-time applications– iOS 10 devices can send upstream voice traffic without the requirement to perform WMM TSPEC/TCLAS negotiation. The infrastructure will honor the voice marking for these devices.– You can apply a QoS profile to your iOS 10 devices, and decide which applications should receive QoS marking upstream, and which applications should be sent as best effort or background.Reference: https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-3/Optimizing_WiFi_Connectivity_and_Prioritizing_Business_Apps.pdfQUESTION 544A client device roams between wireless LAN controllers that are mobility peers, Both controllers have dynamic interface on the same client VLAN which type of roam is described?A. intra-VLANB. inter-controllerC. intra-controllerD. inter-subnetAnswer: BExplanation:Inter-controller Layer 2 roaming occurs when the wireless LAN interfaces of the controllers are on the same IP subnet.QUESTION 545Refer to the exhibit. Which result does the python code achieve? A. The code encrypts a base64 decrypted password.B. The code converts time to the "year/month/day" time format.C. The code converts time to the yyyymmdd representation.D. The code converts time to the Epoch LINUX time format.Answer: CQUESTION 546Which technology uses network traffic telemetry, contextual information, and file reputation to provide insight into cyber threats?A. threat defenseB. security servicesC. security intelligenceD. segmentationAnswer: AQUESTION 547Drag and Drop QuestionDrag and drop the characteristics from the left onto the deployment models on the right. Answer: QUESTION 548Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)A. VPNB. integrated intrusion preventionC. application-level inspectionD. NATE. stateful packet inspectionAnswer: BCExplanation:A next-generation firewall is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection, an intrusion prevention system.QUESTION 549Drag and Drop QuestionDrag and drop the characteristics from the left to the deployment models on the right. Not all options are used. Answer: QUESTION 550Refer to the exhibit. A network engineer attempts to connect to the Router1 console port. Which configuration is needed to allow Telnet connections?A. Router1(config)# line vty 0 15Router1(config-line)# transport output telnetB. Router1(config)# telnet clientC. Router1(config)# line console 0Router1(config-line)# transport output telnetD. Router1(config)# access-list 100 permit tcp any any eq telnetRouter1(config)# line console 0Router1(config-line)# access-class 100 outAnswer: CResources From:1.2023 Latest Braindump2go 350-401 Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/350-401.html2.2023 Latest Braindump2go 350-401 PDF and 350-401 VCE Dumps Free Share:https://drive.google.com/drive/folders/1EIsykNTrKvqjDVs9JMySv052qbrCpe8V?usp=sharingFree Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams! --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2023-02-22 09:06:30 Post date GMT: 2023-02-22 09:06:30 Post modified date: 2023-02-22 09:06:30 Post modified date GMT: 2023-02-22 09:06:30 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com