Download Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR).350-401.ITExamAnswers.2022-04-19.536q.vcex

Vendor: Cisco
Exam Code: 350-401
Exam Name: Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)
Date: Apr 19, 2022
File Size: 39 MB
Downloads: 5

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which function does a fabric edge node perform in an SD-Access deployment?
  1. Connects endpoints to the fabric and forwards their traffic.
  2. Encapsulates end-user data traffic into LISP.
  3. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
  4. Provides reachability between border nodes in the fabric underlay.
Correct answer: A
Explanation:
There are five basic device roles in the fabric overlay:Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.    
There are five basic device roles in the fabric overlay:
  • Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.
  • Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
  • Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
  • Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
  • Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.
    
Question 2
Refer to the exhibit.Which privilege level is assigned to VTY users? 
    
  1. 1
  2. 7
  3. 13
  4. 15
Correct answer: A
Explanation:
Lines (CON, AUX, VTY) default to level 1 privileges.
Lines (CON, AUX, VTY) default to level 1 privileges.
Question 3
What is the difference between a RIB and a FIB?
  1. The FIB is populated based on RIB content.
  2. The RIB maintains a minor image of the FIB.
  3. The RIB is used to make IP source prefix-based switching decisions.
  4. The FIB is where all IP routing information is stored.
Correct answer: A
Explanation:
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. 
Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.
To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
Question 4
Which requirement for an Ansible-managed node is true?
  1. It must have an SSH server running.
  2. It must be a Linux server or a Cisco device.
  3. It must support ad hoc commands.
  4. It must have an Ansible Tower installed.
Correct answer: A
Question 5
A client device fails to see the enterprise SSID, but other client devices are connected to it. What is the cause of this issue?
  1. The client has incorrect credentials stored for the configured broadcast SSID.
  2. The hidden SSID was not manually configured on the client.
  3. The broadcast SSID was not manually configured on the client.
  4. The client has incorrect credentials stored for the configured hidden SSID.
Correct answer: B
Question 6
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)
  1. APs that operate in FlexConnect mode cannot detect rogue APs
  2. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.
  3. FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.
  4. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller
  5. FlexConnect mode is a wireless solution for branch office and remote office deployments
Correct answer: DE
Explanation:
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. Click hereClick here
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. 
The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. 
Click hereClick here
Question 7
Which OSPF network types are compatible and allow communication through the two peering devices?
  1. point-to-multipoint to nonbroadcast
  2. broadcast to nonbroadcast
  3. point-to-multipoint to broadcast
  4. broadcast to point-to-point
Correct answer: B
Explanation:
The following different OSPF types are compatible with each other:Broadcast and Non-Broadcast (adjust hello/dead timers) Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. Reference: Click here
The following different OSPF types are compatible with each other:
  • Broadcast and Non-Broadcast (adjust hello/dead timers) 
  • Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) 
Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. 
Reference: Click here
Question 8
Which NGFW mode blocks flows crossing the firewall?
  1. tap
  2. inline
  3. passive
  4. inline tap
Correct answer: B
Explanation:
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified Reference: Click here
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).
When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified 
Reference: Click here
Question 9
Which statement about route targets is true when using VRF-Lite?
  1. Route targets control the import and export of routes into a customer routing table.
  2. When BGP is configured, route targets are transmitted as BGP standard communities.
  3. Route targets allow customers to be assigned overlapping addresses.
  4. Route targets uniquely identify the customer routing table.
Correct answer: A
Explanation:
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. 
Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Question 10
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?
  1. uses flexible NetFlow
  2. assigns a VLAN to the endpoint
  3. classifies traffic based on advanced application recognition
  4. classifies traffic based on the contextual identity of the endpoint rather than its IP address
Correct answer: D
Explanation:
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. Reference: Click here
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. 
Reference: Click here
Question 11
Which function does a fabric edge node perform in an SD-Access deployment?
  1. Connects endpoints to the fabric and forwards their traffic.
  2. Encapsulates end-user data traffic into LISP.
  3. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
  4. Provides reachability between border nodes in the fabric underlay.
Correct answer: A
Explanation:
There are five basic device roles in the fabric overlay:Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.    
There are five basic device roles in the fabric overlay:
  • Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.
  • Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
  • Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
  • Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
  • Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.
    
Question 12
Refer to the exhibit.Which privilege level is assigned to VTY users? 
    
  1. 1
  2. 7
  3. 13
  4. 15
Correct answer: A
Explanation:
Lines (CON, AUX, VTY) default to level 1 privileges.
Lines (CON, AUX, VTY) default to level 1 privileges.
Question 13
What is the difference between a RIB and a FIB?
  1. The FIB is populated based on RIB content.
  2. The RIB maintains a minor image of the FIB.
  3. The RIB is used to make IP source prefix-based switching decisions.
  4. The FIB is where all IP routing information is stored.
Correct answer: A
Explanation:
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. 
Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.
To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
Question 14
Which requirement for an Ansible-managed node is true?
  1. It must have an SSH server running.
  2. It must be a Linux server or a Cisco device.
  3. It must support ad hoc commands.
  4. It must have an Ansible Tower installed.
Correct answer: A
Question 15
A client device fails to see the enterprise SSID, but other client devices are connected to it. What is the cause of this issue?
  1. The client has incorrect credentials stored for the configured broadcast SSID.
  2. The hidden SSID was not manually configured on the client.
  3. The broadcast SSID was not manually configured on the client.
  4. The client has incorrect credentials stored for the configured hidden SSID.
Correct answer: B
Question 16
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)
  1. APs that operate in FlexConnect mode cannot detect rogue APs
  2. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.
  3. FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.
  4. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller
  5. FlexConnect mode is a wireless solution for branch office and remote office deployments
Correct answer: DE
Explanation:
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. Click hereClick here
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. 
The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. 
Click hereClick here
Question 17
Which OSPF network types are compatible and allow communication through the two peering devices?
  1. point-to-multipoint to nonbroadcast
  2. broadcast to nonbroadcast
  3. point-to-multipoint to broadcast
  4. broadcast to point-to-point
Correct answer: B
Explanation:
The following different OSPF types are compatible with each other:Broadcast and Non-Broadcast (adjust hello/dead timers) Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. Reference: Click here
The following different OSPF types are compatible with each other:
  • Broadcast and Non-Broadcast (adjust hello/dead timers) 
  • Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) 
Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. 
Reference: Click here
Question 18
Which NGFW mode blocks flows crossing the firewall?
  1. tap
  2. inline
  3. passive
  4. inline tap
Correct answer: B
Explanation:
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified Reference: Click here
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).
When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified 
Reference: Click here
Question 19
Which statement about route targets is true when using VRF-Lite?
  1. Route targets control the import and export of routes into a customer routing table.
  2. When BGP is configured, route targets are transmitted as BGP standard communities.
  3. Route targets allow customers to be assigned overlapping addresses.
  4. Route targets uniquely identify the customer routing table.
Correct answer: A
Explanation:
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. 
Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Question 20
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?
  1. uses flexible NetFlow
  2. assigns a VLAN to the endpoint
  3. classifies traffic based on advanced application recognition
  4. classifies traffic based on the contextual identity of the endpoint rather than its IP address
Correct answer: D
Explanation:
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. Reference: Click here
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. 
Reference: Click here
Question 21
Which function does a fabric edge node perform in an SD-Access deployment?
  1. Connects endpoints to the fabric and forwards their traffic.
  2. Encapsulates end-user data traffic into LISP.
  3. Connects the SD-Access fabric to another fabric or external Layer 3 networks.
  4. Provides reachability between border nodes in the fabric underlay.
Correct answer: A
Explanation:
There are five basic device roles in the fabric overlay:Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.    
There are five basic device roles in the fabric overlay:
  • Control plane node: This node contains the settings, protocols, and mapping tables to provide the endpoint-to-location (EID-to-RLOC) mapping system for the fabric overlay.
  • Fabric border node: This fabric device (for example, core layer device) connects external Layer 3 networks to the SDA fabric.
  • Fabric edge node: This fabric device (for example, access or distribution layer device) connects wired endpoints to the SDA fabric.
  • Fabric WLAN controller (WLC): This fabric device connects APs and wireless endpoints to the SDA fabric.
  • Intermediate nodes: These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.
    
Question 22
Refer to the exhibit.Which privilege level is assigned to VTY users? 
    
  1. 1
  2. 7
  3. 13
  4. 15
Correct answer: A
Explanation:
Lines (CON, AUX, VTY) default to level 1 privileges.
Lines (CON, AUX, VTY) default to level 1 privileges.
Question 23
What is the difference between a RIB and a FIB?
  1. The FIB is populated based on RIB content.
  2. The RIB maintains a minor image of the FIB.
  3. The RIB is used to make IP source prefix-based switching decisions.
  4. The FIB is where all IP routing information is stored.
Correct answer: A
Explanation:
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
CEF uses a Forwarding Information Base (FIB) to make IP destination prefix-based switching decisions. The FIB is conceptually similar to a routing table or information base. It maintains a mirror image of the forwarding information contained in the IP routing table. When routing or topology changes occur in the network, the IP routing table is updated, and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the IP routing table. Because there is a one-to-one correlation between FIB entries and routing table entries, the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with earlier switching paths such as fast switching and optimum switching. 
Note: In order to view the Routing information base (RIB) table, use the “show ip route” command.
To view the Forwarding Information Base (FIB), use the “show ip cef” command. RIB is in Control plane while FIB is in Data plane.
Question 24
Which requirement for an Ansible-managed node is true?
  1. It must have an SSH server running.
  2. It must be a Linux server or a Cisco device.
  3. It must support ad hoc commands.
  4. It must have an Ansible Tower installed.
Correct answer: A
Question 25
A client device fails to see the enterprise SSID, but other client devices are connected to it. What is the cause of this issue?
  1. The client has incorrect credentials stored for the configured broadcast SSID.
  2. The hidden SSID was not manually configured on the client.
  3. The broadcast SSID was not manually configured on the client.
  4. The client has incorrect credentials stored for the configured hidden SSID.
Correct answer: B
Question 26
Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two.)
  1. APs that operate in FlexConnect mode cannot detect rogue APs
  2. FlexConnect mode is used when the APs are set up in a mesh environment and used to bridge between each other.
  3. FlexConnect mode is a feature that is designed to allow specified CAPWAP-enabled APs to exclude themselves from managing data traffic between clients and infrastructure.
  4. When connected to the controller, FlexConnect APs can tunnel traffic back to the controller
  5. FlexConnect mode is a wireless solution for branch office and remote office deployments
Correct answer: DE
Explanation:
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. Click hereClick here
FlexConnect is a wireless solution for branch office and remote office deployments. It enables customers to configure and control access points in a branch or remote office from the corporate office through a wide area network (WAN) link without deploying a controller in each office. 
The FlexConnect access points can switch client data traffic locally and perform client authentication locally when their connection to the controller is lost. When they are connected to the controller, they can also send traffic back to the controller. In the connected mode, the FlexConnect access point can also perform local authentication. 
Click hereClick here
Question 27
Which OSPF network types are compatible and allow communication through the two peering devices?
  1. point-to-multipoint to nonbroadcast
  2. broadcast to nonbroadcast
  3. point-to-multipoint to broadcast
  4. broadcast to point-to-point
Correct answer: B
Explanation:
The following different OSPF types are compatible with each other:Broadcast and Non-Broadcast (adjust hello/dead timers) Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. Reference: Click here
The following different OSPF types are compatible with each other:
  • Broadcast and Non-Broadcast (adjust hello/dead timers) 
  • Point-to-Point and Point-to-Multipoint (adjust hello/dead timers) 
Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-topoint/ multipoint do not elect DR/BDR so they are compatible. 
Reference: Click here
Question 28
Which NGFW mode blocks flows crossing the firewall?
  1. tap
  2. inline
  3. passive
  4. inline tap
Correct answer: B
Explanation:
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified Reference: Click here
Firepower Threat Defense (FTD) provides six interface modes which are: Routed, Switched, Inline Pair, Inline Pair with Tap, Passive, Passive (ERSPAN).
When Inline Pair Mode is in use, packets can be blocked since they are processed inline When you use Inline Pair mode, the packet goes mainly through the FTD Snort engine When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified 
Reference: Click here
Question 29
Which statement about route targets is true when using VRF-Lite?
  1. Route targets control the import and export of routes into a customer routing table.
  2. When BGP is configured, route targets are transmitted as BGP standard communities.
  3. Route targets allow customers to be assigned overlapping addresses.
  4. Route targets uniquely identify the customer routing table.
Correct answer: A
Explanation:
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Answer ‘Route targets allow customers to be assigned overlapping addresses’ and answer ‘Route targets uniquely identify the customer routing table’ are not correct as only route distinguisher (RD) identifies the customer routing table and “allows customers to be assigned overlapping addresses”. 
Answer ‘When BGP is configured, route targets are transmitted as BGP standard communities’ is not correct as “When BGP is configured, route targets are transmitted as BGP extended communities”
Question 30
How does Cisco TrustSec enable more flexible access controls for dynamic networking environments and data centers?
  1. uses flexible NetFlow
  2. assigns a VLAN to the endpoint
  3. classifies traffic based on advanced application recognition
  4. classifies traffic based on the contextual identity of the endpoint rather than its IP address
Correct answer: D
Explanation:
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. Reference: Click here
The Cisco TrustSec solution simplifies the provisioning and management of network access control through the use of software-defined segmentation to classify network traffic and enforce policies for more flexible access controls. Traffic classification is based on endpoint identity, not IP address, enabling policy change without net-work redesign. 
Reference: Click here
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!