New 2020 CCIE/CCNP 350-401 ENCOR exam questions from PassLeader 350-401 dumps! Welcome to download the newest PassLeader 350-401 VCE and PDF dumps: https://www.passleader.com/350-401.html (1025 Q&As –> 1129 Q&As –> 1198 Q&As –> 1239 Q&As) [Lab Simulations Available]
P.S. Free 2020 CCIE/CCNP 350-401 ENCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1nv6C6Az-yuR5kOXg8FV3gytDer_usQBX
NEW QUESTION 1001
Which IEEE standard provides the capability to permit or deny network connectivity based on the user or device identity?
A. 802.1d
B. 802.1w
C. 802.1q
D. 802.1x
Answer: D
NEW QUESTION 1002
Which solution simplifies management of secure access to network resources?
A. RFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs.
B. 802.1AE to secure communication in the network domain.
C. ISE to automate network access control leveraging RADIUS AV pairs.
D. TrustSec to logically group internal user environments and assign policies.
Answer: D
Explanation:
Cisco TrustSec simplifies the provisioning and management of secure access to network services and applications.
NEW QUESTION 1003
What is a characteristic of a Type 2 hypervisor?
A. It is completely independent of the operating system.
B. It is installed on an operating system and supports other operating systems.
C. It eliminates the need for an underlying operating system.
D. Its main task is to manage hardware resources between different operating systems.
Answer: B
NEW QUESTION 1004
What is the recommended minimum SNR for data applications on wireless networks?
A. 20
B. 25
C. 15
D. 10
Answer: A
NEW QUESTION 1005
What does the Cisco DNA Center Authentication API provide?
A. list of VLAN names
B. client health status
C. access token to make calls to Cisco DNA Center
D. list of global issues that are logged in Cisco DNA Center
Answer: C
Explanation:
The Cisco DNA Center Authentication API provides an access token that allows external applications and services to make authorized API calls to Cisco DNA Center. This access token acts as a secure authentication mechanism, ensuring that only authorized clients can interact with the Cisco DNA Center APIs.
NEW QUESTION 1006
What does the destination MAC on the outer MAC header identify in a VXLAN packet?
A. the leaf switch
B. the next hop
C. the remote switch
D. the remote spine
Answer: B
NEW QUESTION 1007
What does the statement print(format(0.8, ‘.0%’)) display?
A. 8.8%
B. 0.8%
C. 8%
D. 80%
Answer: D
Explanation:
The statement print(format(0.8, ‘.2%’)) will display the value 0.8 as a percentage with a precision of 2 decimal places, resulting in the output ‘80.00%’.
NEW QUESTION 1008
An engineer must implement a configuration to allow a network administrator to connect to the console port of a router and authenticate over the network. Which command set should the engineer use?
A. aaa new-model
aaa authentication login console local
B. aaa new-model
aaa authentication login console group radius
C. aaa new-model
aaa authentication login default enable
D. aaa new-model
aaa authentication enable default
Answer: B
Explanation:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
NEW QUESTION 1009
When a DNS host record is configured for a new Cisco AireOS WLC, which hostname must be added to allow APs to successfully discover the WLC?
A. CONTROLLER-CAPWAP-CISCO
B. CISCO-CONTROLLER-CAPWAP
C. CAPWAP-CISCO-CONTROLLER
D. CISCO-CAPWAP-CONTROLLER
Answer: D
NEW QUESTION 1010
Why does the vBond orchestrator have a public IP?
A. to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal
B. to provide access to Cisco Smart Licensing servers for license enablement
C. to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space
D. to facilitate downloading and distribution of operational and security patches
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/sdwan-xe-gs-book/system-overview.html
NEW QUESTION 1011
Why would a small or mid-size business choose a cloud solution over an on-premises solution?
A. Cloud provides greater ability for customization than on-premises.
B. Cloud provides more control over the implementation process than on-premises.
C. Cloud provides lower upfront cost than on-premises.
D. Cloud provides higher data security than on-premises.
Answer: C
NEW QUESTION 1012
Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)
A. stateful packet inspection
B. integrated intrusion prevention
C. NAT
D. VPN
E. application-level inspection
Answer: BE
Explanation:
https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-next-generation-firewall.html#~ngfw-firewall
NEW QUESTION 1013
Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
A. DTLS
B. IPsec
C. PGP
D. HTTPS
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/security-overview.html
NEW QUESTION 1014
What is one difference between SaltStack and Ansible?
A. SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box.
B. SaltStack uses an API proxy agent to program Cisco boxes in agent mode, whereas Ansible uses a Telnet connection.
C. SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus.
D. SaltStack is constructed with minion, whereas Ansible is constructed with YAML.
Answer: D
NEW QUESTION 1015
A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that the EoIP tunnel remains in an UP state in the event of failover on the SSO cluster?
A. Use the same mobility domain on all WLCs.
B. Enable default gateway reachability check.
C. Configure back-to-back connectivity on the RP ports.
D. Use the mobility MAC when the mobility peer is configured.
Answer: D
NEW QUESTION 1016
Refer to the exhibit:
An engineer must configure an eBGP neighborship to Router B on Router A. The network that is connected to G0/1 on Router A must be advertised toRouter B. Which configuration should be applied?
A. router bgp 65002
neighbor 10.0.1.2 remote-as 65002
network 10.0.2.0 255.255.255.0
B. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
redistribute static
C. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
network 10.0.1.0 255.255.255.0
D. router bgp 65001
neighbor 10.0.1.2 remote-as 65002
network 10.0.2.0 255.255.255.0
Answer: D
NEW QUESTION 1017
Refer to the exhibit:
The CPE router acts as a DHCP server for the locally attached LAN. After DHCP snooping is enabled on the switch where the DHCP clients are connected, clients are unable to obtain their configuration from the DHCP server. What is the cause of this issue?
A. The IP address of the DHCP server is in the excluded DHCP range.
B. The configuration of Gi0/1 is missing the ip helper-address 192.168.255.1 command.
C. The DHCP server drops DHCP packets carrying Option 82 and an empty relay agent IP address.
D. The excluded DHCP range contains the subnet address of the entire LAN network.
Answer: C
NEW QUESTION 1018
Refer to the exhibit:
An engineer tries to log in to router R1. Which configuration enables a successful login?
A. R1#username admin privilege 15
aaa authorization exec default local
B. R1#username admin privilege 15
aaa authorization exec default local
netconf-yang
C. R1#netconf-yang
username admin privilege 15 secret cisco123
aaa new-model
aaa authorization exec default local
D. R1#aaa new-model
aaa authorization exec default local
enable aaa admin privilege 15
Answer: C
NEW QUESTION 1019
Refer to the exhibit:
An engineer builds an EEM script to apply an access list. Which statement must be added to complete the script?
A. action 6.0 cli command “ip access-list extended 101”
B. action 3.1 cli command “ip access-list extended 101”
C. event none
D. action 2.1 cli command “ip access-list extended 101”
Answer: C
NEW QUESTION 1020
Refer to the exhibit:
An engineer is troubleshooting an issue with client devices triggering excessive power changes on APs in the 2.4 GHz band. Which action resolves this issue?
A. Disable Aironet IE.
B. Set the 802.11b/g/n DTIM interval to 0.
C. Enable MFP Client Protection.
D. Disable Coverage Hole Detection.
Answer: D
Explanation:
The device discriminates between coverage holes that can and cannot be corrected. For coverage holes that can be corrected, the device mitigates the coverage hole by increasing the transmit power level for that specific access point.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/16-12/config-guide/ewc_cg_16_12/coverage_hole_detection.pdf
NEW QUESTION 1021
……
New 2020 CCIE/CCNP 350-401 ENCOR exam questions from PassLeader 350-401 dumps! Welcome to download the newest PassLeader 350-401 VCE and PDF dumps: https://www.passleader.com/350-401.html (1025 Q&As –> 1129 Q&As –> 1198 Q&As –> 1239 Q&As) [Lab Simulations Available]
P.S. Free 2020 CCIE/CCNP 350-401 ENCOR dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1nv6C6Az-yuR5kOXg8FV3gytDer_usQBX