[Nov 27, 2021] Free CCNP Enterprise 350-401 Exam Question
350-401 dumps & CCNP Enterprise sure practice dumps
What is the cost of Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)
- Length of Examination: 90 minutes
- Passing Score: 70%
- Format: Multiple choices, multiple answers
- Number of Questions: 90-105
Related Certification: CCNP Enterprise
Enterprise networking continues to witness massive growth ever since Cisco introduced a new certification curriculum in early 2020. This is best shown by the increasing popularity of the Cisco CCNP Enterprise certification, which does much more than just equipping you with vital IT skills. The new CCNP Enterprise training embodies success with enterprise networking technologies and to obtain it, you must pass two exams: the aforementioned Cisco 350-401, which is a core validation, and one additional concentration exam. That being said, the full list of the concentration tests associated with this learning path includes 300-410, 300-415, 300-420, 300-425, 300-430, and 300-435 exams.
NEW QUESTION 89
Which encryption hashing algorithm does NTP use for authentication?
- A. SSL
- B. AES128
- C. MD5
- D. AES256
Answer: C
NEW QUESTION 90
Refer to the exhibit.
Which type of antenna is show on the radiation patterns?
- A. Patch
- B. Yagi
- C. Dipole
- D. Omnidirectional
Answer: C
Explanation:
A dipole antenna most commonly refers to a half-wavelength (1/2) dipole. The physical antenna (not the package that it is in) is constructed of conductive elements whose combined length is about half of a wavelength at its intended frequency of operation. This is a simple antenna that radiates its energy out toward the horizon (perpendicular to the antenna). The patterns shown are those resulting from a perfect dipole formed with two thin wires oriented vertically along the z-axis.
NEW QUESTION 91
Which statement about TLS is true when using RESTCONF to write configurations on network devices?
- A. It is no supported on Cisco devices.
- B. It is provided using NGINX acting as a proxy web server.
- C. It is used for HTTP and HTTPs requests.
- D. It required certificates for authentication.
Answer: D
NEW QUESTION 92
Which action is the vSmart controller responsible for in an SD-WAN deployment?
- A. manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric
- B. distribute security information for tunnel establishment between vEdge routers
- C. gather telemetry data from vEdge routers
- D. onboard vEdge nodes into the SD-WAN fabric
Answer: B
Explanation:
Explanation
+ Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay (-> Therefore answer "onboard vEdge nodes into the SD-WAN fabric" mentioned about vBond). The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.
+ Management plane (vManage) is responsible for central configuration and monitoring. The vManage controller is the centralized network management system that provides a single pane of glass GUI interface to easily deploy, configure, monitor and troubleshoot all Cisco SD-WAN components in the network. (-> Answer "manage, maintain, and gather configuration and status for nodes within the SD-WAN fabric" and answer "gather telemetry data from vEdge routers" are about vManage)
+ Control plane (vSmart) builds and maintains the network topology and make decisions on the traffic flows. The vSmart controller disseminates control plane information between WAN Edge devices, implements control plane policies and distributes data plane policies to network devices for enforcement (-> Answer "distribute security information for tunnel establishment between vEdge routers" is about vSmart)
NEW QUESTION 93
Refer to the exhibit.
A wireless client is connecting to FlexAP1 which is currently working standalone mode. The AAA authentication processis returning the following AVPs:
Which three behaviors will the client experience? (Choose three.)
- A. When the AP is in connected mode, the client will be placed in VLAN 15.
- B. When the AP is in connected mode, the client will be placed in VLAN 13.
- C. When the AP transitions to connected mode, the client will be de-authenticated.
- D. While the AP is in standalone mode, the client will be placed in VLAN 15.
- E. When the AP transitions to connected mode, the client will remain associated.
- F. When the AP is in connected mode, the client will be placed in VLAN 10.
- G. While the AP is in standalone mode, the client will be placed in VLAN 13.
- H. While the AP is in standalone mode, the client will be placed in VLAN 10.
Answer: A,C,H
Explanation:
Explanation
+ From the output of WLC show interface summary, we learned that the WLC has four VLANs: 999, 14, 15 and 16. + From the show ap config general FlexAP1 output, we learned that FlexConnect AP has four VLANs: 10, 11, 12 and 13. Also the WLAN of FlexConnect AP is mapped to VLAN 10 (from the line WLAN
1: ...... 10 (AP-Specific)).
From the reference at:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise
NEW QUESTION 94 
Refer to the exhibit. You must modify the Cisco IOS Layer3 switch configuration for high availability operation.
Which additional configuration is needed, if any?
- A. Enable HSRP preempt to force the primary Layer 3 switch to resume the master role after a failure
- B. Enable HSRP preempt with a delay to allow time for the routing and switching protocols to converge
- C. This configuration is sufficient for high availability functionality
- D. Modify the configuration to use VRRP, which has additional functionality that works better for high availability
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION 95
Refer to the exhibit.
What is the effect of these commands on the BR and HQ tunnel interfaces?
- A. The keepalives are sent every 3 seconds and 5 retries
- B. The tunnel line protocol goes down when the keepalive counter reaches 6
- C. The keepalives are sent every 5 seconds and 3 retries
- D. The tunnel line protocol goes down when the keepalive counter reaches 5
Answer: C
NEW QUESTION 96
Based on this interface configuration, what is the expected state of OSPF adjacency?
- A. FULL/BDR on R1 and FULL/BDR on R2
- B. 2WAY/DROTHER on both routers
- C. FULL on both routers
- D. not established
Answer: D
NEW QUESTION 97
Which two southbound interfaces originate from Cisco DMA Center and terminate at fabric underlay switches? (Choose two)
- A. UDP 6007: NetFlow
- B. UDP 67: DHCP
- C. TCP 23: Telnet
- D. ICMP: Discovery
- E. UDP 162: SNMP
Answer: A,D
NEW QUESTION 98
An engineer must configure interface GigabitEthernet0/0 for VRRP group 10. When the router has the highest priority in the group, it must assume the master role. Which command set must be added to the initial configuration to accomplish this task?
- A. vrrp 10 ip 172.16.13.254
vrrp 10 preempt - B. standby 10 ip 172.16.13.254 255.255.255.0
standby 10 preempt - C. vrrp group 10 ip 172.16.13 254.255.255.255.0
vrrp group 10 priority 120 - D. standby 10 ip 172.16.13.254
standby 10 priority 120
Answer: C
Explanation:
Explanation
NEW QUESTION 99
What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?
- A. TLS
- B. JVVT
- C. HTTPS
- D. SSH
Answer: C
Explanation:
Explanation
https://developer.atlassian.com/server/crowd/json-requests-and-responses/
NEW QUESTION 100
Refer to the exhibit.
Which two statements about the EEM applet configuration are true? (Choose two.)
- A. The EEM applet requires a case-insensitive response
- B. The running configuration is displayed only if the letter Y is entered at the CLI
- C. The EEM applet runs after the CLI command is executed
- D. The EEM applet runs before the CLI command is executed
Answer: B,D
Explanation:
Explanation
When you use the sync yes option in the event cli command, the EEM applet runs before the CLI command is executed. The EEM applet should set the _exit_status variable to indicate whether the CLI command should be executed (_exit_status set to one) or not (_exit_status set to zero).
With the sync no option, the EEM applet is executed in background in parallel with the CLI command.
Reference: https://blog.ipspace.net/2011/01/eem-event-cli-command-options-and.html
NEW QUESTION 101
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
- A. SSL
- B. MACsec
- C. Cisco Trustsec
- D. IPsec
Answer: B
Explanation:
MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using out-ofband
methods for encryption keying. The MACsec Key Agreement (MKA) Protocol provides the
required session keys and manages the required encryption keys. MKA and MACsec are
implemented after successful authentication using the 802.1x Extensible Authentication Protocol
(EAP-TLS) or Pre Shared Key (PSK) framework.
A switch using MACsec accepts either MACsec or non-MACsec frames, depending on the policy
associated with the MKA peer. MACsec frames are encrypted and protected with an integrity check
value (ICV). When the switch receives frames from the MKA peer, it decrypts them and calculates
the correct ICV by using session keys provided by MKA. The switch compares that ICV to the ICV
within the frame. If they are not identical, the frame is dropped. The switch also encrypts and
adds an ICV to any frames sent over the secured port (the access point used to provide the secure
MAC service to a MKA peer) using the current session key.
Reference:
6-9/configuration_guide/sec/b_169_sec_9300_cg/macsec_encryption.html
Note: Cisco Trustsec is the solution which includes MACsec.
NEW QUESTION 102
Witch two actions provide controlled Layer 2 network connectivity between virtual machines running on the same hypervisor? (Choose two.)
- A. Use VXLAN fabric after installing VXLAN tunneling drivers on the virtual machines.
- B. Use a single trunk link to an external Layer2 switch.
- C. Use a virtual switch running as a separate virtual machine.
- D. Use a single routed link to an external router on stick.
- E. Use a virtual switch provided by the hypervisor.
Answer: C,E
NEW QUESTION 103
Refer to the exhibit. An engineer is using XML in an application to send information to a RESTCONF-enabled device. After sending the request, the engineer gets this response message and a HTTP response code of 400. What do these responses tell the engineer?
- A. JSON body was used
- B. POST was used instead of PUT to update
- C. The Content-Type header sent was application/xml.
- D. The Accept header sent was application/xml
Answer: D
Explanation:
Accept and Content-type are both headers sent from a client (a browser) to a service. Accept header is a way for a client to specify the media type of the response content it is expecting and Content-type is a way to specify the media type of request being sent from the client to the server.
The response was sent in XML so we can say the Accept header sent was application/xml.
NEW QUESTION 104
Which LISP infrastructure device provides connectivity between non-sites and LISP sites by receiving non-LISP traffic with a LISP site destination?
- A. PETR
- B. PITR
- C. map resolver
- D. map server
Answer: B
Explanation:
Explanation
Proxy ingress tunnel router (PITR): answer 'PETR' PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.
NEW QUESTION 105
Refer to the exhibit.
An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all BGP neighbor relationships have been formed and that the attributes have not been changed on any of the routers, which configuration accomplish task?
- A. Option A
- B. Option B
- C. Option D
- D. Option C
Answer: A
Explanation:
Explanation
R3 advertises BGP updates to R1 with multiple AS 100 so R3 believes the path to reach AS 200 via R3 is farther than R2 so R3 will choose R2 to forward traffic to AS 200.
NEW QUESTION 106
Drag and drop the REST API authentication methods from the left onto their descriptions on the right.
Answer:
Explanation:
Explanation
NEW QUESTION 107
Which method displays text directly into the active console with a synchronous EEM applet policy?
- A. event manager applet boom
event syslog pattern 'UP'
action 1.0 puts 'logging directly to console' - B. event manager applet boom
event syslog pattern 'UP'
action 1.0 string 'logging directly to console' - C. event manager applet boom
event syslog pattern 'UP'
action 1.0 gets 'logging directly to console' - D. event manager applet boom
event syslog pattern 'UP'
action 1.0 syslog priority direct msg 'log directly to console'
Answer: D
NEW QUESTION 108
Drag and drop the threat defense solutions from the left onto their descriptions on the right.
Answer:
Explanation:
Explanation
NEW QUESTION 109 
Company policy restricts VLAN 10 to be allowed only on SW1 and SW2. All other VLANs can be on all three switches. An administrator has noticed that VLAN 10 has propagated to SW3. Which configuration corrects the issue?
A)
B)
C)
D)
- A. Option C
- B. Option B
- C. Option D
- D. Option A
Answer: A
NEW QUESTION 110
Refer to the exhibit.
An engineer is troubleshooting an application running on Apple phones. The application Is receiving incorrect QoS markings. The systems administrator confirmed that ail configuration profiles are correct on the Apple devices. Which change on the WLC optimizes QoS for these devices?
- A. Configure AVC Profiles
- B. Change the QoS level to Platinum
- C. Enable Fastlane
- D. Set WMM to required
Answer: B
NEW QUESTION 111
......
Cisco 350-401 Actual Questions and Braindumps: https://examsboost.dumpstorrent.com/350-401-exam-prep.html