350-401 Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Questions and Answers

Questions 4

An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the WLAN?

Options:

ISE server

local WLC

RADIUS server

anchor WLC

Buy Now

Questions 5

350-401 Question 5

Options:

Buy Now

Questions 6

350-401 Question 6

Options:

Buy Now

Questions 7

350-401 Question 7

Options:

Buy Now

Questions 8

350-401 Question 8

Options:

Buy Now

Questions 9

350-401 Question 9

Options:

Buy Now

Questions 10

350-401 Question 10

Options:

Buy Now

Questions 11

350-401 Question 11

Options:

Buy Now

Questions 12

350-401 Question 12

Options:

Buy Now

Questions 13

350-401 Question 13

Options:

Buy Now

Questions 14

350-401 Question 14

What is the JSON syntax that is formed the data?

350-401 Question 14

Options:

Option A

Option B

Option C

Option D

Buy Now

Questions 15

350-401 Question 15

Options:

Buy Now

Questions 16

350-401 Question 16

Options:

Buy Now

Questions 17

Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.)

Options:

local

rogue detector

monitor

FlexConnect

sniffer

Buy Now

Questions 18

Which language defines the structure or modeling of data for NETCONF and RESTCONF?

Options:

YAML

YANG

JSON

XML

Buy Now

Questions 19

Which protocol is implemented to establish secure control plane adjacencies between Cisco Catalyst SD-WAN nodes?

Options:

IPsec

TLS

IKE

ESP

Buy Now

Questions 20

Which two namespaces does the LISP network architecture and protocol use? (Choose two.)

Options:

TLOC

RLOC

DNS

VTEP

EID

Buy Now

Questions 21

Why is a Type 1 hypervisor more efficient than a Type 2 hypervisor?

Options:

Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques.

Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS.

Type 1 hypervisor enables other operating systems to run on it.

Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network resources.

Buy Now

Questions 22

What is a characteristics of Wi-Fi channels?

Options:

The 2 4-GHz balWMS§24 non-overlapping channels

Devices that connect to the same Wi-Fi channel reside in the same collision domain.

Wi-Fi channels are spaced 30 MHz apart.

The 5-GHz band offers 11 different channels for Wi-Fi clients

Buy Now

Questions 23

What is a difference between OSPF and EIGRP?

Options:

OSPF uses IP protocol number 88. EIGRP uses IP protocol number 89.

OSPF uses a default hello timer of 5 seconds. EIGRP uses a default hello timer of 10 seconds.

OSPF uses an administrative distance of 115. EIGRP uses an administrative distance of 160.

OSPF uses multicast addresses 224.0.0.5 and 224.0.0.6. EIGRP uses multicast address 224.0.0.10.

Buy Now

Questions 24

350-401 Question 24

Refer to the exhibit. What is the output of this code?

350-401 Question 24

Options:

Option A

Option B

Option C

Option D

Buy Now

Questions 25

Which feature is used to propagate ARP. broadcast, and link-local frames across a Cisco SD-Access fabric to address connectivity needs for silent hosts that require reception of traffic to start communicating?

Options:

Native Fabric Multicast

Layer 2 Flooding

SDA Transit

Multisite Fabric

Buy Now

Questions 26

Which method does FastLocate use to collect location-based information?

Options:

RFID

client probing

beacons

data packets

Buy Now

Questions 27

Which method ensures the confidentiality of data exchanged over a REST API?

Options:

Use TLS to secure the underlying HTTP session.

Use me POST method Instead or URL-encoded GET to pass parameters.

Deploy digest-based authentication to protect the access to the API.

Encode sensitive data using Base64 encoding.

Buy Now

Questions 28

350-401 Question 28

Reler to the exhibit. An engineer configuring WebAuth on a Cisco Catalyst 9000 Series WIC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use bit on the WebAuth splash page What must be configured so that the clients do not receive a certificate error?

Options:

Virtual IPv4 Address must be set to a routable address.

Virtual IPv4 Hostname must match the CN of the certificate.

Trustpoint must be set to the management certificate of the WLC.

Web Auth Intercept HTTPs must be enabled.

Buy Now

Questions 29

How does SSO work with HSRP to minimize network disruptions?

Options:

It enables HSRP to elect another switch in the group as the active HSRP switch.

It ensures fast failover in the case of link failure.

It enables data forwarding along known routes following a switchover, white the routing protocol reconverges.

It enables HSRP to failover to the standby RP on the same device.

Buy Now

Questions 30

Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show running-config. Which command completes the configuration?

Options:

Device(config)# netconf lock-time 500

Device(config)# netconf max-message 1000

Device(config)# no netconf ssh acl 1

Device(config)# netconf max-sessions 100

Buy Now

Questions 31

When deploying Cisco SD-Access Fabric APs, where does the data plane VXLAN tunnel terminate?

Options:

on the first-hop fabric edge switch

on the WLC node

on the fabric border node switch

directly on the fabric APs

Buy Now

Questions 32

A wireless network engineer must configure a WPA2+WPA3 policy with the Personal security type. Which action meets this requirement?

Options:

Configure the GCMP256 encryption cipher.

Configure the CCMP128 encryption cipher.

Configure the GCMP128 encryption cipher.

Configure the CCMP256 encryption cipher.

Buy Now

Questions 33

350-401 Question 33

Refer to the exhibit. Authentication for users must first use RADIUS, and fall back to the local database on the router if the RADIUS server is unavailable Which two configuration sets are needed to achieve this result? (Choose two.)

350-401 Question 33

Options:

Option A

Option B

Option C

Option D

Buy Now

Questions 34

350-401 Question 34

Refer to the exhibit. The network administrator must be able to perform configuration changes when all the RADIUS servers are unreachable. Which configuration allows all commands to be authorized if the user has successfully authenticated?

Options:

aaa authorization exec default group radius if-authenticated

aaa authorization exec default group radius none

aaa authorization exec default group radius

aaa authentication login default group radius local none

Buy Now

Answer:

Explanation:

The correct answer is A. aaa authorization exec default group radius if-authenticated.

The key part of this question is the phrase “when all the RADIUS servers are unreachable” and “if the user has successfully authenticated.” In Cisco AAA, the if-authenticated keyword means that if the authorization server cannot be reached, the device grants authorization as long as the user has already been authenticated successfully. Cisco documentation explicitly states that with:

aaa authorization exec default group radius if-authenticated

the device contacts the RADIUS server for EXEC authorization, and if an error occurs contacting the server, the fallback is to permit the CLI to start, provided the user has been properly authenticated.

The current config already has:

aaa authentication login default group radius local

So, if RADIUS is down, login can fall back to the local user database.

Adding:

aaa authorization exec default group radius if-authenticated

ensures that once the user is authenticated, authorization is permitted even if RADIUS is unreachable. This is the Cisco-supported fallback behavior for AAA authorization.

B. aaa authorization exec default group radius none The none method means no authorization is performed if the previous method fails, but this is not the Cisco ENCOR-recommended method for allowing access after successful authentication. The question specifically targets the if-authenticated authorization fallback behavior.

C. aaa authorization exec default group radius This attempts authorization through RADIUS only. If the RADIUS servers are unreachable, authorization fails and the administrator may not be able to proceed.

D. aaa authentication login default group radius local none This is an authentication command, not an authorization command, so it does not solve the requirement to authorize commands after login.

ENCOR exam point:

Remember the difference:

Authentication = verifies identity

Authorization = determines what the user is allowed to do

For Cisco AAA fallback behavior:

local is commonly used for authentication fallback

if-authenticated is the key keyword for authorization fallback when the AAA server is unreachable

Questions 35

Which new security enhancement is introduced by deploying a next-generation firewall at the data center in addition to the Internet edge?

Options:

virtual private network for remote access

DDoS protection

firewall protection of the east-west traffic at the data center

firewall protection of the south-north traffic at the data center

Buy Now

Questions 36

A customer has several small branches and wants to deploy a Wi-Fi solution with local management using CAPWAP. Which deployment model meets this requirement?

Options:

local mode

SD-Access wireless

autonomous

Mobility Express

Buy Now

Questions 37

What is the role of the vSmart controller in a Cisco Catalyst SD-WAN environment?

Options:

It is the centralized network management system.

It manages the data plane.

It manages the control plane.

It performs authentication and authorization.

Buy Now

Questions 38

Drag and drop the characteristics from the left onto the tools on the right. Not all options are used.

350-401 Question 38

Options:

Buy Now

Questions 39

350-401 Question 39

Assuming the WLC ' s interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

Options:

the interface specified on the WLAN configuration

any interface configured on the WLC

the controller management interface

the controller virtual interface

Buy Now

Questions 40

What are two device roles in Cisco SD-Access fabric? (Choose two.)

Options:

core switch

vBond controller

edge node

access switch

border node

Buy Now

Questions 41

Which measurement is used from a post wireless survey to depict the cell edge of the access points?

Options:

RSSI

SNR

Noise

CCI

Buy Now

Questions 42

A wireless administrator must create a new web authentication corporate SSID that will be using ISE as the external RADIUS server. The guest VLAN must be specified after the authentication completes. Which action must be performed to allow the ISE server to specify the guest VLAN?

Options:

Set RADIUS Profiling.

Set AAA Policy name.

Enable Network Access Control State.

Enable AAA Override.

Buy Now

Questions 43

Which technology is the Cisco SD-Access control plane based on?

Options:

LISP

CTS

SGT

VRF

Buy Now

Questions 44

What is the base unit of definition in YANG?

Options:

module

include statement

stanza

node

Buy Now

Questions 45

What is a client who is using 802.1x for authentication referred to as?

Options:

authenticator

policy enforcement point

NAC device

supplicant

Buy Now

Questions 46

What does a YANG model provide?

Options:

standardized data structure independent of the transport protocols

creation of transport protocols and their interaction with the OS

user access to interact directly with the CLI of the device to receive or modify network configurations

standardized data structure that can be used only with NETCONF or RESTCONF transport protocols

Buy Now

Questions 47

Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two.)

Options:

custom headers

authentication

authorization

request management

accounting

Buy Now

Questions 48

When using a Cisco Catalyst 9800 Series WLC, which tag/profile can be applied to APs to change the mode to FlexConnect in a specific location?

Options:

policy tag

site tag

AP join profile

flex profile

Buy Now

Questions 49

Which two new security capabilities are introduced by using a next-generation firewall at the Internet edge? (Choose two.)

Options:

integrated intrusion prevention

VPN

application-level inspection

stateful packet inspection

NAT

Buy Now

Questions 50

What is used by vManage to interact withCiscoSD-WAN devices in the fabric?

Options:

northbound API

RESTCONF

Southbound API

IPsec

Buy Now

Questions 51

What is the recommended minimum SNR for Voice applications for networks?

Options:

Buy Now

Questions 52

Refer to the exhibit.

350-401 Question 52

Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

350-401 Question 52

Options:

Option A

Option B

Option C

Option D

Buy Now

Questions 53

A script contains the statement •white loop != 999 ’ Which value terminates the loop?

Options:

A value equal to 999.

A value not equal to 999.

A value greater than or equal to 999.

A value less than or equal to 999.

Buy Now

Questions 54

A customer requests a design that includes GLBP as the FHRP. The network architect discovers that the members of the GLBP group have different throughput capabilities. Which GLBP load balancing method supports this environment?

Options:

host dependent

weighted

least connection

round robin

Buy Now

Questions 55

Which characteristic applies to a traditional WAN solution but not to a Cisco Catalyst SD-WAN solution?

Options:

Centralized reachability, security, and application policies

Time-consuming configuration and maintenance

Low complexity and increased overall solution scale

Operates over DTLS/TLS-authenticated and secured tunnels

Buy Now

Questions 56

350-401 Question 56

Refer to the exhibit A network engineer must use a Python script lo convert data received from a network device. Which type of data is printed to the console when the script runs?

Options:

dictionary with a key-value pair

list of lists

list of strings

tuple list

Buy Now

Questions 57

What is a TLOC in a Cisco Catalyst SD-WAN deployment?

Options:

component set by the administrator to differentiate similar nodes that offer a common service

value that identifies a specific tunnel within the Cisco Catalyst SD-WAN overlay

identifier that represents a specific service offered by nodes within the Cisco Catalyst SD-WAN overlay

attribute that acts as a next hop for network prefixes

Buy Now

Questions 58

What is a characteristic of VXLAN?

Options:

It extends Layers 2 and Layer 3 overlay network over a Layer 2 underly.

It has a 12-byte packet header.

Its frame encapsulation is performed by MAC-in-UDP.

It uses TCP for transport

Buy Now

Questions 59

An engineer is implementing a new SSID on a Cisco Catalyst 9800 Series WLC that must be broadcast on 6 GHz radios. Users will be required to use EAP-TLS to authenticate. Which wireless Layer 2 security method is required?

Options:

WPA3 Personal

WPA3 Enterprise

WPA2 Personal

Buy Now

Questions 60

An engineer must create a new SSID on a Cisco 9800 wireless LAN controller. The client has asked to use a pre-shared key for authentication. Which profile must the engineer edit to achieve this requirement?

Options:

WLAN

Policy

Flex

Buy Now

Questions 61

Which language defines the structure or modelling of data for NETCONF and RESTCONF?

Options:

JSON

YANG

XML

YAML

Buy Now

Questions 62

Which JSON syntax is valid?

350-401 Question 62

Options:

Option A

Option B

Option C

Option D

Buy Now

Questions 63

In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

Options:

advertisement of network prefixes and their attributes

configuration of control and data policies

gathering of underlay infrastructure data

delivery of crypto keys

segmentation and differentiation of traffic

Buy Now

Questions 64

What is used to validate the authenticity of the client and is sent in HTTP requests as a JSON object?

Options:

SSH

TLS

HTTPS

JWT

Buy Now

Questions 65

Which task Is mandatory when provisioning a device through the plug-and-play workflow in Cisco DNA Center?

Options:

site assignment

slack serial number assignment

golden image upgrade

template configuration application

Buy Now

Questions 66

Why would an architect use an OSPF virtual link?

Options:

to allow a stub area to transit another stub area

to merge two existing Area 0s through a nonbackbone

to connect two networks that have overlapping private IP address space

to connect a nonbackbone area to Area 0 through another nonbackbone area

Buy Now

Questions 67

Drag and drop the characteristics from the left onto the orchestration tools they describe on the right.

350-401 Question 67

Options:

Buy Now

Questions 68

In which two ways does PIM dense mode function in the network? (Choose two.)

Options:

It waits to forward multicast traffic until a downstream router requests the traffic.

It utilizes the designated forwarder election to avoid multicast packet loops.

It receives traffic from only one Reverse Path Forwarding interface.

It forwards multicast traffic on all interfaces until a downstream router requests that forwarding stop.

It uses a push method, and fallback occurs when RP information is lost.

Buy Now

Questions 69

How is a data modelling language used?

Options:

To enable data to be easily structured grouped validated and replicated

To represent finite and well-defined network elements that cannot be changed

To model the flows of unstructured data within the infrastructure

To provide human readability to scripting languages

Buy Now

Questions 70

What is the measure of the difference between the received signal and the noise floor in a wireless environment?

Options:

XOR

RSSI

RRM

SNR

Buy Now

Questions 71

What is a client who is running 802.1x for authentication reffered to as?

Options:

supplicant

NAC device

authenticate

policy enforcement point

Buy Now

Questions 72

350-401 Question 72

Refer to the exhibit. The key value pairs must be extracted by iterating through a list of tuples. Which statement completes the snippet and prints each key value pair as a tuple?

Options:

for device, value In device_ip.items(): print(device)

for device in device_ip.items(): print(device)

for device in device_ip.values(): print(device)

for device in deviceip: print(device)

Buy Now

Questions 73

A customer wants to use a single SSID to authenticate loT devices using different passwords. Which Layer 2 security type must be configured in conjunction with Cisco ISE to achieve this requirement?

Options:

Identity PSK

Fast Transition

Central Web Authentication

Cisco Centralized Key Management

Buy Now

Questions 74

Ascriptcontainsthe statement white loop != 999 ’ Which value terminates the loop?

Options:

A value equal to 999.

A value not equal to 999.

A value greater than or equal to 999.

A value less than or equal to 999.

Buy Now

Questions 75

350-401 Question 75

Refer to the exhibit. What does this code achieve?!

Options:

It generates a list containing only the hostname of the LLDP neighbor.

It generates a list of the LLDP neighbors and their capabilities

It generates a list of routers with the Repeater capability.

It generates a count of the LLDP neighbors.

Buy Now

Questions 76

350-401 Question 76

Refer to the exhibit. A POST /discovery request spawns an asynchronous task. After querying for more information about the task, the Cisco DNA Center platform returns the REST API response. What is the status of the discovery task?

Options:

restarted

failed

stopped

successful

Buy Now

Questions 77

Which two operations are valid for RESTCONF? (Choose two)

Options:

PULL

ADD

HEAD

REMOVE

GET

PUSH

Buy Now

Questions 78

Which two pieces of information are necessary to compute SNR? (Choose two.)

Options:

EIRP

noise floor

antenna gain

RSSI

transmit power

Buy Now

Questions 79

An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLAN Layer 3 setting must be configured to provide this functionally?