Please enter your email:

1. When a wired client connects to an edge switch in an SDA fabric, which component decides
whether the client has access to the network?


2. An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as the exit point.
Assuming that all BGP neighbor relationships have been formed and that the attributes have
not been changed on any of the routers, which configuration accomplish task?


3. D. R4(config-router)#neighbor weight 200


4. Which configuration restricts the amount of SSH that a router accepts 100 kbps?


5. What NTP stratum level is a server that is connected directly to an authoritative time source?


6. How does QoS traffic shaping alleviate network congestion?


7. An engineer is describing QoS to a client. Which two facts apply to traffic policing? (Choose


8. What mechanism does PIM use to forward multicast traffic?


9. Which two namespaces does the LISP network architecture and protocol use? (Choose two)


10. Which First Hop Redundancy Protocol should be used to meet a design requirements for
more efficient default bandwidth usage across multiple devices?



A network engineer is configuring OSPF between router R1 and router R2. The engineer
must ensure that a DR/BDR election does not occur on the Gigabit Ethernet interfaces in area
0. Which configuration set accomplishes this goal?


12. What are two reasons why broadcast radiation is caused in the virtual machine environment?
(Choose two)


13. A company plans to implement intent-based networking in its campus infrastructure. Which
design facilities a migrate from a traditional campus design to a programmer fabric designer?


14. When a wireless client roams between two different wireless controllers, a network
connectivity outage is experience for a period of time. Which configuration issue would
cause this problem?


15. Which algorithms are used to secure REST API from brute attacks and minimize the impact?


16. What is the role of the RP in PIM sparse mode?


17. A network administrator is preparing a Python script to configure a Cisco IOS XE-based
device on the network. The administrator is worried that colleagues will make changes to the
device while the script is running. Which operation of the client manager in prevent colleague
making changes to the device while the script is running?


18. What are two device roles in Cisco SD-Access fabric? (Choose two)


19. Which component handles the orchestration plane of the Cisco SD-WAN?


20. Which two entities are Type 1 hypervisors? (Choose two)


21. Which access point mode allows a supported AP to function like a WLAN client would,
associating and identifying client connectivity issues?



An engineer must deny Telnet traffic from the loopback interface of router R3 to the
loopback interface of router R2 during the weekend hours. All other traffic between the
loopback interfaces of routers R3 and R2 must be allowed at all times. Which command
accomplish this task?


23. Which tool is used in Cisco DNA Center to build generic configurations that are able to be
applied on device with similar network settings?


24. A client device roams between access points located on different floors in an atrium. The
access points joined to the same controller and configuration in local mode. The access points
are in different IP addresses, but the client VLAN in the group same. What type of roam


25. What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process?


26. vlan 222
vlan 223
monitor session 1 source interface FastEthernet0/1 tx
monitor session 1 source interface FastEthernet0/2 rx
monitor session 1 source interface port-channel 5
monitor session 1 destination remote vlan 222
What is the result when a technician adds the monitor session 1 destination remote vlan
233 command?


27. In an SD-Access solution what is the role of a fabric edge node?



The inside and outside interfaces in the NAT configuration of this device have been correctly
identified. What is the effect of this configuration?


29. Which component of the Cisco Cyber Threat Defense solution provides user and flow context


30. An engineer must protect their company against ransom ware attacks. Which solution allows
the engineer to block the execution stage and prevent file encryption?



Assuming the WLC‘s interfaces are not in the same subnet as the RADIUS server, which
interface would the WLC use as the source for all RADIUS-related traffic?


32. Which benefit is offered by a cloud infrastructure deployment but is lacking in an onpremises deployment?


33. Wireless users report frequent disconnections from the wireless network. While
troubleshooting a network engineer finds that after the user a disconnect, the connection
reestablishes automatically without any input required. The engineer also notices these
message logs.

Which action reduces the user impact?


34. Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?


35. A network administrator applies the following configuration to an IOS device.

What is the process of password checks when a login attempt is made to the device?


36. What is the role of the vsmart controller in a Cisco SD-WAN environment?


37. Why is an AP joining a different WLC than the one specified through option 43?


38. Which devices does Cisco Center configure when deploying an IP-based access control


39. Which method of account authentication does OAuth 2.0 within REST APIs?


40. What does the Cisco DNA Center use to enable the delivery of applications through a
network and to yield analytics for innovation?


41. Which action is a function of VTEP in VXLAN?


42. Which type of antenna does the radiation pattern represent?


43. Which PAgP mode combination prevents an Etherchannel from forming?


44. Refer to the exhibit. A port channel is configured between SW2 and SW3. SW2 is not
running Cisco operating system. When all physical connections are mode, the port channel
does not establish. Based on the configuration excerpt of SW3, what is the cause of the


45. Refer to exhibit. VLANs 50 and 60 exist on the trunk links between all switches. All access
ports on SW3 are configured for VLAN 50 and SW1 is the VTP server. Which command
ensures that SW3 receives frames only from VLAN 50?



46. Refer to the exhibit. SwitchC connects HR and Sales to the Core switch. However, business
needs require that no traffic from the Finance VLAN traverse this switch. Which command
meets this requirement?


47. Which function does a fabric edge node perform in an SD-Access deployment?


48. Which action is the vSmart controller responsible for in an SD-WAN deployment?


49. Which statement about a Cisco APIC controller versus a more traditional SDN controller is


50. What the role of a fusion in an SD-Access solution?


51. Which statement about a fabric access point is true?


52. On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?


53. Which description of an SD-Access wireless network infrastructure deployment is true?


54. Which controller is the single plane of management for Cisco SD-WAN?


55. Which statement about the default QoS configuration on a Cisco switch is true?


56. Which QoS mechanism will prevent a decrease in TCP performance?


57. Which QoS component alters a packet to change the way that traffic is treated in the


58. Which marking field is used only as an internal marking within a router?


59. Which statement about Cisco Express Forwarding is true?


60. Which two statements about Cisco Express Forwarding load balancing are true? (Choose


61. How are the Cisco Express Forwarding table and the FIB related to each other?


62. What is the difference between a RIB and a FIB?


63. Refer to the exhibit. Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on


64. Which statement about route targets is true when using VRF-Lite?


65. Which two statements about VRF-lite are true? (Choose two)


66. Which statement explains why Type 1 hypervisor is considered more efficient than Type 2


67. What are two benefits of virtualizing the server with the use of VMs in data center
environment? (Choose two)


68. Which statement describes the IP and MAC allocation requirements for virtual machines on
type 1 hypervisors?


69. What is the main function of VRF-lite?


70. Refer to the exhibit. You have just created a new VRF on PE3. You have enabled debug ip
bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the
BGP VPNv4 table. Which two statements are true? (Choose two)


71. Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?


72. Which LISP infrastructure device provides connectivity between non-sites and LISP sites by
receiving non-LISP traffic with a LISP site destination?


73. Into which two pieces of information does the LISP protocol split the device identity?
(Choose two)


74. Refer to the exhibit. Which LISP component do routers in the public IP network use to
forward traffic between the two networks?


75. Which statement about VXLAN is true?


76. Which OSPF networks types are compatible and allow communication through the two
peering devices?


77. Based on this interface configuration, what is the expected state of OSPF adjacency?
interface GigabitEthernet0/1
ip address
ip ospf 1 area 0
ip ospf hello-interval 2
ip ospf cost 1
interface GigabitEthernet0/1
ip address
ip ospf 1 area 0
ip ospf cost 500


78. Refer to the exhibit. Which statement about the OPSF debug output is true?
R1#debug ip ospf hello
R1#debug condition interface fa0/1
Condition 1 set


79. Which EIGRP feature allows the use of leak maps?


80. Which two statements about EIGRP load balancing are true? (Choose two)


81. Which statement about LISP encapsulation in an EIGRP OTP implementation is true?


82. Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?


83. Which feature is supported by EIGRP but is not supported by OSPF?


84. Refer to the exhibit. Which IPv6 OSPF network type is applied to interface Fa0/0 of R2 by


85. In OSPF, which LSA type is responsible for pointing to the ASBR router?


86. A local router shows an EBGP neighbor in the Active state. Which statement is true about the
local router?


87. Refer to the exhibit. Which configuration establishes EBGP neighborship between these two
directly connected neighbors and exchanges the loopback network of the two routers through


88. Refer to the exhibit. Which IP address becomes the next active next hop for
when fails?


89. What is the correct EBGP path attribute list, ordered from most preferred to the least
preferred, that the BGP best-path algorithm uses?


90. Which DNS lookup does an access point perform when attempting CAPWAP discovery?


91. Which two pieces of information are necessary to compute SNR? (Choose two)


92. Which statement about Cisco EAP-FAST is true?


93. Refer to the exhibit. The WLC administrator sees that the controller to which a roaming client
associates has Mobility Role Anchor configured under Clients > Detail. Which type of
roaming is supported?


94. Refer to the exhibit. Based on the configuration in this WLAN security setting. Which
method can a client use to authenticate to the network?


95. What are two common sources of interference for WI-FI networks? (Choose two)


96. An engineer is configuring local web authentication on a WLAN. The engineer chooses the
Authentication radio button under the Layer 3 Security options for Web Policy. Which device
presents the web authentication for the WLAN?


97. Which two descriptions of FlexConnect mode for Cisco APs are true? (Choose two)


98. When configuration WPA2 Enterprise on a WLAN, which additional security component
configuration is required?


99. An engineer configures a WLAN with fast transition enabled. Some legacy clients fail to
connect to this WLAN. Which feature allows the legacy clients to connect while still
allowing other clients to use fast transition based on their OLTIs?


100. To increase total throughput and redundancy on the links between the wireless controller and
switch, the customer enabled LAG on the wireless controller. Which EtherChannel mode
must be configured on the switch to allow the WLC to connect?


101. A client device fails to see the enterprise SSID, but other devices are connected to it. What is
the cause of this issue?


102. A customer has several small branches and wants to deploy a WI-FI solution with local
management using CAPWAP. Which deployment model meets this requirement?


103. Which two methods are used by an AP that is trying to discover a wireless LAN controller?
(Choose two)


104. Refer to the exhibit. Which type of antenna do the radiation patterns present?


105. Which two statements about HSRP are true? (Choose two)


106. Which behavior can be expected when the HSRP versions is changed from 1 to 2?


107. If a VRRP master router fails, which router is selected as the new master router?


108. Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the
amount of configuration that is necessary?


109. What are three valid HSRP states? (Choose three)


110. Which two statements about VRRP are true? (Choose two)


111. Refer to this output What is the logging severity level?

R1#Feb 14 37:15:12:429: %LINEPROTO-5-UPDOWN Line protocol on interface
GigabitEthernet0/1. Change state to up


112. Which feature must be configured to allow packet capture over Layer 3 infrastructure?


113. Which two statements about IP SLA are true? (Choose two)


114. At which layer does Cisco DNA Center support REST controls?


115. Which two steps are required for a complete Cisco DNA Center upgrade? (Choose two)


116. Which statement about an RSPAN session configuration is true?


117. Which IP SLA operation requires the IP SLA responder to be configured on the remote end?


118. A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network
management is already 100% IPv6 enabled. In a dual-stack network with two dual-stack
NetFlow collections, how many flow exporters are needed per network device in the flexible
NetFlow configuration?


119. When using TLS for syslog, which configuration allows for secure and reliable transportation
of messages to its default port?


120. Refer to the exhibit. Which privilege level is assigned to VTY users?
R1# sh run | begin line con
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stoppbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stoppbits 1
line vty 0 4
password 7 03384737389E938
line vty 5 15
password 7 03384737389E938
R1#sh run | include aaa | enable
no aaa new-model


121. Which technology provides a secure communication channel for all traffic at Layer 2 of the
OSI model?


122. Which feature does Cisco TrustSec use to provide scalable, secure communication
throughout a network?


123. How does Cisco Trustsec enable more access controls for dynamic networking environments
and data centers?


124. What is the difference between the enable password and the enable secret password when
password encryption is enable on an IOS device?


125. The login method is configured on the VTY lines of a router with these parameters.
– The first method for authentication is TACACS
– If TACACS is unavailable, login is allowed without any provided credentials

Which configuration accomplishes this task?


126. Which NGFW mode block flows crossing the firewall?


127. Which method does the enable secret password option use to encrypt device passwords?


128. Which standard access control entry permits from odd-numbered hosts in the


129. Refer to the exhibit. An engineer must block all traffic from a router to its directly connected
subnet The engineer applies access control list EGRESS in the outbound
direction on the GigabitEthemet0/0 interface of the router. However, the router can still ping
hosts on the subnet. Which explanation of this behavior is true?
Extended IP access list EGRESS
10 permit ip any
—output omitted—
interface GigabitEthernet0/0
ip address
ip access-group EGRESS out
duplex auto
speed auto
media-type rj45


130. A client with IP address must access a web server on port 80 at To allow this traffic, an engineer must add a statement to an access control
list that is applied in the inbound direction on the port connecting to the web server. Which
statement allows this traffic?


131. Which access controls list allows only TCP traffic with a destination port range of 22-443,
excluding port 80?


132. Refer to the exhibit. An engineer must modify the access control list EGRESS to allow all IP
traffic from subnet to The access control list is applied in the
outbound direction on router interface GigabitEthemet 0/1.
Extended IP access list EGRESS
10 permit ip
20 deny ip any any

Which configuration commands can the engineer use to allow this traffic without disrupting
existing traffic flows?


133. Which requirement for an Ansible-managed node is true?


134. Which statement about TLS is true when using RESTCONF to write configurations on
network devices?


135. Which two operations are valid for RESTCONF? (Choose two)


136. Which exhibit displays a valid JSON file?


137. Which method creates an EEM applet policy that is registered with EEM and runs on demand
or manually?


138. What does this EEM applet event accomplish?
―event snmp oid get-type next entry-op go entry-val 75 poll-interval


139. What is the structure of a JSON web token?


140. Which two statements about the EEM applet configuration are true?
(Choose two)


141. Which network script automation option or tool is used in the exhibit?


142. Which two protocols are used with YANG data models? (Choose two)


143. Which protocol does REST API rely on to secure the communication channel?


144. Which JSON syntax is valid?


145. Which statements are used for error handling in Python?


146. Which HTTP JSON response does the python code output give?


147. Which data modeling language is commonly used by NETCONF?


148. A response code of 404 is received while using the REST API on Cisco UNA Center to
POST to this URL
/dna/intent/api/v1 /template-programmer/project
What does the code mean?


149. Which HTTP status code is the correct response for a request with an incorrect password
applied to a REST API session?


150. In which part of the HTTP message is the content type specified?


151. What do Cisco DNA southbound APIs provide?


152. Which method displays text directly into the active console with a synchronous EEM applet


153. What is the JSON syntax that is formed the data?


154. Which statement about agent-based versus agentless configuration management tools is true?


155. What is a benefit of data modeling languages like YANG?


156. Which variable in an EEM applet is set when you use the sync yes option?


157. Which two mechanisms are available to secure NTP? (Choose two)


158. What are two effect of this configuration? (Choose two)


159. Link1 is a copper connection and Link2 is a fiber connection. The fiber
port must be the primary port for all forwarding. The output of the show spanning-tree
command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters
the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.

Which command should be entered on the ports that are connected to Link2 to resolve the


160. What is a benefit of deploying an on-premises infrastructure versus a cloud infrastructure


161. Which two GRE features are configured to prevent fragmentation? (Choose two)


162. Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?


163. A network administrator is implementing a routing configuration change and enables routing
debugs to track routing behavior during the change. The logging output on the terminal is
interrupting the command typing process. Which two actions can the network administrator
take to minimize the possibility of typing commands incorrectly? (Choose two)


164. Which statement about multicast RPs is true?


165. Which IPv6 migration method relies on dynamic tunnels that use the 2002::/16 reserved
address space?


166. A GRE tunnel is down with the error message %TUN-5-RECUR DOWN:

Which two options describe possible causes of the error? (Choose two)


Question 1 of 166