• Home
  • Articles
  • 350-401 Practice Dumps - Verified By PassLeader Updated 1175 Questions [Q538-Q561]

350-401 Practice Dumps - Verified By PassLeader Updated 1175 Questions [Q538-Q561]

Share

350-401 Practice Dumps - Verified By PassLeader Updated 1175 Questions

Updated 350-401 Exam Dumps - PDF Questions and Testing Engine


Cisco 350-401 exam is the core exam for several Cisco certifications, including CCNP Enterprise, CCIE Enterprise Infrastructure, and CCIE Enterprise Wireless. It covers a wide range of topics, such as network design, virtualization, automation, security, and wireless technologies. Candidates are required to demonstrate their knowledge of these topics through a combination of multiple-choice questions, simulations, and hands-on troubleshooting exercises.

 

NEW QUESTION # 538
In a Cisco SD-WAN solution, which two functions are performed by OMP? (Choose two.)

  • A. gathering of underlay infrastructure data
  • B. advertisement of network prefixes and their attributes
  • C. segmentation and differentiation of traffic
  • D. delivery of crypto keys
  • E. configuration of control and data policies

Answer: B,E

Explanation:
Explanation
OMP is the control protocol that is used to exchange routing, policy, and management information between Cisco vSmart Controllers and Cisco IOS XE SD-WAN devices in the overlay network. These devices automatically initiate OMP peering sessions between themselves, and the two IP end points of the OMP session are the system IP addresses of the two devices.


NEW QUESTION # 539
Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

  • A. the interface specified on the WLAN configuration
  • B. the controller management interface
  • C. any interface configured on the WLC
  • D. the controller virtual interface

Answer: A


NEW QUESTION # 540
Which algorithms are used to secure REST API from brute attacks and minimize the impact?

  • A. PBKDF2, BCrypt, and SCrypt
  • B. SHA-512 and SHA-384
  • C. MD5 algorithm-128 and SHA-384
  • D. SHA-1, SHA-256, and SHA-512

Answer: A

Explanation:
One of the best practices to secure REST APIs is using password hash. Passwords must always be hashed to protect the system (or minimize the damage) even if it is compromised in some hacking attempts. There are many such hashing algorithms which can prove really effective for password security e.g. PBKDF2, bcrypt and scrypt algorithms.
Other ways to secure REST APIs are: Always use HTTPS, Never expose information on URLs (Usernames, passwords, session tokens, and API keys should not appear in the URL), Adding Timestamp in Request, Using OAuth, Input Parameter Validation.
Reference: https://restfulapi.net/security-essentials/
We should not use MD5 or any SHA (SHA-1, SHA-256, SHA-512...) algorithm to hash password as they are not totally secure.
Note: A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.


NEW QUESTION # 541
Refer to the exhibit.

The inside and outside interfaces in the NAT configuration of this device have been correctly identified. What is the effect of this configuration?

  • A. PAT
  • B. static NAT
  • C. NAT64
  • D. dynamic NAT

Answer: A

Explanation:
The command "ip nat inside source list 1 interface gigabitethernet0/0 overload"
translates all source addresses that pass access list 1, which means 172.16.1.0/24
subnet, into an address assigned to gigabitethernet0/0 interface. Overload keyword
allows to map multiple IP addresses to a single registered IP address (many-toone)
by using different ports so it is called Port Address Translation (PAT).


NEW QUESTION # 542
What is the difference between the enable password and the enable secret password when password encryption is enable on an IOS device?

  • A. The enable password is encrypted with a stronger encryption method.
  • B. There is no difference and both passwords are encrypted identically.
  • C. The enable password cannot be decrypted.
  • D. The enable secret password is protected via stronger cryptography mechanisms.

Answer: D


NEW QUESTION # 543
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

Explanation:


NEW QUESTION # 544

Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device?

  • A. A NETCONF message with valid content based on the YANG data models was made, but the request failed.
  • B. The NETCONF running datastore is currently locked.
  • C. The device received a valid NETCONF request and serviced it without error.
  • D. A NETCONF request was made for a data model that does not exist.

Answer: D

Explanation:


NEW QUESTION # 545
Refer to the exhibit.

Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of
192.168.1.200?

  • A. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerl ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2
  • B. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 global
    ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 global
    ip route 192.168.1.0 255.255.255.0 VlanlO
    ip route 172.16.1.0 255.255.255.0 Vlan20
  • C. ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 global
    ip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 global
    ip route 192.168.1.0 255.255.255.0 VlanlO
    ip route 172.16.1.0 255.255.255.0 Vlan20
  • D. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2 ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl

Answer: B


NEW QUESTION # 546
What are two characteristics of Cisco SD-Access elements? (Choose two.)

  • A. Fabric endpoints are connected directly to the border node.
  • B. The border node is required for communication between fabric and nonfabric devices.
  • C. The border node has the full RLOC-to-EID mapping database.
  • D. The control plane node has the full RLOC-to-EID mapping database.
  • E. Traffic within the fabric always goes through the control plane node.

Answer: B,D


NEW QUESTION # 547
Drag and drop the characteristics from the left onto the orchestration tools they describe on the right.

Answer:

Explanation:


NEW QUESTION # 548
In a Cisco VXLAN based network, which of the following best describes the main function of a VXLAN Tunnel Endpoint (VTEP)?

  • A. It is the Logical interface where the encapsulation and de-encapsulation occurs.
  • B. It is a 24 bit segment ID that defines the broadcast domain.
  • C. It is a device that performs tunneling using GRE.
  • D. A device that performs VXLAN encapsulation and decapsulation.

Answer: D

Explanation:
VTEP (Virtual Tunnel Endpoint) - This is the device that does the encapsulation and de- encapsulation.
https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/118978-config- vxlan-00.html


NEW QUESTION # 549
Refer to the exhibit. What is output by this code?

  • A. 0 5
  • B. 0 1 2 3 4
  • C. (0,5)
  • D. 0 1 2 3 4 5

Answer: D


NEW QUESTION # 550
An engineer must configure a new loopback Interface on a router and advertise the interface as a fa4 in OSPF. Which command set accomplishes this task?
A)

B)

C)

D)

  • A. Option B
  • B. Option A
  • C. Option C
  • D. Option D

Answer: B

Explanation:
Step 1. Create the loopback interface using the interface loopback number global configuration command.
Step 2. Add a description. Although optional, it is a necessary component for documenting a network.
Step 3. Configure the IP address.
For example, the following commands configure a loopback interface of the R1 router shown in (shown earlier in the chapter):
R1# configure terminal
R1(config)# interface loopback 0
R1(config-if)# ip address 10.0.0.1 255.255.255.0
R1(config-if)# exit
R1(config)#


NEW QUESTION # 551
Refer to the exhibit.

Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

  • A. configure switchport mode dynamic desirable on SW2
  • B. configure switchport nonegotiate on SW1
  • C. configure switchport mode access on SW2
  • D. configure switchport mode trunk on SW2
  • E. configure switchport nonegotiate on SW2

Answer: A,D


NEW QUESTION # 552
What is the role of the RP in PIM sparse mode?

  • A. The RP acts as a control-plane node and does not receive or forward multicast packets.
  • B. The RP responds to the PIM join messages with the source of requested multicast group
  • C. The RP maintains default aging timeouts for all multicast streams requested by the receivers.
  • D. The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree.

Answer: D

Explanation:
Explanation
Multicast Distribution Shared Tree - Unlike source trees that have their root at the source, shared trees use a single common root placed at some chosen point in the network. This shared root is called a rendezvous point (RP). Source:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-5/configuration_guide/ip_m
https://netcraftsmen.com/pim-sparse-mode/


NEW QUESTION # 553
Drag and drop the characteristics from the left to the correct Infrastructure deployment type on the right.

Answer:

Explanation:

Explanation


NEW QUESTION # 554
Refer to me exhibit.

Refer to the exhibit. A network engineer configures NAT on R1 and enters me show command to verity me configuration What toes the output confirm?

  • A. The first pocket triggered NAT to add an entry to the NAT table
  • B. R1 is configured with NAT overload parameters.
  • C. A Telnet session from 160.1.1.1 to 10.1.1.10 has been initiated.
  • D. R1 a configured win PAT overload parameters

Answer: A


NEW QUESTION # 555
Refer to the exhibit.

What does the snippet of code achieve?

  • A. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.
  • B. It creates an SSH connection using the SSH key that is stored, and the password is ignored.
  • C. It opens a tunnel and encapsulates the login information, if the host key is correct.
  • D. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.

Answer: B


NEW QUESTION # 556
Drag and drop the REST API authentication method from the left to the description on the right.

Answer:

Explanation:


NEW QUESTION # 557
Which two security features are available when implementing NTP? (Choose two )

  • A. symmetric server passwords
  • B. dock offset authentication
  • C. access list-based restriction scheme
  • D. encrypted authentication mechanism
  • E. broadcast association mode

Answer: C,D

Explanation:
The time kept on a machine is a critical resource and it is strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.
Reference:
https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html


NEW QUESTION # 558
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

Answer:

Explanation:

.


NEW QUESTION # 559
Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-bye IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

  • A. The packet is discarded on router B
  • B. The packet arrives on router C without fragmentation.
  • C. The packet is discarded on router A
  • D. The packet arrives on router C fragmented.

Answer: B


NEW QUESTION # 560
Refer to me exhibit.

Refer to the exhibit. POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?

  • A. The JSON payload contains the incorrect UUID
  • B. The token has expired.
  • C. Authentication has failed
  • D. The URI string is incorrect

Answer: D


NEW QUESTION # 561
......

New (2024) Cisco 350-401 Exam Dumps: https://www.passleader.top/Cisco/350-401-exam-braindumps.html

Best Way To Study For Cisco 350-401 Exam Brilliant 350-401 Exam Questions PDF: https://drive.google.com/open?id=1kDH1U4kJtxvgqRzrgwwOiVp92gIP4RGJ

Related Articles

more
Cisco 350-401 Certification Practice Exam