PDF (New 2024) Actual Cisco 350-401 Exam Questions [Q627-Q647] | TestBraindump

  • Home
  • Articles
  • PDF (New 2024) Actual Cisco 350-401 Exam Questions [Q627-Q647]

PDF (New 2024) Actual Cisco 350-401 Exam Questions [Q627-Q647]

Share

PDF (New 2024) Actual Cisco 350-401 Exam Questions

Dumps Moneyack Guarantee - 350-401 Dumps UpTo 90% Off

NEW QUESTION # 627
Refer to the exhibit.

Which privilege level is assigned to VTY users?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
The exhibit shows the configuration of a router's line console (line con) and virtual terminal lines (VTY). The privilege level assigned to VTY users is indicated by the command privilege level 15 under the line vty configuration section, which means that VTY users are assigned privilege level 15, granting them full access to all router commands. References: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) training materials.


NEW QUESTION # 628
Drag and drop the characteristics from the left onto the deployment models on the right.

Answer:

Explanation:


NEW QUESTION # 629
Drag and drop the characteristics from the left onto the deployment model on the right.

Answer:

Explanation:

Explanation:
CLOUD1 and 3ON-PREMISES2 and 4


NEW QUESTION # 630
Drag and drop the virtual components from the left onto their deceptions on the right.

Answer:

Explanation:


NEW QUESTION # 631
What does the destination MAC on the outer MAC header identify in a VXLAN packet?

  • A. the remote switch
  • B. the next hop
  • C. thee emote spine
  • D. the leaf switch

Answer: B

Explanation:
In a VXLAN packet, the destination MAC address in the outer MAC header is used to identify the next-hop IP address based on the destination VTEP address in the routing table of the VTEP where the VM that sends packets resides. This ensures that the encapsulated packet is correctly forwarded towards the remote VTEP.


NEW QUESTION # 632
Which activity requires access to Cisco DNA Center CLI?

  • A. provisioning a wireless LAN controller
  • B. creating a configuration template
  • C. graceful shutdown of Cisco DNA Center
  • D. upgrading the Cisco DNA Center software

Answer: D

Explanation:
Access to Cisco DNA Center CLI is required when upgrading the Cisco DNA Center software. The CLI provides a direct interface to the underlying system, allowing for detailed control and monitoring of the upgrade process. It is essential for executing commands that may not be available through the graphical user interface (GUI), ensuring a precise and controlled software upgrade. References: The official Cisco documentation outlines the procedure for upgrading Cisco DNA Center software via CLI, detailing the necessary steps and precautions to take during the process


NEW QUESTION # 633
What are two reasons why broadcast radiation is caused in the virtual machine environment? (Choose two.)

  • A. The Layer 2 domain can be large in virtual machine environments.
  • B. Communication between vSwitch and network switch is broadcast based.
  • C. Virtual machines communicate primarily through broadcast mode.
  • D. vSwitch must interrupt the server CPU to process the broadcast packet.
  • E. Communication between vSwitch and network switch is multicast based.

Answer: A,C

Explanation:
Broadcast radiation is the accumulation of broadcast and multicast traffic on a computer network. Extreme amounts of broadcast traffic constitute a broadcast storm.
The amount of broadcast traffic you should see within a broadcast domain is directly proportional to the size of the broadcast domain. Therefore if the layer 2 domain in virtual machine environment is too large, broadcast radiation may occur -> VLANs should be used to reduce broadcast radiation.
Also if virtual machines communicate via broadcast too much, broadcast
radiation may occur.
Another reason for broadcast radiation is using a trunk (to extend VLANs) from the network switch to the physical server.
Note about the structure of virtualization in a hypervisor:
Hypervisors provide virtual switch (vSwitch) that Virtual Machines (VMs) use to communicate with other VMs on the same host. The vSwitch may also be connected to the host's physical NIC to allow VMs to get layer 2 access to the outside world.
Each VM is provided with a virtual NIC (vNIC) that is connected to the
virtual switch. Multiple vNICs can connect to a single vSwitch, allowing VMs on a physical host to communicate with one another at layer 2 without having to go out to a physical switch.

Although vSwitch does not run Spanning-tree protocol but vSwitch
implements other loop prevention mechanisms. For example, a
frame that enters from one VMNIC is not going to go out of the
physical host from a different VMNIC card.


NEW QUESTION # 634
Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.

Answer:

Explanation:

Explanation

Table Description automatically generated
There are four messages sent between the DHCP Client and DHCP Server: DHCPDISCOVER, DHCPO FFER, DHCPREQUEST and DHCPACKNOWLEDGEMENT.
This process is often abbreviated as DORA (for Discover, Offer, Request, Acknowledgement).


NEW QUESTION # 635
Refer to the exhibit.

What is the Json syntax that is formed from the data?

  • A. {"Name": "Bob Johnson", "Age": Seventyfive, "Alive": true, "Favorite Foods": ["Cereal", "Mustard",
    "Onions"]}
  • B. {Name: Bob Johnson, Age: 75, Alive: true, Favorite Foods: [Cereal, Mustard, Onions]}
  • C. {""Name': ""Bob Johnson', ""Age': 75, ""Alive': True, ""Favorite Foods': """Cereal', ""Mustard',
    ""Onions'}
  • D. {"Name": "Bob Johnson", "Age": 75, "Alive": true, "Favorite Foods": ["Cereal", "Mustard", "Onions"]}

Answer: D


NEW QUESTION # 636
Refer to the exhibit.

A network engineer must configure the router to use the ISE-Servers group for authentication. If both ISE servers are unavailable, the local username database must be used. If no usernames are defined in the configuration, then the enable password must be the last resort to log in. Which configuration must be applied to achieve this result?

  • A. aaa authentication login default group enable local ISE-Servers
  • B. aaa authentication login default group ISE-Servers local enable
  • C. aaa authentication login error-enable
    aaa authentication login default group enable local ISE-Servers
  • D. aaa authorization exec default group ISE-Servers local enable

Answer: B


NEW QUESTION # 637
Refer to the exhibit. An engineer configures the trunk and proceeds to configure an ESPAN session to monitor VLANs 10, 20, and 30. Which command must be added to complete this configuration?

  • A. Device(config-mon-erspan-src-dst}# erspan-id 6
  • B. Device(config-mon-erspan-src)# no filter vlan 30
  • C. Device(config-mon-erspan-src-dst)# no vrf 1
  • D. Device(config-mon-erspan-src-dst)# mtu 1460

Answer: B

Explanation:
You cannot include source VLANs and filter VLANs in the same session.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-
5/configuration_guide/nmgmt/b_165_nmgmt_3850_cg/b_165_nmgmt_3850_cg_chapter_0111.pd f


NEW QUESTION # 638
Refer to The exhibit.

Assuming that R1 is a CE router, which VRF is assigned to Gi0/0 on R1?

  • A. VRF VFN_A
  • B. VRF VPN_B
  • C. management VRF
  • D. default VRF

Answer: A

Explanation:
The correct answer is A. VRF VPN_A. In a typical service provider network, a Customer Edge (CE) router like R1 is connected to a Provider Edge (PE) router, which in this case is R2. The PE router segregates traffic from different customers using Virtual Routing and Forwarding (VRF) instances. Since R1 is connected to R2 and is part of VPN_A, the Gi0/0 interface on R1 would be assigned to VRF VPN_A to maintain the separation of customer traffic and ensure that R1's traffic is routed within VPN_A.


NEW QUESTION # 639
Which Cisco FlexConnect state allows wireless users that are connected to the network to continue working after the connection to the WLC has been lost?

  • A. Authentication- Down/Switch-Local
  • B. Authentication-Central/Switch-Central
  • C. Authentication-Central/Switch-Local
  • D. Authentication Down/Switching Down

Answer: C

Explanation:
In Cisco FlexConnect, when the connection to the Wireless LAN Controller (WLC) is lost, the state that allows wireless users to continue working is Authentication-Central/Switch-Local. This means that while authentication is centrally done through the WLC, the switching of data packets is done locally at the access point. If the WLC connection is lost, the access point can still switch data packets locally, allowing users to continue their work uninterrupted.


NEW QUESTION # 640
The login method is configured on the VTY lines of a router with these parameters.
The first method for authentication is TACACS
If TACACS is unavailable, login is allowed without any provided credentials
Which configuration accomplishes this task?

  • A. R1#sh run | include aaa
    aaa new-model
    aaa authentication login telnet group tacacs+ none
    aaa session-id common
    R1#sh run | section vty
    line vty 0 4
    R1#sh run | include username
    R1#
  • B. R1#sh run | include aaa
    aaa new-model
    aaa authentication login default group tacacs+ none
    aaa session-id common
    R1#sh run | section vty
    line vty 0 4
    password 7 0202039485748
  • C. R1#sh run | include aaa
    aaa new-model
    aaa authentication login default group tacacs+
    aaa session-id common
    R1#sh run | section vty
    line vty 0 4
    transport input none
    R1#
  • D. R1#sh run | include aaa
    aaa new-model
    aaa authentication login VTY group tacacs+ none
    aaa session-id common
    R1#sh run | section vty
    line vty 0 4
    password 7 0202039485748
    R1#sh run | include username
    R1#

Answer: B

Explanation:
According to the requirements (first use TACACS+, then allow login with no authentication), we
have to use "aaa authentication login ... group tacacs+ none" for AAA command.
The next thing to check is the if the "aaa authentication login default" or "aaa authentication
login list-name" is used. The 'default' keyword means we want to apply for all login connections
(such as tty, vty, console and aux). If we use this keyword, we don't need to configure anything
else under tty, vty and aux lines. If we don't use this keyword then we have to specify which
line(s) we want to apply the authentication feature.
From above information, we can find out answer 'R1#sh run | include aaa
aaa new-model
aaa authentication login default group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
password 7 0202039485748
If you want to learn more about AAA configuration, please read our AAA TACACS+ and RADIUS
Tutorial - Part 2.
For your information, answer 'R1#sh run | include aaa
aaa new-model
aaa authentication login telnet group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
R1#sh run | include username
R1#' would be correct if we add the following command under vty line ("line vty 0 4"): "login
authentication telnet" ("telnet" is the name of the AAA list above)


NEW QUESTION # 641
A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use?

  • A. SNMPtrap
  • B. Port mirroring
  • C. API integration
  • D. Syslog collection

Answer: B

Explanation:
To inspect network traffic using a passive IDS (Intrusion Detection System), the network administrator should use port mirroring. Port mirroring copies network traffic from one port (or multiple ports) to another designated port where the IDS can analyze the traffic without affecting the normal operation of the network.


NEW QUESTION # 642
Drag and Drop Question
Drag and drop the characteristics from the left to the table types on the right.

Answer:

Explanation:


NEW QUESTION # 643
Refer to the exhibit

Which two facts does the device output confirm? (Choose two)

  • A. The device sends unicast messages to its peers
  • B. The device is configured with the default HSRP priority
  • C. The device's HSRP group uses the virtual IP address 10.0.3.242.
  • D. The standby device is configured with the default HSRP priority
  • E. The device is using the default HSRP hello timer

Answer: B,E


NEW QUESTION # 644
Drag and drop the solutions that comprise Cisco Cyber Threat Defense from the left onto the objectives they accomplish on the right.

Answer:

Explanation:


NEW QUESTION # 645
How does Protocol Independent Multicast function?

  • A. It uses broadcast routing information to perform the multicast forwarding function.
  • B. It uses unicast routing information to perform the multicast forwarding function.
  • C. In sparse mode it establishes neighbor adjacencies and sends hello messages at 5-second intervals.
  • D. It uses the multicast routing table to perform the multicast forwarding function.

Answer: B


NEW QUESTION # 646
Which capability does a distributed virtual switch have?

  • A. use advanced IPsec encryption algorithms
  • B. use floating static routes
  • C. run dynamic routing protocols
  • D. provide centralized management for virtual switches

Answer: D


NEW QUESTION # 647
......

Updated Dec-2024 Pass 350-401 Exam - Real Practice Test Questions: https://actualtests.testbraindump.com/350-401-exam-prep.html

Related Articles

more
Cisco 350-401 Certification Practice Exam

TestBraindump will help you pass the professional IT test with the latest test braindump and test study materials.

Latest Test Braindump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestBraindump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy