• Home
  • Blogs
  • A fully updated 2021 350-401 Exam Dumps exam guide from training expert Exam-Killer [Q23-Q45]

A fully updated 2021 350-401 Exam Dumps exam guide from training expert Exam-Killer [Q23-Q45]

Share

A fully updated 2021 350-401 Exam Dumps exam guide from training expert Exam-Killer

Provides complete coverage of every objective on exam and exam preparation 350-401

NEW QUESTION 23
Which protocol is implemented to establish secure control plane adjacencies between Cisco SD-WAN nodes?

  • A. DTIS
  • B. IKE
  • C. ESP
  • D. IPsec

Answer: D

 

NEW QUESTION 24
An engineer is troubleshooting the Ap join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?

  • A. wlcbostname.domain.com
  • B. cisco-capwap-controller.domain.com
  • C. ap-manager.domain.com
  • D. primary-wlc.domain.com

Answer: B

 

NEW QUESTION 25
Which OSPF networks types are compatible and allow communication through the two peering devices?

  • A. broadcast to nonbroadcast
  • B. broadcast to point-to-point
  • C. point-to-multipoint to broadcast
  • D. point-to-multipoint to nonbroadcast

Answer: D

 

NEW QUESTION 26
Which QoS mechanism will prevent a decrease in TCP performance?

  • A. Policer
  • B. LLQ
  • C. Shaper
  • D. Rate-Limit
  • E. Fair-Queue
  • F. WRED

Answer: F

Explanation:
Explanation
Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. When a packet arrives, the following events occur:
The average queue size is calculated.
2. If the average is less than the minimum queue threshold, the arriving packet is queued.
3. If the average is between the minimum queue threshold for that type of traffic and the maximum threshold for the interface, the packet is either dropped or queued, depending on the packet drop probability for that type of traffic.
4. If the average queue size is greater than the maximum threshold, the packet is dropped.
WRED reduces the chances of tail drop (when the queue is full, the packet is dropped) by selectively dropping packets when the output interface begins to show signs of congestion (thus it can mitigate congestion by preventing the queue from filling up). By dropping some packets early rather than waiting until the queue is full, WRED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization. Thus, WRED allows the transmission line to be used fully at all times.
WRED generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. Thus, the higher the priority of a packet, the higher the probability that the packet will be delivered.
Reference:
mt/qos-conavd-15-mt-book/qos-conavd-cfg-wred.html
WRED is only useful when the bulk of the traffic is TCP/IP traffic. With TCP, dropped packets indicate congestion, so the packet source will reduce its transmission rate. With other protocols, packet sources may not respond or may resend dropped packets at the same rate. Thus, dropping packets does not decrease congestion.
16/qos-conavd-xe-16-book/qos-conavd-oview.html
Note: Global synchronization occurs when multiple TCP hosts reduce their transmission rates in response to congestion. But when congestion is reduced, TCP hosts try to increase their transmission rates again simultaneously (known as slow-start algorithm), which causes another congestion. Global synchronization produces this graph:

 

NEW QUESTION 27
Refer to the exhibit.
An engineer is designing a guest portal on Cisco ISE using the default

configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring?

  • A. The connection is using an unsupported browser
  • B. The server that is providing the portal has a self-signed certificate
  • C. The server that is providing the portal has an expired certificate
  • D. The connection is using an unsupported protocol

Answer: B

Explanation:
Explanation
If you're a website owner and your website displays this error message, then there could be two reasons why the browser says the cert authority is invalid: + You're using a self-signed SSL certificate, OR + The certificate authority (CA) that issued your SSL certificate isn't trusted by your web browser.

 

NEW QUESTION 28
Refer to Exhibit.

MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

  • A. The packet is discarded on router B
  • B. The packet is discarded on router A
  • C. The packet arrives on router C fragmented.
  • D. The packet arrives on router C without fragmentation.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 29
What is the recommended MTU size for a Cisco SD-Access Fabric?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

 

NEW QUESTION 30
Refer to the exhibit.

Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?

  • A. the interface specified on the WLAN configuration
  • B. any interface configured on the WLC
  • C. the controller management interface
  • D. the controller virtual interface

Answer: A

 

NEW QUESTION 31
Which protocol does REST API rely on to secure the communication channel?

  • A. SSH
  • B. HTTPS
  • C. HTTP
  • D. TCP

Answer: B

Explanation:
Explanation
The REST API accepts and returns HTTP (not enabled by default) or HTTPS messages that contain JavaScript Object Notation (JSON) or Extensible Markup Language (XML) documents.
You can use any programming language to generate the messages and the JSON or XML documents that contain the API methods or Managed Object (MO) descriptions.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/rest_cfg/2_1_x/b_Cisco_APIC_REST_API_Configuration_Guide/b_Cisco_APIC_REST_API_Configuration_Guide_chapter_01.html

 

NEW QUESTION 32
What is the structure of a JSON web token?

  • A. header and payload
  • B. payload and signature
  • C. three parts separated by dots version header and signature
  • D. three parts separated by dots header payload, and signature

Answer: D

Explanation:
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self- contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
JSON Web Tokens are composed of three parts, separated by a dot (.): Header, Payload, Signature. Therefore, a JWT typically looks like the following:
xxxxx.yyyyy.zzzzz
The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.
The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data.
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
Reference: https://jwt.io/introduction/

 

NEW QUESTION 33
What is the role of the RP in PIM sparse mode?

  • A. The RP is the multicast that is the root of the PIM-SM shared multicast distribution tree.
  • B. The RP maintains default aging timeouts for all multicast streams requested by the receivers.
  • C. The RP responds to the PIM join messes with the source of requested multicast group
  • D. The RP acts as a control-plane node and does not receive or forward multicast packets.

Answer: C

 

NEW QUESTION 34
Drag and drop the virtual component from the left onto their descriptions on the right.

Answer:

Explanation:

Explanation:
+ configuration file containing settings for a virtual machine such as guest OS: VMX
+ component of a virtual machine responsible for sending packets to the hypervisor: vNIC
+ zip file containing a virtual machine configuration file and a virtual disk: OVA
+ file containing a virtual machine disk drive: VMDK
The VMX file simply holds the virtual machine configuration.
VMDK (short for Virtual Machine Disk) is a file format that describes containers for virtual hard disk drives to be used in virtual machines like VMware Workstation or VirtualBox.
An OVA file is an Open Virtualization Appliance that contains a compressed, "installable" version of a virtual machine. When you open an OVA file it extracts the VM and imports it into whatever virtualization software you have installed on your computer.

 

NEW QUESTION 35

Refer to the exhibit. R1 is able to ping the R3 fa0/1 interface. Why do the extended pings fail?

  • A. R3 is missing a return route to 10.99.69.0/30
  • B. The DF bit has been set
  • C. R2 and R3 do not have an OSPF adjacency
  • D. The maximum packet size accepted by the command is 1476 bytes.

Answer: B

 

NEW QUESTION 36
Refer to the exhibit.

What are two effect of this configuration? (Choose two.)

  • A. Inside source addresses are translated to the 209.165.201.0/27 subnet.
  • B. It establishes a one-to-one NAT translation.
  • C. The 10.1.1.0/27 subnet is assigned as the inside global address range.
  • D. The 10.1.1.0/27 subnet is assigned as the inside local addresses.
  • E. The 209.165.201.0/27 subnet is assigned as the outside local address range.

Answer: A,D

 

NEW QUESTION 37
Which outcome is achieved with this Python code?

  • A. connects to a Cisco device using Telnet and exports the routing table information
  • B. displays the output of the show command in a formatted way
  • C. connects to a Cisco device using SSH and exports the BGP table for the prefix
  • D. connects to a Cisco device using SSH and exports the routing table information

Answer: C

 

NEW QUESTION 38

Refer to the exhibit. Which command allows hosts that are connected to FastEthernet0/2 to access the Internet?

  • A. ip nat inside source list 10 interface FastEthernet0/2 overload
  • B. ip nat outside source list 10 interface FastEthernet0/2 overload
  • C. ip nat inside source list 10 interface FastEthernet0/1 overload
  • D. ip nat outside source static 209.165.200.225 10.10.10.0 overload

Answer: C

 

NEW QUESTION 39
An engineer has deployed a single Cisco 5520 WLC with a management IP address of 172.16.50.5/24. The engineer must register 50 new Cisco AIR-CAP2802I-E-K9 access points to the WLC using DHCP option 43. The access points are connected to a switch in VLAN 100 that uses the 172.16.100.0/24 subnet. The engineer has configured the DHCP scope on the switch as follows:

The access points are failing to join the wireless LAN controller. Which action resolves the issue?

  • A. configure option 43 Hex F104.AC10.3205
  • B. configure option 43 Hex F104.CA10.3205
  • C. configure dns-server 172.16.50.5
  • D. configure dns-server 172.16.100.1

Answer: A

Explanation:
172.16.50.5 in hex is
We will have the answer from this paragraph:
"TLV values for the Option 43 suboption: Type + Length + Value. Type is always the suboption code 0xf1. Length is the number of controller management IP addresses times 4 in hex. Value is the IP address of the controller listed sequentially in hex. For example, suppose there are two controllers with management interface IP addresses, 192.168.10.5 and 192.168.10.20. The type is 0xf1. The length is 2 * 4 = 8 = 0x08. The IP addresses translates to c0a80a05 (192.168.10.5) and c0a80a14 (192.168.10.20). When the string is assembled, it yields f108c0a80a05c0a80a14. The Cisco IOS command that is added to the DHCP scope is option 43 hex f108c0a80a05c0a80a14." Reference:
Therefore in this question the option 43 in hex should be "F104.AC10.3205 (the management IP address of 172.16.50.5 in hex is AC.10.32.05).

 

NEW QUESTION 40
Which statement about LISP encapsulation in an EIGRP OTP implementation is true?

  • A. OTP uses LISP encapsulation for dynamic multipoint tunneling
  • B. OTP maintains the LISP control plane
  • C. LISP learns the next hop
  • D. OTP uses LISP encapsulation to obtain routes from neighbors

Answer: B

Explanation:
The EIGRP Over the Top solution can be used to ensure connectivity between disparate EIGRP sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated.
EIGRP OTP only uses LISP for the data plane, EIGRP is still used for the control plane. Therefore we cannot say OTP uses LISP encapsulation for dynamic multipoint tunneling as this requires encapsulating both data and control plane traffic -> Answer 'OTP uses LISP encapsulation for dynamic multipoint tunneling' is not correct.
In OTP, EIGRP serves as the replacement for LISP control plane protocols (therefore EIGRP will learn the next hop, not LISP -> Answer 'LISP learns the next hop' is not correct). Instead of doing dynamic EID-to-RLOC mappings in native LISP-mapping services, EIGRP routers running OTP over a service provider cloud create targeted sessions, use the IP addresses provided by the service provider as RLOCs, and exchange routes as EIDs. Let's take an example:

If R1 and R2 ran OTP to each other, R1 would learn about the network 10.0.2.0/24 from R2 through EIGRP, treat the prefix 10.0.2.0/24 as an EID prefix, and take the advertising next hop
198.51.100.62 as the RLOC for this EID prefix. Similarly, R2 would learn from R1 about the network 10.0.1.0/24 through EIGRP, treat the prefix 10.0.1.0/24 as an EID prefix, and take the advertising next hop 192.0.2.31 as the RLOC for this EID prefix. On both routers, this information would be used to populate the LISP mapping tables. Whenever a packet from 10.0.1.0/24 to
10.0.2.0/24 would arrive at R1, it would use its LISP mapping tables just like in ordinary LISP to discover that the packet has to be LISP encapsulated and tunneled toward 198.51.100.62, and vice versa. The LISP data plane is reused in OTP and does not change; however, the native LISP mapping and resolving mechanisms are replaced by EIGRP.

 

NEW QUESTION 41
An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for Web Policy. Which device presents the web authentication for the WLAN?

  • A. ISE server
  • B. local WLC
  • C. anchor WLC
  • D. RADIUS server

Answer: B

 

NEW QUESTION 42
Refer to the exhibit.

Which configuration change ensures that R1 is the active gateway whenever it is in a functional state for the
172.30.110.0/24 network?

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 43
Refer to the exhibit. The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)

  • A. configure no switchport nonegotiate on SW1
  • B. configure switchport mode dynamic desirable on SW2
  • C. configure switchport mode trunk on SW2
  • D. configure switchport nonegotiate on SW2
  • E. configure switchport mode access on SW2

Answer: B,C

 

NEW QUESTION 44
A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a programmer fabric designer?

  • A. routed access
  • B. Layer 2 access
  • C. two-tier
  • D. three-tier

Answer: C

Explanation:
Explanation
Intent-based Networking (IBN) transforms a hardware-centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes. IBN builds on software-defined networking (SDN). SDN usually uses spine-leaf architecture, which is typically deployed as two layers: spines (such as an aggregation layer), and leaves (such as an access layer).

The example below shows the usage of lock command:
def demo(host, user, names):
With manager. Connect(host=host, port=22, username=user) as m:
With m.locked(target='running'):
for n in names:
m.edit_config (target='running', config=template % n)
The command "m.locked (target='running')" causes a lock to be acquired on the running datastore.

 

NEW QUESTION 45
......

Tested Material Used To 350-401: https://www.exam-killer.com/350-401-valid-questions.html

Steps Necessary To Pass The 350-401 Exam: https://drive.google.com/open?id=1BbABxJuskpF5TZvHwqCOiECg4fDqn6Va

 

Related Blogs

more
Cisco 350-401 Certification Practice Exam

All we do is to help you pass the actual test with our training material. The most relevant questions together with verified answers can ensure you 100% pass.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM-KILLER.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy