350-401 Exam Dumps - Try Best 350-401 Exam Questions from Training Expert TestPassed
Practice Examples and Dumps & Tips for 2021 Latest 350-401 Valid Tests Dumps
What are the major topics?
The 350-401 ENCOR exam validates the professionals’ understanding of implementing the fundamental enterprise network technologies, including dual-stack architecture, virtualization, network assurance, infrastructure, automation, and security. This means that you have to be ready to cover all the questions under its domains. All in all, the content consists of the subject areas that are enumerated below:
Architecture (20%)
- Explaining the traditional campus interoperating with SD-Access and data planes elements & SD-Access control;
- Explaining the SD-WAN control and data planes elements as well as traditional SD-WAN & WAN & solutions;
- Analyzing the wireless deployment types and location services of WLAN deployment;
- Differentiating the hardware and software switching mechanisms.
- Explaining the enterprise network design and high availability techniques that are used in the enterprise network;
- Differentiating between the on-premises deployments and Cloud infrastructure;
- Describing the components and policy of wireless & wired QoS;
What Are the Details of the Cisco ENCOR 300-401 Certification Exam?
Even though the vendor doesn't give details on the total number of questions that the test includes, there is still some information disclosed. Thus, candidates should be ready to solve questions of multiple formats such as drag and drop, scenario-based, multiple-choice, or multiple-answer items. One will need to answer correctly about 80 to 85% of the total exam questions in 120 minutes.
ENCOR test is available in Japanese and English. The registration fee is of $300. When it comes to the enrollment process, candidates will have to follow four simple steps. They will first need to create an account on the Pearson VUE platform and log in. The next step would be to go to the “proctored exam” section. The third action involves searching for the test's code which is 350-401. Finally, they will need to follow the instructions that appear on the screen and finalize the registration.
NEW QUESTION 21
Into which two pieces of information does the LISP protocol split the device identity?
(Choose two)
- A. Device ID
- B. Resource Location
- C. Endpoint Identifier
- D. Enterprise Identifier
- E. LISP ID
- F. Routing Locator
Answer: C,F
Explanation:
Explanation
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)-assigned to end hosts.
+ Routing locators (RLOCs)-assigned to devices (primarily routers) that make up the global routing system.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-
3s/irl-xe-3s-book/irl-overview.html
NEW QUESTION 22
Refer to the exhibit.
After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to be removed. What is the reason for this behavior?
- A. The threshold value is wrong.
- B. The destination must be 172.30.30.2 for icmp-echo
- C. The source-interface is configured incorrectly.
- D. The default route is missing the track feature
Answer: D
NEW QUESTION 23
Refer to the exhibit.
Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning- tree port-priority 32 command on GO/1 on SW2, but the port remains blocked. Which command should be entered on the ports that are connected to Link2 to resolve the issue?
- A. Enter spanning-tree port-priority 32 on SW1.
- B. Enter spanning-tree port-priority 64 on SW2.
- C. Enter spanning-tree port-priority 224 on SW1.
- D. Enter spanning-tree port-priority 4 on SW2.
Answer: A
Explanation:
Explanation
SW1 needs to block one of its ports to SW2 to avoid a bridging loop between the two switches.
Unfortunately, it blocked the fiber port Link2. But how does SW2 select its blocked port? Well, the answer is based on the BPDUs it receives from SW1. answer 'Enter spanning-tree port-priority 32 on SW1' BPDU is superior than another if it has:
1. answer 'Enter spanning-tree port-priority 32 on SW1' lower Root Bridge ID
2. answer 'Enter spanning-tree port-priority 32 on SW1' lower path cost to the Root
3. answer 'Enter spanning-tree port-priority 32 on SW1' lower Sending Bridge ID
4. answer 'Enter spanning-tree port-priority 32 on SW1' lower Sending Port ID These four parameters are examined in order. In this specific case, all the BPDUs sent by SW1 have the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID.
The only parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). And the port index of Gi0/0 is lower than the port index of Gi0/1 so Link 1 has been chosen as the primary link.
Therefore we must change the port priority to change the primary link. The lower numerical value of port priority, the higher priority that port has. In other words, we must change the port-priority on Gi0/1 of SW1 (not on Gi0/1 of SW2) to a lower value than that of Gi0/0.
NEW QUESTION 24
An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as follows:
Which two statements does the engineer use to explain these values to the customer? (Choose two)
- A. The signal strength at location B is 10 dB better than location C
- B. The RF signal strength at location C is 10 times stronger than location B
- C. Location D has the strongest RF signal strength
- D. The RF signal strength at location B is 50% weaker than location A
- E. The signal strength at location C is too weak to support web surfing
Answer: B,E
Explanation:
Understanding Signal Strength
The most accurate way to express it is with milliwatts (mW), but you end up with tons of decimal places due to WiFi's super-low transmit power, making it difficult to read. For example, -40 dBm is 0.0001 mW, and the zeros just get more intense the more the signal strength drops.
Ultimately, the easiest and most consistent way to express signal strength is with dBm, which stands for decibels relative to a milliwatt.
You can convert between mW and dBm using the following formulas:
P(dBm) = 10 * log10(P(mW))
For example, a power of 2.5 mW in dBm is:
dBm = 10log2.5 = 3.979
dBm is that we're working in negatives. -30 is a higher (stronger) signal than -80.
Signal Strength
Rating
Required for
-30 dBm
Amazing
Max achievable signal strength. The client can only be a few feet from the AP to achieve this. Not typical or desirable in the real world.
N/A
-67 dBm
Very Good
Minimum signal strength for applications that require very reliable, timely delivery of data packets.
VoIP/VoWiFi, streaming video
-70 dBm
Okay
Minimum signal strength for reliable packet delivery.
Email, web
-80 dBm
Not Good
Minimum signal strength for basic connectivity. Packet delivery may be unreliable.
N/A
-90 dBm
Unusable
Approaching or drowning in the noise floor. Any functionality is highly unlikely.
N/A
3 dB of gain = +3 dB = doubles signal strength (Let's say, the base is P. So 10*log10(P/P)= 0 dB and 10*log10(2P/P) = 10*log10(2) = 3dB -> double signal)
3 dB of loss = -3 dB = halves signal strength strength (10*log(1/2) = -3.0103)
10 dB of loss = -10 dB = 10 times less signal strength (0.1 mW = -10 dBm, 0.01 mW = -20 dBm, etc.)
10 dB of gain = +10 dB = 10 times more signal strength (0.00001 mW = -50 dBm, 0.0001 mW = -40 dBm, etc.) Reference:
Simple rule of thumb:
When working with power, 3 dB means double (twice) the factor and 10 dB means 10-fold.
NEW QUESTION 25
Which HHTP status code is the correct response for a request with an incorrect password applied to a REST API session?
- A. HTTP Status Code 302
- B. HTTP Status Code 200
- C. HTTP Status Code 401
- D. HTTP Status Code: 504
Answer: C
Explanation:
A 401 error response indicates that the client tried to operate on a protected resource without providing the proper authorization. It may have provided the wrong credentials or none at all.
Note: answer 'HTTP Status Code 200' 4xx code indicates a "client error" while a 5xx code indicates a "server error".
NEW QUESTION 26 
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue?
- A. require a DHCP address assignment
- B. utilize RADIUS profiling
- C. set a NAC state
- D. enable AAA override
Answer: B
NEW QUESTION 27
Drag and drop the LISP components from the left onto the function they perform on the right. Not all options are used.
Answer:
Explanation:
Explanation
+ accepts LISP encapsulated map requests: LISP map resolver
+ learns of EID prefix mapping entries from an ETR: LISP map server
+ receives traffic from LISP sites and sends it to non-LISP sites: LISP proxy ETR
+ receives packets from site-facing interfaces: LISP ITR
Explanation
ITR is the function that maps the destination EID to a destination RLOC and then encapsulates the original packet with an additional header that has the source IP address of the ITR RLOC and the destination IP address of the RLOC of an Egress Tunnel Router (ETR).
After the encapsulation, the original packet become a LISP packet.
ETR is the function that receives LISP encapsulated packets, decapsulates them and forwards to its local EIDs. This function also requires EID-to-RLOC mappings so we need to point out an "map-server" IP address and the key (password) for authentication.
A LISP proxy ETR (PETR) implements ETR functions on behalf of non-LISP sites. A PETR is typically used when a LISP site needs to send traffic to non-LISP sites but the LISP site is connected through a service provider that does not accept no routable EIDs as packet sources. PETRs act just like ETRs but for EIDs that send traffic to destinations at non-LISP sites.
Map Server (MS) processes the registration of authentication keys and EID-to-RLOC mappings. ETRs sends periodic Map-Register messages to all its configured Map Servers.
Map Resolver (MR): a LISP component which accepts LISP Encapsulated Map Requests, typically from an ITR, quickly determines whether or not the destination IP address is part of the EID namespace
NEW QUESTION 28
Which statement about LISP encapsulation in an EIGRP OTP implementation is true?
- A. OTP maintains the LISP control plane
- B. OTP uses LISP encapsulation to obtain routes from neighbors
- C. OTP uses LISP encapsulation for dynamic multipoint tunneling
- D. LISP learns the next hop
Answer: A
Explanation:
Explanation
The EIGRP Over the Top solution can be used to ensure connectivity between disparate EIGRP sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated.
EIGRP OTP only uses LISP for the data plane, EIGRP is still used for the control plane. Therefore we cannot say OTP uses LISP encapsulation for dynamic multipoint tunneling as this requires encapsulating both data and control plane traffic -> Answer 'OTP uses LISP encapsulation for dynamic multipoint tunneling' is not correct.
In OTP, EIGRP serves as the replacement for LISP control plane protocols (therefore EIGRP will learn the next hop, not LISP -> Answer 'LISP learns the next hop' is not correct). Instead of doing dynamic EID-to-RLOC mappings in native LISP-mapping services, EIGRP routers running OTP over a service provider cloud create targeted sessions, use the IP addresses provided by the service provider as RLOCs, and exchange routes as EIDs. Let's take an example:
NEW QUESTION 29
Which statement about dynamic GRE between a headend router and a remote router is true?
- A. The headend router learns the IP address of the remote end router statically
- B. The remote router initiates the tunnel connection
- C. A GRE tunnel without an IP address has a status of administratively down
- D. GRE tunnels can be established when the remote router has a dynamic IP address
Answer: B
NEW QUESTION 30
A GRE tunnel is down with the error message %TUN-5-RECUR DOWN:
Which two options describe possible causes of the error? (Choose two)
- A. Incorrect destination IP addresses are configured on the tunnel
- B. The tunnel mode and tunnel IP address are misconfigured
- C. There is link flapping on the tunnel
- D. The tunnel destination is being routed out of the tunnel interface
- E. There is instability in the network due to route flapping
Answer: D,E
Explanation:
Explanation
The %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error message means that the generic routing encapsulation (GRE) tunnel router has discovered a recursive routing problem. This condition is usually due to one of these causes:
+ A misconfiguration that causes the router to try to route to the tunnel destination address using the tunnel interface itself (recursive routing)
+ A temporary instability caused by route flapping elsewhere in the network
NEW QUESTION 31
Drag and drop the characteristics from the left onto the correct routing protocol types on the right.
Answer:
Explanation:
NEW QUESTION 32 
Refer to the exhibit. A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task?
- A. The password expiry mechanism is on the AAA server and must be configured there.
- B. Add the username admin privilege 15 common-criteria*policy Administrators password 0 Cisco13579!
command. - C. Add the aaa authentication enable default Administrators command.
- D. No further action Is required. The configuration is complete.
Answer: A
NEW QUESTION 33
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
- A. Window size
- B. MSS
- C. MTU
- D. MRU
Answer: B
Explanation:
Explanation
The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.
TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle between these two endpoints.
PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is used to dynamically determine the lowest MTU along the path from a packet's source to its destination.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulationgre/
25885-pmtud-ipfrag.html (there is some examples of how TCP MSS avoids IP Fragmentation in this link but it is too long so if you want to read please visit this link) Note: IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later.
NEW QUESTION 34
Which access point mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?
- A. SE-connect mode
- B. client mode
- C. sniffer mode
- D. sensor mode
Answer: C
Explanation:
An lightweight AP (LAP) operates in one of six different modes:
+ Local mode (default mode): measures noise floor and
interference, and scans for intrusion detection (IDS) events every
180 seconds on unused channels
+ Flex Connect, formerly known as Hybrid Remote Edge AP (HREAP),
mode: allows data traffic to be switched locally and not go
back to the controller. The Flex Connect AP can perform
standalone client authentication and switch VLAN traffic locally
even when it's disconnected to the WLC (Local Switched). Flex
Connect AP can also tunnel (via CAPWAP) both user wireless data
and control traffic to a centralized WLC (Central Switched).
+ Monitor mode: does not handle data traffic between clients and
the infrastructure. It acts like a sensor for location-based services
(LBS), rogue AP detection, and IDS
+ Rogue detector mode: monitor for rogue APs. It does not
handle data at all.
+ Sniffer mode: run as a sniffer and captures and forwards all the
packets on a particular channel to a remote machine where you
can use protocol analysis tool (Wireshark, Airopeek, etc)
to review the packets and diagnose issues. Strictly used for
troubleshooting purposes.
+ Bridge mode: bridge together the WLAN and the wired
infrastructure together.
NEW QUESTION 35
Drag and drop the virtual component from the left onto their descriptions on the right.
Answer:
Explanation:
Explanation
+ configuration file containing settings for a virtual machine such as guest OS: VMX
+ component of a virtual machine responsible for sending packets to the hypervisor: vNIC
+ zip file containing a virtual machine configuration file and a virtual disk: OVA
+ file containing a virtual machine disk drive: VMDK
The VMX file simply holds the virtual machine configuration.
VMDK (short for Virtual Machine Disk) is a file format that describes containers for virtual hard disk drives to be used in virtual machines like VMware Workstation or VirtualBox.
An OVA file is an Open Virtualization Appliance that contains a compressed, "installable" version of a virtual machine. When you open an OVA file it extracts the VM and imports it into whatever virtualization software you have installed on your computer.
NEW QUESTION 36
An engineer reviews a router's logs and discovers the following entry. What is the event's logging severity level?
- A. informational
- B. notification
- C. error
- D. warning
Answer: C
NEW QUESTION 37
Refer to the exhibit.
What are two effect of this configuration? (Choose two.)
- A. The 10.1.1.0/27 subnet is assigned as the inside global address range.
- B. It establishes a one-to-one NAT translation.
- C. The 209.165.201.0/27 subnet is assigned as the outside local address range.
- D. The 10.1.1.0/27 subnet is assigned as the inside local addresses.
- E. Inside source addresses are translated to the 209.165.201.0/27 subnet.
Answer: D,E
NEW QUESTION 38
Which characteristic distinguishes Ansible from Chef?
- A. Ansible pushes the configuration to the client. Chef client pulls the configuration from the server.
- B. Ansible uses Ruby to manage configurations. Chef uses YAML to manage configurations.
- C. Ansible lacks redundancy support for the master server. Chef runs two masters in an active/active mode.
- D. The Ansible server can run on Linux, Unix or Windows. The Chef server must run on Linux or Unix.
Answer: A
Explanation:
Ansible works by connecting to your nodes and pushing out small programs, called "Ansible modules" to them.
These programs are written to be resource models of the desired state of the system. Ansible then executes these modules (over SSH by default), and removes them when finished.
Chef is a much older, mature solution to configure management. Unlike Ansible, it does require an installation of an agent on each server, named chef-client. Also, unlike Ansible, it has a Chef server that each client pulls configuration from.
NEW QUESTION 39
What NTP Stratum level is a server that is connected directly to an authoritative time source?
- A. Stratum 1
- B. Stratum 15
- C. Stratum 14
- D. Stratum 0
Answer: A
Explanation:
Explanation
The stratum levels define the distance from the reference clock. A
reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.
A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server... A stratum server may also peer with other stratum servers at the same level to provide more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers).
NTP uses the concept of a stratum to describe how many NTP hops away a
machine is from an authoritative time source. A stratum 1 time server
typically has an authoritative time source (such as a radio or atomic clock, or a Global Positioning System (GPS) time source) directly attached, a stratum 2 time server receives its time via NTP from a stratum 1 time server, and so on.
NEW QUESTION 40
......
Key Exam Details
The Cisco 350-401 ENCOR has a duration of 120 minutes and can be scheduled through Pearson VUE in the English and Japanese languages. Following the recent certification updates, learners will be required to pass 350-401 exam together with a concentration test of their liking to qualify for the CCNP Enterprise certificate.
Latest 100% Passing Guarantee - Brilliant 350-401 Exam Questions PDF: https://www.testpassed.com/350-401-still-valid-exam.html
350-401 Certification – Valid Exam Dumps Questions Study Guide: https://drive.google.com/open?id=158JdVIZchT2X1mwTHdJpcjDtkEegrq_E