Skip to Content

Cisco ENCOR 350-401 Exam Questions and Answers – Page 2

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 exam and earn Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification.

Exam Question 121

On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

A. VXLAN
B. LISP
C. Cisco TrustSec
D. IS-IS
Correct Answer:
A. VXLAN

Exam Question 122

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

A. deny tcp any any eq 80
permit tcp any any gt 21 lt 444
B. permit tcp any any range 22 443
deny tcp any any eq 80
C. permit tcp any any ne 80
D. deny tcp any any ne 80
permit tcp any any range 22 443
Correct Answer:
A. deny tcp any any eq 80
permit tcp any any gt 21 lt 444

Exam Question 123

A network administrator applies the following configuration to an IOS device:
aaa new-model
aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device?
A. A TACACS+ server is checked first. If that check fails, a local database is checked.
B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.
C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.
D. A local database is checked first. If that check fails, a TACACS+ server is checked.
Correct Answer:
D. A local database is checked first. If that check fails, a TACACS+ server is checked.

Exam Question 124

Refer to the exhibit.
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours.
An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.
Which command set accomplishes this task?

A. R3(config)#time-range WEEKEND
R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59
R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND
R3(config)#access-list 150 permit ip any any time-range WEEKEND
R3(config)#interface G0/1
R3(config-if)#ip access-group 150 out
B. R1(config)#time-range WEEKEND
R1(config-time-range)#periodic weekend 00:00 to 23:59
R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND
R1(config)#access-list 150 permit ip any any
R1(config)#interface G0/1
R1(config-if)#ip access-group 150 in
C. R3(config)#time-range WEEKEND
R3(config-time-range)#periodic weekend 00:00 to 23:59
R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND
R3(config)#access-list 150 permit ip any any time-range WEEKEND
R3(config)#interface G0/1
R3(config-if)#ip access-group 150 out
D. R1(config)#time-range WEEKEND
R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00
R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND
R1(config)#access-list 150 permit ip any any
R1(config)#interface G0/1
R1(config-if)#ip access-group 150 in
Correct Answer:
B. R1(config)#time-range WEEKEND
R1(config-time-range)#periodic weekend 00:00 to 23:59
R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND
R1(config)#access-list 150 permit ip any any
R1(config)#interface G0/1
R1(config-if)#ip access-group 150 in

Exam Question 125

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?
PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?

A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080
B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080
C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2
D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2
Correct Answer:
A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080

Exam Question 126

What is the result of applying this access control list?
ip access-list extended STATEFUL
10 permit tcp any any established
20 deny ip any any

A. TCP traffic with the URG bit set is allowed.
B. TCP traffic with the SYN bit set is allowed.
C. TCP traffic with the ACK bit set is allowed.
D. TCP traffic with the DF bit set is allowed.
Correct Answer:
C. TCP traffic with the ACK bit set is allowed.

Exam Question 127

Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required?
An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required?

A. Add the access-class keyword to the username command.
B. Add the autocommand keyword to the aaa authentication command.
C. Add the access-class keyword to the aaa authentication command.
D. Add the autocommand keyword to the username command.
Correct Answer:
D. Add the autocommand keyword to the username command.

Exam Question 128

Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?
An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?

A. All traffic will be policed based on access-list 120.
B. If traffic exceeds the specified rate, it will be transmitted and remarked.
C. Class-default traffic will be dropped.
D. ICMP will be denied based on this configuration.
Correct Answer:
A. All traffic will be policed based on access-list 120.

Exam Question 129

Which deployment option of Cisco NGFW provides scalability?

A. inline tap
B. high availability
C. clustering
D. tap
Correct Answer:
C. clustering

Exam Question 130

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

A. It is leveraged for dynamic endpoint to group mapping and policy definition.
B. It provides GUI management and abstraction via apps that share context.
C. It is used to analyze endpoint to app flows and monitor fabric status.
D. It manages the LISP EID database.
Correct Answer:
A. It is leveraged for dynamic endpoint to group mapping and policy definition.