The latest Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 exam and earn Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification.
Exam Question 151
Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?
A. event manager applet ondemand
event none
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
B. event manager applet ondemand
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
C. event manager applet ondemand
event register
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
D. event manager applet ondemand
event manual
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
Correct Answer:
A. event manager applet ondemand
event none
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
Exam Question 152
What does this EEM applet event accomplish?
“event snmp oid 1.3.6.1.3.7.6.5.3.9.3.8.7 get-type next entry-op gt entry-val 75 poll-interval 5”
A. Upon the value reaching 75%, a SNMP event is generated and sent to the trap server.
B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action.
C. It issues email when the value is greater than 75% for five polling cycles.
D. It presents a SNMP variable that can be interrogated.
Correct Answer:
B. It reads an SNMP variable, and when the value exceeds 75%, it triggers an action.
Exam Question 153
What is a requirement for an Ansible-managed node?
A. It must have an SSH server running.
B. It must be a Linux server or a Cisco device.
C. It must support ad hoc commands.
D. It must have an Ansible Tower installed.
Correct Answer:
A. It must have an SSH server running.
Exam Question 154
Refer to the exhibit. What does the snippet of code achieve?
A. It creates an SSH connection using the SSH key that is stored, and the password is ignored.
B. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.
C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.
D. It opens a tunnel and encapsulates the login information, if the host key is correct.
Correct Answer:
C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.
Exam Question 155
What does the Cisco DNA Center use to enable the delivery of applications through a network and to yield analytics for innovation?
A. process adapters
B. Command Runner
C. intent-based APIs
D. domain adapters
Correct Answer:
C. intent-based APIs
Exam Question 156
Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?
A. all devices integrating with ISE
B. selected individual devices
C. all devices in selected sites
D. all wired devices
Correct Answer:
C. all devices in selected sites
Exam Question 157
In which part of the HTTP message is the content type specified?
A. HTTP method
B. body
C. header
D. URI
Correct Answer:
C. header
Exam Question 158
You issue the following commands on a Cisco router:
RouterA#debug condition interface serial 0/0
RouterA#debug condition interface serial 0/1
RouterA#debug condition username RouterB
RouterA#debug ppp authentication
Which of the following PPP authentication debugging messages will be displayed on RouterA? (Select the best answer.)
A. only messages that contain the RouterB user name
B. only messages that arrive on the Serial 0/0 interface
C. only messages that arrive on the Serial 0/1 interface
D. messages that contain the RouterB user name or that arrive on either specified interface
Correct Answer:
D. messages that contain the RouterB user name or that arrive on either specified interface
Answer Description:
Debug messages that contain the RouterB user name and that arrive on either the Serial 0/0 interface or the Serial 0/1 interface would be displayed if you were to issue the commands in this scenario on a Cisco router. The debug condition command is used to enable restrictions on the data that the debugging process displays. If no conditions are specified, all output from enabled debugging commands will be displayed. You can configure a series of debug conditions, any one of which will cause debug messages to display when a match occurs. In order to display the output, the debugging process need only match one of the specified conditions, not all of them.
The debug condition interfaceinterface command limits debug messaging output to only enabled debugging that applies to the specified interface. For example, if you were to issue the debug condition interface serial 0/0 command followed by the debug ppp authentication command in this scenario, the debug output would consist of PointtoPoint Protocol (PPP) authentication messages, but only if those messages also apply to the router’s Serial 0/0 interface.
The debug output will not be limited to only one interface on RouterA in this scenario. Configuring a series of debug condition interface interface commands limits debug message output to the series of specified interfaces. The debug output need match only one of the interface conditions to be displayed. For example, you could issue the following commands on RouterA to ensure that PPP authentication debug messages that apply to either the Serial 0/0 interface or the Serial 0/1 interface are displayed on the router:
RouterA#debug condition interface serial 0/0
RouterA#debug condition interface serial 0/1
RouterA#debug ppp authentication
After issuing the commands above, you could further limit the PPP authentication debug output by issuing the no debug condition interface interface command. For example, issuing the no debug condition interface serial 0/0 command would remove the Serial 0/0 interface condition from the debugging output, which means that only PPP authentication messages that apply to the Serial 0/1 interface would be displayed.
You can remove all interface conditions from debugging output by issuing the no debug condition interface all command. After that command is issued, all PPP authentication debugging messages would be displayed unless you also issued the no debug ppp authenticationcommand or the no debug all command.
The debug output will not be limited to the user name RouterB, because you have also issued debug condition interface interface commands in this scenario. The debug condition {username username | called dialstring | callerdialstring} command enables you to limit the output of debugging messages by user name, calling party number, or called party number. Applying only one of those conditions to debugging output stops the output of debug messages on all interfaces. The router will then monitor each interface for a condition match. If a match occurs, debug messages will be displayed for that match. In this scenario, the debug condition username RouterB command will display output when an interface sends or receives a PPP authentication packet that contains the user name RouterB. However, because you have also issued the debug condition interface serial 0/0 command and the debug condition interface serial 0/1 command, PPP authentication messages that apply to either of those interfaces will be displayed even if the RouterB user name is not matched.
You can determine which debug conditions are configured and which have been met on a Cisco device by issuing the show debug condition command from privileged EXEC mode. For example, the following output indicates that three conditions have been enabled on the router, but only the last two conditions have been matched so far:
Based on the output above, you can determine that PPP authentication has occurred on RouterA’s Serial 0/1 interface and that the user name RouterB was used to perform the authentication. In addition, the user name RouterB triggered flags both on the Serial 0/1 interface and by the PPP session manager, possibly indicating that after debugging was configured, the connection between RouterA and RouterB went down and was then restored.
Exam Question 159
Which of the following ping command options should be enabled if you want to determine the MTU size that a given connection supports? (Select the best answer.)
A. the IPv4 donotfragment bit
B. a number of pings greater than five
C. a datagram size greater than 1,500 bytes
D. a timeout value greater than two seconds
Correct Answer:
A. the IPv4 donotfragment bit
Answer Description:
The IP version 4 (IPv4) donotfragment bit, or DF bit, is the ping command option that should be enabled if you want to determine the maximum transmission unit (MTU) size that a given connection supports. By default, packet fragmentation is used to enable oversized packets to traverse the network in chunks that are smaller than the configured MTU. The DF bit configures the ping command to attempt to send packets of a given size without fragmentation. By repeatedly pinging a destination device with smaller and smaller datagram sizes, you can determine the MTU.
The ping command supports the ability to modify the size of the datagram that it transmits as well as the ability to enable the DF bit, which is disabled by default. You can configure extended ping features either by issuing the ping command without parameters, which causes the ping command to display a series of configuration prompts, or by specifying parameters on the command line along with the ping command. For example, the ping 192.168.1.1 size 1500 dfbit command configures an extended ping with a destination IP address of 192.168.1.1, a datagram size of 1,500 bytes, and an enabled DF bit. On a connection with an MTU of 1,500 bytes, this ping succeeds, as shown in the following output:
Based on the output, you can determine that the ping succeeded. You can also determine that the DF bit is, indeed, enabled. However, issuing the ping 192.168.1.1 size 1501 dfbit command on the same device results in a failure, as shown in the following output:
In the output above, issuing the ping 192.168.1.1 size 1501 dfbit command results in a ping failure because the MTU is configured to 1,500 bytes and the DF bit is set. If you were to issue the same command without the dfbit parameter, the ping would succeed because the ping command is allowing the datagram to be fragmented, as shown in the following output:
You do not need to explicitly set the datagram size to 1,500 bytes in this scenario. By default, Cisco devices are configured with a system MTU of 1,500 bytes. Therefore, the ping might succeed, providing no indication of a configured MTU. In order to test the MTU, you should set the DF bit and test a high MTU. You should then methodically lower the datagram size that you test with the DF bit enabled until the ping succeeds.
You do not need to adjust the number of pings from the default value of five. In addition, you do not need to adjust the default timeout value of two seconds. Neither of these values help you determine the configured MTU.
Exam Question 160
You issue the ping 192.168.1.1 size 1501 dfbit command on a Cisco device. You notice a message indicating that the DF bit has been set. However, the ping fails.
You want to determine the largest datagram that the connection supports without fragmentation.
Which of the following should you do next? (Select the best answer.)
A. Issue the command without the dfbit parameter.
B. Issue the command without the size parameter.
C. Issue the command with a lower size parameter value.
D. Issue the command without the size parameter and without the dfbit parameter.
Correct Answer:
C. Issue the command with a lower size parameter value.
Answer Description:
You should issue the command with a lower size parameter value to determine the largest datagram that the connection supports without fragmentation. The IP version 4 (IPv4) donotfragment bit, or DF bit, should be enabled if you want to determine the maximum transmission unit (MTU) size that a given connection supports. By default, packet fragmentation is used to enable oversized packets to traverse the network in chunks that are smaller than the configured MTU. The DF bit configures the ping command to attempt to send packets of a given size without fragmentation. By repeatedly pinging a destination device with smaller and smaller datagram sizes, you can determine the MTU.
The ping command supports the ability to modify the size of the datagram that it transmits as well as the ability to enable the DF bit, which is disabled by default. You can configure extended ping features either by issuing the ping command without parameters, which causes the ping command to display a series of configuration prompts, or by specifying parameters on the command line along with the ping command. For example, the ping 192.168.1.1 size 1500 dfbit command configures an extended ping with a destination IP address of 192.168.1.1, a datagram size of 1,500 bytes, and an enabled DF bit. On a connection with an MTU of 1,500 bytes, this ping succeeds, as shown in the following output:
Based on the output, you can determine that the ping succeeded. You can also determine that the DF bit is, indeed, enabled. However, issuing the ping 192.168.1.1 size 1501 dfbit command on the same device results in a failure, as shown in the following output:
In the output above, issuing the ping 192.168.1.1 size 1501 dfbit command results in a ping failure because the MTU is configured to 1,500 bytes and the DF bit is set. If you were to issue the same command without the dfbit parameter, the ping would succeed because the ping command is allowing the datagram to be fragmented, as shown in the following output:
You should not issue the command without the dfbit option, because this disables the DF bit and enables datagram fragmentation. Ping attempts with fragmentation enabled will succeed even if the size parameter remains larger than the configured MTU.
You should not issue the command without the size parameter. The size parameter in addition to the presence of the DF bit is what enables you to test which datagrams are larger than the MTU. Without the size parameter, the ping datagram will use its small default size of 100 bytes.