[Jan 09, 2025] 300-410 Free Exam Questions with Quality Guaranteed [Q314-Q335]

[Jan 09, 2025] 300-410 Free Exam Questions with Quality Guaranteed

300-410 Free Exam Files Downloaded Instantly

NEW QUESTION # 314
Refer to the exhibit.

A junior engineer configured SNMP to network devices. Malicious users have uploaded different configurations to the network devices using SNMP and TFTP servers.
Which configuration prevents changes from unauthorized NMS and TFTP servers?

A. access-list 20 permit 10.221.10.11
access-list 20 deny any log
!
snmp-server group NETVIEW v3 priv read NETVIEW access 20
snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20 snmp-server community Cisc0Us3r RO 20 snmp-server community Cisc0wrus3r RW 20 snmp-server tftp-server-list 20
B. access-list 20 permit 10.221.10.11
access-list 20 deny any log
C. access-list 20 permit 10.221.10.11
access-list 20 deny any log
!
snmp-server group NETVIEW v3 priv read NETVIEW access 20
snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20 snmp-server community Cisc0wrus3r RO 20 snmp-server community Cisc0Us3r RW 20 snmp-server tftp-server-list 20
D. access-list 20 permit 10.221.10.11

Answer: A

NEW QUESTION # 315
What is a role of route distinguishers in an MPLS network?

A. Route distinguishers make a unique VPNv4 address across the MPLS network
B. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
C. Route distinguishers define which prefixes are imported and exported on the edge router
D. Route distinguishers are used for label bindings.

Answer: A

NEW QUESTION # 316

Refer to the exhibit. The client server but the show command does not show the IPv6 DHCP bindings on the server. Which action resolves the issue?

A. Extend the DHCP lease time because R1 removed the IPv6 address earlier after the lease expired.
B. Configure H1 as the DHCP client that manually assigns the IPv6 address on interlace e0/0..
C. Use the 2001:DBB:BAD:C0DE::/64 prefix for the DHCP pool on R1.
D. Configure authorized DHCP servers to avoid IPv6 addresses from a rogue DHCP server.

Answer: C

NEW QUESTION # 317
Refer to the exhibits.

When DMVPN is configured, which configuration allows spoke-to-spoke communication using loopback as a tunnel source?

A. Configure crypto isakmp key cisco address 0.0.0.0 on the hub.
B. Configure crypto isakmp key cisco address 0.0.0.0 on the spokes.
C. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the spokes.
D. Configure crypto isakmp key Cisco address 200.1.0.0 255.255.0.0 on the hub.

Answer: B

Explanation:
Explanation
https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd802b8f3c.html

NEW QUESTION # 318
Refer to the exhibit.

An engineer receives this error message when trying to access another router m-band from the serial interface connected to the console of R1. Which configuration is needed on R1 to resolve this issue?

A. Option D
B. Option B
C. Option C
D. Option A

Answer: A

Explanation:
Explanation
https://community.cisco.com/t5/other-network-architecture/out-of-band-router-access/td-p/333295 The "transport output none" command prevents any protocol connection made from R1.
Therefore our SSH connection to 192.168.12.2 was refused. In order to fix this problem we can configure "transport output ssh" under "line console 0" of R1.
Note: The parameter "-l" specifies the username to log in as on the remote machine.

NEW QUESTION # 319
Configure individual VRFs for each customer according to the topology to achieve these goals :

R1

R2

SW1

SW2

SW3

U U.U
Success rate is 0 percent (0/5)
SW1#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
U U.U
Success rate is 0 percent (0/5)
Same Test for SW2:
From SW2 to SW4:
SW2#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
But can't Reach SW3 or SW1 in VRF cu-red:
SW2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
U U.U
Success rate is 0 percent (0/5)
SW2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
U U.U
Success rate is 0 percent (0/5)
Both R1 & R2 has separate tables for VRFs cu-red and cu-green.

A. See the solution below in Explanation

Answer: A

Explanation:
Solution:
Use cu-red under interfaces facing SW1 & SW3:
On R1:
interface Ethernet0/0
ip vrf forwarding cu-red
ip address 192.168.1.254 255.255.255.0
Check reachability to SW1:
R1#ping vrf cu-red 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On R2:
interface Ethernet0/0
ip vrf forwarding cu-red
ip address 192.168.2.254 255.255.255.0
Check reachability to SW3:
R2#ping vrf cu-red 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Use vrf cu-green for SW2 & SW4:
On R1:
interface Ethernet0/1
ip vrf forwarding cu-green
ip address 192.168.20.254 255.255.255.0
Test reachability to SW2:
R1#ping vrf cu-green 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.22.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On R2:
interface Ethernet0/1
ip vrf forwarding cu-green
ip address 192.168.22.254 255.255.255.0
Test reachability to SW4:
R2#ping vrf cu-green 192.168.22.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
On R1:
interface Ethernet0/2.100
mpls ip
!
interface Ethernet0/2.200
mpls ip
!
Configure BGP:
router bgp 65000
neighbor 10.10.10.2 remote-as 65000
neighbor 10.10.20.2 remote-as 65000
!
address-family vpnv4
neighbor 10.10.10.2 activate
neighbor 10.10.20.2 activate
exit-address-family
!
address-family ipv4 vrf cu-green
redistribute connected
exit-address-family
!
address-family ipv4 vrf cu-red
redistribute connected
exit-address-family
!
R1(config)#ip vrf cu-red
R1(config-vrf)#route-target both 65000:100
!
R1(config)#ip vrf cu-green
R1(config-vrf)#route-target both 65000:200
On R2:
interface Ethernet0/2.100
mpls ip
!
interface Ethernet0/2.200
mpls ip
!
router bgp 65000
neighbor 10.10.10.1 remote-as 65000
neighbor 10.10.20.1 remote-as 65000
!
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.20.1 activate
exit-address-family
!
address-family ipv4 vrf cu-green
redistribute connected
exit-address-family
!
address-family ipv4 vrf cu-red
redistribute connected
exit-address-family
R2(config)#ip vrf cu-red
R2(config-vrf)#route-target both 65000:100
!
R2(config)#ip vrf cu-green
R2(config-vrf)#route-target both 65000:200
Verification:
From SW1 to SW3:
SW1#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
But can't Reach SW2 or SW4 in VRF cu-green:
SW1#ping 192.168.22.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.22.1, timeout is 2 seconds:

NEW QUESTION # 320
A network administrator is troubleshooting a high utilization issue on the route processor of a router that was reported by NMS The administrator logged into the router to check the control plane policing and observed that the BGP process is dropping a high number of routing packets and causing thousands of routes to recalculate frequently. Which solution resolves this issue?

A. Police the cir for BGP, conform-action transmit, and exceed action transmit.
B. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action set-frde-transmit.
C. Shape the cir for BGP. conform-action transmit, and exceed action transmit.
D. Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp-transmit.

Answer: D

Explanation:
Explanation
CIR (Committed Information Rate) is the minimum guaranteed traffic delivered in the network.
PIR (Peak Information Rate) is the top bandwidth point of allowed traffic in a non busy times without any guarantee.

+ Policing: is used to control the rate of traffic flowing across an interface. During a bandwidth exceed (crossed the maximum configured rate), the excess traffic is generally dropped or remarked. The result of traffic policing is an output rate that appears as a saw-tooth with crests and troughs. Traffic policing can be applied to inbound and outbound interfaces. Unlike traffic shaping, QoS policing avoids delays due to queuing. Policing is configured in bytes.
+ Shaping: retains excess packets in a queue and then schedules the excess for later transmission over increments of time. When traffic reaches the maximum configured rate, additional packets are queued instead of being dropped to proceed later. Traffic shaping is applicable only on outbound interfaces as buffering and queuing happens only on outbound interfaces. Shaping is configured in bits per second.

Therefore in this case we can only policing, not shaping as traffic shaping is applicable only on outbound interfaces as buffering and queuing happens only on outbound interfaces. Moreover, BGP traffic is not important so we can drop the excess packets without any problems.
And we only policing the PIR traffic so that the route processor is not overwhelmed by BGP calculation.
Note: The "set-prec-transmit" is the same as "transmit" command except it sets the IP Precedence level as well. The "set-clp-transmit" sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet.

NEW QUESTION # 321
Refer to the exhibit.

After a new regional office is set up,not all guests can access the internet via guest Wi Fi. Clients are getting the correct IP address from guest Wi-Fi VLAN 364. which action resolves the issue ?

A. Allow DNS traffic through the inbound ACL
B. Allow DNS traffic through the outbound ACL
C. Allow 10.66.46.0/23 in the inbound ACL
D. Allow 10.66.46.0/23 in the outbound ACL

Answer: A

NEW QUESTION # 322
Refer to the exhibit.

After a new regional office is set up,not all guests can access the internet via guest Wi Fi. Clients are getting the correct IP address from guest Wi-Fi VLAN 364. which action resolves the issue ?

A. Allow DNS traffic through the inbound ACL
B. Allow DNS traffic through the outbound ACL
C. Allow 10.66.46.0/23 in the inbound ACL
D. Allow 10.66.46.0/23 in the outbound ACL

Answer: A

NEW QUESTION # 323
Which label operations are performed by a label edge router?

A. SWAP and PUSH
B. PUSH and POP
C. SWAP and POP
D. PUSH and PHP

Answer: B

Explanation:
Explanation
A label edge router (LER, also known as that operates at the edge of an MPLS network and acts as the entry and exit points for the network. LERs push an MPLS label onto an incoming packet and pop it off an outgoing packet.

NEW QUESTION # 324
Refer to the exhibit.

A network engineer finds that PC1 is accessing the hotel website to do the booking but fails to make payment.
Which action resolves the issue?

A. Allow stub network 10.10.202.168/30 on router R3 OSPF.
B. Configure a reverse route on R1 for PC1 172.16.1.0/24.
C. Decrease the AD to 5 OSPF route 192.168.94.0 on R1.
D. Increase the AD to 200 of static route 192.168.94.0 on R3.

Answer: A

NEW QUESTION # 325
What are two functions of MPLS Layer 3 VPNs? (Choose two.)

A. It is used for transparent point-to-multipoint connectivity between Ethernet links/sites.
B. Customer traffic is encapsulated in a VPN label when it is forwarded in MPLS network.
C. A packet with node segment ID is forwarded along with shortest path to destination.
D. BGP is used for signaling customer VPNv4 routes between PE nodes.
E. LDP and BGP can be used for Pseudowire signaling.

Answer: B,D

Explanation:
MPLS Layer-3 VPNs provide IP connectivity among CE sites * MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid IP connectivity* CE sites connect to the MPLS network via IP peering across PE-CE links* MPLS Layer-3 VPNs are implemented via VRFs on PE edge nodes * VRFs providing customer routing and forwarding segmentation* BGP used for signaling customer VPN (VPNv4) routes between PE nodes* To ensure traffic separation, customer traffic is encapsulated in an additional VPN label when forwarded in MPLS network* Key applications are layer-3 business VPN services, enterprise network segmentation, and segmented layer-3 Data Center access

NEW QUESTION # 326
Which mechanism provides traffic segmentation within a DMVPN network?

A. MPLS
B. iPsec
C. RSVP
D. BGP

Answer: B

NEW QUESTION # 327

Refer to the exhibit. The services at branch B are down. An engineer notices mal rouler A and router B are not exchanging any routes Which configuration resolves the issue on router B?

Answer: D

NEW QUESTION # 328

Refer to the exhibit A CoPP policy is implemented to allow specific control traffic, but the traffic is not matching as expected and is getting unexpected behavior of control traffic. Which action resolves the issue?

A. Use match-any instruction in class-map
B. Create a separate class map lor ICMP traffic.
C. Create a separate class map against each ACL.
D. Use default-class to match ICMP traffic

Answer: A

NEW QUESTION # 329
Refer to the exhibit.

R1 is being monitored using SNMP and monitoring devices are getting only partial information. What action should be taken to resolve this issue?

A. Modify the access list to include snmptrap.
B. Modify the CoPP policy to increase the configured CIR limit for SNMP.
C. Modify the access list to add a second line to allow udp any any eq snmp
D. Modify the CoPP policy to increase the configured exceeded limit for SNMP.

Answer: C

NEW QUESTION # 330

Refer to the exhibit. A network engineer is troubleshooting a failed link between R2 and R3 No traffic loss is reported from router R5 to HQ Which command fixes the separated backbone?

A. R3(config-router)#area 21 virtual-link 192.168.125.5
B. R2(config-router)#no area 21 stub
C. R3(config-router)#no area 21 stub
D. R2(config_router)#area 21 virtual-link 192.168.125.5

Answer: C

NEW QUESTION # 331
Drag and Drop the IPv6 First-Hop Security features from the left onto the definitions on the right.

Answer:

Explanation:

NEW QUESTION # 332
An engineer configured a company's multiple area OSPF head office router and Site A cisco routers with VRF lite. Each site router is connected to a PE router of an MPLS backbone.

After finishing both site router configurations, none of the LSA 3,4 5, and 7 are installed at Site A router.
Which configuration resolves this issue?

A. configure capability vrf-lite on Head Office and its connected PE router under router ospf 1 vrf abc
B. configure capability vrf-lite on both PE routers connected to Head Office and Site A routers under routtr ospf 1 vrf abc
C. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf abc
D. configure capability vrf-lite on Head Office and Site A routers under router ospf 1 vrf abc

Answer: B

NEW QUESTION # 333
Refer to the exhibit.

Refer to the exhibit A company builds WAN infrastructure between the head office and POPs using DMVPN hub-and-spoke topology to provide end-to-end communication All POPs must maintain point-to-point connectivity with the head office Which configuration meets the requirement at routers R12 and R13?