350-401 Practice Exam Questions with Answers Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Certification

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

Use Cisco AMP deployment with the Exploit Prevention engine enabled.

Use Cisco Firepower and block traffic to TOR networks.

TrustSec

MACsec

IPsec

GRE

host dependent  

weighted

least connection

round robin

detect and locate

FastLocate

hyperlocation

RF fingerprinting

POST /auth/token

GET /network-device

GET /template-programmer/template/version/42a3df73-3ef4-49e2-b4f0-6927bbd4bf52

POST /discovery

RF tag

policy tag

site tag

AP tag

security ft adaptive

security wpa akm dotlx

security wpa akm psk

security wpa akm ft psk

none

PSK

802.1x

CCKM

They enable programmers to change or write their own application within the device operating system.

They create more secure and efficient SNMP OIDs.

They make the CLI simpler and more efficient.

They provide a standardized data structure, which results in configuration scalability and consistency.

Monitor

Rogue detector

SE-Connect

Sniffer

component set by the administrator to differentiate similar nodes that offer a common service

value that identifies a specific tunnel within the Cisco Catalyst SD-WAN overlay

identifier that represents a specific service offered by nodes within the Cisco Catalyst SD-WAN overlay

attribute that acts as a next hop for network prefixes

ISE server

local WLC

RADIUS server

anchor WLC

BFD requires a FHRP in order to provide sub second host failover.

BFD can be deployed without any IP routing protocols being configured.

NSF and graceful restart must be enabled on all participating routers.

Cisco Express forwarding and IP routing must be enabled on all participating routers.

to enable vBond to learn the public IP of WAN Edge devices that are behind NAT gateways or in private address space

to facilitate downloading and distribution of operational and security patches

to allow for global reachability from all WAN Edges in the Cisco SD-WAN and to facilitate NAT traversal

to provide access to Cisco Smart Licensing servers for license enablement

northbound API

RESTCONF

Southbound API

IPsec

SNMP

a specified range of IP addresses

NETCONF

LLDP

ping

CDP

crypto file ransomware protection using a file hash calculation

file retrospection using continuous scan and analyses

phishing file quarantine using an internal environment to store attached files

file sandboxing using a protected environment to analyze and simulate the behavior of unknown files

Virtual IPv4 Address must be set to a routable address.

Virtual IPv4 Hostname must match the CN of the certificate.

Trustpoint must be set to the management certificate of the WLC.

Web Auth Intercept HTTPs must be enabled.

EIRP

mW

dBm

dBi

when a stack member fails

when the stack primary is reset

when a switch with a higher priority is added to the stack

when the priority value of a stack member is changed to a higher value

TrustSec to logically group internal user environments and assign policies

ISE to automate network access control leveraging RADIUS AV pairs

RFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs

802 1AE to secure communication in the network domain

broadcast discover request

join request to all the WLCs

unicast discovery request to each WLC

Unicast discovery request to the first WLS that resolves the domain name

Statically set TX power on access points to max.

Disable low data rates.

Set mandatory data rates.

Decrease TX power on access points.

PULL

ADD

HEAD

REMOVE

GET

PUSH

They implement the NETCONF protocol.

They push configuration changes down to devices.

They exchange XML-formatted content.

They implement the RESTCONF protocol.

80%

8.8%

.08%

8%

It imports the functions that are not available natively in Python

It imports the functions of a third-party module

It imports a Python module

It imports an external reference

virtual private network for remote access

DDoS protection

firewall protection of the east-west traffic at the data center

firewall protection of the south-north traffic at the data center

Use TLS to secure the underlying HTTP session.

Use me POST method Instead or URL-encoded GET to pass parameters.

Deploy digest-based authentication to protect the access to the API.

Encode sensitive data using Base64 encoding.

IPsec

TrustSec

MACSec

GRE

802.1XandSUITEB-1X

FT PSK and Fast Transition

802.1X and Fast Transition

FTPSKandSUITEB-1X

angle of arrival

location patterning

TTL

line of sight

IS-IS

LISP

Cisco TrustSec

VXLAN

CNAME record

A record

NS record

SOA record

over the DS

adaptive R

802.11V

802.11k

Option A

Option B

Option C

Option D

list of ordered statements that define node configurations and authentication used within the SD-WAN overlay

set of statements that defines how data is forwarded based on IP pocket information and specific VPNs

detailed database mapping several kinds of addresses with their corresponding location

group of services tested to guarantee devices and links liveliness within the SD-WAN overlay

vBond

vManage

vSmart

WAN edge

unknown file analysis using sandboxing

advanced endpoint protection against malware

end-to-end traffic encryption

simplified management of network access

consistent network segmentation

IPsec

GRE

Basic Auth

OAuth 2.0

event manager applet ondemand

event register

action 1.0 syslog priority critical msg 'This is a message from ondemand'

event manager applet ondemand

event manual

action 1.0 syslog priority critical msg 'This is a message from ondemand'

event manager applet ondemand

event none

action 1.0 syslog priority critical msg 'This is a message from ondemand'

event manager applet ondemand

action 1.0 syslog priority critical msg 'This is a message from ondemand'

SWIM

Img-Mgmt

PnP

Client Health

The 2 4-GHz balWMS§24 non-overlapping channels

Devices that connect to the same Wi-Fi channel reside in the same collision domain.

Wi-Fi channels are spaced 30 MHz apart.

The 5-GHz band offers 11 different channels for Wi-Fi clients

Summarize routes from the aggregation layer toward the core layer.

Summarize from the access layer toward the aggregation layer.

Configure passive-interface on nontransit links.

Implement security features at the core.

Tune Cisco Express Forwarding load balancing hash for ECMP routing.

Policy can be applied on a hop-by-hop basis.

There is no requirement to run IEEE 802.1X when TrustSec is enabled on a switch port

Application flows between hosts on the LAN to remote destinations can be encrypted.

Policy or ACLs are not required.

VXIAN

IS-IS

802.1

CTS

It extends Layers 2 and Layer 3 overlay network over a Layer 2 underly.

It has a 12-byte packet header.

Its frame encapsulation is performed by MAC-in-UDP.

It uses TCP for transport

printfresponset[jsonrpc'][‘body’]['simple_time'])

print(response[result'][0][,simple_time,])

printfresponsefresult'Jfbody'JfsimpleJime'])

printfresponsel'body'jrsimplejime'])

It enables HSRP to elect another switch in the group as the active HSRP switch.

It ensures fast failover in the case of link failure.

It enables data forwarding along known routes following a switchover, white the routing protocol reconverges.

It enables HSRP to failover to the standby RP on the same device.

anchor

foreign

mobility

transparent