[Jan 17, 2022] Fully Updated CCNP Enterprise (300-410) Certification Sample Questions [Q43-Q66]

Share

[Jan 17, 2022] Fully Updated CCNP Enterprise (300-410) Certification Sample Questions

Latest Cisco 300-410 Real Exam Dumps PDF


Skills Measured in Cisco 300-410 Exam

The Cisco 300-410 test covers a wide range of skills related to the implementation and troubleshooting of advanced routing technologies and services. Below you can see the main topic areas that appear in the exam content and their weight:

  • Layer 3 Technologies – 35%

    Within this domain, the examinees need to demonstrate the following skills: fixing administrative distance; fixing a route map for any routing protocol (tagging, attributes, filtering); fixing loop prevention mechanisms (route poisoning, filtering, split horizon, tagging); fixing redistribution between routing sources and any routing protocols; explaining Bidirectional Forwarding Detection; fixing manual and auto-summarization with any routing protocol; customizing and verifying policy-based routing; customizing and verifying VRF-Lite; fixing EIGRP (address IPv4 and IPv6 families, metrics, neighbor relationship and authentication, loop-free path selections, such as feasible successor, RD, FC, FD, successor, stuck in active, and load balancing); fixing v2/v3 OSPF (address IPv4 and IPv6 families, neighbor relationship and authentication, as well as router types, network types, area types); fixing external and internal BGP (policies, path preference, route reflector, neighbor relationship and authentication, address IPv4 and IPv6 families).

  • VPN Technologies – 20%

    This subject combines the questions that check the applicants’ abilities to: explain MPLS operations (LSP, LSR, label switching, LDP); explain MPLS Layer 3 VPN; customize and verify single hub DMVPN (NHRP, GRE/mGRE, dynamic neighbor, IPsec, spoke-to-spoke).

  • Infrastructure Security – 20%

    In the framework of this objective, the applicants are required to prove that they are capable of: fixing device security with the help of IOS AAA (local database, TACACS+, RADIUS); fixing security features, such as IPv4 access control lists, IPv6 traffic filter, unicast reverse path forwarding (uRPF); fixing control plane policing (CoPP) (OSPFT, Telnet, SSH, EIGRP, HTTP(S), BGP, SNMP); explaining IPv6 First Hop security features (ND inspection/snooping, RA guard, source guard, DHCP guard, binding table).

  • Infrastructure Services – 25%

    The last topic revolves around the following skills: fixing device management (Console and VTY; SSH, Telnet, HTTP, SCP HTTPS; FTP); fixing v2c and v3 SNMP; fixing network problems with the help of logging (timestamps, local, syslog, conditional debugs, debugs); fixing IPv4 and IPv6 DHCP (DHCP options, DHCP client, DHCP relay, IOS DHCP server); fixing network performance issues with the help pf IP SLA (connectivity, jitter, delay, tracking objects); fixing flexible, v5 and v9 NetFlow; fixing network issues with the help of Cisco DNA Center assurance (network health connectivity, device health, monitoring).


Having this certification opens new job opportunities as well as senior promotions in current positions you're working at. The following are only a few of the options that will be available for you as a Cisco CCNP Enterprise holder:

  • Information technology (IT) director
  • Senior network engineer
  • Information technology (IT) manager
  • Network security engineer
  • Network administrator
  • Network architect

Passing 300-410 exam also contributes to thickening your wallet! Mote, that according to PayScale, the approximate average annual salary for a CCNP Enterprise certified professional in the industry is a whopping $96k. Getting into details, senior network engineers earn an average of $101k per annum, while the average annual pay of network architects is even higher and reaches the mark of $122k as stated on the same source. If these figures cannot convince you of just how worth being CCNP Enterprise certified is, nothing else could.

 

NEW QUESTION 43
Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber?

  • A. shared risk link group-disjoint
  • B. lowest-repair-path-metric
  • C. interface-disjoint
  • D. linecard-disjoint

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/asr1000/ire-xe-3s-asr1000/ire-ipfrr.html

 

NEW QUESTION 44
Which protocol does MPLS use to support traffic engineering?

  • A. Label Distribution Protocol
  • B. Border Gateway Protocol
  • C. Resource Reservation Protocol
  • D. Tag Distribution Protocol

Answer: C

Explanation:

 

NEW QUESTION 45
Refer to the exhibit.

The output of the trace route from R5 shows a loop in the network. Which configuration prevents this loop?
A)

B)

C)

D)

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C

Answer: C

 

NEW QUESTION 46
Refer to Exhibit:


AS 111 wanted to use AS 200 as the preferred path for 172.20.5.0/24 and AS 100 as the backup. After the configuration, AS 100 is not used for any other routes. Whichconfiguration resolves the issue?

  • A. router bgp 111
    no neighbor 192.168.10.1 route-map SETLP in
    neighbor 192.168.10.1 route-map SETLP out
  • B. route-map SETLP permit 10
    match ip address prefix-list PLIST1
    set local-preference 110
    route-map SETLP permit 20
  • C. router bap 111
    no neighbor 192.168.10.1 route-map SETLP in
    neighbor 192.168.20.2 route-map SE TLP in
  • D. route-mmap SETLP permit 10
    match ip address prefix-list PLIST1
    set local-preference 99
    route-map SETLP permit 20

Answer: D

Explanation:
There is an implicit deny all at the end of any route-map so all other traffic that does not match 172.20.5.0/24 would be dropped. Therefore we have to add a permitsequence at the end of the route-map to allow other traffic.
The default value of Local Preference is 100 and higher value is preferred so we have to set the local preference of AS100 lower than that of AS200.

 

NEW QUESTION 47
Refer to the exhibit.

An engineer configures a static route on a router, but when the engineer checks the route to the destination, a different next hop is chosen. What is the reason for this?

  • A. The syntax of the static route is not valid, so the route is not considered.
  • B. Dynamic routing protocols always have priority over static routes.
  • C. The configured AD for the static route is higher than the AD of OSPF.
  • D. The metric of the OSPF route is lower than the metric of the static route.

Answer: C

Explanation:
The AD of static route is manually configured to 130 which is higher than the AD of OSPF router which is 110.

 

NEW QUESTION 48
Refer to the exhibit.

An engineer is monitoring reachability of the configured default routes to ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved?

  • A. Start IP SLA by matching numbers for track and ip sla commands
  • B. Use the icmp-echo command to track both default routes
  • C. Start IP SLA by defining frequency and scheduling it
  • D. Use the same AD for both default routes

Answer: A

 

NEW QUESTION 49
Refer to the exhibit.

Network operations cannot read or write an configuration on the device with this configuration from the operation subnet.
Which two configuration fix the issue? (Choose two.)

  • A. Configure SNMP rw permission in addition to version 1.
  • B. Modify access list 1 and allow operations subnet in the access list.
  • C. Configure SNMP rw permission in addition to community ciscotest.
  • D. Modify SNMP rw permission in addition to version 1.
  • E. Configure SNMP rw permission in addition to community ciscotest 1.

Answer: B,C

 

NEW QUESTION 50
Refer to the exhibit.

During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?

  • A. permit tcp port 465.
  • B. permit tcp port 443
  • C. permit udp port 465
  • D. permit tcp port 22

Answer: B

 

NEW QUESTION 51
Refer to the exhibit.

A network administrator configured mutual redistribution on R1 and R2 routers, which caused instability in the network. Which action resolves the issue?

  • A. Set a tag in the route map when redistributing EIGRP into OSPF on R1, and match the same tag on R2 to deny when redistributing OSPF into EIGRP.
  • B. Advertise summary routes of EIGRP to OSPF and deny specific EIGRP routes when redistributing into OSPF.
  • C. Set a tag in the route map when redistributing EIGRP into OSPF on R1. and match the same tag on R2 to allow when redistributing OSPF into EIGRP.
  • D. Apply a prefix list of EIGRP network routes in OSPF domain on R1 to propagate back into the EIGRP routing domain.

Answer: A

Explanation:
When doing mutual redistribution at multiple points (between OSPF and EIGRP on R1 & R2), we may create routing loops so we should use route-map to prevent redistributed routes from redistributing again into the original domain.
In the below example, the route-map "SET-TAG" is used to prevent any routes that have been redistributed into EIGRP from redistributed again into OSPF domain by tagging these routes with tag 1:

 

NEW QUESTION 52
Refer to the exhibit.

A router receiving BGP routing updates from multiple neighbors for routers in AS 690. What is the reason that the router still sends traffic that is destined to AS 690 to a neighbor other than 10.222.1.1?

  • A. The route map is applied in the wrong direction.
  • B. The local preference value in another neighbor statement is higher than 250.
  • C. The weight value in another neighbor statement is higher than 200.
  • D. The local preference value should be set to the same value as the weight in the route map.

Answer: C

 

NEW QUESTION 53
Refer to the exhibit.

An administrator that is connected to the console does not see debug messages when remote users log in. Which action ensures that debug messages are displayed for remote logins?

  • A. Enter the transport input ssh configuration command.
  • B. Enter the aaa new-model configuration command.
  • C. Enter the logging console debugging configuration command.
  • D. Enter the terminal monitor exec command.

Answer: C

Explanation:
Explanation
The logging console is a default and hidden command.

 

NEW QUESTION 54
Drag and drop the MPLS VPN concepts from the left onto the correct descriptions on the right.

Answer:

Explanation:

Reference:
https://www.rogerperkin.co.uk/featured/route-distinguisher-vs-route-target/

 

NEW QUESTION 55
Refer to the exhibit.

The network administrator configured VRF lite for customer A.
The technician at the remote site misconfigured VRF on the router. Which configuration will resolve connectivity for both sites of customer a?

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C

Answer: A

Explanation:
Explanation
From the exhibit, we learned:
+ VRF customer_a was exported with Route target (RT) of 1:1 so at the remote site it must be imported with the same RT 1:1.
+ VRF customer_a was imported with Route target (RT) of 1:1 so at the remote site it must be exported with the same RT 1:1.
Therefore at the remote site we must configure the command "route-target both 1:1" (which is equivalent to two commands "route-target import 1:1" & "route-target export 1:1".

 

NEW QUESTION 56
What is a role of route distinguishers in an MPLS network?

  • A. Route distinguishers define which prefixes are imported and exported on the edge router
  • B. Route distinguishers are used for label bindings.
  • C. Route distinguishers make a unique VPNv4 address across the MPLS network
  • D. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.

Answer: C

 

NEW QUESTION 57
Drag and drop the actions from the left into the correct order on the right to configure a policy to avoid following packet forwarding based on the normal routing path.

Answer:

Explanation:

Explanation

https://community.cisco.com/t5/networking-documents/how-to-configure-pbr/ta-p/3122774

 

NEW QUESTION 58
Refer to the exhibit.

Network operations cannot read or write any configuration on the device with this configuration from the operations subnet. Which two configurations fix the issue? (Choose two.)

  • A. Configure SNMP rw permission in addition to version 1.
  • B. Modify access list 1 and allow SNMP in the access list.
  • C. Modify access list 1 and allow operations subnet in the access list.
  • D. Configure SNMP rw permission in addition to community ciscotest.
  • E. Configure SNMP rw permission in addition to community ciscotest 1.

Answer: C,D

 

NEW QUESTION 59
Drag and drop the MPLS terms from the left onto the correct definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 60
Refer to the exhibit.

Which interface configuration must be configured on the HUB router to enable MVPN with mGRE mode?

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C

Answer: D

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-m

 

NEW QUESTION 61
Refer to the exhibit.

Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?

  • A. Configure the DHCP lease time to a smaller value
  • B. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool
  • C. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool
  • D. Configure the DHCP lease time to a bigger value

Answer: D

 

NEW QUESTION 62
Refer to the exhibit.

An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+. Which action produces the desired configuration?

  • A. Replace the capital "C" with a lowercase "c" in the aaa authentication login Console local command.
  • B. Add the aaa authentication login default group tacacs+ local-case command to the global configuration.
  • C. Add the aaa authentication login default none command to the global configuration.
  • D. Add the login authentication Console command to the line configuration

Answer: D

 

NEW QUESTION 63
Refer to the exhibit.

What does the imp-null tag represent in the MPLS VPN cloud?

  • A. Pop the label
  • B. Impose the label
  • C. Exclude the EXP bit
  • D. Include the EXP bit

Answer: A

Explanation:
Explanation
The imp-null (implicit null) tag instructs the upstream router to pop the tag entry off the tag stack before forwarding the packet.
Note: pop means remove the top MPLS label

 

NEW QUESTION 64
What are two functions of IPv6 Source Guard? (Choose two.)

  • A. It blocks certain traffic by inspecting DHCP packets for specific sources.
  • B. It denies traffic from unknown sources or unallocated addresses.
  • C. It uses the populated binding table for allowing legitimate traffic.
  • D. It denies traffic by inspecting neighbor discovery packets for specific pattern.
  • E. It works independent from IPv6 neighbor discovery.

Answer: B,C

Explanation:

 

NEW QUESTION 65
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route reflector learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3.
What is the reason the route is not advertised?

  • A. R2 does not have a route to the next hop, so R2 does not advertise the prefix to other clients.
  • B. In route reflector setup, only classful prefixes are advertised to other clients.
  • C. In route reflector setups, prefixes are not advertised from one client to another.
  • D. Route reflector setup requires full IBGP mesh between the routers.

Answer: A

Explanation:
Section: Layer 3 Technologies

 

NEW QUESTION 66
......

Cisco 300-410 Dumps - Secret To Pass in First Attempt: https://www.bootcamppdf.com/300-410_exam-dumps.html

300-410 Practice Test Questions Updated 215 Questions: https://drive.google.com/open?id=10c-ILjjgigV8aZ83pL3_VpcvzNkYV3os