Practice Free 300-410 Exam Online Questions
An engineer creates a Cisco DNA Center cluster with three nodes, but all the services are running on one host node.
Which action resolves this issue?
- A . Restore the link on the switch interface that is connected to a cluster link on the Cisco DNA Center
- B . Click the master host node with all the services and select services to be moved to other hosts
- C . Enable service distribution from the Systems 360 page.
- D . Click system updates, and upgrade to the latest version of Cisco DNA Center.
C
Explanation:
To deploy Cisco DNA Center on a three-node cluster with High Availability (HA) enabled, complete the following procedure:
Step 1: Configure Cisco DNA Center on the first node in your cluster…
Step 2: Configure Cisco DNA Center on the second node in your cluster…
Step 3: Configure Cisco DNA Center on the third node in your cluster…
Step 4: Enable high availability on your cluster:
a. In the Cisco DNA Center GUI, click and choose System Settings. The System 360 tab is displayed by default.
b. In the Hosts area, click Enable Service Distribution.
After you click Enable Service Distribution, Cisco DNA Center enters into maintenance mode. In this mode, Cisco DNA Center is unavailable until the redistribution of services is completed. You should take this into account when scheduling an HA deployment.
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automationand-
management/dna-center/1-3-3-0/ha_guide/b_cisco_dna_center_ha_guide_1_3_3_0.html Therefore we can choose “Enable Service Distribution” to distribute services to other host nodes.
Refer to the exhibit.
The network administrator must configure Cape Town to reach Dubai via Tokyo based on the speeds provided by the service provider. It was noticed that Cape Town is reaching Dubai directly and failed to meet the requirement.
Which configuration fixes the issue?
A)
B)
C)
D)
- A . Option
- B . Option
- C . Option
- D . Option
Refer to the exhibit.
Which routes from OSPF process 5 are redistributed into EIGRP?
- A . E1 and E2 subnets matching access list TO-OSPF
- B . E1 and E2 subnets matching prefix list TO-OSPF
- C . only E2 subnets matching access list TO-OSPF
- D . only E1 subnets matching prefix listTO-OS1
Which list defines the contents of an MPLS label?
- A . 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
- B . 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
- C . 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
- D . 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
A
Explanation:
The first 20 bits constitute a label, which can have 2^20 values. Next comes 3 bit value called Traffic Class. It was formerly called as experimental (EXP) field. Now it has been renamed to Traffic Class (TC). This field is used for QoS related functions. Ingress router can classify the packet according to some criterion and assign a 3 bit value to this filed. If an incoming packet is marked with some IP Precedence or DSCP value and the ingress router may use such a field to assign an FEC to the packet. Next bit is Stack bit which is called bottom-of-stack bit. This field is used when more than one label is assigned to a packet, as in the case of MPLS VPNs or MPLS TE. Next byte is MPLS TTL field which serves the same purpose as that of IP TTL byte in the IP header
Reference: https://tools.ietf.org/html/rfc5462
What is an advantage of using BFD?
- A . It detects local link failure at layer 1 and updates routing table.
- B . It detects local link failure at layer 2 and updates routing protocols.
- C . It has sub-second failure detection for layer 1 and layer 3 problems.
- D . It has sub-second failure detection for layer 1 and layer 2 problems.
Refer to the exhibit.
AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server.
Which action resolves this issue?
- A . Match the authentication port
- B . Match the accounting port
- C . Correct the timeout value.
- D . Correct the shared secret.
A
Explanation:
Command Default
Accounting port: 1813
Authentication port: 1812
Accounting: enabled
Authentication: enabled
Retransmission count: 1
Idle-time: 0
Server monitoring: disabled
Timeout: 5 seconds
Test username: test
Test password: test
Reference: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/radius-server-host.html
By default, RADIUS uses UDP port 1812 for authentication and port 1813 for accounting. In the exhibit above we see port 1814 is being used for authentication to AAA server at 10.1.1.1 which is not the default port so we must adjust the authentication port to the default value 1812.
Refer to the exhibit.
R1 and R2 are configured for EIGRP peering using authentication and the neighbors failed to come up.
Which action resolves the issue?
- A . Configure a matching key-id number on both routers
- B . Configure a matching lowest key-id on both routers
- C . Configure a matching key-chain name on both routers
- D . Configure a matching authentication type on both router
Refer to the exhibit.
A network administrator is discovering a Cisco Catalyst 9300 and a Cisco WLC 3504 in Cisco DNA Center. The Catalyst 9300 is added successfully However the WLC is showing [ error "uncontactable" when the administrator tries to add it in Cisco DNA Center.
Which action discovers WLC in Cisco DNA Center successfully?
- A . Copy the .cert file from the Cisco DNA Center on the USB and upload it to the WLC 3504.
- B . Delete the WLC 3504 from Cisco DNA Center and add it to Cisco DNA Center again.
- C . Add the WLC 3504 under the hierarchy of the Catalyst 9300 connected devices.
- D . Copy the .pern file from the Cisco DNA Center on the USB and upload it to the WLC 3504.
D
Explanation:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc12
Refer to the exhibit.
An engineer sets up a DMVPN connection to connect branch 1 and branch 2 to HQ branch 1 and branch 2 cannot communicate with each other.
Which change must be made to resolve this issue?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
D
Explanation:
R1(config)#int tunnel 1
R1(config-if) no ip split-horizon eigrp 100
What are two characteristics of IPv6 Source Guard? (Choose two.)
- A . requires IPv6 snooping on Layer 2 access or trunk ports
- B . used in service provider deployments to protect DDoS attacks
- C . requires the user to configure a static binding
- D . requires that validate prefix be enabled
- E . recovers missing binding table entries
D,E
Explanation:
IPv6 Source Guard uses the IPv6 First-Hop Security Binding Table to drop traffic from unknown sources or bogus IPv6 addresses not in the binding table. The switch also tries to recover from lost address information, querying DHCPv6 server or using IPv6 neighbor discovery to verify the source IPv6 address after dropping the offending packet(s).
Reference: https://blog.ipspace.net/2013/07/first-hop-ipv6-security-features-in.html