Practice Free 300-410 Exam Online Questions
When provisioning a device in Cisco DNA Center, the engineer sees the error message “Cannot select the device. Not compatible with template”.
What is the reason for the error?
- A . The template has an incorrect configuration.
- B . The software version of the template is different from the software version of the device.
- C . The changes to the template were not committed.
- D . The tag that was used to filter the templates does not match the device tag.
D
Explanation:
If you use tags to filter the templates, you must apply the same tags to the device to which you want to apply the templates. Otherwise, you get the following error during provisioning:
DCannot select the device. Not compatible with template.
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-
10/user_guide/b_cisco_dna_center_ug_1_2_10/b_dnac_ug_1_2_10_chapter_0111.html
An engineer needs dynamic routing between two routers and is unable to establish OSPF adjacency.
The output of the show ip ospf neighbor command shows that the neighbor state is EXSTART/EXCHANGE.
Which action should be taken to resolve this issue?
- A . match the passwords
- B . match the hello timers
- C . match the MTUs
- D . match the network types
C
Explanation:
16.0.0/16
The network administrator on R1 must improve convergence by blocking all subnets of 172-16.0.0/16 major network with a mask lower than 23 from coming in.
Which set of configurations accomplishes the task on R1?
- A . ip prefix-list PL-1 deny 172.16.0.0/16 le 23
ip prefix-list PL-1 permit 0.0.0.0/0 le 32
!
router bgp 100
neighbor 192.168.100.2 remote-as 200
neighbor 192.168.100.2 prefix-list PL-1 in - B . ip prefix-list PL-1 deny 172.16.0.0/16 ge 23
ip prefix-list PL-1 permit 0.0.0.0/0 le 32
!
router bgp 100
neighbor 192.168.100.2 remote-as 200
neighbor 192.168.100.2 prefix-list PL-1 in - C . access-list 1 deny 172.16.0.0 0.0.254.255
access-list 1 permit any
!
router bgp 100
neighbor 192.168.100.2 remote-as 200
neighbor 192.168.100.2 distribute-list 1 in - D . ip prefix-list PL-1 deny 172.16.0.0/16
ip prefix-list PL-1 permit 0.0.0.0/0
!
router bgp 100
neighbor 192.168.100.2 remote-as 200
neighbor 192.168.100.2 prefix-list PL-1 in
A
Explanation:
“Blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in” would block 172.16.16.0/20.
The first prefix-list “ip prefix-list PL-1 deny 172.16.0.0/16 le 23” means “all networks that fall within the 172.16.0.0/16 range AND that have a subnet mask of /23 or less” are denied.
The second prefix-list “ip prefix-list PL-1 permit 0.0.0.0/0 le 32” means allows all other prefixes.
Which type of ports are protected by IPv6 Source Guard?
- A . Layer 2 ports
- B . access ports
- C . Layer 3 ports
- D . trunk ports
Refer to the exhibit.
A customer finds that traffic from the application server (192.168.1.1) to the HUB site passes through a congested path that causes random packet drops. The NOC team influences the BGP path with MED on RB. but RD still sees that traffic coming from RA is not taking an alternate route.
Which configuration resolves the issue?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Refer to the exhibit.
An engineer must configure a LAN-to-LAN IPsec VPN between R1 and the remote router .
Which IPsec Phase 1 configuration must the engineer use for the local router?
- A . crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
!
crypto isakmp key cisco123 address 200.1.1.3 - B . crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 200.1.1.3 - C . crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 199.1.1.1 - D . crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123! address 199.1.1.1
A
Explanation:
Explanation
In the “crypto isakmp key … address ” command, the address must be of the IP address of the other end (which is 200.1.1.3 in this case) so Option A and Option B are correct. The difference between these two options are in the hash SHA or MD5 method but both of them can be used although SHA is better than MD5 so we choose Option A the best answer.
Note: Cisco no longer recommends using 3DES, MD5 and DH groups 1, 2 and 5.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_imgmt/configuration/xe-16-5/sec-ipsec-management-xe-16-5-book/sec-ipsec-usability-enhance.html
An engineer is implementing a coordinated change with a server team. As part of the change, the engineer must configure interlace GigabitEthernet2 in an existing VRF "RED" then move the interface to an existing VRF "BLUE" when the server team is ready. The engineer configured interface GigabitEthemet2 in VRF "RED"
Which configuration completes the change?
- A . interface GigabitEthernet2
no ip address
vrf forwarding BLUE - B . interface GigabitEthernet2
no vrf forwarding RED
vrf forwarding BLUE
ip address 10.0.0.0 255.255.255.254 - C . interface GigabitEthernet2
no vrf forwarding RED
vrf forwarding BLUE - D . interface GigabitEthernet2
no ip address
ip address 10.0.0.0 255.255.255.254
vrf forwarding BLUE
B
Explanation:
When assigning an interface to a VRF, the IP address will be removed so we have to reassign the IP address to that interface.
Refer to the exhibit.
When the FastEthemet0/1 goes down, the route to 172.29.0 0/16 via 192.168.253 2 is not installed in the RIB.
Which action resolves the issue?
- A . Configure reported distance greater than the feasible distance
- B . Configure feasible distance greater than the successor’s feasible distance.
- C . Configure reported distance greater than the successor’s feasible distance.
- D . Configure feasible distance greater than the reported distance
D
Explanation:
From the exhibit, we notice network 172.29.0.0/16 was learned via two routes:
+ From 192.168.254.2 with FD = 307200 and AD = 281600
+ From 192.168.253.2 with FD = 410200 and AD = 352300
The first route is installed into the RIB as the successor route because of lower FD.
When the first route fails, router will not use the second route as it does not satisfy the feasibility condition. The feasibility condition states that, the Advertised Distance (AD, also called the reported distance) of a route must be lower than the feasible distance of the current successor route.
Refer to the exhibit.
A network engineer cannot remote access R3 using Telnet from switch S1.
Which action resolves the issue?
- A . Allow the inbound connection via the exec command on R3.
- B . Add the transport input telnet command on R3.
- C . Allow to use the ssh -I admin 10.0.0.1 command on the switch.
- D . Add the login admin command on the switch.
Refer to the exhibit.
An IP SLA is configured to use the backup default route when the primary is down, but it is not working as desired.
Which command fixes the issue?
- A . R1(config)# ip route 0.0.0.0.0.0.0.0.2.2.2.2 10 track 1
- B . R1(config)# ip route 0.0.0.0.0.0.0.0.2.2.2.2
- C . R1(config)#ip sla track 1
- D . R1(config)# ip route 0.0.0.0.0.0.0.0.1.1.1.1 track 1
D
Explanation:
Reference: Note: By default Static Router AD value-1 hence ip route 0.0.0.0. 0.0.0.0. 1.1.1.1 track 1 means AD-1 which must be less than of back up route AD.
Define the backup route to use when the tracked object is unavailable. !— The administrative distance of the backup route must be greater than !— the administrative distance of the tracked route.!— If the primary gateway is unreachable, that route is removed!— and the backup route is installed in the routing table!— instead of the tracked route.
https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html