Practice Free 300-410 Exam Online Questions
Refer to the exhibit.
An engineer configured NetFlow to capture traffic information through the router, but it iOS not working as expected.
Which action captures the flow information from this router to the collector?
- A . Change the interface configuration FLOW-MONITOR-1 from input to output.
- B . Configure a flow exporter under flow FLOW-MONITOR-1.
- C . Configure more than one flow exporter destination addresses.
- D . Change the flow exporter transport protocol from UDP to TCP
Refer to the exhibit.
A customer reports that networks in the 10.0.1.0/24 space do not appear in the RIP database.
What action resolves the issue?
- A . Remove summarization of 10.0.0.078.
- B . Permit 10.0.1.0/24 address in the ACL.
- C . Remove ACL on R1 blocking 10.0.1.0/24 network.
- D . Configure 10.0.1.0/24 network under RIP.
Refer to the exhibit.
A network administrator is using the DNA Assurance Dashboard panel to troubleshoot an OSPF adjacency that failed between Edge_NYC interface GigabitEthernet1/3 with Neighbor Edge_SNJ. The administrator observes that the neighborship is stuck in exstart state.
How does the administrator fix this issue?
- A . Configure to match the OSPF interface speed and duplex settings on both routers.
- B . Configure to match the OSPF interface MTU settings on both routers.
- C . Configure to match the OSPF interface unique IP address and subnet mask on both routers.
- D . Configure to match the OSPF interface network types on both routers.
B
Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13684-12.html
What is a limitation of IPv6 RA Guard?
- A . It is not supported in hardware when TCAM is programmed
- B . It does not offer protection in environments where IPv6 traffic is tunneled.
- C . It cannot be configured on a switch port interface in the ingress direction
- D . Packets that are dropped by IPv6 RA Guard cannot be spanned
B
Explanation:
Restrictions for IPv6 RA Guard
The IPv6 RA Guard feature does not offer protection in environments where IPv6 traffic is tunneled.
This feature is supported only in hardware when the ternary content addressable memory (TCAM) is programmed.
This feature can be configured on a switch port interface in the ingress direction.
This feature supports host mode and router mode.
This feature is supported only in the ingress direction; it is not supported in the egress direction.
This feature is not supported on EtherChannel and EtherChannel port members.
This feature is not supported on trunk ports with merge mode.
This feature is supported on auxiliary VLANs and private VLANs (PVLANs). In the case of PVLANs, primary VLAN features are inherited and merged with port features.
Packets dropped by the IPv6 RA Guard feature can be spanned.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16-10/ip6f-xe-16-10-book/ip6-ra-guard.html#GUID-589AF00C-7499-439F-AD23-51005D61CAB7
Which SNMP verification command shows the encryption and authentication protocols that are used in SNMPV3?
- A . show snmp group
- B . show snmp user
- C . show snmp
- D . show snmp view
Refer to the exhibit.
An engineer applied filter on R1 The interface flapped between R1 and R2 and cleaning the BGP session did not restore the BGP session and failed.
Which action must the engineer take to restore the BGP session from R2 to R1?
- A . Apply the IPv6 traffic filter in the outbound direction on the interface
- B . ICMPv6 must be permitted by the IPv6 traffic filter
- C . Enable the BGP session, which went down when the session was cleared.
- D . Swap the source and destination IP addresses in the IPv6 traffic filter
1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47 TypE. dynamic, Flags: authoritative unique nat registered used NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
- A . It was obtained directly from the next-hop server.
- B . Data packets are process switches for this mapping entry.
- C . NHRP mapping is for networks that are local to this router.
- D . The mapping entry was created in response to an NHRP registration request.
- E . The NHRP mapping entry cannot be overwritten.
Refer to the exhibit.
An engineer cannot copy the IOS.bin file from the FTP server to the switch.
Which action resolves the issue?
- A . Allow file permissions to download the file from the FTP server.
- B . Add the IOS.bin file, which does not exist on FTP server.
- C . Make memory space on the switch flash or USB drive to download the file.
- D . Use the copy flash:/ ftp://[email protected]/IOS.bin command.
Which protocol must be secured with MD-5 authentication across the MPLS cloud to prevent hackers from introducing bogus routers?
- A . MP-BGP
- B . LSP
- C . RSVP
- D . LDP
Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?
- A . VACL blocking broadcast frames from nonauthorized hosts
- B . PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
- C . PVLANs with community ports associated to route advertisements and isolated ports for nodes
- D . IPv4 ACL blocking route advertisements from nonauthorized hosts
B
Explanation:
The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform. Router Advertisements are used by devices to announce themselves on the link. The IPv6 Router Advertisement Guard feature analyzes these router advertisements and filters out router advertisements that are sent by unauthorized devices.
Certain switch platforms can already implement some level of rogue RA filtering by the administrator configuring Access Control Lists (ACLs) that block RA ICMP messages that might be inbound on “user” ports.
Reference: https://datatracker.ietf.org/doc/html/rfc6104