[CCNP] New ENCOR Questions Part 7-4
Question 83
Drag and drop the snippets onto the blanks within the code to construct a script that advertises the network prefix 192.168.5.0 session. Not all options are used.
Answer: 1-A; 2-C;3-B
=========================== New Questions (added on 27th-Jun-2021) ===========================
Question 84
How does an on-premises infrastructure compare to a cloud infrastructure?
A. On-premises can increase compute power faster than cloud B. On-premises offers faster deployment than cloud C. On-premises offers lower latency for physically adjacent systems than cloud D. On-premises requires less power and cooling resources than cloud
Answer: C
Question 85
Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly granted, it should be denied?
A. complete mediation B. least privilege C. economy of mechanism D. fail-safe defaults
Answer: D
Explanation
The Principle of Fail-Safe Defaults states that, unless a subject is given explicit access to an object, it should be denied access to that object.
Note: By the principle of least privilege, that administrator should only be able to access the subjects and objects involved in mail queueing and delivery. As we saw, this minimizes the threats if that administrator’s account is compromised. The mail system can be damaged or destroyed, but nothing else can be.
Reference: https://us-cert.cisa.gov/bsi/articles/knowledge/principles/failing-securely
Question 86
Refer to the exhibit.
Answer:
1 – interface/GigabitEthernet/1/ 2 – GET 3 – Accept
Question 87
Refer to the exhibit.
An engineer implemented several configuration changes and receives the logging message on Switch1. Which action should the engineer take to resolve this issue?
A. Change Switch1 to switch port mode dynamic desirable B. Change Switch2 to switch port mode dynamic auto C. Change Switch1 to switch port mode dynamic auto D. Change the VTP domain to match on both switches
Answer: D
Explanation
We can configure “switchport mode trunk” and “switchport mode dynamic desirable” on two ends with no problem. But trunking can be configured only when the ports belong to the same VTP domain.
=========================== New Questions (added on 10th-Jul-2021) ===========================
Question 88
Refer to the exhibit.
The EtherChannel between SW2 and SW3 is not operational. Which action resolves this issue?
A. Configure the channel-group mode on SW2 Gi0/1 and Gi0/1 to on B. Configure the channel-group mode on SW3 Gi0/1 to active C. Configure the mode on SW2 Gi0/0 to trunk D. Configure the mode on SW2 Gi0/1 to access
Answer: C
Explanation
From the output of “show run interface gigabitethernet0/0” of SW2, we see interface G0/0 is in access mode so we have to change to trunk mode to match with the configuration of G0/1 interface of SW2.
Question 89
A network administrator applies the following configuration to an IOS device. What is the process of password checks when a login attempt is made to the device?
| aaa new-model aaa authentication login default local group tacacs+ |
A. A TACACS+server is checked first. If that check fail, a database is checked. B. A TACACS+server is checked first. If that check fail, a RADIUS server is checked. If that check fail, a local database is checked. C. A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADIUS server is checked. D. A local database is checked first. If that check fails, a TACACS+server is checked.
Answer: D
Explanation
“aaa authentication login” specifies that you want to use authentication. You need to give the authentication parameters a list name, either default or some other name you define:
| aaa authentication login {default | list-name} group {group-name | radius | tacacs+} [method 2…3…4] |
+ The ‘default’ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.
+ The ‘local group tacacs+” means all users are authenticated using router’s local database first and then if required, TACACS server is tried.
Question 90
Refer to the exhibit.
Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and Router2 take over the forwarding role. Which command on Router1 causes it to take over the forwarding role when it return to service?
A. standby 2 priority B. standby 2 preempt C. standby 2 track D. standby 2 timers
Answer: B
Question 91
Drag and drop packet switching architecture from the left onto the correct positions on the right.
Answer:
Process Switching: + It is referred as “software” switching + It uses General Purpose CPU to perform that switching
Cisco Express Forwarding: + It is used when you have to perform in high packet volume
Question 92
Refer to the exhibit.
Switch1# show interfaces trunk
! Output omitted for brevity
Port Mode Encapsulation Status Native
Gi1/0/20 auto 802.1q trunking 10
Port Vlans allowed on trunk
Gi1/0/20 1-4094
Switch2# show interfaces trunk
! Output omitted for brevity
Port Mode Encapsulation Status Native
Gi1/0/20 auto 802.1q trunking 10
Port Vlans allowed on trunk
Gi1/0/20 1-4094
The trunk does not work over the back-to-back link between Switch1 interface Gig1/0/20 and Switch2 interface Gig1/0/20. Which configuration fixes the problem?
A. Switch2(config)#interface gig1/0/20 Switch2(config-if)#switchport mode dynamic desirable
B. Switch1(config)#interface gig1/0/20 Switch1(config-if)#switchport mode dynamic auto
C. Switch2(config)#interface gig1/0/20 Switch2(config-if)#switchport mode dynamic auto
D. Switch2(config)#interface gig1/0/20 Switch1(config-if)#switchport trunk native vlan 1 Switch2(config)#interface gig1/0/20 Switch2(config-if)#switchport trunk native vlan 1
Answer: A
Explanation
From the output, we learn that both interfaces are in “auto” mode so they cannot establish a trunk. We have to change one (or both) of them to “desirable” mode.
Question 93
What is the function of vBond in a Cisco SDWAN deployment?
A. onboarding of SDWAN routers into the SD-WAN overlay B. pushing of configuration toward SD-WAN routers C. initiating connections with SD-WAN routers automatically D. gathering telemetry data from SD-WAN routers
Answer: A
Explanation
Orchestration plane (vBond) assists in securely onboarding the SD-WAN WAN Edge routers into the SD-WAN overlay. The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All other components need to know the vBond IP or DNS information.
=========================== New Questions (added on 3rd-Aug-2021) ===========================
Question 94
What is the difference in dBm when an AP power increases from 25 mW to 100mW?
A. 75dBm B. 150dBm C. 6dBm D. 125dBm
Answer: C
Explanation
Formula to convert from mW to dBm:
P(dBm) = 10log10(mW)
Therefore:
+ 25mW converts to dBm: 10log10(25)= 13.98dBm + 100mW converts to dBm: 10log10(100) = 20dBm
The difference between them is about 6dBm.
Or a shorter way from the formula:
logAB – logAC = logA(B/C)
Then 10log10(100) – 10log10(25) = 10log10(100/25) = 10log10(4) = 6.02
Question 95
Which free application make REST call against DNA center?
A. Postman B. Ansible C. Chef D. Puppet
Answer: A
======================= New Questions (added on 11th-Aug-2021) =======================
Question 96
A network engineer must configure a router to send logging messages to a syslog server based on these requirements:
uses syslog IP address: 10.10.10.1 uses a reliable protocol must not use any well-known TCP/UDP ports
Which configuration must be used?
A. logging host 10.10.10.1 transport udp port 1024 B. logging origin-id 10.10.10.1 C. logging host 10.10.10.1 transport udp port 1023 D. logging host 10.10.10.1 transport tcp port 1024
Answer: D
Question 97
Drag and drop the characteristics from the left onto the routing protocols they describe on the right.
Answer:
EIGRP + It is an Advanced Distance Vector routing protocol + It relies on the Diffused Update Algorithm to calculate the shortest path to a destination + It requires an Autonomous System number to create a routing instance for exchanging routing information
OSPF + The default Administrative Distance is equal to 110 + It requires a process ID that is local to the router + It uses virtual links to connect two parts of a partitioned backbone through a non-backbone area
======================= New Questions (added on 16th-Aug-2021) =======================
Question 98
Refer to the exhibit.
psswd = (base64.b64decode(‘SzFwM001RzchCg==’). decode(‘utf-8’)).strip(‘/n’)
d = datetime.date.today()
date = str(10000*d.year + 100*d.month + d.day)
Refer to the exhibit. Which result does the python code achieve?
A. The code converts time to the yyyymmdd representation B. The code encrypts a base64 decrypted password C. The code converts time to the “year/month/day” time format D. The code converts time to the Epoch LINUX time format
Answer: A
Explanation
There are two results in the code above: + The first result is in the first line with “psswd” variable. The purpose of this line is to decrypt (not encrypt) an encrypted base64 string -> Answer B is not correct. + The second result is in the last line with “date” variable. Let’s take an example with the date 16th-Aug-2021 to see how the “date” variable is calculated:
date = 10000 * 2021 + 100 * 8 + 16 = 20210000 + 800 + 16 = 20210816 -> Therefore the date is in yyyymmdd format.
Question 99
Refer to the exhibit. Which command is required to verify NETCONF capability reply messages?
A. show netconf | section rpc-reply B. show netconf rpc-reply C. show netconf xml rpc-reply D. show netconf schema | section rpc-reply
Answer: D
Explanation
The output of the show netconf schema command displays the element structure for a NETCONF request and the resulting reply. This schema can be used to construct proper NETCONF requests and parse the resulting replies.
We tested this command under IOS-XE v16.05.01b and this is the result:
Other commands are not correct:
