Home Exams
Log In Sign Up
Exams > Cisco > 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Page 6 out of 44 pages Questions 51-60 out of 436 questions
Question#51

While troubleshooting connectivity issues to a router, these details are noticed:
✑ Standard pings to all router interfaces, including loopbacks, are successful.
✑ Data traffic is unaffected.
✑ SNMP connectivity is intermittent.
✑ SSH is either slow or disconnects frequently.
Which command must be configured first to troubleshoot this issue?

  • A. show policy-map control-plane
  • B. show policy-map
  • C. show interface | inc drop
  • D. show ip route
Discover Answer Hide Answer

A

Question#52


Refer to the exhibit. Why is user authentication being rejected?

  • A. The TACACS+ server expects ג€userג€, but the NT client sends ג€domain/userג€.
  • B. The TACACS+ server refuses the user because the user is set up for CHAP.
  • C. The TACACS+ server is down, and the user is in the local database.
  • D. The TACACS+ server is down, and the user is not in the local database.
Discover Answer Hide Answer

D
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13864-tacacs-pppdebug.html

Question#53


Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?

  • A. policy-map SHAPE_BGP
  • B. policy-map LIMIT_BGP
  • C. policy-map POLICE_BGP
  • D. policy-map COPP
Discover Answer Hide Answer

D

Question#54

Which statement about IPv6 RA Guard is true?

  • A. It does not offer protection in environments where IPv6 traffic is tunneled.
  • B. It cannot be configured on a switch port interface in the ingress direction.
  • C. Packets that are dropped by IPv6 RA Guard cannot be spanned.
  • D. It is not supported in hardware when TCAM is programmed.
Discover Answer Hide Answer

A
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-ra-guard.pdf

Question#55

An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing.
Which two actions resolve the issue? (Choose two.)

  • A. Configure transport input ssh command on the console.
  • B. Configure a domain name.
  • C. Configure a crypto key to be generated.
  • D. Configure a source port for the SSH connection to initiate.
  • E. Configure a TACACS+ server and enable it.
Discover Answer Hide Answer

BC

Question#56

When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device.
Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?

  • A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
  • B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
  • C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
  • D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
Discover Answer Hide Answer

B

Question#57

In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)

  • A. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
  • B. by various IPv6 guard features to validate the data link layer address
  • C. by the recovery mechanism to recover the binding table in the event of a device reboot
  • D. by IPv6 routing protocols to securely build neighborships without the need of authentication
  • E. by storing hashed keys for IPsec tunnels for the built-in IPsec features
Discover Answer Hide Answer

BC

Question#58


Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1.
Which configuration allows Router2 to establish a Telnet connection to Router1?

  • A. ipv6 unicast-routing
  • B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
  • C. permit ip any any on access list EGRESS2 on Router1
  • D. IPv6 address on GigabitEthernet0/0
Discover Answer Hide Answer

C

Question#59

An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?

  • A. ip verify unicast source reachable-via l2-src
  • B. ip verify unicast source reachable-via allow-default
  • C. ip verify unicast source reachable-via any
  • D. ip verify unicast source reachable-via rx
Discover Answer Hide Answer

C

Question#60


Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary traffic through the interface
Which command must be configured to resolve the issue?

  • A. ip access-group INTERNET in
  • B. ipv6 traffic-filter INTERNET in
  • C. ipv6 access-class INTERNET in
  • D. access-class INTERNET in
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6/113126-ipv6-acl-00.html

chevron rightPrevious Nextchevron right
Email: support@exam-data.com
Copyright © 2024 Exam Data. All rights reserved.
Home Exams
chevron
Public Agreement Privacy Policy Sales and Refunds