Home Exams
Log In Sign Up
Exams > Cisco > 300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Page 7 out of 44 pages Questions 61-70 out of 436 questions
Question#61

Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?

  • A. VACL blocking broadcast frames from nonauthorized hosts
  • B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
  • C. PVLANs with community ports associated to route advertisements and isolated ports for nodes
  • D. IPv4 ACL blocking route advertisements from nonauthorized hosts
Discover Answer Hide Answer

B

Question#62


Refer to the exhibit.
Which action resolves the failed authentication attempt to the router?

  • A. Configure aaa authorization console global command
  • B. Configure aaa authorization console command on line vty 0 4
  • C. Configure aaa authorization login command on line console 0
  • D. Configure aaa authorization login command on line vty 0 4
Discover Answer Hide Answer

A
Reference:
https://community.cisco.com/t5/network-access-control/console-authorization-issue/td-p/2492619

Question#63


Refer to the exhibit. A network administrator logs into the router using TACACS+ username and password credentials, but the administrator cannot run any privileged commands.
Which action resolves the issue?

  • A. Configure the username from a local database
  • B. Configure TACACS+ synchronization with the Active Directory admin group
  • C. Configure an authorized IP address for this user to access this router
  • D. Configure full access for the username from TACACS+ server
Discover Answer Hide Answer

D

Question#64


Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server.
Which action resolves this issue?

  • A. Correct the timeout value.
  • B. Match the authentication port.
  • C. Correct the shared secret.
  • D. Match the accounting port.
Discover Answer Hide Answer

B

Question#65


Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only partial information.
What action should be taken to resolve this issue?

  • A. Modify the CoPP policy to increase the configured exceeded limit for SNMP.
  • B. Modify the access list to include snmptrap.
  • C. Modify the CoPP policy to increase the configured CIR limit for SNMP.
  • D. Modify the access list to add a second line to allow udp any any eq snmp.
Discover Answer Hide Answer

B

Question#66


Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log config all.
Which router configuration is needed to resolve this issue?

  • A. MASS-RTR(config)#aaa authentication arap
  • B. MASS-RTR(config-archive-log-cfg)#password encryption aes
  • C. MASS-RTR(config)#service password-encryption
  • D. MASS-RTR(config-archive-log-cfg)#hidekeys
Discover Answer Hide Answer

D

Question#67


Refer to the exhibit. BGP is flapping after the CoPP policy is applied.
What are the two solutions to fix the issue? (Choose two.)

  • A. Configure a higher value for CIR under the Class COPP-CRITICAL-7600.
  • B. Configure a higher value for CIR under the default class to allow more packets during peak traffic.
  • C. Configure BGP in the COPP-CRITICAL-7600 ACL.
  • D. Configure IP CEF for CoPP policy and BGP to work.
  • E. Configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600.
Discover Answer Hide Answer

BC

Question#68


Refer to the exhibit. A network administrator configured an IPv6 access list to allow TCP return traffic only, but it is not working as expected.
Which changes resolve this issue?
A.

B.

C.

D.

Discover Answer Hide Answer

A

Question#69

What are two functions of IPv6 Source Guard? (Choose two.)

  • A. It works independent from IPv6 neighbor discovery.
  • B. It denies traffic from unknown sources or unallocated addresses.
  • C. It uses the populated binding table to allow legitimate traffic.
  • D. It denies traffic by inspecting neighbor discovery packets for specific patterns.
  • E. It blocks certain traffic by inspecting DHCP packets for specific sources.
Discover Answer Hide Answer

BC

Question#70


Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.)

  • A. Remove class-map ANY from service-policy CoPP.
  • B. Configure transport output ssh on line vty and remove sequence 20 from access list 100.
  • C. Configure transport input ssh on line vty and remove sequence 30 from access list 100.
  • D. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199.
  • E. Configure transport output ssh on line vty and remove sequence 10 from access list 199.
Discover Answer Hide Answer

AC

chevron rightPrevious Nextchevron right
Email: support@exam-data.com
Copyright © 2024 Exam Data. All rights reserved.
Home Exams
chevron
Public Agreement Privacy Policy Sales and Refunds