300-410 | ExamData

Question#71

Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets?

A. Decrease the committed burst size of the mgmt class map.
B. Increase the CIR of the mgmt class map.
C. Add one new entry in the ACL 120 to permit the UDP port 161.
D. Add a new class map to match TCP traffic.

Discover Answer

B

Question#72

DRAG DROP -

Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used.
Select and Place:

Discover Answer

Question#73

Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time.
Which action resolves the issue?

A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list.
B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list.
C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.
D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list.

Discover Answer

B

Question#74

Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface.
Which action resolves the issue?

A. Modify line 10 of the access list to permit instead of deny.
B. Remove line 60 from the access list.
C. Modify line 30 of the access list to permit instead of deny.
D. Remove line 70 from the access list.

Discover Answer

C

Question#75

Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SSH.
Which action should be taken to resolve this issue?

A. Modify the access list to use the correct IP address.
B. Configure the correct time range.
C. Modify the access list to correct the subnet mask.
D. Configure the access list in the outbound direction.

Discover Answer

C

Question#76

Refer to the exhibit.

A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop-only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123
Which command will resolve this problem when WAN connectivity is down?

A. aaa authentication login console group tacacs+ enable
B. aaa authentication login default group tacacs+ local
C. aaa authentication login default group tacacs+ enable
D. aaa authentication login default group tacacs+ console

Discover Answer

B
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/200606-aaa-authentication-login- default-local.html

Question#77

Refer to the exhibit.

An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend.
Which configuration resolves the issue?

A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30
C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30
D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor

Discover Answer

B

Question#78

What are two characteristics of IPv6 Source Guard? (Choose two.)

A. requires the user to configure a static binding
B. used in service provider deployments to protect DDoS attacks
C. requires that validate prefix be enabled
D. requires IPv6 snooping on Layer 2 access or trunk ports
E. recovers missing binding table entries

Discover Answer

AD

Question#79

DRAG DROP -
Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right.
Select and Place:

Discover Answer

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_011011.pdf

Question#80

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results.
Which set of configurations resolves this issue?

A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any
B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP

Discover Answer

A