300-410 | ExamData

Question#81

Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected.
Which command set is used to troubleshoot and resolve this issue?

A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec
B. line con 0 aaa authorization console ! line vty 0 4 authorization exec
C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh
D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh

Discover Answer

D
Reference:
https://flylib.com/books/en/1.233.1.74/1/

Question#82

Refer to the exhibit. An engineer is troubleshooting a TACACS problem.
Which action resolves the issue?

A. Configure a matching TACACS server IP.
B. Configure a matching preshared key.
C. Generate authentication from a relative source interface.
D. Apply a configured AAA profile to the VTY.

Discover Answer

B
Reference:
https://community.cisco.com/t5/network-access-control/issues-with-tacacs-authentication/td-p/3412001

Question#83

The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any
!
class-map CM-ADMIN
match access-group 100
!
policy-map PM-COPP
class CM-ADMIN
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
CoPP failed to capture the desired traffic and the CPU load is getting higher.
Which two configurations resolve the issue? (Choose two.)

A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP
B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP
C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80
D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443
E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit

Discover Answer

A

Question#84

Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured.
Which command resolves this issue?

A. access-class INTERNET in
B. ip access-group INTERNET in
C. ipv6 traffic-filter INTERNET in
D. ipv6 access-class INTERNET in

Discover Answer

D

Question#85

Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success.
Which configuration resolves the issue?

A. tacacs server prod address ipv4 10.221.10.10 exit
B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1
C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1
D. tacacs server prod address ipv4 10.221.10.11 exit

Discover Answer

C

Question#86

An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two.)

A. Copy the file to the destination router with the copy tftp: flash: command
B. Enable the TFTP server on the source router with the tftp-server flash: <filename> command
C. TFTP is not supported in recent IOS versions, so an alternative method must be used
D. Configure a user on the source router with the username tftp password tftp command
E. Configure the TFTP authentication on the source router with the tftp-server authentication local command

Discover Answer

AB

Question#87

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day.
Which action fixes the issue within the current resources?

A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool
B. Configure the DHCP lease time to a smaller value
C. Configure the DHCP lease time to a bigger value
D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool

Discover Answer

B

Question#88

Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP
SLA tracking output on the router console.
Which command is missing from the IP SLA configuration?

A. Start-time 00:00
B. Start-time 0
C. Start-time immediately
D. Start-time now

Discover Answer

D
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_icmp_echo.html

Question#89

Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock.
What is the reason for this error?

A. An authentication error with the NTP server results in an incorrect timestamp.
B. The keyword localtime is not defined on the timestamp service command.
C. The NTP server is in a different time zone.
D. The system clock is set incorrectly to summer-time hours.

Discover Answer

A

Question#90

DRAG DROP -
Drag and drop the DHCP messages from the left onto the correct uses on the right.
Select and Place:

Discover Answer

Reference:
https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html