300-410 Real Exam Dumps Questions and answers 31-40

Get Full Version of the Exam
http://www.EnsurePass.com/300-410.html

Question No.31

Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used?

  1. NHRP

  2. IPsec

  3. MP-BGP

  4. OSPF

Correct Answer: A

Question No.32

Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in DMVPN. Which two commands are missing? (Choose two.)

image

  1. The ip nhrp redirect command is missing on the spoke routers.

  2. The ip nhrp shortcut command is missing on the spoke routers.

  3. The ip nhrp redirect command is missing on the hub router.

  4. The ip nhrp shortcut command is missing on the hub router.

  5. The ip nhrp map command is missing on the hub router.

Correct Answer: BC

Question No.33

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

image

image

A.

B.

C.

D.

Correct Answer: A

Question No.34

Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?

image

  1. permit tcp port 443

  2. permit udp port 465

  3. permit tcp port 465

  4. permit tcp port 22

Correct Answer: A

Question No.35

Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS . Which action produces the desired configuration?

image

  1. Add the aaa authentication login default none command to the global configuration.

  2. Replace the capital 鈥淐鈥?with a lowercase 鈥渃鈥?in the aaa authentication login Console local command.

  3. Add the aaa authentication login default group tacacs local-case command to the global configuration.

  4. Add the login authentication Console command to the line configuration.

Correct Answer: D

Question No.36

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?

image

  1. no ip ssh disable

  2. ip ssh enable

  3. ip ssh version 2

  4. crypto key generate rsa

Correct Answer: D

Question No.37

Which statement about IPv6 ND inspection is true?

  1. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

  2. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.

  3. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

  4. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Correct Answer: B

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s- book/ip6-snooping.pdf

Question No.38

While troubleshooting connectivity issues to a router, these details are noticed:

image

image

Standard pings to all router interfaces, including loopbacks, are successful. Data traffic is unaffected.

image

SNMP connectivity is intermittent.

image

SSH is either slow or disconnects frequently.

Which command must be configured first to troubleshoot this issue?

  1. show policy-map control-plane

  2. show policy-map

  3. show interface | inc drop

  4. show ip route

Correct Answer: A

Question No.39

Refer to the exhibit. Why is user authentication being rejected?

image

  1. The TACACS server expects 鈥渦ser鈥? but the NT client sends 鈥渄omain/user鈥?

  2. The TACACS server refuses the user because the user is set up for CHAP.

  3. The TACACS server is down, and the user is in the local database.

  4. The TACACS server is down, and the user is not in the local database.

Correct Answer: D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access- control-system-tacacs-/13864-tacacs-pppdebug.html

Question No.40

Which statement about IPv6 RA Guard is true?

  1. It does not offer protection in environments where IPv6 traffic is tunneled.

  2. It cannot be configured on a switch port interface in the ingress direction.

  3. Packets that are dropped by IPv6 RA Guard cannot be spanned.

  4. It is not supported in hardware when TCAM is programmed.

Correct Answer: A

Explanation:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16- book/ip6-ra-guard.pdf

Get Full Version of 300-410 Dumps

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com