Cisco ENCOR Exam: Network Fundamentals

Questions and Answers

Which method should an engineer use to deal with a long-standing contention issue between any two VMs on the same host?

Live migrate the VM to another host

Adjust the resource reservation limits (correct)

Reset the VM

Reset the host

What action completes the configuration to achieve a dynamic continuous mapped NAT for all users?

Increase the NAT pool size to support 254 usable addresses

An engineer configures HSRP group 37. The configuration modifies the default virtual MAC address.

False

SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch. The command that meets this requirement is to ______.

correctly apply VLAN filtering

How are map-register messages sent in a LISP deployment?

Egress tunnel routers to map servers to determine the appropriate egress tunnel router

Match the following commands with their correct effects:

PC-1 must access the web server on port 8080 = permit host 192.168.0.5 eq 8080 host 172.16.0.2 Routing debug interfere with typing commands = Configure the logging synchronous global configuration command Routing configuration change with logging output interrupting command typing = Configure the logging synchronous command under the vty

What action resolves the issue of guest users being able to access other guest user devices on the customer guest WLAN?

Implement P2P blocking

What distinguishes Ansible from Chef?

Ansible uses Ruby to manage configurations.

In an SD-Access solution, what is the role of a fabric edge node?

to connect wired endpoint to the SD-Access fabric

What is a benefit of a virtual machine when compared with a physical server?

Multiple virtual servers can be deployed on the same physical server without having to buy additional hardware.

When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port?

logging host 10.2.3.4 vrf mgmt transport tcp port 6514

At which Layer does Cisco DNA Center support REST controls?

Northbound APIs

Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

MACsec

Which DHCP option helps lightweight APs find the IP address of a wireless LAN controller?

Option 43

Which AP mode allows an engineer to scan configured channels for rogue access points?

monitor

Cloud deployments have lower upfront costs than on-premises deployments.

True

What action must an engineer perform to implement a route map in BGP to support redistribution and permit all unmatched routes?

Include a permit statement as the last entry

Which HTTP status code is the correct response for a request with an incorrect password applied to a REST API session?

HTTP Status Code 401

What does the LAP send when multiple WLCs respond to the CISCO_CAPWAPCONTROLLER.localdomain hostname during the CAPWAP discovery and join process?

Unicast discovery request to the first WLC that resolves the domain name

Which GLBP load balancing method supports members of the group with different throughput capabilities?

Weighted

In a Cisco SD-WAN solution, what functions are performed by OMP? (Choose two)

Configuration of control and data policies

What is a benefit of Type 1 hypervisors?

Network engineers are able to create virtual networks to interconnect virtual machines in Layer 2 topologies.

What is the wireless received signal strength indicator?

The value of how strong a tireless signal is received, measured in dBm.

Which technology is used as the basis for the Cisco SD-Access data plane?

VXLAN

What is YANG used for?

Describing data models.

Which method does Cisco DNA Center use to allow management of non-Cisco devices through southbound protocols?

It creates device packs through the use of an SDK.

How many flow exporters are needed per network device in the flexible NetFlow configuration?

2

What are two considerations when using SSO as a network redundancy feature?

Requires synchronization between supervisors in order to guarantee continuous connectivity.

Which command is required to verify NETCONF capability reply messages?

show netconf schema | section rpc-reply

Refer to the exhibit. Which type of antenna does the radiation pattern represent?

Yagi

Which new enhancement was implemented in Wi-Fi 6?

Uplink and Downlink Orthogonal Frequency Division Multiple Access

Which Cisco DNA Center application is responsible for group-based access control permissions?

Policy

An engineer must enable a login authentication method that allows a user to log in by using local authentication if all other defined authentication methods fail. Which configuration should be applied?

aaa authentication login CONSOLE group tacacs+ local enable

Which Python code snippet prints the descriptions of disabled interfaces only?

D

When firewall capabilities are considered, which feature is found only in Cisco next-generation firewalls?

malware protection

What does a northbound API accomplish?

programmatic control of abstracted network resources through a centralized controller

How does CEF switching differ from process switching on Cisco devices?

CEF switching uses adjacency tables built by the CDP protocol, and process switching uses the routing table

When configuring WPA2 Enterprise on a WLAN, which additional security component configuration is required?

RADIUS server

What is the difference between TCAM and the MAC address table?

The MAC address table is contained in CAM ACL and QoS information is stored in TCAM.

Which exhibit displays a valid JSON file?

Option D

A server running Linux is providing support for virtual machines along with DNS and DHCP services for a small business. Which technology does this represent?

Type 2 hypervisor

How does Cisco Trustsec enable more flexible access controls for dynamic networking environments and data centers?

Classifies traffic based on the contextual identity of the endpoint rather than its IP address

A client device roams between wireless LAN controllers that are mobility peers. Both controllers have dynamic interfaces on the same client VLAN. Which type of roam is described?

Inter-controller

What is the responsibility of a secondary WLC?

It registers the LAPs if the primary controller fails

Which two characteristics define the Intent API provided by Cisco DNA Center?

Northbound API

Which DHCP option provides the CAPWAP APs with the address of the wireless controller(s)?

43

Refer to the exhibit. Which configuration change will force BR2 to reach 209.165.201.0/27 via BR1?

Set the MED to 1 on PE2 toward BR2 outbound

Which two methods are used to reduce the AP coverage area?

Increase minimum mandatory data rate

Which configuration achieves the goal of terminating all idle-exec sessions in 600 seconds?

line vty 0 15 exec-timeout 600

Which two threats does AMP4E have the ability to block?

Ransomware

What does the Cisco REST response indicate?

Cisco DNA Center has the incorrect credentials for CAT9000-1

An engineer configures NAT on R1. What does the output confirm?

The first packet triggered NAT to add an entry to the NAT table

An engineer is troubleshooting the AP join process using DNS. Which FQDN must be resolvable on the network for the access points to successfully register to the WLC?

cisco-capwap-controller.domain.com

Which change to the first line of the script resolves the error?

from ncclient import*

An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the active HSRP router.

Configure HSRP priority to ensure the router becomes the active router for group 300.

What is the function of a fabric border node in a Cisco SD-Access environment?

To connect the Cisco SD-Access fabric to another fabric or external Layer 3 networks

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. Which configuration allows the peering session to form between R1 and R2?

R2(config-router)#neighbor 10.120.10.1 peer-group CORP R2(config-router)#neighbor CORP password Cisco

Which two operational models enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients?

Monitor

What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared?

The packet arrives on router C fragmented.

What is one benefit of implementing a VSS architecture?

It provides multiple points of management for redundancy and improved support.

What does Call Admission Control require the client to send in order to reserve the bandwidth?

Traffic specification

Where is radio resource management performed in a Cisco SD-Access wireless solution?

Wireless controller

How does EIGRP differ from OSPF?

EIGRP supports equal or unequal path cost, and OSPF only supports equal path cost.

Which HTTP JSON response does the Python code output give?

7.0(3)I7(4)

The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue?

Configure switchport mode trunk on SW2

An engineer is troubleshooting a connectivity issue and executes a traceoute. What does the result confirm?

The probe timed out

Which device makes the decision for a wireless client to roam?

Wireless client

How is MSDP used to interconnect multiple PIM-SM domains?

MSDP depends on BGP or multiprotocol BGP for interdomain operation

A network engineer must configure a password expiry mechanism on the gateway router for all local passwords to expire after 60 days. What is required to complete this task?

Add the username admin privilege 15 common-criteria*policy Administrators password 0 Cisco13579!command.

Which action is the vSmart controller responsible for in an SD-WAN deployment?

Distribute policies that govern data forwarding performed within the SD-WAN fabric

If the noise floor is -90 dBm and a wireless client is receiving a signal of -75 dBm, what is the SNR?

15

An engineer must create a script that appends the output of the show process cpu sorted command to a file. Which action accomplishes this?

CLI command "show process cpu sorted | append flash:high-cpu-file"

Which two mechanisms are available to secure NTP?

Encrypted authentication

What is the difference between CEF and process switching?

CEF uses the FIB and the adjacency table to make forwarding decisions, whereas process switching punts each packet.

Which AP mode allows an engineer to scan configured channels for rogue access points?

Monitor

What is a characteristic of MACsec?

802.1AE provides encryption and authentication services

An engineer has noticed that the OSPF domain is receiving only the 172.17.1.0/24 route and the default route 0.0.0.0/0 is still missing. Which configuration must the engineer apply to resolve the problem?

Option D

A network engineer must configure a router to send logging messages to a syslog server. Which configuration must be used?

logging host 10.10.10.1 transport tcp port 1024

After configuring NETCONF, an engineer gets output from 'show line' but not from 'show running-config'. Which command completes the configuration?

Option C

Which WLAN Layer 3 setting must be configured to provide users with a splash page for authentication?

Web Policy

Which antenna type should be used for a site-to-site wireless connection?

Yagi

An engineer is troubleshooting an application running on Apple phones receiving incorrect QoS markings. What change on the WLC optimizes QoS for these devices?

Change the QoS level to Platinum

What is the function of the LISP map resolver?

To decapsulate map-request messages from ITRs and forward the messages to the MS

A network administrator applies the following configuration to an IOS device. What is the process of password checks when a login attempt is made to the device?

All of the above checks are performed sequentially for each login attempt.

What is the purpose of the LISP routing and addressing architecture?

It creates two entries for each network node, one for its identity and another for its location on the network.

How does Cisco Trustsec enable more access controls for dynamic networking environments and data centers?

Classifies traffic based on the contextual identity of the endpoint rather than its IP address

A network engineer configures a GRE tunnel and enters the 'show interface tunnel' command. What does the output confirm about the configuration?

The tunnel mode is set to the default.

When 'HTTP/1.1 204 content' is returned after issuing the 'curl -X DELETE' command, what does this signify?

The command succeeded in deleting the object.

A company plans to implement intent-based networking in its campus infrastructure. Which design facilitates a migration from a traditional campus design to a programmable fabric design?

Two-tier

When a wireless client roams between two different wireless controllers, causing network connectivity outage, which configuration issue would likely cause this problem?

Not all of the controllers within the mobility group are using the same virtual interface IP address.

The IP SLA is configured in a router. An engineer wants to configure an EEM applet to manage the interface based on the IP SLA operation. Which configuration should the engineer use?

event track 10 state down

Which of the following JSON syntaxes is valid?

Option C

An engineer needs to deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces must be allowed at all times. Which command accomplishes this task?

Option A

Study Notes

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

• The exam consists of 35 questions and lasts 120 minutes.
• The exam code is 350-401.

Type 1 Hypervisors

• Benefit: allows creation of virtual networks to interconnect virtual machines in Layer 2 topologies.

Wireless Received Signal Strength Indicator (RSSI)

• Measures how well a device can hear a signal from an access point or router.
• Measured in decibels (dBm) from 0 to -120.
• Closer to 0, the stronger the signal is, which is better for wireless connections.

Cisco SD-Access Data Plane

• Uses Virtual Network Identifier (VNI) to identify a specific virtual network.
• Based on VXLAN technology.

YANG (Yet Another Next Generation) Data Model

• Used to describe data models.

Cisco DNA Center

• Allows management of non-Cisco devices through the use of a Software Development Kit (SDK) that creates Device Packages for third-party devices.
• Application responsible for group-based access control permissions is Policy.

Flexible NetFlow

• Two flow exporters are needed per network device in the flexible NetFlow configuration.

SSO (Stateful Switchover) and NSF (Nonstop Forwarding)

• Ensure redundancy and uninterrupted Layer 3 traffic.
• Must be combined with NSF to support uninterrupted Layer 2 and Layer 3 operations.

HSRP (Hot Standby Router Protocol)

• Ensures that traffic is not disrupted in the event of a hardware failure.
• Uses a virtual MAC address.

Control Plane Policing

• Implemented for SSH and Telnet using specific configuration sets.

QoS (Quality of Service)

• Classification, marking, and policing of traffic are components of QoS.

EEM (Embedded Event Manager)

• Enables OSPF debugging in the event of an OSPF neighborship going down.

Syslog

• Used to send logging messages to a syslog server.
• Requires a specific configuration using a reliable protocol and a specific IP address.

NETCONF

• Used to configure a router.
• Requires a specific configuration to complete the configuration.

Wireless Network Configuration

• A specific configuration is required to provide a splash page for authentication.

EtherChannel

• A channel-misconfig error can be resolved by configuring the same protocol on the EtherChannel on both switches.

LISP (Locator/ID Separation Protocol)

• Map resolver (MR) receives MAP requests, de-encapsulates them, and forwards them to the Mapping Server (MS).
• Used to separate location and identity of network nodes.

Cisco Trustsec

• Enables more access controls for dynamic networking environments and data centers.
• Classifies traffic based on the contextual identity of the endpoint rather than its IP address.

GRE Tunnel

• The output of the show interface tunnel command confirms the configuration of the GRE tunnel.

HTTP/1.1 204 Content

• Returned when the curl -I -X delete command is issued, indicating that the object was successfully deleted.

Intent-Based Networking

• A company can migrate from a traditional campus design to a programmer fabric designer using Cisco DNA Center.### Wireless Networking
• When a wireless client roams between two different wireless controllers, a network connectivity outage is experienced for a period of time. This is caused by a configuration issue where not all controllers in the mobility group are using the same virtual interface IP address.

IP SLA and EEM Applet

• IP SLA can be configured to ping an IP address every 3 seconds to ensure the connection is still up.
• An EEM applet can be configured to shut down an interface and bring it back up when there is a problem with the IP SLA.

JSON Syntax

• A valid JSON syntax example: {'switch': {'name': 'dist1', 'interfaces': ['gig1', 'gig2', 'gig3']}}

Access Control

• To deny Telnet traffic from the loopback interface of one router to the loopback interface of another router, a time-range and access-list can be configured.

TCAM and CAM

• TCAM (Ternary Content Addressable Memory) is used for faster address lookups, enabling fast routing in routers.
• CAM (Content Addressable Memory) is used for building and looking up the MAC address table, enabling L2 forwarding decisions in switches.

Virtualization

• A Type 2 hypervisor runs on top of an operating system and not on the physical hardware directly.
• Examples of Type 2 hypervisors include VMware Workstation and Microsoft Virtual PC.

Cisco Trustsec

• Cisco Trustsec enables more flexible access controls for dynamic networking environments and data centers by classifying traffic based on the contextual identity of the endpoint rather than its IP address.

Mobility

• When a client device roams between wireless LAN controllers that are mobility peers, both controllers have a dynamic interface on the same client VLAN, which is an example of inter-controller roam.

Secondary WLC

• The responsibility of a secondary WLC is to register the LAPs if the primary controller fails.

Intent API

• The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform.
• It provides policy-based abstraction of business intent, allowing focus on an outcome rather than struggling with individual mechanisms steps.

DHCP Option

• DHCP option 43 provides the CAPWAP APs with the address of the wireless controller(s).
• DHCP option 150 provides the CAPWAP APs with the address of the wireless controller(s).

MED Attribute

• The MED (Multi-Exit Discriminator) attribute is used to influence the route selection process in BGP.
• It is a non-transitive attribute that is sent through ASes to external BGP neighbors.
• A lower MED value is preferred.

AP Coverage Area

• To reduce the AP coverage area, the AP transmit power can be reduced or the minimum mandatory data rate can be increased.

Security Policy

• To terminate all idle-exec sessions in 600 seconds, the absolute-timeout command can be used in the line vty configuration.

AMP4E

• AMP4E (Advanced Malware Protection for Endpoints) has the ability to block ransomware and Microsoft Word macro attacks.

Cisco DNA Center

• The Intent API is a Northbound REST API that exposes specific capabilities of the Cisco DNA Center platform.
• Cisco DNA Center is a solution that provides a single, unified way to manage network devices.

SPAN and RSPAN

• SPAN (Switched Port Analyzer) is a feature that allows monitoring of traffic on a specific VLAN or port.
• RSPAN (Remote SPAN) is a feature that allows monitoring of traffic on a remote VLAN or port.

NAT and PAT

• NAT (Network Address Translation) is a technique that allows multiple devices to share a single public IP address.
• PAT (Port Address Translation) is a technique that allows multiple devices to share a single public IP address and port.

DNS and DHCP

• DNS (Domain Name System) is a system that translates hostnames to IP addresses.
• DHCP (Dynamic Host Configuration Protocol) is a protocol that assigns IP addresses to devices on a network.

Access Point Join Process

• The AP join process can be configured using DNS.
• The AP can obtain the IP address of the WLC using DNS.

Ansible and Chef

• Ansible and Chef are both automation tools used for configuration management.
• Ansible uses YAML to manage configurations and pushes the configuration to the client.
• Chef uses Ruby to manage configurations and the client pulls the configuration from the server.

SD-Access Solution

• In an SD-Access solution, the fabric edge node connects wired endpoints to the SD-Access fabric.

Virtual Machine

• A virtual machine can run multiple virtual servers on the same physical server without having to buy additional hardware.

TLS for Syslog

• TLS (Transport Layer Security) can be used to securely transport syslog messages.
• The default port for syslog over TLS is 6514.

Cisco DNA Center

• Cisco DNA Center supports REST controls at the Northbound API layer.
• YAML output from responses to API calls can be used to configure devices.Here are the study notes:

TTL Exceeded Message

• When the TTL (Time To Live) of a packet expires, the router discards the packet and sends an ICMP Time Exceeded message.
• Routers check the TTL first before processing a packet further.
• If the TTL is zero, the router discards the packet and sends an ICMP Time Exceeded message.

MACsec Technology

• MACsec (IEEE 802.1AE) provides MAC-layer encryption over wired networks.
• It uses out-of-band methods for encryption keying.
• The MACsec Key Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys.

VXLAN Environment

• In a VXLAN environment, the VNID (VXLAN Network Identifier) is used to identify Layer 2 segments.
• The VNID is a 24-bit field that is used to maintain Layer 2 isolation between segments.

OSPF Neighborship

• For an OSPF neighborship to form, the correct network command must be applied to the router.
• The network command specifies the network address and area ID.

RESTCONF Operations

• RESTCONF is a protocol for managing network devices.
• Valid RESTCONF operations include OPTIONS, HEAD, GET, POST, PATCH, and DELETE.

Fabric Border Node

• In a Cisco SD-Access environment, a fabric border node connects the SD-Access fabric to another fabric or external Layer 3 networks.
• It is responsible for routed access and provides connectivity to external networks.

EIGRP vs OSPF

• EIGRP and OSPF are both routing protocols, but they have different characteristics.
• EIGRP supports equal or unequal path cost, while OSPF only supports equal path cost.

SD-WAN Deployment

• In an SD-WAN deployment, the vSmart controller is responsible for distributing policies that govern data forwarding.
• The vSmart controller is a critical component of the SD-WAN architecture.

NTP Security

• Two mechanisms are available to secure NTP: IP access list-based and encrypted authentication.
• NTP security is critical to prevent NTP attacks.

CEF and Process Switching

• CEF (Cisco Express Forwarding) and process switching are two different packet forwarding mechanisms.
• CEF uses the FIB (Forwarding Information Base) and adjacency table to make forwarding decisions, whereas process switching punts each packet to the CPU for processing.

Description

Test your knowledge of Cisco Enterprise Network Core Technologies (ENCOR) with this quiz. Covers network fundamentals, including Type 1 Hypervisors and Wireless Received Signal Strength Indicator (RSSI).