Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Exam Details
Exam Code
:300-410
Exam Name
:Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Certification
:CCNP Enterprise
Vendor
:Cisco
Total Questions
:925 Q&As
Last Updated
:Mar 31, 2025
Cisco CCNP Enterprise 300-410 Questions & Answers
Question 91:
What would be a use case for the HSRP configuration below?
A. used to switch the active role to the other router in the HSRP group during a maintenance window
B. used to prevent this router from ever relinquishing the active role
C. used to prevent this router from ever performing the active role
D. used to allow preemption over multiple peers
Correct Answer: A
By tracking the loopback interface and decrementing the priority if it goes down, technicians would have a method of moving the active role to the other router by disabling the loopback interface. This method is less disruptive than disabling
any of the physical interfaces. Although no decrement value has been specified, a default decrement of 10 will occur.
This configuration would not be used to prevent this router from ever relinquishing the active role. That would defeat the purpose of Hot Standby Routing Protocol (HSRP), which is to provide failover by relinquishing the active role to the other
router.
This configuration would not be used to prevent this router from ever performing the active role. That would defeat the purpose of HSRP which is to provide failover by this router taking the active role when there is an issue with the other
router.
This configuration would not be used to allow preemption over multiple peers. When more than two routers are in an HSRP group, the active router is allowed preemption over multiple peers by default.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify tracking objects
References:
Home > Support > Technology support > IP > IP application services > Troubleshoot and alerts > Troubleshooting Technotes > How to use the standby preempt and standby track commands
Question 92:
You asked your assistant to implement port address translation on the edge router of your network, which uses the S0 interface to connect to the ISP. When she is finished, you review the configuration by executing the show run command and receive the following results related to the configuration: Which of the following statements are true of the configuration?
A. the wrong interfaces are configured as inside and outside
B. the command establishing the pool of public IP addresses is incorrect
C. the ip nat inside source list command references a non-existent access list
D. the ip nat inside source list command references a non-existent NAT pool
Correct Answer: A
The wrong interfaces are configured as inside and outside. The Serial 0 interface which leads to the ISP should be set as outside, and the E0 interface should be the inside address. As it is set now, these settings are reversed.
The command establishing the pool of public IP addresses is correct. It establishes a pool of one public IP address, which is what you would do if you were configuring PAT. PAT uses a single public IP address for all translations.
The ip nat inside source list command references a correct access list number 7 and a correct NAT pool name of ourpool. The access list is used to determine computers that are allowed to have their traffic translated.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify IPv4 Network Address Translation (NAT)
References:
Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 > Configuring NAT > Configuring Dynamic NAT and PAT
Question 93:
Your assistant is interested in gathering statistics about connection-oriented operations. Which of the following should be done to enhance the accuracy of the information gathered?
A. configure an IP SLA responder on the destination device
B. configure an IP SLA responder on the source device
C. schedule the operation on the destination device
D. add the verify-data command to the configuration of the operation
Correct Answer: A
Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination device. It is important to note that only Cisco devices support the configuration as a responder.
You do not configure an IP SLA responder on the source device. You schedule the operation on the source device and the destination device is the one that is configured as a responder. You do not schedule the operation on the destination
device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.
Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the information gathered. When data verification is enabled, each operation response is checked for corruption. Use the verify-data
command with caution during normal operations because it generates unnecessary overhead.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify IP SLA
References:
IP SLAs Configuration Guide, Cisco IOS Release 15M > Configuring IP SLAs TCP Connect Operations
Question 94:
Which of the following commands configures an SNMP host to authenticate a user by username and send clear text notifications, the receipt of which will be acknowledged by the receiver?
A. Router(config)# snmp-server host 192.168.5.5 informs version 3 noauth CISCO
B. Router(config)# snmp-server host 192.168.5.5 traps version 3 auth CISCO
C. Router(config)# snmp-server host 192.168.5.5 informs version 2c CISCO
D. Router(config)# snmp-server host 192.168.5.5 informs version 3 authpriv CISCO
Correct Answer: A
The command snmp-server host 192.168.5.5 informs version 3 noauth CISCO will configure the host to authenticate a user by username and send clear text notifications. The receiver will then acknowledge receipt of the notification. The
keyword informs indicates that an inform message type will be used. Unlike a trap, an inform message is acknowledged by the receiver.
The version 3 keyword indicates that version 3 is in use, which is the ONLY version that supports authentication and encryption. Finally, the noauth keyword specifies authentication by username only and no encryption.
The command snmp-server host 192.168.5.5 traps version 3 auth CISCO configures the host to send traps rather than informs.
The command snmp-server host 192.168.5.5 informs version 2c CISCO specifies version 2c, which only support community string-based authentication.
The command snmp-server host 192.168.5.5 informs version 3 authpriv CISCO specifies the keyword authpriv, which indicates encryption will be used and authentication based on HMAC-MD5 or HMAC-SHA algorithms.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify SNMP
References:
Configuring SNMP Support > Understanding SNMP > SNMP Versions Cisco IOS Network Management Command Reference > snmp-server engineID local through snmp trap link- status > snmp-server host
Question 95:
Recently you had a serious problem with a router and contacted TAC. They told you a core dump of the system would have been helpful in diagnosing the issue. You would like to configure the router to make a full copy of the memory image the next time the router experiences the type of issue that can generate a core dump.
Which of the following is NOT a supported method of setting up a core dump?
A. TFTP
B. rcp
C. Flash disk
D. HTTP
Correct Answer: D
A core dump cannot be sent to a location using HTTP. The four supported methods for dumping a copy of the router's memory image are: TFTP FTP rcp Flash disk
To use File Transfer Protocol (FTP) to configure a core dump, execute the following commands:
ip ftp usename username ip ftp password password exception protocol ftp exception dump a.b.c.d To use Trivial File Transfer Protocol (TFTP) to configure a core dump, execute the following commands: exception dump a.b.c.d To use remote copy protocol (rcp) to configure a core dump, execute the following commands: exception protocol rcp exception dump a.b.c.d Finally, to send a core dump to a Flash drive, execute the following commands: exception crashinfo file flash:filename Objective:
Infrastructure Services
Sub-Objective:
Configure and verify device management
References: Home > Support > Creating Core Dumps Cisco > Cisco IOS Basic System Management Command Reference > A through M Commands > exception dump Cisco > Cisco IOS Basic System Management Command Reference > exception protocol Cisco > Cisco IOS Basic System Management Command Reference > exception crashinfo file
Question 96:
You have implemented SNMP v3 in your network. You find after making the configuration changes that technicians in the RESTRICTED group cannot access the MIB. You execute the show run command and receive the following output that relates to SNMP:
What is preventing the RESTRICTED group from viewing the MIB?
A. the presence of the keyword priv in the command creating the RESTRICTED group
B. a mismatch between the authentication mechanism and the encryption type in the command creating the RESTRICTED user
C. the absence of an access list defining the stations that can used by the RESTRICTED group
D. the presence of the keyword auth in the command creating the RESTRICTED user
Correct Answer: C
At the end of the command creating the RESTRICTED group is the parameter access 99. This indicates that an access list number 99 is being used to specify the allowed IP addresses of the stations that can be used to connect to the MIB
for the group. Since the access list is missing from the configuration, no IP addresses will be allowed, and no connections can be made by the group.
The presence of the keyword priv in the command creating the RESTRICTED group is not causing the issue. This keyword indicates that encryption (privacy) and authentication should both be used on all transmissions by the group.
In SMNPv3, there are three combinations of security that can be used:
noAuthNoPriv- no authentication and no encryption noauth keyword in the configuration AuthNoPriv - messages are authenticated but not encrypted auth keyword in the configuration AuthPriv - messages are authenticated and encrypted priv
keyword in the configuration There is no mismatch between the authentication mechanism and the encryption type in the command creating the RESTRICTED user.
In the preceding command, the section auth sha CISCO specified that messages are authenticated using SHA with a key of CISCO. It does not need to the match the section priv des56 CISCO, which indicates that encryption (priv) will be
provided using DES56 with a key of CISCO.
The presence of the keyword auth in the command creating the RESTRICTED user is not causing the issue. This line indicates that that messages are authenticated using SHA with a key of CISCO.
Which of the following translation scenarios is NOT supported by stateless NAT64?
A. translation from IPv6 Internet to an IPv4 network
B. translation from IPv4 Internet to an IPv6 network
C. translation from IPv6 network to an IPv4 network
D. translation from IPv4 network to an IPv6 network
Correct Answer: A
Translation from IPv6 Internet addresses to an IPv4 network is not supported by the stateless version of NAT64. There are two versions of NAT 64: stateful and stateless. Stateful NAT64 creates or modifies bindings or session state while
performing translation, while stateless NAT64 does not create or modify bindings or session state while performing translation/ Translation from IPv4 Internet to an IPv6 network is supported by both NAT64 methods, although the stateful
version requires static 6 to 4 mappings.
Translation from an IPv6 network to an IPv4 network is supported by both methods, stateful and stateless.
Translation from an IPv4 network to an IPv6 network is supported by both methods, although the stateful version requires static 6-to-4 mappings.
Objective:
Infrastructure Services
Sub-Objective:
Describe IPv6 NAT
References:
Home > Products and services > Cisco IOS and NX-OS software > Cisco IOS Technologies > Enterprise IPv6 solution > Data sheets and literature > NAT64 Technology: Connecting IPv6 and IPv4 Networks
Question 98:
Examine the following partial output of the show run command.
Which of the following statements is true?
A. NTP broadcasts will be sent on E0
B. NTP broadcasts will be received on E0
C. NTP broadcasts will be received on E1
D. NTP broadcasts will be sent on E2
Correct Answer: B
NTP broadcasts will be received on E0. This information is indicated by the presence of the command ntp broadcast client under that interface:
interface Ethernet0
ip address 10.10.88.50 255.255.255.254
ntp broadcast client
!
The ntp broadcast client command configures a device to listen to NTP broadcast messages.at that interface.
NTP broadcasts will be received, not sent, on E0.
NTP broadcasts will be sent, not received, on E1, because the ntp broadcast command was applied to the Ethernet1 interface:
interface Ethernet1
ip address 10.86.194.176 255.255.254.0
ntp broadcast
The required command to receive broadcasts, ntp broadcast client, is present under the E0 interface, not the E1 interface.
NTP broadcasts will not be sent on E2. There are no ntp commands under that interface.
The following configuration is present on a router R1:
Which part of the configuration provides many-to-one access for all devices on the defined segments to share a single IP address upon exiting the external interface?
The command ip nat inside source list 7 serial0 overload specifies the following:
The translation should occur in the interface specified as inside. It should only be done for inside IP addresses that are specified in access list number 7. The IP address that inside addresses should be translated to belongs to the Serial0
interface. The translated IP address should be shared by all, as indicated by the overload keyword.
The command ip nat inside identifies the inside interface. In this case, it indicates the one on which translation will take place.
The command ip nat outside identifies the outside interface, which can be configured for translation. However, it has not been configured for translation in this scenario.
The commands below define the inside IP addresses that are allowed to be translated:
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify IPv4 Network Address Translation (NAT)
References:
Home > Support >Troubleshooting Technotes > Configuring Network Address Translation: Getting Started Cisco > Cisco IOS IP Application Services Command Reference > ip nat inside source
Question 100:
You have configured DHCP on a router and configured it to assign IP addresses in the range of 192.168.1.10 through 192.168.1.150. You just discovered that one of your print servers is using the address 192.168.1.100 and you cannot change it.
What command can you use on the router to solve this problem?
A. Router(config)# ip dhcp excluded-address
B. Router(config)# access-list
C. Router(dhcp-config)# ip dhcp excluded-address
D. Router(config)# dhcp exclude-address
E. Router(config)# service dhcp excluded-address
Correct Answer: A
The ip dhcp excluded-address command will allow you to specify an address or group of addresses in a pool that the DHCP server will not assign. This is typically used when a host has a permanent address assigned that would conflict with
addresses that the DHCP server would hand out. The proper syntax for this command is as follows:
Router(config)# ip dhcp excluded-address low-address [high-address]
The other options use improper syntax or are executed at an incorrect prompt. The ip dhcp excluded-address command should be executed at global configuration mode.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify IPv4 and IPv6 DHCP
References:
Cisco > Cisco IOS IP Addressing Services Command Reference > ip dhcp excluded-address
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-410 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
