1. Home
  2. Cisco
  3. 300-410

Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Exam Details

  • Exam Code
    :300-410
  • Exam Name
    :Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
  • Certification
    :CCNP Enterprise
  • Vendor
    :Cisco
  • Total Questions
    :925 Q&As
  • Last Updated
    :Apr 17, 2025

Cisco CCNP Enterprise 300-410 Questions & Answers

  • Question 401:

    Refer to the exhibit.

    A network engineer is troubleshooting a failed link between R2 and R3. No traffic loss is reported from router R5 to HQ. Which command fixes the separated backbone?

    A. R3(config-router)#area 21 virtual-link 192.168.125.5

    B. R2(config-router)#area 21 virtual-link 192.168.125.5

    C. R3(config-router)#no area 21 stub

    D. R2(config-router)#no area 21 stub

  • Question 402:

    The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.

    The administrator has configured this on R1:

    aaa new-model ! radius server ISE1 address ipv4 192.168.1.5 key Cisco123 ! aaa group server tacacs+ RAD-SERV server name ISE1 ! aaa authentication login default group RAD-SERV

    The network administrator cannot authenticate to access R1 based on ISE. Which set of configurations fixes the issue?

    A. line vty 0 4 login authentication RAD-SERV

    B. aaa group server tacacs+ ISE1 server name RAD-SERV

    C. aaa group server radius RAD-SERV server name ISE1

    D. line vty 0 4 login authentication default

  • Question 403:

    A network engineer must configure a DMVPN network so that a spoke establishes a direct path to another spoke if the two must send traffic to each other. A spoke must send traffic directly to the hub if required. Which configuration meets this requirement?

    A. At the hub router: interface tunnel10 ip nhrp nhs dynamic multipoint ip nhrp nhs shortcut tunnel mode gre multicast On the spokes router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs redirect tunnel mode gre multicast

    B. At the hub router: interface tunnel10 ip nhrp map dynamic multipoint ip nhrp redirect tunnel mode gre multicast On the spokes router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp shortcut tunnel mode gre multicast

    C. At the hub router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs shortcut tunnel mode gre multipoint On the spokes router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs redirect tunnel mode gre multipoint

    D. At the hub router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp redirect tunnel mode gre multipoint On the spokes router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp shortcut tunnel mode gre multipoint

  • Question 404:

    What is a characteristic of IPv6 RA Guard?

    A. It filters rogue RA broadcasts from connected hosts.

    B. It is supported on the egress direction of the switch.

    C. RA messages are allowed from the host port to the switch.

    D. It is unable to protect tunneled traffic.

  • Question 405:

    Refer to lhe exhibit

    An engineer must filter EIGRP updates that are received to block all 10 10 10.0/24 prefixes

    The engineer tests the distribute list and finds one associated prefix. Which action resolves the issue?

    A. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 255.255.255.0.

    B. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 0.0.0.255.

    C. There is a permit in the route map that allows this prefix. A deny 20 statement is required with a match condition to match a new ACL that denies all prefixes.

    D. There is a permit in the route map that allows this prefix. A deny 20 statement is required with no match condition to block the prefix.

  • Question 406:

    How is a preshared key "Test" for all the remote VPN routers configured in a DMVPN using GRE over IPsec set up?

    A. authentication pre-share Test address 0.0.0.0 0.0.0.0

    B. set pre-share Test address 0.0.0.0 0.0.0.0

    C. crypto ipsec key Test address 0.0.0.0 0.0.0.0

    D. crypto isakmp key Test address 0.0.0.0 0.0.0.0

  • Question 407:

    Refer to the exhibit.

    A network administrator must block ping from user 3 to the App Server only. An inbound standard access list is applied to R1 interface G0/0 to block ping. The network administrator was notified that user 3 cannot even ping user 9 anymore. Where must the access list be applied in the outgoing direction to resolve the issue?

    A. R2 interface G1/0

    B. R2 interface G0/0

    C. SW1 interface G1/10

    D. SW1 interface G2/21

  • Question 408:

    Refer to the exhibit.

    The administrator is troubleshooting a BGP peering between PE1 and PE3 that is unable to establish

    Which action resolves the issue?

    A. P2 must have a route to PE3 to establish a BGP session to PE1

    B. Disable sending ICMP unreachables on P2 to allow PE1 to establish a session with PE3

    C. Ensure that the PE3 loopback address is used as a source for BGP peering to PE1

    D. Remove the traffic filtering rules on P2 blocking the BGP communication between PE1 and PE3

  • Question 409:

    An engineer must override the normal routing behavior of a router for Telnet traffic that is destined to 10.10.10.10 from 10.10.1.0/24 via a next hop of 10.4.4.4. which is directly connected to the router that is connected to the 10.1.1.0/24 subnet

    Which configuration reroutes traffic according to this requirement?

    A. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100

    set ip next-hop recursive 10.2.2.2

    B. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY deny 10 match ip address 100 set ip next-hop recursive 10.2.2.2 route-map POLICY permit 20

    C. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2 route-map POLICY permit 20

    D. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2

  • Question 410:

    Refer to the exhibit.

    An engineer configured route exchange between two different companies for a migration project EIGRP routes were learned in router C but no OSPF routes were learned in router A.

    Which configuration allows router A to receive OSPF routes?

    A. (config-router-af-topology)#no redistribute ospf 10 match external 1 external 2 metric 1000000 10 255 1 1500

    B. (config-router-af)#redistribute ospf 10 1000000 10 255 1 1500

    C. (config-router-af-topology)#redistribute connected

    D. (config-router-af-topology)#redistribute ospf 10 metric 1000000 10 255 1 1500

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-410 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.