Cisco CCNP Enterprise 350-401 Questions & Answers

• Question 401:

  Which statement about Cisco Express Forwarding is true?

  A. It uses a fast cache that is maintained in a router data plane.

  B. It maintains two tables in the data plane: the FIB and adjacency table.

  C. It makes forwarding decisions by a process that is scheduled through the IOS scheduler.

  D. The CPU of a router becomes directly involved with packet-switching decisions.

  Correct Answer: B

  Cisco Express Forwarding (CEF) provides the ability to switch packets through a device in a very quick and efficient way while also keeping the load on the router's processor low. CEF is made up of two different main components: the Forwarding Information Base (FIB) and the Adjacency Table. These are automatically updated at the same time as the routing table. The Forwarding Information Base (FIB) contains destination reachability information as well as next hop information. This information is then used by the router to make forwarding decisions. The FIB allows for very efficient and easy lookups. Below is an example of the FIB table:

  

  The adjacency table is tasked with maintaining the layer 2 next-hop information for the FIB. An example of the adjacency table is shown below:

  

  It uses a fast cache that is maintained in a router data plane' fast cache is only used when fast switching is enabled while CEF is disabled.

• Question 402:

  Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?

  A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444

  B. permit tcp any any range 22 443 deny tcp any any eq 80

  C. permit tcp any any eq 80

  D. deny tcp any any eq 80 permit tcp any any range 22 443

  Correct Answer: D

• Question 403:

  Which statement about VXLAN is true?

  A. VXLAN uses TCP 35 the transport protocol over the physical data cento network.

  B. VXLAN extends the Layer 2 Segment ID field to 24-bits. which allows up to 4094 unique Layer 2 segments over the same network.

  C. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries.

  D. VXLAN uses the Spanning Tree Protocol for loop prevention.

  Correct Answer: C

  802.1Q VLAN identifier space is only 12 bits. The VXLAN identifier space is 24 bits. This doubling in size allows the VXLAN ID space to support 16 million Layer 2 segments -> Answer 'VXLAN extends the Layer 2 Segment ID field to 24-bits,

  which allows up to 4094 unique Layer 2 segments over the same network' is not correct.

  VXLAN is a MAC-in-UDP encapsulation method that is used in order to extend a Layer 2 or Layer 3 overlay network over a Layer 3 infrastructure that already exists.

  Reference:

  https://www.cisco.com/c/en/us/support/docs/lan-switching/vlan/212682- virtualextensible-lan-and-ethernet-virt.html

• Question 404:

  What is the correct EBGP path attribute list, ordered from most preferred to the least preferred, that the BGP best-path algorithm uses?

  A. weight. AS path, local preference. MED

  B. weight, local preference AS path, MED

  C. local preference weight AS path, MED

  D. local preference, weight MED, AS path

  Correct Answer: B

  Path Selection Attributes: Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID

• Question 405:

  Refer to the exhibit.

  

  SwitchC connects HR and Sales to the Core switch. However, business needs require that no traffic from the Finance VLAN traverse this switch.

  Which command meets this requirement?

  A. SwitchC(config)#vtp pruning vlan 110

  B. SwitchC(config)#vtp pruning

  C. SwitchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan add 210,310

  D. SwitchC(config)#interface port-channel 1 SwitchC(config-if)#switchport trunk allowed vlan remove 110

  Correct Answer: D

  From the "show vlan brief" we learn that Finance belongs to VLAN 110 and all VLANs (from 1 to 1005) are allowed to traverse the trunk (port-channel 1). Therefore we have to remove VLAN 110 from the allowed VLAN list with the "switchport trunk allowed vlan remove " command. The pruning feature cannot do this job as Finance VLAN is active.

• Question 406:

  Which QoS component alters a packet to change the way that traffic is treated in the network?

  A. Marking

  B. Classification

  C. Shaping

  D. Policing

  Correct Answer: A

  QoS Packet Marking refers to changing a field within a packet either at Layer 2 (802.1Q/p CoS, MPLS EXP) or Layer 3 (IP Precedence, DSCP and/or IP ECN). Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_mqc/ configuration/xe- 16/qosmqcxe-16-book/qos-mrkg.html

• Question 407:

  If a VRRP master router fails, which router is selected as the new master router?

  A. router with the highest priority

  B. router with the highest loopback address

  C. router with the lowest loopback address

  D. router with the lowest priority

  Correct Answer: A

  https://www.cisco.com/assets/sol/sb/Switches_Emulators_v2_3_5_xx/help/350_550/index.html#page/tesla_350_550_olh/ts_vrrp_18_09.html

  In the "Basic VRRP Topology" figure, if Router A, the virtual router master, fails, a selection process takes place to determine if virtual router backups B or C must take over. If Routers B and C are configured with the priorities of 101 and 100, respectively, Router B is elected to become virtual router master because it has the higher priority. If both have the same priority, the one with the higher IP address value is selected to become the virtual router master.

• Question 408:

  Which statement explains why Type 1 hypervisor is considered more efficient than Type 2 hypervisor?

  A. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS.

  B. Type 1 hypervisor enables other operating systems to run on it.

  C. Type 1 hypervisor relics on the existing OS of the host machine to access CPU, memory, storage, and network resources.

  D. Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques.

  Correct Answer: A

  There are two types of hypervisors: type 1 and type 2 hypervisor. In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V. In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the physical hardware directly. answer 'Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the underlying OS' big advantage of Type 2 hypervisors is that management console software is not required. Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual PC (only runs on Windows).

  

• Question 409:

  To increase total throughput and redundancy on the links between the wireless controller and switch, the customer enabled LAG on the wireless controller. Which EtherChannel mode must be configured on the switch to allow the WLC to connect?

  A. Auto

  B. Active

  C. On

  D. Passive

  Correct Answer: C

  Link aggregation (LAG) is a partial implementation of the 802.3ad port aggregation standard. It bundles all of the controller's distribution system ports into a single 802.3ad port channel. Restriction for Link aggregation:

  + LAG requires the EtherChannel to be configured for `mode on' on both the controller and the Catalyst switch. ... Reference: https://community.cisco.com/t5/wireless-mobility-documents/lag-link-aggregation/ta-p/3128669

• Question 410:

  On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?

  A. LISP

  B. IS-IS

  C. Cisco TrustSec

  D. VXLAN

  Correct Answer: D

  The tunneling technology used for the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN encapsulation is UDP based, meaning that it can be forwarded by any IP-based network (legacy or third party) and creates the overlay network for the SD-Access fabric. Although LISP is the control plane for the SD-Access fabric, it does not use LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not. Using VXLAN allows the SD-Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays) and the ability to operate over any IP-based network with built-in network segmentation (VRF instance/VN) and built-in group-based policy. Reference: CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide