300-410 VOL3 Question

1

• 300-410 Implementing Cisco Enterprise Advanced
  Routing and Services (ENARSI) VOL3
• QUESTION NO 1
• Which feature of the Cisco DNA Center allows you
  to run diagnostic CLI commands to the devices
  that are managed by DNA Center for
  troubleshooting purposes?
• Command Runner
• DNA Spaces
• DNA Advantage
• Intelligent Capture
• Answer A

• QUESTION NO 2
• You want to change the Administrative Distance of
  external EIGRP routes from the default of 170 to
  130 instead on router R1 while leaving the
  default AD value for internal EIGRP routes. Which
  set of command will accomplish this?
• R1(config)router eigrp R1(config-router)distanc
  e 170
• R1(config)router eigrp 1
• R1(config-router)distance eigrp 90 130
• R1(config)router eigrp 1
• R1(config-router)distance eigrp 130 90
• R1(config)router eigrp 1 R1(config-router)dista
  nce 90 130
• Answer B

• QUESTION NO 3
• Which of the following are valid TFTP error
  codes? (Choose two)
• Error Code 1 File not found
• Error Code 2 Unknown error
• Error code 3 Invalid user
• Error code 6 File already exists
• Error code 8 Undefined error
• Answer A, D

2
QUESTION NO 4

• Refer to the exhibit. For a DMVPN network on the
  hub router, OSPF routing protocol was setup by
  an administrator. Suggest a command from below
  options that will enable DMVPN to establish
  tunnel with multiple spokes?
• ip eigrp network on the hub router
• ip ospf network point-to-multipoint on both spoke
  routers
• ip eigrp network point-to-multipoint on the spoke
  router
• ip ospf network point-to-point on both spoke
  routers
• Answer B

3
QUESTION NO 5 What are the two prerequisites of
setting up DMVPN tunnel? (Choose two)
Before a multipoint GRE (mGRE) and IPsec tunnel
can be established, define an Internet Key
Exchange (IKE) policy by using the crypto isakmp
policy command. The Public IPs of the routers
should be able to ping each other.
A.
B. C.
To enable 2547oDMPVN - Traffic Segmentation
Within DMVPN multiprotocol label switching
(MPLS) by using the mpls ip command It is
mandatory to use wildcard preshared keys to build
the DMVPN tunnel DMVPN can work on all OEM
devices that support IKE.
configure
D. E.
Answer A, C
QUESTION NO 6
Refer to the exhibit. An administrator is setting
up above shown routers to enable MVPN with mGRE
mode. What would be the recommended interface
configuration that must be done by the engineer
to make it to work? A. interface
Tunnel0 description mGRE - DMVPN Tunnel ip
address 10.0.0.1 255.255.255.0 ip nhrp map
multicast dynamic
4

• ip nhrp network-id 1 tunnel source 10.0.0.1
• tunnel mode IPSec multipoint
• interface Tunnel0
• description mGRE - DMVPN Tunnel ip address
  10.0.0.1 255.255.255.0 ip nhrp map multicast
  dynamic
• ip nhrp network-id 1 tunnel source 10.0.0.1
• tunnel mode gre multipoint
• interface Tunnel0
• description mGRE - DMVPN Tunnel ip address
  10.0.0.1 255.255.255.0 ip nhrp network-id 1
• tunnel source 172.17.0.1 tunnel mode IPsec
  multipoint
• interface Tunnel0
• description mGRE - DMVPN Tunnel ip address
  10.0.0.1 255.255.255.0 ip nhrp map multicast
  dynamic
• ip nhrp network-id 1 tunnel source 10.0.0.1
• tunnel destination 172.17.0.2 tunnel mode IPsec
  multipoint
• Answer B

QUESTION NO 7 Select three benefits of setting
up a MPLS Network from the below options. (Choose
three)
A. B. C. D. E.
Connection less Service Security as good as
connection-oriented VPNs Provides IPS level
intelligence to filter packets. Integrated QoS
support All variations of Static routes are
supported
Answer A, B, D
QUESTION NO 8
5
Refer to the Exhibit. The access-lists are
configured on the network device. There is a
server behind the network device. User are
trying to access the server securely however they
are not able to access it. What changes would
you recommend to the above configuration?
A. B. C. D.
Permit tcp port 465 Permit tcp port 3389 Permit
tcp port 443 Permit tcp any any
Answer C

• QUESTION NO 9
• Which of the following is true regarding IPsec
  Pre-fragmentation (Look-Ahead Fragmentation)?
  (Select two)
• Operates in tunnel mode only
• Operates in transport mode only
• Is used to help in the overall IPsec throughput
  since the end host is able to avoid packet
  reassembly after packet decryption.
• Is not dependent on the MTU of the physical
  interface used for IPsec.
• Does not support Path MTU Discovery
• Answer A, C

• QUESTION NO 10
• Which of the following correctly describes the
  concept of split horizon with IP routing? (Choose
  two)
• Split horizon is a valid routing loop prevention
  mechanism
• Split horizon is used to filter customer routes
  in an ISP network.
• When enabled, split horizons informs the router
  to not advertise routes back out the same
  interface from where that route was originally
  received.
• Split horizons can not be disabled on WAN
  interfaces
• Split horizon is not applicable to EIGRP networks

6
Answer A, C
QUESTION NO 11 DRAG DROP Arrange the below as
per the recommended steps
Answer
QUESTION NO 12 A network administrator is
reloading a router and during the bootup, he is
getting the error message Error opening
tftp//255.255.255.255/network-confg (Socket
error). What command need to be applied on
Cisco Router to fix this issue.
A. B. C. D.
No service config Write erase reload Reload
noconfirm Copy run start
7
Answer A
QUESTION NO 13 DRAG DROP the steps for
configuring BGP on Cisco IOS Router
Answer
QUESTION NO 14 What is the term used when it
causes the packets to lose their MPLS labels
including the VPN information that lies in the
inner MPLS Label i.e. if a packet goes through an
untagged interface, the VPN information is lost
and VPN sites lose connectivity.
A. B. C. D.
Pseudowire Black Hole Traffic Engineering Active
Network Abstraction
8
Answer B
QUESTION NO 15 An administrator wants to
implement security on his companys router.
Please select three options that you will use on
your router to secure it. (Choose three).
A. B. C. D. E. F.
Control Access to the router Restrict all traffic
through the router Restrict SNMP Enable all
unused services Encrypt all passwords Disable
logging
Answer A, C, E
QUESTION NO 16 An administrator is setting up a
DMVPN tunnel between their offices and he is
getting below output when he is running the
command show crypto isakmp sa
What command will you run to identify the issue?
A. B. C. D.
Debug ip icmp Debug crypto isakmp Debug crypto
ipsec sa Debug ssh
Answer B
QUESTION NO 17 A company is looking to implement
VPN between their Head Quarter and over 100
Branch Offices. They are looking for a solution
that 1. Reduces deployment complexity
9

• Simplifies branch communications
• Offers branch to branch connectivity.
• Is cost effective
• Offers strong encryption
• Select the best option from the below options
  that you would recommend to implement.
• MPLS
• IPSEC
• DMVPN
• GRE
• Answer C

QUESTION NO 18 You have a DNA center deployed in
your environment. Which feature of the DNA center
will you use for system-guided as well as
self-guided troubleshooting.
1. 2. 3. 4.
Assurance Automation Zero Trust Discovery
Answer A
QUESTION NO 19 DRAG DROP You are logged in to
the DNA center Client Health Dashboard. Under the
client health, you see some color-coded fields
that reflects the health status of the client
devices. Drag the health scores on the left to
their respective colors in the right.
10
Answer

• QUESTION NO 20
• Out of the below options regarding DMVPN
  FLEXVPN, select the correct one.
• FlexVPN uses a new key management protocol
  IKEv2, while most traditional DMVPN networks use
  IKEv1
• FlexVPN uses a new key management protocol
  IKEv1, while most traditional DMVPN networks use
  IKEv2
• With FlexVPN theres multiple standard way of
  NHRP and routing protocols operations as
• opposed to 1 phase of DMVPN
• Flex VPN DMVPN both are supported only on
  Firewalls.
• Answer A