350-601 VOL1 Question - PowerPoint PPT Presentation

About This Presentation
Title:

350-601 VOL1 Question

Description:

350-601 Implementing and Operating Cisco Data Center Core Technologies (DCCOR) VOL1 – PowerPoint PPT presentation

Number of Views:4
Slides: 8
Provided by: romanericc9
Tags:

less

Transcript and Presenter's Notes

Title: 350-601 VOL1 Question


1
  • 350-601 Implementing and Operating Cisco Data
    Center Core Technologies (DCCOR) VOL1
  • QUESTION NO 1
  • Which conditions must be fulfilled for
    implementing NX-API Client Certificate
    Authentication?
  • The NX-API client should be configured with a
    user name, password and certificate id.
  • The NX-API client must be configured with a user
    name and password.
  • The NX-API client and switch can or can not use
    the same trustpoint.
  • The maximum number of trustpoints supported is 21
    for each switch.
  • Answer B
  • QUESTION NO 2
  • As an administrator, you need to configure
    cryptographic algorithm in your environment.
    Select the algorithms that are supported.
    (Choose two)
  • HMAC-SHA1-20
  • HMAC-SHA-20
  • HMAC-SHA-256
  • HMAC-SHA1-MD5
  • Answer A, C
  • QUESTION NO 3
  • You have been assigned a task to configure
    Dynamic Arp Inspection on a switch in your data
    center. Select the correct answer from the below
    options regarding the default settings.
  • Interface trust state is set to trusted by
    default.
  • Dynamic Arp inspection is disabled by default.
  • Validation check are performed by default.
  • ARP acls are predefined for non-dhcp
    environments.
  • Answer B

QUESTION NO 4 Select the command from the below
options that you would run to verify the DHCP
binding.
2
  • show ip dhcp binding
  • show ip snooping binding
  • show ip binding dhcp
  • show ip dhcp snooping binding
  • Answer D
  • QUESTION NO 5
  • Why is micro-segmentation important in Data
    center environment?
  • It can block the external threats at the
    perimeter firewall.
  • It is a feature that enables the network to be
    controlled locally only. Hackers can hack it but
    cannot control it remotely.
  • It minimizes the segment size and provides lesser
    exposure for lateral movement.
  • It is not considered secure but it speeds up the
    communication between hosts.
  • Answer C

QUESTION NO 6 DRAG DROP the options in the left
to the correct option in the right that defines
the key functions to achieve micro-segmentation.
Answer
3
QUESTION NO 7 What are the various ways through
which ACI can manage the entire DC fabric both
on-prem and off-prem? Select all applicable
answers.
A. B. C. D. E.
Web UI Cisco Prime Access CLI Cisco SecureX API
Answer A, C, E
  • QUESTION NO 8
  • Security is the biggest concern for any
    datacenter. As a network administrator, what are
    the three critical needs in datacenter security?
    (choose three)
  • Speed
  • Segmentation
  • Threat protection
  • Connectivity
  • Accessebility
  • Visibility
  • Answer B, C, F

QUESTION NO 9
4
  • What are the various privilege type for each
    roles supported by APIC? (choose three)
  • No access
  • Read-only
  • Write-only
  • Read-write
  • All-access
  • Answer A, B, D
  • QUESTION NO 10
  • What is the command you will use along with MAC
    address filter to allow filtering for unicast
    addresses only?
  • Set ip filter
  • Set cam filter
  • Ip filter ltfilter_namegt
  • Cam filter ltfilter_namegt
  • Answer B

QUESTION NO 11 Two VMs are on the same ESXI host
and we want to implement the Intra-EPG Security
for them. DRAG DROP the option in the left to
the correct sequence in the black spaces in the
right.
Answer
5
  • QUESTION NO 12
  • When importing a Guest Shell rootfs, which
    requirement must be fulfilled?
  • We must configure to allow unsigned packages
    before enabling guestshell
  • "signing level signed" command used before
    enabling guestshell
  • By default Cisco support for unsigned packages
  • We can only run this command from within a Guest
    Shell only and running command outside a switch
    using NX-API is prohibited.
  • Answer A
  • QUESTION NO 13
  • By default, the Guestshell is a 64-bit execution
    space. If 32-bit support is needed, which package
    can be dnf installed by the Data center
    engineer/
  • mingw-glib2.x86
  • glib.i686
  • glibc.i686
  • glib.xi386
  • Answer B

QUESTION NO 14 Which of the statement is true
regarding bash shell and guest shell as hosting
environments for installing packages in Open
NX-OS? (Choose Two) A. Bash shell this is the
native Open NX-OS Linux environment. It is
disabled by default.
6
  • Bash shell To enable access, users must
    explicitly enable the bash shell feature by using
    certain 3rd party packesges on the switch.
  • Guest shell this is a secure Linux container
    environment running RedHat 7.5
  • Guest shell this is a secure Linux container
    environment running CentOS 7
  • Guest Shell It is disabled by default.
  • Answer A, D
  • QUESTION NO 15
  • As an administrator, you are assigned a task to
    configure keychain management in your
    datacenter. Select the right answer from the
    below options.
  • For IOS XR software release 7.1.2 and later, you
    must configure the session with a FIPS- approved
    cryptographic algorithm.
  • For IOS XR software release 7.1.2 and later, you
    can configure the session with a non FIPS-
    approved cryptographic algorithm.
  • If you do not configure the key lifetime, then it
    is considered to be valid for 1 year from the
    date of creation.
  • DES-SHA is the strongest cryptographic algorithm.
  • Answer A
  • QUESTION NO 16
  • Which automation tool based on declarative
    resource-based language that means a user
    describes a desired final state rather than
    describing a series of steps to execute.
  • Ansible
  • Puppet
  • Chef
  • NMCLI
  • Answer B
  • QUESTION NO 17
  • Which is the Cisco provided GUI tool to help us
    both Day Zero provision (POAP) as well as upgrade
    your Nexus switches?
  • Ansible
  • DNAC
  • IGNITE

7
D. Bash Scripts Answer C
  • QUESTION NO 18
  • As an administrator, you have been assigned a
    task to implement storage in your network. Please
    select the correct design consideration from the
    below options.
  • Port channels or trunking is possible to combine
    multiple storage uplink ports that provide
    physical link redundancy.
  • Northbound storage physical connectivity supports
    vPCs like LAN connectivity.
  • Connect storage though southbound Cisco storage
    device using Catalyst switches.
  • Software configurations including VSANs and
    zoning is not required for providing access to
    storage resources.
  • Answer A
  • QUESTION NO 19
  • If the switch is in a network that uses an HTTP
    proxy server, which environment variables must
    be set up within the Guest Shell? (Choose two)
  • http_proxy_server
  • http_proxy
  • https_proxy_server
  • https_proxy_ip
  • https_proxy
  • Answer B, E
  • QUESTION NO 20
  • An ISSU may be disruptive if you have configured
    features that are not supported on the new
    software image. To determine the ISSU
    compatibility, which command will you use?
  • Show compatibility system
  • Show incompatibility system
  • Show running-configuration
  • Show license matrix
  • Answer B
Write a Comment
User Comments (0)
About PowerShow.com