350-601 VOL3 Question

1

• 350-601 Implementing and Operating Cisco Data
  Center Core Technologies (DCCOR) VOL3
• QUESTION NO 1
• Which multicasting method uses to advertise group
  memberships through a routing domain by
  constructing multicast distribution trees?
• Multicast Listener Discovery
• Protocol Independent Multicast
• Source-Specific Multicast
• Any-Source Multicast
• Answer D Explanation
• PIM is used between multicast-capable routers and
  advertises group membership across a routing
  domain by constructing multicast distribution
  trees. PIM builds shared distribution trees on
  which packets from multiple sources are forwarded
  and source distribution trees on which packets
  from a single source are forwarded.

• QUESTION NO 2
• Which Layer 2/Layer 3 protocols increase their
  hello timers to maintain adjacency during the In-
  Service Software Upgrade (ISSU) process? (Choose
  two).
• Enhanced Interior Gateway Routing Protocol
  (EIGRP)
• Border Gateway Protocol (BGP)
• Intermediate System-to-Intermediate System
  (IS-IS)
• Unidirectional Link Detection (ULD)
• Bidirectional Forwarding Detection (BFD)
• Answer D, E Explanation
• When you perform an ISSU process, some Layer 2
  and 3 protocols will extend their values to
  accommodate the upgrade. For example,
  Unidirectional Link Detection (UDLD) and
  Bidirectional Forwarding Detection (BFD) will
  increase their hello timers to maintain adjacency
  during the ISSU process.

QUESTION NO 3 In which of the following
scenarios Turn on Locator LED action is
unavailable during the renumbering of the Cisco
UCS Chassis using Cisco UCS Manager?
2

• When the LED on the chassis starts flashing
• When the Locator LED is turned on already
• When the Locator LED has turned, Amber
• When the Locator LED stops flashing
• Answer B
• Reference https//www.cisco.com/c/en/us/td/docs/u
  nified_computing/ucs/ucs-manager/GUI-
  User-Guides/Infrastructure-Mgmt/3-
  2/b_UCSM_GUI_Infrastructure_Management_Guide_3_2/b
  _UCSM_GUI_Infrastructure_Manag
  ement_Guide_3_2_chapter_0100.htmltask_7CE3D4DF1CE
  F42A2A7BE144FEDF8DAB5

• QUESTION NO 4
• Which configuration files can be imported during
  the backup operation procedure in Cisco UCS
  Manager? (Choose two).
• Full-state backup file
• System backup file
• System configuration
• Logical configuration
• FSM configuration
• Answer C, D Explanation
• Enable the Import Operation
• You cannot import a full-state backup file. You
  can import any of the following configuration
  files
• All Configuration
• System Configuration
• Logical Configuration

• QUESTION NO 5
• What best practices to consider when managing
  images to upgrade endpoints in a Cisco UCS
  domain? (Choose two).
• Images are kept in /bootflash partition in the
  Fabric Interconnect
• If the /bootflash partition exceeds 70 and 90
  capacity, faults are raised
• If the /bootflash partition exceeds 97 capacity,
  faults are raised
• Image packages do not have versions
• Image packages have bifurcated versions

3

• F. Cisco publishes image packages only
• Answer B, D Explanation
• The upgrade order for the endpoints in a Cisco
  UCS domain depends on the upgrade path. Cisco
  maintains a set of best practices for managing
  firmware images and updates.
• Here are some best practices to consider when you
  manage images
• Before you perform firmware updates, use the UCS
  Manager image management
• interfaces to download relevant images to the
  fabric interconnect.
• The Cisco UCS Manager maintains an inventory of
  available firmware images.
• Images are stored in the /bootflash partition in
  the fabric interconnect.
• The /bootflash partition is dedicated solely to
  firmware images managed by the UCS
• Manager.
• Each fabric interconnect ships preloaded with one
  firmware package.
• Faults are raised when the /bootflash partition
  exceeds 70 percent and 90 percent
• capacity.
• Each image represents an individual firmware
  package specific to one hardware
• componentfor example, I/O module image, BMC
  image, and UCS Manager image.
• Multiple images are bundled together to form an
  image package.
• An image package is meant only for ease of
  distribution and download.
• Unlike an individual image, image packages do not
  have versions.
• Cisco publishes both individual images and image
  packages.

• QUESTION NO 6
• In which circumstances Cisco NX-OS exports a flow
  as part of a NetFlow export UDP datagram?
• When you force a flow to export
• When the flow is exported without timeout value
• When the flow is exported as per the flow timeout
  value that defaults to 20 seconds
• When a flow is created by Netflow export
• Answer A Explanation
• Cisco NX-OS exports a flow as part of a NetFlow
  export UDP datagram under the following
  Circumstances
• Flows are exported periodically per the flow
  timeout value, which defaults to
• ten seconds if not configured.
• You have forced the flow to export.

4

• QUESTION NO 7
• Using OSPFv3, what happens if the receiving MTU
  is higher than the IP MTU configured on the
  incoming interface?
• OSPF fails to establish adjacencies
• OSPF establish adjacencies
• OSPF drops the packet as defragment disabled.
• The dead interval will be set to 100 seconds
• Answer A Explanation
• Use the IP OSPF MTU-ignore command for OSPFv2 or
  ipv6 OSPF MTU-ignore command for OSPFv3 to
  disable MTU mismatch detection on an interface.
  By default, OSPF checks whether neighbors use
  the same MTU on a common interface. If the
  receiving MTU is higher than the IP MTU
  configured on the incoming interface, OSPF does
  not establish adjacencies.

• QUESTION NO 8
• Which of the following is a configuration
  limitation of BFD features?
• NX-OS supports BFD version 2 only
• HSRP for IPv6 is supported with BFD
• BFD supports multi-hop iBGP only
• NX-OS supports IPv4 only
• Answer D Reference
• https//images10.newegg.com/UploadFilesForNewegg/i
  temintelligence/Cisco/multicast_cli140
  2017439965.pdf

• QUESTION NO 9
• You are a network administrator at a local data
  center. You are configuring vPC system priority
  on LACP to ensure that vPC peer devices are the
  primary ones on LACP. Which command is used to
  configure vPC priorities on LACP?
• Role priority priority
• System-priority priority
• Peer-gateway priority
• System-numbers Priority

5
Answer B Reference You should manually configure
the vPC system priority when running LACP to
ensure that the vPC peer devices are the primary
devices on LACP. When you manually configure the
system priority, ensure that you configure the
same priority value on both vPC peer devices. If
these values do not match, vPC will not come up.

• QUESTION NO 10
• As a network administrator, you are configuring
  ACI fabric load balancing. You want to use a load
  balancing option for a network where each flow
  is assigned to an uplink based on a hash of 5-
  tuple. The option must provide flow distribution
  across available links that are roughly even.
  Which load balancing option should be used?
• Dynamic load balancing
• Dynamic hash load balancing
• Static hash load balancing
• Static redistribution load balancing
• Answer C Explanation
• The ACI fabric provides several load-balancing
  options for balancing the traffic among the
  available uplink. Static hash load balancing is
  the traditional load-balancing mechanism used in
  networks where each flow is allocated to an
  uplink based on a hash of its 5-tuple. This load
  balancing gives a roughly even distribution of
  flows across the available links. Usually, with a
  large number of flows, the even distribution of
  flows results in an even bandwidth distribution.
  However, if a few flows are much larger than the
  rest, static load balancing might give suboptimal
  results.
• Reference https//www.cisco.com/c/en/us/td/docs/s
  witches/datacenter/aci/apic/sw/1-x/aci-
  fundamentals/b_ACI-Fundamentals/b_ACI-Fundamentals
  _chapter_010010.html

• QUESTION NO 11
• Which FHRP protocol performs a transparent
  failover of the first hop gateway router while
  providing first hop routing redundancy for IP
  hosts with a gateway or default route on Ethernet
  networks?
• BGP routing protocol
• Virtual router redundancy protocol
• Gateway load balancing protocol
• Hot Standby router protocol

6
Answer D Explanation Hot Standby Router
Protocol (HSRP) is a First Hop Redundancy
Protocol (FHRP) that allows a transparent
failover of the first hop gateway router. HSRP
provides first-hop routing redundancy for IP
hosts on Ethernet networks configured with a
gateway or default route. You can use HSRP in a
group of routers for selecting an active router
and a standby router.

• QUESTION NO 12
• In OSPFv3, Which LSA feature can control and
  reduce high CPU and buffer usage and allows OSPF
  to pack multiple LSAs into an OSPF update
  message?
• Network Summary LSA
• Router LSA
• LSA group pacing
• LSA MaxAge pacing
• Answer C Explanation
• You can use the LSA group pacing feature to
  control the flooding rate of LSA updates in your
  network. LSA group pacing can reduce high CPU or
  buffer usage. This feature groups LSAs with
  similar link-state refresh times to allow OSPF to
  pack multiple LSAs into an OSPF update message.

• QUESTION NO 13
• On a Cisco Nexus switch, the TACACS feature is
  disabled is disabled by default. Which of the
  following commands must be used to enable this
  feature?
• Switch feature aaa
• Switch feature tacacs
• Switch(config) feature aaa
• Switch(config) feature tacacs
• Switch(config-aaa) feature aaa
• Switch(config-aaa) feature tacacs
• Answer D

QUESTION NO 14
7

• Which of the following security models do Network
  File Systems (NFS) utilize?
• Zero Trust
• Kerberos
• RBAC
• Mandatory
• Discretionary
• Answer B

• QUESTION NO 15
• Which of the following are true regarding the
  scalability of VLANs and VXLANs? (Select all that
  apply).
• VLANs support approximately 16 million unique
  Layer 2 segments.
• VLANs support approximately 4000 unique Layer 2
  segments.
• VXLANs support approximately 16 million unique
  Layer 2 segments.
• VXLANs support approximately 4000 million unique
  Layer 2 segments.
• VLANs support approximately 16000 when using QinQ
  encapsulation
• VXLANs support approximately 16000 when using
  QinQ encapsulation
• Answer B, C, E

• QUESTION NO 16
• When configuring a Control Plane Policing policy
  on a Cisco device, which of the following can be
  configured as the matching packet types? (Select
  three)
• Source IP address
• Destination IP address
• IP Precedence
• DSCP values
• MAC address
• Access-group
• Answer C, D, F
• Reference https//www.cisco.com/c/dam/en/us/td/do
  cs/switches/lan/catalyst6500/ios/15-
  4SY/cisco-copp-feature-guide.pdf page 6

QUESTION NO 17
8

• Which of the following network automation tools
  uses a push model and does not require an agent
  to be installed on the end node?
• Ansible
• Puppet
• Chef
• Saltstack
• Answer A
• Reference https//ipcisco.com/lesson/ansible-vs-p
  uppet-vs-chef/

• QUESTION NO 18
• Which of the following can be found in the
  /mnt/pss/ directory of a Cisco MDS 9000 series
  switch?
• Running configuration
• Software system images
• Core dump files
• Kickstart images
• Answer C

• QUESTION NO 19
• You want to make your Cisco MDS 9000 Series
  switch Federal Information Processing Standards
  (FIPS) compliant by using the fips mode enable
  command. Which of the following guidelines need
  to be followed prior to doing this? (Select
  three)
• Configure complex passwords using a minimum of 16
  characters.
• Disable telnet
• Disable SNMP versions 1 and 2.
• Enable VRRP
• Disable RADIUS and TACACS
• Answer B, C, E Reference
• https//www.cisco.com/c/en/us/td/docs/switches/dat
  acenter/mds9000/sw/8_x/config/securit
  y/cisco_mds9000_security_config_guide_8x/configuri
  ng_fips.html

QUESTION NO 20
9
Refer to the following XML code ltpolUnigt ltfvTenan
t name"test1"gt ltvzFilter name"Http"gt ltvzEntry
name"e1" etherT"ipv4" prot"tcp"
dFromPort"80" dToPort"80"/gt lt/vzFiltergt ltvzFilt
er name"Https"gt ltvzEntry name"e1" etherT"ipv4"
prot"tcp" dFromPort"443" dToPort"443"/gt lt/vz
Filtergt ltvzBrCP name"webCtrct"gt ltvzSubj
name"http" revFltPorts"true" provmatchT"All"gt lt
vzRsSubjFiltAtt tnVzFilterName"Http"/gt ltvzRsSubjG
raphAtt graphName"G1" termNodeName"TProv"/gt ltvzP
rovSubjLbl name"openProv"/gt ltvzConsSubjLbl
name"openCons"/gt lt/vzSubjgt ltvzSubj name"https"
revFltPorts"true" provmatchT"All"gt ltvzProvSubjLb
l name"secureProv"/gt ltvzConsSubjLbl
name"secureCons"/gt lt vzRsSubjFiltAtt
tnVzFilterName"Https"/gt ltvzRsOutTermGraphAtt
graphName"G2" termNodeName"TProv"/gt lt/vzSubjgt lt/
vzBrCPgt ltfvCtx name"testctx1"/gt ltfvBD
name"testBD1"gt ltfvRsCtx tnFvCtxName"testctx1"
/gt ltfvSubnet ip"11.22.22.20/24"gt ltfvRsBDSubnetToP
rofile
10
tnL3extOutName"rout1" tnRtctrlProfileName"profEx
port"/gt lt/fvSubnetgt ltfvSubnet ip"11.22.22.211/24"
gt ltfvRsBDSubnetToProfile tnL3extOutName"rout1"
tnRtctrlProfileName"profExport"/gt lt/fvSubnetgt lt/f
vBDgt ltfvAp name"sap"gt ltfvAEPg
name"web1"gt ltfvRsBd tnFvBDName"testBD1"
/gt ltfvRsDomAtt tDn"uni/vmmp-VMware/dom-mininet"
/gt ltfvRsProv tnVzBrCPName"webCtrct"
matchT"All"gt ltvzProvSubjLbl name"openProv"/gt ltvz
ProvSubjLbl name"secureProv"/gt ltvzProvLbl
name"green"/gt lt/fvRsProvgt lt/fvAEPggt ltfvAEPg
name"web2"gt ltfvRsBd tnFvBDName"testBD1"
/gt ltfvRsDomAtt tDn"uni/vmmp-VMware/dom-mininet"
/gt ltfvRsProv tnVzBrCPName"webCtrct"
matchT"All"gt ltvzProvSubjLbl name"secureProv"/gt lt
vzProvLbl name"red"/gt lt/fvRsProvgt lt/fvAEPggt ltfvAE
Pg name"app"gt ltfvRsBd tnFvBDName"testBD1"
/gt ltfvRsDomAtt tDn"uni/vmmp-VMware/dom-mininet"
/gt ltfvRsCons tnVzBrCPName"webCtrct"gt ltvzConsSubjL
bl name"openCons"/gt ltvzConsSubjLbl
name"secureCons"/gt ltvzConsLbl name"green"/gt lt/fv
RsConsgt
11

• lt/fvAEPggt
• ltfvAEPg name"db"gt
• ltfvRsBd tnFvBDName"testBD1" /gt
• ltfvRsDomAtt tDn"uni/vmmp-VMware/dom-mininet" /gt
• ltfvRsCons tnVzBrCPName"webCtrct"gt
• ltvzConsSubjLbl name"secureCons"/gt
• ltvzConsLbl name"red"/gt
• lt/fvRsConsgt
• lt/fvAEPggt
• lt/fvApgt
• lt/fvTenantgt
• lt/polUnigt
• What is this an example of?
• ACI Tenant Policy
• ACI Security Policy
• VMM Domain Policy
• Fabric Policy
• Access Policy
• Answer A