Cisco 350-401 exam revealed answer (P. 28)

Question 271

Refer to the exhibit.An engineer must deny Telnet traffic from the loopback interface of router R3 to the loopback interface of router R2 during the weekend hours. All other traffic between the loopback interfaces of routers R3 and R2 must be allowed at all times.Which command set accomplishes this task?

Image 350-401_271Q.png related to the Cisco 350-401 Exam

A. R3(config)#time-range WEEKEND R3(config-time-range)#periodic Saturday Sunday 00:00 to 23:59 R3(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out

B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

C. R3(config)#time-range WEEKEND R3(config-time-range)#periodic weekend 00:00 to 23:59 R3(config)#access-list 150 permit tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R3(config)#access-list 150 permit ip any any time-range WEEKEND R3(config)#interface G0/1 R3(config-if)#ip access-group 150 out

D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

Question 272

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied onSW2 port G0/0 in the inbound direction?

Image 350-401_272Q.png related to the Cisco 350-401 Exam

A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080

B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080

C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2

D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2

Question 273

What is the result of applying this access control list?ip access-list extended STATEFUL10 permit tcp any any established20 deny ip any any

A. TCP traffic with the URG bit set is allowed.

B. TCP traffic with the SYN bit set is allowed.

C. TCP traffic with the ACK bit set is allowed.

D. TCP traffic with the DF bit set is allowed.

Question 274

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address10.10.10.1?

A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any

B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any

C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80

D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

Question 275

Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in.Which configuration change is required?

Image 350-401_275Q.png related to the Cisco 350-401 Exam

A. Add the access-class keyword to the username command.

B. Add the autocommand keyword to the aaa authentication command.

C. Add the access-class keyword to the aaa authentication command.

D. Add the autocommand keyword to the username command.

Question 276

Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?

Image 350-401_276Q.png related to the Cisco 350-401 Exam

A. All traffic will be policed based on access-list 120.

B. If traffic exceeds the specified rate, it will be transmitted and remarked.

C. Class-default traffic will be dropped.

D. ICMP will be denied based on this configuration.

Question 277

DRAG DROP -Drag and drop the threat defense solutions from the left onto their descriptions on the right.Select and Place:

Image 350-401_277Q.png related to the Cisco 350-401 Exam

Image 350-401_277R.png related to the Cisco 350-401 Exam

Question 278

Refer to the exhibit.What is the effect of this configuration?

Image 350-401_278Q.png related to the Cisco 350-401 Exam

A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey.

B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.

C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4.

D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails.

Question 279

Which deployment option of Cisco NGFW provides scalability?

A. inline tap

B. high availability

C. clustering

D. tap

Question 280

DRAG DROP -Drag and drop the REST API authentication methods from the left onto their descriptions on the right.Select and Place:

Image 350-401_280Q.png related to the Cisco 350-401 Exam

Image 350-401_280R.png related to the Cisco 350-401 Exam

Win IT Exam with Last Dumps 2025

Cisco 350-401 Exam

Page 28/64

Viewing Questions 271 280 out of 638 Questions

B. R1(config)#time-range WEEKEND R1(config-time-range)#periodic weekend 00:00 to 23:59 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

D. R1(config)#time-range WEEKEND R1(config-time-range)#periodic Friday Sunday 00:00 to 00:00 R1(config)#access-list 150 deny tcp host 10.3.3.3 host 10.2.2.2 eq 23 time-range WEEKEND R1(config)#access-list 150 permit ip any any R1(config)#interface G0/1 R1(config-if)#ip access-group 150 in

Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied onSW2 port G0/0 in the inbound direction?

A. permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080

B. permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080

C. permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2

D. permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2

What is the result of applying this access control list?ip access-list extended STATEFUL10 permit tcp any any established20 deny ip any any

A. TCP traffic with the URG bit set is allowed.

B. TCP traffic with the SYN bit set is allowed.

C. TCP traffic with the ACK bit set is allowed.

D. TCP traffic with the DF bit set is allowed.

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address10.10.10.1?

A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any

B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any

C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80

D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

Refer to the exhibit. An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in.Which configuration change is required?

A. Add the access-class keyword to the username command.

B. Add the autocommand keyword to the aaa authentication command.

C. Add the access-class keyword to the aaa authentication command.

D. Add the autocommand keyword to the username command.

Refer to the exhibit. An engineer configures CoPP and enters the show command to verify the implementation. What is the result of the configuration?

A. All traffic will be policed based on access-list 120.

B. If traffic exceeds the specified rate, it will be transmitted and remarked.

C. Class-default traffic will be dropped.

D. ICMP will be denied based on this configuration.

DRAG DROP -Drag and drop the threat defense solutions from the left onto their descriptions on the right.Select and Place:

Refer to the exhibit.What is the effect of this configuration?

A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey.

B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.

C. The device will allow only users at 192.168.0.202 to connect to vty lines 0 through 4.

D. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails.

Which deployment option of Cisco NGFW provides scalability?

A. inline tap

B. high availability

C. clustering

D. tap

DRAG DROP -Drag and drop the REST API authentication methods from the left onto their descriptions on the right.Select and Place: