Question 201
After a possible security breach, the network administrator of an ISP must verify the times that several different users logged into the network.
Which command must the administrator enter to display the login time of each user that activated a session?
A. show netconf-yang sessions detail
B. show netconf-yang sessions
C. show netconf-yang datastores
D. show platform software yang-management process
Question 202
An engineer is developing a configuration script to enable dial-out telemetry streams using gRPC on several new devices. TLS must be disabled on the devices.
Which configuration must the engineer apply on the network?
A. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc tls-hostname ciscotest.com commit
B. telemetry model-driven destination-group DGroup1 address-family ipv4 172.0.0.0 port 5432 encoding self-describing-gpb protocol tcp commit
C. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc no-tls commit
D. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc commit
Question 203
Which additional configuration is required for NetFlow to provide traceback information?
A. A classification ACL must be configured to identity which type of traffic will be analyzed.
B. The BGP routing process must be started for any ingress or egress data to be reported when using NetFlow Version 5.
C. Cisco Express Forwarding must be configured for traffic that is egressing from the router to be property reported.
D. LLDP must be configured or the device will be unable to locate a NetFlow analyzer.
Question 204
How do intent APIs make it easier for network engineers to deploy and manage networks?
A. They pull stored SNMP data from a single network location to multiple monitoring tools.
B. They allow the engineer to use a single interface as the entry point for control access to the entire device.
C. They streamline repetitive workflows and support more efficient implementation.
D. They extend the Layer 2 infrastructure and reduce the necessary number of virtual connections to Layer 3 devices.
Question 205
Refer to the exhibit. What does this REST API script configure?
A. VRF
B. interface with IP address 192.168.0.1
C. application profile
D. public community string for SNMP
Question 206
Refer to the exhibit. An Ethernet access provider is configuring routers PE-1 and PE-2 to provide E-Access EVPL service between UNI and ENNI. ENNI service multiplexing is based on 802.1ad tag 150, and service-multiplexed UNI is based on 802.1q tag 10. Which EFP configurations must the provider implement on PE-1 and PE-2 to establish end-to-end connectivity between CE-1 and CE-2?
A. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
B. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1q 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
C. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 dot1q 10 rewrite ingress tag pop 2 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
D. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric
Question 207
Refer to the exhibit. An administrator working for large ISP must connect its two POP sites to provide internet connectivity to its customers.
Which configuration must the administrator perform to establish an iBGP session between routers PE1 on POP site 1 and PE2 on POP site 2?
A. PE2#configure terminal PE2(config)#router bgp 65111 PE2(config-router)#no neighbor 172.18.10.1 shutdown PE2(config-router)#end
B. PE1#configure terminal PE1(config)#router bgp 65111 PE1(config-router)#no neighbor 172.19.10.10 shutdown PE1(config-router)#end
C. PE1#configure terminal PE1(config)#router bgp 65111 PE1(config-router)#address-family ipv4 unicast PE1(config-router-af)#neighbor 172.19.10.10 activate PE1(config-router-af)#end
D. PE2#configure terminal PE2(config)#router bgp 65111 PE2(config-router)#address-family ipv4 unicast PE2(config-router-af)#neighbor 172.18.10.1 activate PE2(config-router-af)#end
Question 208
Refer to the exhibit. The operations team is implementing an LDP-based configuration in the service provider core network with these requirements:
- R1 must establish LDP peering with the loopback IP address as its Router-ID.
- Session protection must be enabled on R2.
How must the team update the network configuration to successfully enable LDP peering between R1 and R2?
A. Change the LDP password on R2 to Cisco.
B. Configure mpls ldp router-id loopback0 on R1 and R2.
C. Configure LDP session protection on R1.
D. Change the discover hello hold time and interval to their default values.
Question 209
A network engineer is testing an automation platform that interacts with Cisco networking devices via NETCONF over SSH. In accordance with internal security requirements:
- NETCONF sessions are permitted only from trusted sources in the 172.16.20.0/24 subnet.
- CLI SSH access is permitted from any source.
Which configuration must the engineer apply on R1?
A. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
B. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 1 permit any netconf ssh line vty 0 4 access-class 1 in transport input ssh end
C. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 2 permit any netconf ssh line vty 0 4 access-class 2 in transport input ssh end
D. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
Question 210
A network architect decides to expand the scope of the multicast deployment within the company network. The network is already using PIM-SM with a static RP that supports a high-bandwidth, video-based training application that is heavily used by the employees, but excessive bandwidth usage is a concern. How must the engineer update the network to provide a more efficient multicast implementation?
A. Configure IGMP to manage the multicast hosts on each LAN.
B. Deploy ICMP to improve multicast reachability across the network using static RP.
C. Implement BSR to support dynamic RP notification.
D. Implement STP to improve switching performance for multicast data.
