Free Download Cisco 350-001 VCE Test Engine Full Version Now (91-100)
QUESTION 91
Refer to the exhibit. Which of the following options will trigger the applet?
A. an external Cisco IOS event
B. a manually run policy event
C. a preconfigured timer
D. an automated RPC call
Answer: B
Explanation:
There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the policy itself. The event none command allows EEM to identify an EEM policy that can either be run manually or be run when an EEM applet is triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command in global configuration mode.
QUESTION 92
Refer to the exhibit. Which output will the EEM applet in the exhibit produce?
A. The output of show version will be executed every 5 hours.
B. The output of show log will be executed every 5 hours.
C. The output of show log will be executed every 5 days.
D. The output of show log will be executed every 5 minutes.
Answer: C
QUESTION 93
Which NetFlow version should be used to collect accounting data for IPv6 traffic?
A. version 1
B. version 5
C. version 7
D. version 8
E. version 9
Answer: E
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/15-s/ip6-nflw-v9.html
QUESTION 94
To troubleshoot network issues more accurately, milliseconds should be included in the syslog of the router. Which command will achieve this?
A. service timestamps log datetimec msec
B. logging timestamps msec
C. syslog timestamps hour minute second miliseconds
D. service logging timestamp msec
E. logging service timestamp msec
Answer: A
Explanation:
Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of 璖ervice attacks.
By default on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:
ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]} http://itknowledgeexchange.techtarget.com/network-technologies/what-is-service-timestamps-logging-and-howit-can-be-configured-cisco-switch-or-a-router/
QUESTION 95
Refer to the exhibit. Based on the above commands, when will the output of the show log command be saved?
A. Each time the total CPU utilization goes below 50 percent
B. Each time the total CPU utilization goes above 80 percent
C. Every 5 minutes while the total CPU utilization is above 80 percent
D. Every 5 seconds while the total CPU utilization is above 80 percent
E. Every 5 minutes while the total CPU utilization is below 50 percent
F. Every 5 seconds while the total CPU utilization is below 50 percent
Explanation:
he cpu threshold generates syslog messages when it goes above 80 % and when it comes back down below 50% after being above 80%.
It checks cpu utilization every 5 seconds.
When the cpu has been above 80%, and has come back below 50%, the syslog message SYS-1-CPUFALLINGTHRESHOLD is generated
-thats when the “show log” command is triggered
The closest answer is “Each time the total CPU goes below 50 percent”
QUESTION 96
What is the purpose of an explicit “deny any” statement at the end of an ACL?
A. none, since it is implicit
B. to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually
required
C. to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually
required
D. to allow the log option to be used to log any matches
E. to prevent sync flood attacks
F. to prevent half-opened TCP connections
Answer: D
Explanation:
As we know, there is always a “deny all” line at the end of each access-list to drop all other traffic that doesn’t match any “permit” lines. You can enter your own explicit deny with the “log” keyword to see what are actually blocked, like this:
Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255 Router(config)# access-list 1 deny any log
Note: The log keyword can be used to provide additional detail about source and destinations for a given protocol. Although this keyword provides valuable insight into the details of ACL hits, excessive hits to an ACL entry that uses the log keyword increase CPU utilization. The performance impact associated with logging varies by platform. Also, using the log keyword disables Cisco Express Forwarding (CEF) switching for packets that match the access-list statement. Those packets are fast switched instead.
QUESTION 97
Which of these is mandatory when configuring Cisco IOS Firewall?
A. Cisco IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. a route map to define the trusted outgoing traffic
D. a route map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface
Answer: E
Explanation:
After the ACL is defined, it must be applied to the interface (inbound or outbound). In early software releases, out was the default when a keyword out or in was not specified. The direction must be specified in later software releases.
QUESTION 98
Which statement correctly describes the disabling of IP TTL propagation in an MPLS network?
A. The TTL field from the IP packet is copied into the TTL field of the MPLS label header at the
ingress edge LSR.
B. TTL propagation cannot be disabled in an MPLS domain.
C. TTL propagation is only disabled on the ingress edge LSR.
D. The TTL field of the MPLS label header is set to 255.
E. The TTL field of the IP packet is set to 0.
Answer: D
Explanation:
Time-to-Live (TTL) is an 8-bit field in the MPLS label header which has the same function in loop detection of the IP TTL field. Recall that the TTL value is an integer from 0 to 255 that is decremented by one every time the packet transits a router. If the TTL value of an IP packet becomes zero, the router discards the IP packet, and an ICMP message stating that the TTL expired in transit is sent to the source IP address of the IP packet. This mechanism prevents an IP packet from being routed continuously in case of a routing loop.
By default, the TTL propagation is enabled so a user can use traceroute command to view all of the hops in the network.
We can disable MPLS TTL propagation with the no mpls ip propagate-ttl command under global configuration.
When entering a label-switched path (LSP), the edge router will use a fixed TTL value (255) for the first label.
This increases the security of your MPLS network by hiding provider network from customers.
QUESTION 99
Two routers configured to run BGP have been connected to a firewall, one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer,
including the correct BGP session endpoint addresses and the correct BGP session hop-count
limit (EBGP multihop). What is a good first test to see if BGP will work across the firewall?
A. Attempt to TELNET from the router connected to the inside of the firewall to the router connected to
the outside of the firewall. If telnet works, BGP will work, since telnet and BGP both use TCP to
transport data.
B. Ping from the router connected to the inside interface of the firewall to the router connected to the
outside interface of the firewall. If you can ping between them, BGP should work, since BGP uses
IP to transport packets.
C. There is no way to make BGP work across a firewall without special configuration, so there is no
simple test that will show you if BGP will work or not, other than trying to start the peering session.
D. There is no way to make BGP work across a firewall.
Answer: C
Explanation:
1. The question doesn’t say that you are passing the port parameter to the telnet session. In the answer cisco says “since telnet and BGP both use TCP to transport data.” Meaning that TELNET and BGP share TCP, no mention of ports.
2. If you telnet to Port 179 you are testing the path only in 1 direction from the inside to the outside. Yes stateful firewalls will allow return traffic from outside, but they won’t allow the outside neighbor to initiate a session.
3. If the Firewall is using NAT for outgoing traffic, which is common, you will be able to telnet to the BGP peer, but the peer won’t be able to reach your router back if it needs to initiate a session.
4. The Firewall can translate port 179 to 23 or anything else that will give you a false positive on your Telnet test.
5. Answer C says that
A. “There is no way to make BGP work across a firewall without special configuration” Special configuration refers to the Firewall, since in the question they explicitly say that BGP has been properly configured.
B. “Trying to start the peering session.” will provide you with a definitive answer.
C. Therefore correct answer is C.
QUESTION 100
Spanning Tree Protocol IEEE 802.1s defines the ability to deploy which of these?
A. one global STP instance for all VLANs
B. one STP instance for each VLAN
C. one STP instance per set of VLANs
D. one STP instance per set of bridges
Answer: C
Explanation:
The IEEE 802.1s standard is the Multiple Spanning Tree (MST). With MST, you can group VLANs and run one instance of Spanning Tree for a group of VLANs. Other STP types:
Common Spanning Tree (CST), which is defined with IEEE 802.1Q, defines one spanning tree instance for all VLANs.
Rapid Spanning Tree (RSTP), which is defined with 802.1w, is used to speed up STP convergence. Switch ports exchange an explicit handshake when they transition to forwarding.
If you want to pass Cisco 350-001 exam successfully, donot missing to read latest lead2pass Cisco 350-001 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.