Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Device Access Control practice sets

300-410 Device Access Control • Complete Question Bank

300-410 Device Access Control — All Questions With Answers

Complete 300-410 Device Access Control question bank — all 0 questions with answers and detailed explanations.

76
Questions
Free
No signup
Certifications/300-410/Practice Test/Device Access Control/All Questions
Question 1mediummultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a site-to-site VPN between two Cisco routers. The tunnel is up, but traffic is not passing. On R1, the engineer issues the command 'show crypto map' and sees that the crypto map is applied to the outbound interface. What is the most likely cause of the traffic failure?

Question 2mediummultiple choice
Study the full AAA explanation →

A network administrator is configuring AAA for device access on a Cisco router. After configuring the RADIUS server and AAA authentication login default group radius local, the engineer tests Telnet access and receives 'Access denied' even with correct credentials. The RADIUS server is reachable. What is the most likely cause?

Question 3hardmultiple choice
Review the full routing breakdown →

An engineer configures a Cisco router for SSH access. The router has an IP address on interface GigabitEthernet0/0, and the engineer generates RSA keys using the command 'crypto key generate rsa modulus 2048'. However, SSH connections fail with 'Connection refused'. What is the most likely cause?

Question 4mediummultiple choice
Read the full network assurance explanation →

A network engineer is troubleshooting a Cisco router that is not responding to SNMP polls from a management station. The router has 'snmp-server community public RO' configured. The management station can ping the router. What is the most likely cause?

Question 5hardmultiple choice
Study the full AAA explanation →

An engineer configures a Cisco router with 'aaa authentication login default local' and 'aaa authorization exec default local'. The engineer then attempts to log in via the console and is prompted for a username and password. The username 'admin' with password 'cisco' is configured locally. The login fails. What is the most likely cause?

Question 6mediummultiple choice
Study the full AAA explanation →

A network engineer is troubleshooting a Cisco router that is configured for RADIUS authentication. The engineer issues 'debug radius authentication' and sees that the RADIUS server is not responding. The router can ping the RADIUS server. What is the most likely cause?

Question 7hardmultiple choice
Review the full routing breakdown →

An engineer configures a Cisco router with 'ip http server' and 'ip http authentication local' for web-based management. The engineer creates a local username 'admin' with privilege level 15. However, when accessing the router via HTTP, the engineer is prompted for credentials but access is denied. What is the most likely cause?

Question 8mediummultiple choice
Study the full AAA explanation →

A network engineer is troubleshooting a Cisco router that is configured for TACACS+ authentication. The engineer issues 'test aaa group tacacs+ admin cisco123 new-code' and receives 'FAILED'. The router can ping the TACACS+ server. What is the most likely cause?

Question 9hardmultiple choice
Study the full AAA explanation →

An engineer configures a Cisco router with 'aaa authentication login default group radius local' and 'aaa authentication enable default group radius enable'. The engineer then attempts to enter enable mode and is prompted for a password. The RADIUS server is reachable, but the enable password is not accepted. What is the most likely cause?

Question 10mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(100) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:12:34 1 200 0 45 1 10.2.2.2 Gi0/1 12 00:11:20 2 200 0 67 2 10.3.3.2 Gi0/2 10 00:10:15 1 200 0 89

Based on this output, which statement is correct?

Question 11mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.1.2     1     FULL/DR        00:00:35    10.1.1.2        GigabitEthernet0/0
192.168.2.2     1     2WAY/DROTHER   00:00:32    10.2.2.2        GigabitEthernet0/1
192.168.3.2     1     FULL/BDR       00:00:38    10.3.3.2        GigabitEthernet0/2

Based on this output, what is a potential issue?

Question 12mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show bgp ipv4 unicast summary

BGP router identifier 192.168.1.1, local AS number 65001 BGP table version is 10, main routing table version 10

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4          65002    1200    1200       10    0    0 01:00:00        5
10.2.2.2        4          65003    0       0          0    0    0 never    Active

Based on this output, what is the problem with the neighbor 10.2.2.2?

Question 13mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show route-map TEST

route-map TEST, permit, sequence 10 Match clauses:

ip address (access-lists): 100

Set clauses: metric 50 Policy routing matches: 0 packets, 0 bytes route-map TEST, deny, sequence 20 Match clauses:

ip address (access-lists): 101

Set clauses: Policy routing matches: 0 packets, 0 bytes

Based on this output, which statement is correct?

Question 14mediummultiple choice
Read the full MPLS explanation →

A network engineer runs the following command on Router R1:

R1# show mpls ldp neighbor

Peer LDP Ident: 192.168.2.2:0, Local LDP Ident: 192.168.1.1:0 TCP connection: 10.1.1.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:45:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.1.1.2 Addresses bound to peer LDP Ident:

10.1.1.2     192.168.2.2

Based on this output, what is the state of the LDP session?

Question 15mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command on Router R1:

R1# show dmvpn
Interface: Tunnel0, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- ----------------- --------------- ----- -------- ----- 1 10.0.0.2 10.1.1.2 UP 00:10:00 D 2 10.0.0.3 10.1.1.3 UP 00:05:00 D

Based on this output, what is the role of Router R1 in the DMVPN network?

Question 16mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP class-map: MANAGEMENT (match-all) 100 packets, 10000 bytes 5 minute offered rate 0 bps police: cir 8000 bps, bc 1500 bytes conformed 100 packets, 10000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps

Based on this output, which statement is correct?

Question 17mediummultiple choice
Read the full VRF explanation →

A network engineer runs the following command on Router R1:

R1# show ip vrf CUSTOMER

Name Default RD Interfaces CUSTOMER 65001:100 Gi0/0.100 Gi0/1.100

Based on this output, which statement is correct?

Question 18mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip sla statistics

IPSLAs Latest Operation Statistics

IPSLA operation id: 1 Type of operation: icmp-echo Latest RTT: 20 milliseconds Latest operation start time: 12:00:00 UTC Mon Mar 1 2021 Latest operation return code: OK Number of successes: 100 Number of failures: 0

Based on this output, which statement is correct?

Question 19mediummultiple choice
Review the full routing breakdown →

Examine the following partial configuration on a Cisco IOS-XE router:

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group MY_ACL in

!

access-list 100 permit tcp any host 192.168.1.1 eq 22
access-list 
100 deny ip any any

!

line vty 0 4

transport input ssh login local !

username admin privilege 15 secret cisco

What is the effect of this configuration?

Question 20mediummultiple choice
Review the full routing breakdown →

Consider the following partial configuration on a Cisco router:

ip access-list extended BLOCK_TELNET
 deny tcp any any eq 23
 permit ip any any

!

interface Serial0/0/0
 ip access-group BLOCK_TELNET out

!

line vty 0 4

transport input telnet password cisco login

What is the effect of this configuration?

Question 21mediummultiple choice
Read the full Device Access Control explanation →

Examine the following partial configuration:

username admin privilege 15 secret 5 $1$abcdefg$hashedvalue
username operator privilege 1 password cisco

!

line console 0

login local !

line vty 0 4

login local transport input ssh

What is a potential security issue with this configuration?

Question 22mediummultiple choice
Read the full network assurance explanation →

Given the following partial configuration on a router:

ip access-list standard FILTER_SNMP
 permit 192.168.1.0 0.0.0.255
 deny any

!

snmp-server community public RO FILTER_SNMP
snmp-server location DataCenter
snmp-server contact admin@example.com

What is the effect of this configuration?

Question 23mediummultiple choice
Read the full Device Access Control explanation →

Examine the following partial configuration:

ip access-list extended MGMT_ACCESS
 permit tcp 10.0.0.0 0.255.255.255 any eq 22
 permit tcp 10.0.0.0 0.255.255.255 any eq

443

deny ip any any

!

line vty 0 4

access-class MGMT_ACCESS in transport input ssh login local

What is the effect of the 'access-class' command?

Question 24mediummultiple choice
Study the full ACL explanation →

Consider the following partial configuration:

ip access-list extended SECURE_ACCESS
 permit icmp any any echo
 permit icmp any any echo-reply
 permit tcp any host 192.168.1.1 eq 22
 permit tcp any host 192.168.1.1 eq

443

deny ip any any

!

interface GigabitEthernet0/0
 ip access-group SECURE_ACCESS in

!

interface GigabitEthernet0/1
 ip access-group SECURE_ACCESS out

What is a potential issue with this ACL placement?

Question 25easymultiple choice
Review the full OSPF breakdown →

What is the default OSPF dead interval on a broadcast multi-access network (e.g., Ethernet) when the hello interval is 10 seconds?

Question 26mediummultiple choice
Study the full EIGRP explanation →

In EIGRP, which metric component is disabled by default and must be explicitly enabled using the 'metric weights' command?

Question 27easymultiple choice
Read the full Device Access Control explanation →

Which of the following is true regarding the use of the 'transport input' command on a VTY line?

Question 28mediummulti select
Review the full routing breakdown →

Which TWO commands would a network engineer use to verify the status of local authentication and authorization for device access control on a Cisco IOS router? (Choose TWO.)

Question 29mediummulti select
Review the full routing breakdown →

Which TWO statements about configuring login enhancements for device access control on a Cisco IOS router are true? (Choose TWO.)

Question 30mediummulti select
Study the full AAA explanation →

Which TWO configuration steps are required to enable TACACS+ authentication for device access control on a Cisco IOS router, assuming the TACACS+ server is already reachable? (Choose TWO.)

Question 31hardmulti select
Study the full AAA explanation →

Which THREE symptoms indicate that a Cisco IOS router is experiencing issues with device access control due to misconfigured AAA local authentication? (Choose THREE.)

Question 32hardmulti select
Study the full AAA explanation →

Which THREE commands are used to troubleshoot and verify device access control when using TACACS+ authentication on a Cisco IOS router? (Choose THREE.)

Question 33hardmultiple choice
Study the full EIGRP explanation →

A large enterprise network is experiencing intermittent loss of reachability to a critical subnet 10.10.10.0/24 from remote sites. Router R1 has the following relevant configuration: interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip summary-address eigrp 100 10.10.0.0 255.255.252.0. Router R2 shows: show ip route eigrp | include 10.10.10.0 outputs nothing, but show ip eigrp topology all-links shows 10.10.10.0/24 via 192.168.1.1 with a feasible distance of 1280. What is the root cause?

Question 34hardmultiple choice
Review the full OSPF breakdown →

A network engineer is troubleshooting a redistribution issue between OSPF and EIGRP. Router R1 redistributes OSPF into EIGRP, and Router R2 redistributes EIGRP into OSPF. After configuration, some routes are missing, and routing loops occur. R1 has: router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 route-map OSPF-to-EIGRP. R2 has: router ospf 1 redistribute eigrp 100 subnets route-map EIGRP-to-OSPF. Show ip route on R1 shows an OSPF route 172.16.1.0/24 learned via R2, but also an EIGRP route for the same prefix with a better administrative distance. What is the root cause?

Question 35hardmultiple choice
Open the full BGP breakdown →

A BGP-speaking router R1 is experiencing unexpected path selection for prefix 10.0.0.0/8. R1 receives two BGP updates: one from neighbor 192.168.1.2 with local preference 150, AS path 65001 65002, and MED 50; another from neighbor 192.168.2.2 with local preference 100, AS path 65001, and MED 100. R1's BGP configuration includes: bgp always-compare-med. The show ip bgp 10.0.0.0/8 output shows the path via 192.168.1.2 as best, but the network team expects the path via 192.168.2.2 to be best due to shorter AS path. What is the root cause?

Question 36hardmultiple choice
Review the full OSPF breakdown →

Two OSPF routers R1 and R2 are connected via a GigabitEthernet link in area 0. R1 has interface GigabitEthernet0/0 ip ospf network point-to-point, while R2 has the default OSPF network type broadcast. R1's show ip ospf neighbor shows R2 in FULL state, but R2's show ip ospf neighbor shows R1 in FULL state. However, routes from R1 are not appearing in R2's routing table. Show ip ospf database on R2 shows the router LSA from R1 but not the network LSA. What is the root cause?

Question 37hardmultiple choice
Study the full EIGRP explanation →

An EIGRP network with multiple routers is experiencing frequent stuck-in-active (SIA) events for prefix 10.10.10.0/24. The network topology includes a slow WAN link between R1 and R2. R1's show ip eigrp topology 10.10.10.0/24 shows the route in active state with a query outstanding to R2. R2's show ip eigrp topology shows the same prefix in passive state. The EIGRP timers are default. What is the root cause?

Question 38hardmultiple choice
Read the full VPN explanation →

A DMVPN network with NHRP is configured for spoke-to-spoke tunnels. Spoke routers R1 and R2 are both connected to a hub router H1. Spoke-to-spoke traffic is not working. R1's show dmvpn shows a dynamic NHRP mapping for R2's tunnel IP to R2's physical IP, but ping from R1's tunnel IP to R2's tunnel IP fails. R1's show ip nhrp shows the mapping as 'dynamic' with no flags. The hub has no special configuration. What is the root cause?

Question 39hardmultiple choice
Review the full OSPF breakdown →

An MPLS network is experiencing label distribution failures. Router R1 is an LSR connected to R2. R1's show mpls ldp neighbor shows R2 in OPERATIONAL state, but show mpls ldp bindings shows no label bindings for prefixes learned via OSPF from R2. R1's mpls ldp router-id is 1.1.1.1, and R2's is 2.2.2.2. The OSPF process on R1 advertises the loopback0 interface with ip address 1.1.1.1 255.255.255.255, and R2's loopback0 is 2.2.2.2. The link between them is 192.168.1.0/30. What is the root cause?

Question 40hardmultiple choice
Study the full ACL explanation →

A network administrator notices that SSH access to router R1 from a management station 10.10.10.10 is failing intermittently. R1 has the following configuration: access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 192.168.1.1 eq 22, line vty 0 4 access-class 100 in, and control-plane host control-plane security copp policy-map COPP class MANAGEMENT police cir 8000 bc 1500 conform-action transmit exceed-action drop. The management station is on a different subnet than the management interface. The failure occurs during peak hours. What is the root cause?

Question 41hardmultiple choice
Read the full VRF explanation →

A VRF-aware network has two VRFs: VRF A and VRF B. Router R1 is configured with VRF A and VRF B, and route leaking is configured between them using route-replicate. Routes from VRF A are appearing in VRF B, but traffic from VRF B to destinations in VRF A is failing. R1's configuration: ip route vrf A 10.10.10.0 255.255.255.0 192.168.1.1, and route-replicate from VRF A to VRF B. Show ip route vrf B shows the route 10.10.10.0/24 with next-hop 192.168.1.1. However, ping from a device in VRF B to 10.10.10.1 fails. What is the root cause?

Question 42mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# debug ip ospf adj

OSPF: 2 Way: DBD with 10.1.1.2 on GigabitEthernet0/0 OSPF: Send DBD to 10.1.1.2 seq 0x1C opt 0x52 flag 0x7 len 32 OSPF: Rcv DBD from 10.1.1.2 seq 0x1C opt 0x52 flag 0x2 len 132 mtu 1500 OSPF: Nbr 10.1.1.2 is FULL, state changed from LOADING to FULL

What does this output indicate?

Question 43mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# debug ip bgp updates

BGP(0): 10.1.1.2 rcv UPDATE w/ attr: nexthop 10.1.1.2, origin i, metric 0, path 65002 BGP(0): 10.1.1.2 rcv UPDATE about 192.168.1.0/24 -- DENIED due to: community no-export;

What does this output indicate?

Question 44mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show ip eigrp topology 10.10.10.0/24 all-links

P 10.10.10.0/24, 1 successors, FD is 1310720 via 10.1.1.2 (1310720/1310720), GigabitEthernet0/0 via 10.1.2.2 (1310720/1310720), GigabitEthernet0/1

What does this output indicate?

Question 45mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show ip ospf database router 10.1.1.2

OSPF Router with ID (10.1.1.1) (Process ID 1)

Router Link States (Area 0)

LS age: 150 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 10.1.1.2 Advertising Router: 10.1.1.2 LS Seq Number: 80000002 Checksum: 0x1234 Length: 48 Number of Links: 2

Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.1.2 (Link Data) Router Interface address: 10.1.1.2 Number of TOS metrics: 0 TOS 0 Metrics: 10

Link connected to: a Stub Network (Link ID) Network/subnet number: 192.168.1.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 10

What does this output indicate?

Question 46mediummultiple choice
Read the full MPLS explanation →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show mpls ldp bindings 10.10.10.0 24

lib entry: 10.10.10.0/24, rev 2 local binding: label: 101 remote binding: lsr: 10.1.1.2:0, label: 102 remote binding: lsr: 10.1.2.2:0, label: 103

What does this output indicate?

Question 47mediummultiple choice
Read the full Device Access Control explanation →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# debug nhrp

NHRP: Receive Resolution Request via Tunnel0 10.1.1.2, target 192.168.1.1 NHRP: Send Resolution Reply via Tunnel0 to 10.1.1.2, target 192.168.1.1

What does this output indicate?

Question 48mediummultiple choice
Read the full VRF explanation →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show crypto isakmp sa detail

Codes: C - IKE configuration mode, D - Dead Peer Detection I - IKE Initiatior, R - IKE Responder

C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap. 1001 10.1.1.1 10.1.1.2 ACTIVE aes sha md5 2 86400 D

What does this output indicate?

Question 49mediummultiple choice
Read the full Device Access Control explanation →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show policy-map control-plane input class class-default

Class-map: class-default (match-any) 140225 packets, 12345678 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 140225 packets, 12345678 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

What does this output indicate?

Question 50mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command to troubleshoot a Device Access Control issue:

R1# show ip bgp vpnv4 vrf CUSTOMER-A 10.10.10.0/24

BGP routing table entry for 10.10.10.0/24, version 2 Paths: (1 available, best #1, table CUSTOMER-A) Not advertised to any peer Refresh Epoch 1 Local

10.1.1.2 from 10.1.1.2 (10.1.1.2)

Origin IGP, metric 0, localpref 100, valid, internal, best Extended Community: RT:100:100 mpls labels in/out nolabel/101

What does this output indicate?

Question 51easymultiple choice
Review the full OSPF breakdown →

What is the default dead interval on a Cisco IOS-XE router for OSPF on a broadcast network type?

Question 52easymultiple choice
Study the full EIGRP explanation →

Which EIGRP packet type is used to acknowledge receipt of a reliable packet?

Question 53easymultiple choice
Review the full OSPF breakdown →

What is the default administrative distance for OSPF routes in Cisco IOS?

Question 54mediummultiple choice
Study the full EIGRP explanation →

Which statement accurately describes the default behavior of auto-summary in EIGRP on Cisco IOS-XE?

Question 55easymultiple choice
Review the full routing breakdown →

What is the maximum hop count for a route in RIP?

Question 56mediummultiple choice
Review the full OSPF breakdown →

Which OSPF LSA type is used to advertise external routes and is flooded throughout the entire OSPF domain?

Question 57mediummultiple choice
Open the full BGP breakdown →

In BGP, what is the default value of the keepalive timer?

Question 58hardmultiple choice
Review the full OSPF breakdown →

Which statement correctly describes the behavior of OSPF network type 'point-to-multipoint' regarding neighbor discovery?

Question 59hardmultiple choice
Review the full OSPF breakdown →

What is the default OSPF metric for a route redistributed from another routing protocol into OSPF?

Question 60mediumdrag order
Study the full AAA explanation →

Drag and drop the steps to configure SSH access with local AAA on a Cisco router into the correct order, from first to last.

Question 61mediumdrag order
Read the full Device Access Control explanation →

Drag and drop the steps to troubleshoot Device Access Control adjacency or connectivity failures into the correct order, from first to last.

Question 62mediumdrag order
Read the full Device Access Control explanation →

Drag and drop the steps to verify and validate Device Access Control operational state into the correct order, from first to last.

Question 63hardmulti select
Study the full AAA explanation →

Which TWO statements about AAA authentication on Cisco IOS-XE are true? (Choose TWO.)

Question 64hardmulti select
Study the full AAA explanation →

Which TWO configuration changes are required to enforce role-based access control (RBAC) using Cisco IOS privilege levels and AAA? (Choose TWO.)

Question 65hardmulti select
Study the full AAA explanation →

Which TWO statements about TACACS+ and RADIUS are true? (Choose TWO.)

Question 66hardmulti select
Study the full AAA explanation →

Which TWO commands can be used to verify the configured AAA authentication method lists on a Cisco IOS-XE device? (Choose TWO.)

Question 67hardmulti select
Read the full Device Access Control explanation →

Which TWO actions will prevent unauthorized access to a Cisco IOS-XE device's console port? (Choose TWO.)

Question 68hardmultiple choice
Review the full OSPF breakdown →

An engineer configures OSPF on a link between two routers with MTU 1500 on one side and MTU 1400 on the other. The adjacency forms but is stuck in EXSTART. Which is the most likely explanation?

Question 69hardmultiple choice
Study the full EIGRP explanation →

An engineer configures EIGRP named mode on a router. After making a change to the metric weights, the router becomes stuck-in-active (SIA) for a route. Why does this happen in named mode but not in classic mode?

Question 70hardmultiple choice
Open the full BGP breakdown →

An engineer configures iBGP between two routers in the same AS. The BGP session comes up, but the routes learned from the eBGP neighbor are not installed in the routing table. The IGP does not carry the BGP next-hop address. Which is the most likely explanation?

Question 71hardmultiple choice
Review the full OSPF breakdown →

An engineer configures mutual redistribution between OSPF and EIGRP. After a few minutes, routing loops occur. The engineer did not use route tagging. Which is the most likely explanation?

Question 72hardmultiple choice
Read the full VPN explanation →

An engineer configures DMVPN Phase 2 with spoke-to-spoke tunnels. Spokes can ping each other's physical interfaces, but cannot establish a direct tunnel. NHRP registration is successful. Which is the most likely explanation?

Question 73hardmultiple choice
Read the full VPN explanation →

An engineer configures an IPsec site-to-site VPN. The tunnel comes up, but no traffic passes. The engineer checks the crypto map and access-lists. Which is the most likely explanation?

Question 74hardmultiple choice
Review the full OSPF breakdown →

An engineer configures Control Plane Policing (CoPP) on a router. After applying the policy, OSPF neighbors go down. The engineer checks the policy and sees that OSPF packets are not explicitly matched. Which is the most likely explanation?

Question 75hardmultiple choice
Read the full NAT/PAT explanation →

An engineer configures uRPF strict mode on an interface. After configuration, legitimate traffic from a directly connected network is dropped. The network is connected via a single link, and there is no asymmetric routing. Which is the most likely explanation?

Question 76hardmultiple choice
Review the full OSPF breakdown →

An engineer configures a route-map to filter OSPF routes using a distribute-list. The distribute-list is applied inbound on an OSPF interface. Unexpectedly, the router still installs the filtered routes. Which is the most likely explanation?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

300-410 Practice Test 1 — 10 Questions→300-410 Practice Test 2 — 10 Questions→300-410 Practice Test 3 — 10 Questions→300-410 Practice Test 4 — 10 Questions→300-410 Practice Test 5 — 10 Questions→300-410 Practice Exam 1 — 20 Questions→300-410 Practice Exam 2 — 20 Questions→300-410 Practice Exam 3 — 20 Questions→300-410 Practice Exam 4 — 20 Questions→Free 300-410 Practice Test 1 — 30 Questions→Free 300-410 Practice Test 2 — 30 Questions→Free 300-410 Practice Test 3 — 30 Questions→300-410 Practice Questions 1 — 50 Questions→300-410 Practice Questions 2 — 50 Questions→300-410 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Device Access Control setsAll Device Access Control questions300-410 Practice Hub