300-410 Device Access Control • Complete Question Bank
Complete 300-410 Device Access Control question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:12:34 1 200 0 45 1 10.2.2.2 Gi0/1 12 00:11:20 2 200 0 67 2 10.3.3.2 Gi0/2 10 00:10:15 1 200 0 89
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.2 1 FULL/DR 00:00:35 10.1.1.2 GigabitEthernet0/0 192.168.2.2 1 2WAY/DROTHER 00:00:32 10.2.2.2 GigabitEthernet0/1 192.168.3.2 1 FULL/BDR 00:00:38 10.3.3.2 GigabitEthernet0/2
Based on this output, what is a potential issue?
A network engineer runs the following command on Router R1:
R1# show bgp ipv4 unicast summary
BGP router identifier 192.168.1.1, local AS number 65001 BGP table version is 10, main routing table version 10
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.2 4 65002 1200 1200 10 0 0 01:00:00 5 10.2.2.2 4 65003 0 0 0 0 0 never Active
Based on this output, what is the problem with the neighbor 10.2.2.2?
A network engineer runs the following command on Router R1:
R1# show route-map TEST
route-map TEST, permit, sequence 10 Match clauses:
ip address (access-lists): 100
Set clauses: metric 50 Policy routing matches: 0 packets, 0 bytes route-map TEST, deny, sequence 20 Match clauses:
ip address (access-lists): 101
Set clauses: Policy routing matches: 0 packets, 0 bytes
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show mpls ldp neighbor
Peer LDP Ident: 192.168.2.2:0, Local LDP Ident: 192.168.1.1:0 TCP connection: 10.1.1.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:45:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.1.1.2 Addresses bound to peer LDP Ident:
10.1.1.2 192.168.2.2
Based on this output, what is the state of the LDP session?
A network engineer runs the following command on Router R1:
R1# show dmvpn Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- ----------------- --------------- ----- -------- ----- 1 10.0.0.2 10.1.1.2 UP 00:10:00 D 2 10.0.0.3 10.1.1.3 UP 00:05:00 D
Based on this output, what is the role of Router R1 in the DMVPN network?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP class-map: MANAGEMENT (match-all) 100 packets, 10000 bytes 5 minute offered rate 0 bps police: cir 8000 bps, bc 1500 bytes conformed 100 packets, 10000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip vrf CUSTOMER
Name Default RD Interfaces CUSTOMER 65001:100 Gi0/0.100 Gi0/1.100
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 1 Type of operation: icmp-echo Latest RTT: 20 milliseconds Latest operation start time: 12:00:00 UTC Mon Mar 1 2021 Latest operation return code: OK Number of successes: 100 Number of failures: 0
Based on this output, which statement is correct?
Examine the following partial configuration on a Cisco IOS-XE router:
interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group MY_ACL in
!
access-list 100 permit tcp any host 192.168.1.1 eq 22 access-list 100 deny ip any any
!
line vty 0 4
transport input ssh login local !
username admin privilege 15 secret cisco
What is the effect of this configuration?
Consider the following partial configuration on a Cisco router:
ip access-list extended BLOCK_TELNET deny tcp any any eq 23 permit ip any any
!
interface Serial0/0/0 ip access-group BLOCK_TELNET out
!
line vty 0 4
transport input telnet password cisco login
What is the effect of this configuration?
Examine the following partial configuration:
username admin privilege 15 secret 5 $1$abcdefg$hashedvalue username operator privilege 1 password cisco
!
line console 0
login local !
line vty 0 4
login local transport input ssh
What is a potential security issue with this configuration?
Given the following partial configuration on a router:
ip access-list standard FILTER_SNMP permit 192.168.1.0 0.0.0.255 deny any
!
snmp-server community public RO FILTER_SNMP snmp-server location DataCenter snmp-server contact admin@example.com
What is the effect of this configuration?
Examine the following partial configuration:
ip access-list extended MGMT_ACCESS permit tcp 10.0.0.0 0.255.255.255 any eq 22 permit tcp 10.0.0.0 0.255.255.255 any eq
443
deny ip any any
!
line vty 0 4
access-class MGMT_ACCESS in transport input ssh login local
What is the effect of the 'access-class' command?
Consider the following partial configuration:
ip access-list extended SECURE_ACCESS permit icmp any any echo permit icmp any any echo-reply permit tcp any host 192.168.1.1 eq 22 permit tcp any host 192.168.1.1 eq
443
deny ip any any
!
interface GigabitEthernet0/0 ip access-group SECURE_ACCESS in
!
interface GigabitEthernet0/1 ip access-group SECURE_ACCESS out
What is a potential issue with this ACL placement?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# debug ip ospf adj
OSPF: 2 Way: DBD with 10.1.1.2 on GigabitEthernet0/0 OSPF: Send DBD to 10.1.1.2 seq 0x1C opt 0x52 flag 0x7 len 32 OSPF: Rcv DBD from 10.1.1.2 seq 0x1C opt 0x52 flag 0x2 len 132 mtu 1500 OSPF: Nbr 10.1.1.2 is FULL, state changed from LOADING to FULL
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# debug ip bgp updates
BGP(0): 10.1.1.2 rcv UPDATE w/ attr: nexthop 10.1.1.2, origin i, metric 0, path 65002 BGP(0): 10.1.1.2 rcv UPDATE about 192.168.1.0/24 -- DENIED due to: community no-export;
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show ip eigrp topology 10.10.10.0/24 all-links
P 10.10.10.0/24, 1 successors, FD is 1310720 via 10.1.1.2 (1310720/1310720), GigabitEthernet0/0 via 10.1.2.2 (1310720/1310720), GigabitEthernet0/1
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show ip ospf database router 10.1.1.2
OSPF Router with ID (10.1.1.1) (Process ID 1)
Router Link States (Area 0)
LS age: 150 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 10.1.1.2 Advertising Router: 10.1.1.2 LS Seq Number: 80000002 Checksum: 0x1234 Length: 48 Number of Links: 2
Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.1.2 (Link Data) Router Interface address: 10.1.1.2 Number of TOS metrics: 0 TOS 0 Metrics: 10
Link connected to: a Stub Network (Link ID) Network/subnet number: 192.168.1.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 10
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show mpls ldp bindings 10.10.10.0 24
lib entry: 10.10.10.0/24, rev 2 local binding: label: 101 remote binding: lsr: 10.1.1.2:0, label: 102 remote binding: lsr: 10.1.2.2:0, label: 103
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# debug nhrp
NHRP: Receive Resolution Request via Tunnel0 10.1.1.2, target 192.168.1.1 NHRP: Send Resolution Reply via Tunnel0 to 10.1.1.2, target 192.168.1.1
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show crypto isakmp sa detail
Codes: C - IKE configuration mode, D - Dead Peer Detection I - IKE Initiatior, R - IKE Responder
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap. 1001 10.1.1.1 10.1.1.2 ACTIVE aes sha md5 2 86400 D
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show policy-map control-plane input class class-default
Class-map: class-default (match-any) 140225 packets, 12345678 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 140225 packets, 12345678 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
What does this output indicate?
A network engineer runs the following command to troubleshoot a Device Access Control issue:
R1# show ip bgp vpnv4 vrf CUSTOMER-A 10.10.10.0/24
BGP routing table entry for 10.10.10.0/24, version 2 Paths: (1 available, best #1, table CUSTOMER-A) Not advertised to any peer Refresh Epoch 1 Local
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, metric 0, localpref 100, valid, internal, best Extended Community: RT:100:100 mpls labels in/out nolabel/101
What does this output indicate?