350-401 Free Practice Test

- (Topic 3)

Refer to the exhibit. What is achieved by this code?

1. A. It unshuts the loopback interface
2. B. It renames the loopback interface
3. C. It deletes the loopback interface
4. D. It displays the loopback interface

Correct Answer: D

- (Topic 1)
What is a consideration when designing a Cisco SD-Access underlay network?

1. A. End user subnets and endpoints are part of the underlay network.
2. B. The underlay switches provide endpoint physical connectivity for users.
3. C. Static routing is a requirement,
4. D. It must support IPv4 and IPv6 underlay networks

Correct Answer: B
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#Underlay

- (Topic 1)
What is a benefit of a virtual machine when compared with a physical server?

1. A. Multiple virtual servers can be deployed on the same physical server without having to buy additional hardware.
2. B. Virtual machines increase server processing performance.
3. C. The CPU and RAM resources on a virtual machine cannot be affected by other virtual machines.
4. D. Deploying a virtual machine is technically less complex than deploying a physical server.

Correct Answer: A

- (Topic 4)
An engineer must construct an access list tot a Cisco Catalyst 9800 Series WLC that will - edirect wireless guest users to a splash page that is hosted on a Cisco ISE server. The Cisco ISE servers are hosted at 10.9.11.141 and 10.1.11.141. Which access list meets the requirements?
A)

B)

C)

D)

1. A. Option
2. B. Option
3. C. Option
4. D. Option

Correct Answer: D
Option D is the correct access list to redirect wireless guest users to a splash page that is hosted on a Cisco ISE server. The configuration steps are as follows12:
✑ Define an extended access list that permits TCP traffic from any source to the Cisco ISE servers on port 80 (HTTP) and port 443 (HTTPS). In this case, the access list is named ACL_WEBAUTH_REDIRECT and it allows any host to connect to the IP addresses 10.9.11.141 and 10.1.11.141 on port 80 and port
443: ip access-list extended ACL_WEBAUTH_REDIRECT and permit tcp any host 10.9.11.141 eq 80, permit tcp any host 10.9.11.141 eq 443, permit tcp any host 10.1.11.141 eq 80, permit tcp any host 10.1.11.141 eq 443.
✑ Apply the access list to the guest WLAN using the ip access-group command. This command filters the traffic on the interface based on the access list. In this case, the access list ACL_WEBAUTH_REDIRECT is applied to the guest WLAN interface in the inbound direction, which means that only the traffic that matches
the access list can enter the interface: interface wlan-guest and ip access-group ACL_WEBAUTH_REDIRECT in.
Option A is incorrect because it does not permit TCP traffic to the Cisco ISE servers on port 80, which is required for HTTP redirection. Without this, the guest users will not be able to see the splash page on their web browsers12.
Option B is incorrect because it does not permit TCP traffic to the Cisco ISE servers on port 443, which is required for HTTPS redirection. Without this, the guest users will not be able to see the splash page on their web browsers if they use HTTPS12.
Option C is incorrect because it permits TCP traffic from any source to any destination on port 80 and port 443, which is too broad and may allow unwanted traffic to enter the guest WLAN interface. This may compromise the security and performance of the guest network12. References: 1: Configuring Web Authentication, 2: ISE and Catalyst 9800 Series Integration Guide

- (Topic 4)
By default, which virtual MAC address does HSRP group 12 use?

1. A. 00 5e0c:07:ac:12
2. B. 05:44:33:83:68:6c
3. C. 00:00:0c:07:ac:0c
4. D. 00:05:5e:00:0c:12

Correct Answer: C