Weekend Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

350-401 Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR) Questions and Answers

Questions 4

When designing a medium-sized network using the traditional hierarchical design model, which action results in an optimal solution with regard to modularity and hardware cost optimization?

Options:

A.

Implement a high-capacity collapsed core, distribution, access layer.

B.

Implement one core switch, one distribution switch, and multiple access switches.

C.

Implement a collapsed core/distribution layer and a separate access layer.

D.

Implement separate core, distribution, and access layers.

Buy Now
Questions 5

350-401 Question 5

Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use?

Options:

A.

event manager applet EEM_IP_SLAevent track 10 state down

B.

event manager applet EEM_IP_SLAevent sla 10 state unreachable

C.

event manager applet EEM_IP_SLAevent sla 10 state down

D.

event manager applet EEM_IP_SLAevent track 10 state unreachable

Buy Now
Questions 6

In a virtual environment, what is a VMDK file?

Options:

A.

A file containing information about snapshots of a virtual machine.

B.

A zip file connecting a virtual machine configuration file and a virtual disk.

C.

A configuration file containing settings for a virtual machine such as a guest OS.

D.

A file containing a virtual machine disk drive.

Buy Now
Questions 7

What is required for a VXLAN tunnel endpoint to operate?

Options:

A.

a VXLAN tunnel endpoint identifier

B.

at least one Layer 2 interface and one Layer 3 interlace

C.

at least one IP for the transit network and one IP for endpoint connectivity

D.

a VXLAN network identifier

Buy Now
Questions 8

Where is radio resource management performed in a Cisco SD-Access wireless solution?

Options:

A.

DNA Center

B.

wireless controller

C.

Cisco CMX

D.

control plane node

Buy Now
Questions 9

What are two characteristics of vManage APIs? (Choose two.)

Options:

A.

Southbound API is based on OMP and DTLS.

B.

Southbound API is based on NETCONF and XML.

C.

Northbound API is based on RESTCONF and JSON.

D.

Southbound API is based on RESTCONF and JSON.

E.

Northbound API is RESTful, using JSON.

Buy Now
Questions 10

When deploying a Cisco Unified Wireless solution what is a design justification for using a distributed WLC deployment model?

Options:

A.

It reduces the number of WLCs that network administrators must support by locating them in a common location

B.

It more evenly distributes MAC ARP and ND processing over multiple switches which helps with scalability

C.

The number of wireless clients is low and the size of the physical campus is small

D.

There are no latency concerns about LWAPP and CAPWAP tunnels traversing the campus core network

Buy Now
Questions 11

Which two nodes comprise a collapsed core in a two-tier Cisco SD-Access design? (Choose two.)

Options:

A.

edge nodes

B.

distribution nodes

C.

extended nodes

D.

core nodes

E.

border nodes

Buy Now
Questions 12

What is used by vManage to interact withCiscoSD-WAN devices in the fabric?

Options:

A.

northbound API

B.

RESTCONF

C.

Southbound API

D.

IPsec

Buy Now
Questions 13

Refer to the exhibit.

350-401 Question 13

An engineer must modify the access control list EGRESS to allow all IP traffic from subnet 10.1.10.0/24 to 10.1.2.0/24. The access control list is applied in the outbound direction on router interface GigabitEthemet 0/1. Which configuration commands can the engineer use to allow this traffic without disrupting existing traffic flows?

A)

350-401 Question 13

B)

350-401 Question 13

C)

350-401 Question 13

D)

350-401 Question 13

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 14

350-401 Question 14

Reler to the exhibit. An engineer configuring WebAuth on a Cisco Catalyst 9000 Series WIC. The engineer has purchased a third-party certificate using the FQDN of the WLC as the CN and intends to use bit on the WebAuth splash page What must be configured so that the clients do not receive a certificate error?

Options:

A.

Virtual IPv4 Address must be set to a routable address.

B.

Virtual IPv4 Hostname must match the CN of the certificate.

C.

Trustpoint must be set to the management certificate of the WLC.

D.

Web Auth Intercept HTTPs must be enabled.

Buy Now
Questions 15

When does a Cisco StackWise primary switch lose its role?

Options:

A.

when a stack member fails

B.

when the stack primary is reset

C.

when a switch with a higher priority is added to the stack

D.

when the priority value of a stack member is changed to a higher value

Buy Now
Questions 16

What are two benefits of using Cisco TrustSec? (Choose two.)

Options:

A.

unknown file analysis using sandboxing

B.

advanced endpoint protection against malware

C.

end-to-end traffic encryption

D.

simplified management of network access

E.

consistent network segmentation

Buy Now
Questions 17

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

Options:

A.

Policy can be applied on a hop-by-hop basis.

B.

There is no requirement to run IEEE 802.1X when TrustSec is enabled on a switch port

C.

Application flows between hosts on the LAN to remote destinations can be encrypted.

D.

Policy or ACLs are not required.

Buy Now
Questions 18

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

Options:

A.

VXIAN

B.

IS-IS

C.

802.1

D.

CTS

Buy Now
Questions 19

350-401 Question 19

Refer to the exhibit. Which python code snippet prints the descriptions of disabled interface only?

350-401 Question 19

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 20

Which message type is valid for IGMPv3?

Options:

A.

leave group

B.

hello

C.

graft

D.

source-specific membership report

Buy Now
Questions 21

350-401 Question 21

Refer to the exhibit. What is the value of the variable list after the code is run?

Options:

A.

[1,2.1.2.1,2]

B.

[1,2] * 3

C.

[3,6]

D.

[1,2]. [1.2] . [1,2]

Buy Now
Questions 22

350-401 Question 22

Refer to the exhibit. Which result does the python code achieve?

Options:

A.

The code encrypts a base64 decrypted password.

B.

The code converts time to the " year/month/day " time format.

C.

The code converts time to the yyyymmdd representation.

D.

The code converts time to the Epoch LINUX time format.

Buy Now
Questions 23

In a LISP topology, which component does the ITR send a resolution request to when it does not know the path to a specific EID?

Options:

A.

Map resolver

B.

Routing locator

C.

Proxy ingress tunnel router

D.

Proxy egress tunnel router

Buy Now
Questions 24

What is a consideration when designing a Cisco SD-Access underlay network?

Options:

A.

End user subnets and endpoints are part of the underlay network.

B.

The underlay switches provide endpoint physical connectivity for users.

C.

Static routing is a requirement.

D.

It must support IPv4 and IPv6 underlay networks.

Buy Now
Questions 25

Exhibit.

350-401 Question 25

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?

Options:

A.

line vty 0 15absolute-timeout 600

B.

line vty 0 15exec-timeout

C.

line vty 01 5exec-timeout 10 0

D.

line vty 0 4exec-timeout 600

Buy Now
Questions 26

350-401 Question 26

350-401 Question 26

Options:

Buy Now
Questions 27

350-401 Question 27

350-401 Question 27

Options:

Buy Now
Questions 28

350-401 Question 28

350-401 Question 28

Options:

Buy Now
Questions 29

350-401 Question 29

350-401 Question 29

Options:

Buy Now
Questions 30

Drag and drop the snippets onto the blanks within the code to construct a script that brings up the failover Ethernet port if the primary port goes down and also shuts down the failover port when the primary returns to service. Not all options are used.

350-401 Question 30

Options:

Buy Now
Questions 31

350-401 Question 31

350-401 Question 31

Options:

Buy Now
Questions 32

350-401 Question 32

350-401 Question 32

350-401 Question 32

350-401 Question 32

Options:

Buy Now
Questions 33

350-401 Question 33

350-401 Question 33

Options:

Buy Now
Questions 34

350-401 Question 34

350-401 Question 34

Options:

Buy Now
Questions 35

350-401 Question 35

350-401 Question 35

Options:

Buy Now
Questions 36

350-401 Question 36

350-401 Question 36

350-401 Question 36

Options:

Buy Now
Questions 37

350-401 Question 37

350-401 Question 37

Options:

Buy Now
Questions 38

350-401 Question 38

350-401 Question 38

Options:

Buy Now
Questions 39

350-401 Question 39

350-401 Question 39

Options:

Buy Now
Questions 40

350-401 Question 40

350-401 Question 40

Options:

Buy Now
Questions 41

350-401 Question 41

350-401 Question 41

Options:

Buy Now
Questions 42

350-401 Question 42

350-401 Question 42

Options:

Buy Now
Questions 43

What is a client considered when it is in web authentication state and roams between two controllers with mobility tunnels?

Options:

A.

anchor

B.

mobile

C.

foreign

D.

new

Buy Now
Questions 44

350-401 Question 44

350-401 Question 44

Options:

Buy Now
Questions 45

What is a characteristic of the Cisco Catalyst Center (formerly DNA Center) Template Editor feature?

Options:

A.

It facilitates software upgrades to network devices from a central point.

B.

It facilitates a vulnerability assessment of the network devices.

C.

It uses a predefined configuration through parameterized elements or variables.

D.

It provides a high-level overview of the health of every network device.

Buy Now
Questions 46

Refer to the exhibit.

350-401 Question 46

Which EEM script generates a critical-level syslog message and saves a copy of the running configuration to the bootflash when an administrator saves the running configuration to the startup configuration?

350-401 Question 46

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 47

An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

Options:

A.

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

B.

Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

C.

Use Cisco AMP deployment with the Exploit Prevention engine enabled.

D.

Use Cisco Firepower and block traffic to TOR networks.

Buy Now
Questions 48

Which consideration must be made when using BFD in a network design?

Options:

A.

BFD requires a FHRP in order to provide sub second host failover.

B.

BFD can be deployed without any IP routing protocols being configured.

C.

NSF and graceful restart must be enabled on all participating routers.

D.

Cisco Express forwarding and IP routing must be enabled on all participating routers.

Buy Now
Questions 49

350-401 Question 49

350-401 Question 49

Options:

Buy Now
Questions 50

350-401 Question 50

350-401 Question 50

Options:

Buy Now
Questions 51

350-401 Question 51

Options:

Buy Now
Questions 52

Drag and drop the characteristics from the left onto the orchestration tools they describe on the right.

350-401 Question 52

Options:

Buy Now
Questions 53

350-401 Question 53

350-401 Question 53

Options:

Buy Now
Questions 54

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

Options:

A.

Cisco Firepower and FireSIGHT

B.

Cisco Stealth watch system

C.

Advanced Malware Protection

D.

Cisco Web Security Appliance

Buy Now
Questions 55

Which nodes require VXLAN encapsulation support In a Cisco SD-Access deployment?

Options:

A.

core nodes

B.

distribution nodes

C.

border nodes

D.

aggregation nodes

Buy Now
Questions 56

What is used by vManage to interact with Cisco SD-WAN devices in the fabric?

Options:

A.

northbound API

B.

RESTCONF

C.

sounthbound API

D.

IPsec

Buy Now
Questions 57

In a Cisco SD-Access wireless architecture, which device manages endpoint ID to edge node bindings?

Options:

A.

fabric control plane node

B.

fabric edge node

C.

fabric border node

D.

fabric wireless controller

Buy Now
Questions 58

Which mechanism is used to protect the confidentiality of sensitive information exchanged over REST APIs?

Options:

A.

TLS

B.

802.1X

C.

SSH

D.

IPsec

Buy Now
Questions 59

350-401 Question 59

350-401 Question 59

Options:

Buy Now
Questions 60

350-401 Question 60

350-401 Question 60

Options:

Buy Now
Questions 61

Which controller is the single plane of management for Cisco SD-WAN?

Options:

A.

vBond

B.

vEdge

C.

vSmart

D.

vManage

Buy Now
Questions 62

350-401 Question 62

Refer to the exhibit. Based on this JSON response:

350-401 Question 62

Which Python statement parses the response and prints " 10:42:36.111 UTC Mon Jan 1 2024 " ?

350-401 Question 62

Options:

A.

printfresponset[jsonrpc ' ][‘body’] [ ' simple_time ' ])

B.

print(response[result ' ][0] [,simple_time,])

C.

printfresponsefresult ' Jfbody ' JfsimpleJime ' ])

D.

printfresponsel ' body ' jrsimplejime ' ])

Buy Now
Questions 63

350-401 Question 63

350-401 Question 63

350-401 Question 63

Options:

Buy Now
Questions 64

At which plane does vBond operate in Cisco SD-WAN solutions?

Options:

A.

control plane

B.

data plane

C.

orchestration plane

D.

management plane

Buy Now
Questions 65

350-401 Question 65

350-401 Question 65

Options:

Buy Now
Questions 66

350-401 Question 66

350-401 Question 66

Options:

Buy Now
Questions 67

350-401 Question 67

350-401 Question 67

Options:

Buy Now
Questions 68

350-401 Question 68

350-401 Question 68

Options:

Buy Now
Questions 69

350-401 Question 69

OR

350-401 Question 69

350-401 Question 69

Options:

Buy Now
Exam Code: 350-401
Exam Name: Implementing Cisco Enterprise Network Core Technologies (350-401 ENCOR)
Last Update: Jul 19, 2026
Questions: 459

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99