2014 Latest Cisco 350-001 Dump Free Download(51-60)!

Refer to the exhibit. What problem does the debug ip ospf event output from R3 indicate?


A. and R3 are not both configured as OSPF stubs.
B. and R3 are not configured in the same OSPF area.
C. is configured as a no-summary stub.
D.    Transit area OSPF hello packets are not processed by design.

Answer: A
As you can see that the hello packets are mismatched. This means that and R3 are not configured as OSPF stubs.

When troubleshooting the issue, you notice the election of a new root bridge with an unknown
MAC address. Knowing that all access ports have the PortFast feature enabled, what would be the
easiest way to resolve the issue without losing redundant links?

A.    Enable bpduguard globally.
B.    Enable rootguard.
C.    Enable loopguard.
D.    Enable spanning tree.
E.    Enable UDLD.

Answer: A
Loopguard, spanning tree, and UDLD are obvious red herrings. This leaves enabling rootguard or bpduguard. One key is that enabling bpduguard only affects ports that have portfast enabled; see the following URL under “Configuration.”

You are the network administrator of a small Layer 2 network with 50 users. Lately, users have
been complaining that the network is very slow. While troubleshooting, you notice that the CAM
table of your switch is full, although it supports up to 12,000 MAC addresses. How can you solve this issue and prevent it from happening in the future?

A.    Upgrade the switches
B.    Configure BPDU guard
C.    Configure VLAN access lists
D.    Configure port security
E.    Configure Dynamic ARP inspection

Answer: D
Enabling Port Security
Port security is either autoconfigured or enabled manually by specifying a MAC address. If a MAC address is not specified, the source address from the incoming traffic is autoconfigured and secured, up to the maximum number of MAC addresses allowed. These autoconfigured MAC addresses remain secured for a time, depending upon the aging timer set. The autoconfigured MAC addresses are cleared from the port in case of a link-down event. When you enable port security on a port, any dynamic CAM entries that are associated with the port are cleared. If there are any currently configured static or permanent CAM entrie on that same port, you may not be able to enable the port-security on that port. If this is the case, clear the configured static and permanent earl entries on that port and then enable port-security. To enable port security, perform this task in privileged mode:


On a router that is configured with multiple IP SLA probes, which command can be used to
manage the CPU load that was created by the periodic probing?

A.    ip sla monitor low-memory
B.    ip sla group schedule
C.    ip sla reaction-trigger
D.    ip sla enable timestamp

Answer: B
http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_02.html (see usage guidelines)

Which configuration would make an IP SLA probe use a precedence value of 3?

A.    ip sla 1
tos 12
B.    ip sla 1
tos 96
C.    ip sla 1
precedence 3
D.    ip sla 1
dscp 12

Answer: B
1. enable
2. configure terminal
3. ip sla monitor operation-number
4. type echo protocol ipIcmpEcho {destination-ip-address | destination-hostname} [source-ipaddr {ip-address |
hostname} | source-interface interface-name]
5. frequency seconds
6. exit
7. ip sla monitor schedule operation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day
month] | pending | now | after hh:mm:ss] [ageout seconds] [recurring]
8. exit

Which NetFlow version should be used to collect accounting data for IPv6 traffic?

A.    version 1
B.    version 5
C.    version 7
D.    version 8
E.    version 9

Answer: E

To troubleshoot network issues more accurately, milliseconds should be included in the syslog of the router. Which command will achieve this?

A.    service timestamps log datetimec msec
B.    logging timestamps msec
C.    syslog timestamps hour minute second miliseconds
D.    service logging timestamp msec
E.    logging service timestamp msec

Answer: A
Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of 璖ervice attacks.
By default on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:
ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]} http://itknowledgeexchange.techtarget.com/network-technologies/what-is-service-timestamps- logging-and-howit-can-be-configured-cisco-switch-or-a-router/

What is the purpose of an explicit “deny any” statement at the end of an ACL?

A.    none, since it is implicit
B.    to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually
C.    to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually
D.    to allow the log option to be used to log any matches
E.    to prevent sync flood attacks
F.    to prevent half-opened TCP connections

Answer: D
As we know, there is always a “deny all” line at the end of each access-list to drop all other traffic that doesn’t match any “permit” lines. You can enter your own explicit deny with the “log” keyword to see what are actually blocked, like this:
Router(config)# access-list 1 permit Router(config)# access-list 1 deny any log
Note: The log keyword can be used to provide additional detail about source and destinations for a given protocol. Although this keyword provides valuable insight into the details of ACL hits, excessive hits to an ACL entry that uses the log keyword increase CPU utilization. The performance impact associated with logging varies by platform. Also, using the log keyword disables Cisco Express Forwarding (CEF) switching for packets that match the access-list statement. Those packets are fast switched instead.

Which of these is mandatory when configuring Cisco IOS Firewall?

A.    Cisco IOS IPS enabled on the untrusted interface
B.    NBAR enabled to perform protocol discovery and deep packet inspection
C.    a route map to define the trusted outgoing traffic
D.    a route map to define the application inspection rules
E.    an inbound extended ACL applied to the untrusted interface

Answer: E
After the ACL is defined, it must be applied to the interface (inbound or outbound). In early software releases, out was the default when a keyword out or in was not specified. The direction must be specified in later software releases.

Which statement correctly describes the disabling of IP TTL propagation in an MPLS network?

A.    The TTL field from the IP packet is copied into the TTL field of the MPLS label header at the
ingress edge LSR.
B.    TTL propagation cannot be disabled in an MPLS domain.
C.    TTL propagation is only disabled on the ingress edge LSR.
D.    The TTL field of the MPLS label header is set to 255.
E.    The TTL field of the IP packet is set to 0.

Answer: D
Time-to-Live (TTL) is an 8-bit field in the MPLS label header which has the same function in loop detection of the IP TTL field. Recall that the TTL value is an integer from 0 to 255 that is decremented by one every time the packet transits a router. If the TTL value of an IP packet becomes zero, the router discards the IP packet, and an ICMP message stating that the TTL expired in transit is sent to the source IP address of the IP packet. This mechanism prevents an IP packet from being routed continuously in case of a routing loop.
By default, the TTL propagation is enabled so a user can use traceroute command to view all of the hops in the network.
We can disable MPLS TTL propagation with the no mpls ip propagate-ttl command under global configuration.
When entering a label-switched path (LSP), the edge router will use a fixed TTL value (255) for the first label.
This increases the security of your MPLS network by hiding provider network from customers.

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.