Ccnpnuevo 3
Ccnpnuevo 3
+ Question 1 to 22
+ Question 23 to end
Question 1
An engineer must create an EEM applet that sends a syslog message in the event a change
happens in the network due to trouble with an OSPF process. Which action should the engineer
use?
Answer: A
Question 2
Which action completes the configuration to achieve a dynamic continuous mapped NAT for all
users?
Answer: A
Question 3
A customer has 20 stores located throughout a city. Each store has a single Cisco AP managed
by a central WLC. The customer wants to gather analytics for users in each store. Which
technique supports these requirements?
A. hyperlocation
B. angle of arrival
C. presence
D. trilateration
Answer: C
Explanation
We only have one AP in each store so we can only use “Presence”, which is the most basic form
of location tracking.
Reference: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2016/pdf/BRKEWN-
2012.pdf
Question 4
A. The master controller is responsible for load balancing all connecting clients to other
controllers.
B. Configuration on the master controller is executed on all wireless LAN controllers.
C. All wireless LAN controllers are managed by the master controller.
D. All new APs that join the WLAN are assigned to the master controller.
Answer: D
Explanation
Reference: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-
controllers/69561-wlc-faq.html
Question 5
A customer has a pair of Cisco 5520 WLCs set up in an SSO cluster to manage all APs. Guest
traffic is anchored to a Cisco 3504 WLC located in a DMZ. Which action is needed to ensure that
the EoIP tunnel remains in an UP state in the event of failover on the SSO cluster?
Answer: B
Explanation
In order to keep the mobility network stable without any manual intervention and in the event of
failure or switchover, the back-and-forth concept of Mobility MAC has been introduced.
Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/
High_Availability_DG.html
Question 6
In a Cisco DNA Center Plug and Play environment, why would a device be labeled unclaimed?
Answer: A
Explanation
The Network Plug and Play application provides a way to automatically and remotely provision
and onboard new network devices with minimal network administrator and field personnel
involvement.
Pie chart showing the number of devices in each of the following states:
Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-
automation-and-management/dna-center/1-2-5/user_guide/b_dnac_ug_1_2_5/
b_dnac_ug_1_2_4_chapter_010.html
Question 7
The connection between SW1 and SW2 is not operational. Which two actions resolve the issue?
(Choose two)
Answer: C D
Explanation
From the outputs (line: “Administrative Mode: dynamic auto”) we notice that both interfaces
were configured with “dynamic auto” mode so they cannot form a trunking link. We need to
change one of them to “dynamic desirable” mode or “switchport mode trunk” to activate the
trunk -> Answer C and answer D are correct.
Note:
In fact, there is an issue with the output of SW1 because both the command “switchport mode
dynamic auto” mode (from the line: Administrative Mode: dynamic auto) and “switchport
nonegotiate” (from the line: Negotiation of Trunking: Off) were used. But in practical we cannot
use these two commands at the same time.
– If the first command was entered and we use the second one, this error will be shown:
“Command rejected: Conflict between ‘nonegotiate’ and ‘dynamic’ status on this interface:
Et0/3”
– If the second command was entered and we use the first one, this error will be shown:
“Command rejected: An interface must be configured to the “Access” or “Trunk” modes to be
configured to “NoNegotiate.””
Question 8
Option A Option B
Option C Option D
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation
The first ACL statement of “10 deny ip any any” will match and drop all traffic so we have to
remove this statement.
Question 9
Question 10
An engineer runs the sample code, and the terminal returns this output. Which change to the
sample code corrects this issue?
Answer: A
Explanation
Question 11
An engineer is configuring an EtherChannel between Switch1 and Switch2 and notices the
console message on Switch2. Based on the output, which action resolves this issue?
Answer: D
Explanation
In this case, we are using your EtherChannel without a negotiation protocol on Switch2. As a
result, if the opposite switch is not configured for EtherChannel operation on the respective ports
either, there is a danger of a switching loop. The EtherChannel Misconfiguration Guard tries to
prevent that loop from occurring by disabling all the ports bundled in the EtherChannel.
Question 12
An engineer is concerned with the deployment of a new application that is sensitive to inter-
packet delay variance. Which command configures the router to be the destination of jitter
measurements?
Explanation
Cisco IOS IP SLA Responder is a Cisco IOS Software component whose functionality is to
respond to Cisco IOS IP SLA request packets. The IP SLA source sends control packets before
the operation starts to establish a connection to the responder. Once the control packet is
acknowledged, test packets are sent to the responder. The responder inserts a time-stamp
when it receives a packet and factors out the destination processing time and adds time-
stamps to the sent packets. This feature allows the calculation of unidirectional packet loss,
latency, and jitter measurements with the kind of accuracy that is not possible with ping or other
dedicated probe testing.
Reference: https://www.cisco.com/en/US/technologies/tk869/tk769/
technologies_white_paper0900aecd806bfb52.html
UDP Jitter measures the delay, delay variation (jitter), corruption, misordering and packet loss
by generating periodic UDP traffic. This operation always requires IP SLA responder.
Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2017/pdf/BRKNMS-3043.pdf
The command to enable UDP Jitter Operation is “ip sla responder udp-echo {destination-ip-
address} [destination-port]
Question 13
Which resource is able to be shared among virtual machines deployed on the same physical
server?
A. VM configuration file
B. operating system
C. disk
D. applications
Answer: C
Question 14
Answer: C
Explanation
Option A Option B
Option C Option D
Option E
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: B E
Explanation
Switch2 is not allowing VLAN 70 which is used on Switch1 for RSPAN so we must allow it ->
Option B is correct (although it would not allow VLAN 81 to 90 to go through).
For your information, this is how to configure Remote SPAN (RSPAN) feature on two switches.
Traffic on FastEthernet0/1 of Switch 1 will be sent to Fa0/10 of Switch2 via VLAN 40.
Question 16
An engineer must create a script that appends the output of the show process cpu
sorted command to a file. Which action completes the configuration?
A. action 4.0 syslog command “show process cpu sorted | append flash:high-cpu-file”
B. action 4.0 publish-event “show process cpu sorted | append flash:high-cpu-file”
C. action 4.0 ens-event “show process cpu sorted | append flash:high-cpu-file”
D. action 4.0 cli command “show process cpu sorted | append flash:high-cpu-file”
Answer: D
Question 17
>>> netconf_data["GigabitEthernet"][0]["enabled"]
u'false'
>>> netconf_data["GigabitEthernet"][1]["enabled"]
u'true'
>>> netconf_data["GigabitEthernet"][2]["enabled"]
u'false'
>>> netconf_data["GigabitEthernet"][2]["description"]
u'my description'
Which Python code snippet prints the descriptions of disabled interfaces only?
Option A Option B
Option C Option D
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation
We need a “if” condition here to find out disabled interfaces so Option A is not correct.
From the exhibit, we learn that the “netconf_data” array only has “enabled” element. It does not
have “disabled” element so Option B is not correct.
If “enabled” element is not “true” (interface[“enabled”] != ‘true’) then it is a disable interface ->
Option C is correct.
Question 18
Explanation
In this case we need to configure a VLAN access-map to deny HTTP traffic and apply it to VLAN
10. To do it, first create an access-list, by which interesting traffic will be matched. The principle
of VLAN access-map config is similar to the route-map principle.
After this we’ll create a vlan access-map, which has two main parameters: action and match.
Match: by this parameter the interesting traffic is matched and here RACL or MAC ACL can be
applied as well.
Action: what to do with matched traffic. Two main parameters exist: Drop and Forward. In case
of Drop, matched traffic will be dropped, and in case of forward, matched traffic will be allowed.
A good reference and example can be found at https://www.networkstraining.com/vlan-access-
map-example-configuration/
In this question, we have to permit both ACL because the matched traffic will be decided by the
VLAN Access map below (forward or drop).
Question 19
Which of the following statements regarding BFD are correct? (Choose two)
Answer: A B
Question 20
Answer: B
Explanation
BFD works only for directly connected neighbors. BFD neighbors must be no more than one IP
hop away. Multihop configurations are not supported -> “BFD detects local link failure” is
correct.
Typically, BFD can be used at any protocol layer. However, the Cisco implementation of BFD for
Cisco IOS Releases 12.2(18)SXE, 12.0(31)S, and 12.4(4)T supports only Layer 3 clients, in
particular, the BGP, EIGRP, IS-IS, and OSPF routing protocols.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html
According to the reference above, it is a bit weird but answer B is the best choice here.
Question 21
An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as
follows:
Which two statements does the engineer use to explain these values to the customer? (Choose
two)
Answer: C E
Explanation
The most accurate way to express it is with milliwatts (mW), but you end up with tons of
decimal places due to WiFi’s super-low transmit power, making it difficult to read. For example, -
40 dBm is 0.0001 mW, and the zeros just get more intense the more the signal strength drops.
Ultimately, the easiest and most consistent way to express signal strength is with dBm, which
stands for decibels relative to a milliwatt.
1 mW = 0 dBm
You can convert between mW and dBm using the following formulas:
P(dBm) = 10 · log10(P(mW))
dBm is that we’re working in negatives. -30 is a higher (stronger) signal than -80.
-30 dBm Amazing Max achievable signal strength. The client can N/A
only be a few feet from the AP to achieve this.
Not typical or desirable in the real world.
-67 dBm Very Good Minimum signal strength for applications that VoIP/VoWiFi,
require very reliable, timely delivery of data streaming
packets. video
-70 dBm Okay Minimum signal strength for reliable packet Email, web
delivery.
-80 dBm Not Good Minimum signal strength for basic connectivity. N/A
Packet delivery may be unreliable.
-90 dBm Unusable Approaching or drowning in the noise floor. Any N/A
functionality is highly unlikely.
Reference: https://www.metageek.com/training/resources/wifi-signal-strength-basics.html
Simple rule of thumb:
When working with power, 3 dB means double (twice) the factor and 10 dB means 10-fold.
Note: In this question, answer A may be correct but it is not obvious. Also in this question, dB
and dBm can be used interchangeable.
Question 22
Which three resources must the hypervisor make available to the virtual machines? (Choose
three)
A. memory
B. IP address
C. processor
D. bandwidth
E. secure access
F. storage
Answer: A C F
Question 23
A. dBm
B. dB
C. amp
D. mW
Answer: B
Explanation
Signal-to-noise ratio (SNR or S/N) is the ratio of signal power to the noise power, and its unit of
expression is typically decibels (dB).
Question 24
Answer: A
Question 25
Answer: B
Question 26
Which design principle should be followed in a Cisco SD-Access wireless network deployment?
A. The WLC is part of the fabric overlay
B. The WLC is part of the fabric underlay
C. The WLC is connected outside of the fabric
D. The access point is connected outside of the fabric
Answer: C
Explanation
This section gives some important considerations for deploying WLC and APs in an SD-Access
Wireless network:
Reference: https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-
automation-and-management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf (p
age 10)
Question 27
#! /usr/bin/env python3
from env_lab import dnac
import json
import requests
import urllib3
from requests.auth import HTTPBasicAuth
from prettytable import PrettyTable
dnac_devices.add_row([item["hostname"],item["platformId"],item["softwareType"],
item["softwareVersion"],item["upTime"]])
Option A
Option B
Option C
Option D
Which code results in the working python script displaying a list of network devices from the
Cisco DNA center?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Explanation
This code is used in the “CCNP and CCIE Enterprise Core” book (page 1537) and we post the full
script here for your reference:
#! /usr/bin/env python3
from env_lab import dnac
import json
import requests
import urllib3
from requests.auth import HTTPBasicAuth
from prettytable import PrettyTable
headers = {
'content-type': "application/json",
'x-auth-token': ""
}
dnac_devices.add_row([item["hostname"],item["platformId"],item["softwareType"],
item["soft. wareVersion"],item["upTime"]])
login = dnac_login(dnac["host"], dnac["username"], dnac["password"])
network_device_list(dnac, login)
print(dnac_devices)
Note: We broke some long lines so the Python format is not correct.
Question 28
An engineer is configuring a GRE tunnel interface in the default mode. The engineer has
assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface.
Which option also is required on the tunnel interface before it is operational?
Answer: A
Explanation
interface Tunnel 0
ip address 10.10.10.1
255.255.255.0
tunnel source fa0/0
tunnel destination 172.16.0.2
In this case the “IPv4 address on the tunnel” is 10.10.10.1/24 and “sourced the tunnel from an
Ethernet interface” is the command “tunnel source fa0/0”. Therefore it only needs a tunnel
destination, which is 172.16.0.2.
Note: A multiple GRE (mGRE) interface does not require a tunnel destination address.