[Dec 07, 2021] 300-410 Test Engine files, 300-410 Dumps PDF Latest Cisco 300-410 PDF and Dumps (2021) Free Exam Questions Answers Cisco 300-410 is a concentration exam that the applicants have to pass in order to obtain two certifications: Cisco Certified Specialist – Enterprise Advanced Infrastructure Implementation and CCNP Enterprise. This test measures their knowledge and skills in implementing [...]

All Products Contact now

[Dec 07, 2021] 300-410 Test Engine files, 300-410 Dumps PDF [Q109-Q127]

Share

[Dec 07, 2021] 300-410 Test Engine files, 300-410 Dumps PDF 

Latest Cisco 300-410 PDF and Dumps (2021) Free Exam Questions Answers


Cisco 300-410 is a concentration exam that the applicants have to pass in order to obtain two certifications: Cisco Certified Specialist – Enterprise Advanced Infrastructure Implementation and CCNP Enterprise. This test measures their knowledge and skills in implementing and troubleshooting advanced routing services & technologies. These include Layer 3, VPN services, infrastructure security, infrastructure automation, and infrastructure services. Moreover, the potential candidates for the CCNP Enterprise certificate must take the core exam, which is Cisco 350-401, to fulfill the requirements for getting this sought-after certification.

 

NEW QUESTION 109
What attack technique can be used to force user traffic through an attacking device, causing a man-in-the- middle attack?

  • A. DHCP spoofing
  • B. VLAN hopping
  • C. Rogue device
  • D. MAC flooding

Answer: A

Explanation:
DHCP spoofing is an attack that can be used to force user traffic through an attacking device. This is accomplished by an attacker responding to DHCP queries form users. Eliminating the response from the correct DHCP server would make this more effective, but if the attacker's response gets to the client first, the client will accept it. The DHCP response from the attacker will include a different gateway or DNS server address. If they define a different gateway, the user traffic will be forced to travel through a device controlled by the attacker. This will allow the attacker to capture traffic and gain company information. If the attacker changes the DNS server in the response, they can use their own DNS server to force traffic to selected hosts to go to a device they control. Again, this would allow the attacker to capture traffic and gain information.
VLAN hopping is an attack that allows an attacker to access network resources on a different VLAN without passing through a router. The attacker can create a packet with two VLAN headers on it and send it to a switch.
The switch port will strip off the first header and leave the second. The second header will be seen as the originating VLAN allowing the attacker access to a VLAN they are not connected to. This becomes a security concern because this hopping can be accomplished without passing through a router and its security access lists. For this reason, private VLANs and VACLs should be used to secure access between VLANs.
MAC flooding is an attach technique which attempts to fill a switch table so the attacker can capture flooded traffic sent from the switch. The concept of this attack is to use the CAM table limit to the attacker's advantage.
The attacker would send packets addressed from a large number of MAC addresses to the switch. The switch adds the source MAC address to the MAC address table. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case.
A rogue device is a device attached to the network that is not under the control of the organization. This term is normally used to mean a wireless device, perhaps an access point that is not operating as a part of the company's infrastructure. Employees may bring their own access points and connect them to the network so they can use their computer wirelessly. This creates a security gap since the device is probably not secured to protect the traffic. An attacker could connect a rogue access point to a company's network and capture traffic from outside the company's premises.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features
References:
Cisco > Products and Services > Switches > Cisco Catalyst 6500 Series Switches > Product Literature > White Papers > Cisco Catalyst 6500 Series Switches > VLAN Security White Paper

 

NEW QUESTION 110
Drag and drop the MPLS terms from the left onto the correct definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 111
Refer to the exhibit.

A user cannot SSH to the router. What action must be taken to resolve this issue?

  • A. Configure transport output ssh
  • B. Configure transport input ssh
  • C. Configure ip ssh version 2
  • D. Configure ip ssh source-interface loopback0

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01001.html

 

NEW QUESTION 112
Refer to the exhibit.

An engineer wanted to set a tag of 30 to route 10 1.80.65/32 but it failed How is the issue fixed?

  • A. Modify route-map ospf-to-eigrp permit 30 and match prefix-list ccnp2.
  • B. Modify prefix-list ccnp3 to add 10.1.64.0/20 ge 32
  • C. Modify prefix-list ccnp3 to add 10.1.64.0/20 le 24
  • D. Modify route-map ospf-to-eigrp permit 10 and match prefix-list ccnp2.

Answer: D

 

NEW QUESTION 113
Which two conditions can be used to filter the output of the debug crypto condition command? (Choose two.)

  • A. front-door VRF name
  • B. destination IP address
  • C. routing event filter
  • D. encryption algorithm
  • E. ISAKMP profile name

Answer: A,E

Explanation:
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec- for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.pdf

 

NEW QUESTION 114
In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)

  • A. by various IPv6 guard features to validate the data link layer address
  • B. by the recovery mechanism to recover the binding table in the event of a device reboot
  • C. by IPv6 routing protocols to securely build neighborships without the need of authentication
  • D. by storing hashed keys for IPsec tunnels for the built-in IPsec features
  • E. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways

Answer: A,B

Explanation:
Overview of the IPv6 First-Hop Security Binding Table
A database table of IPv6 neighbors connected to the device is created from information sources such as NDP snooping. This database, or binding table, is used by variousIPv6 guard features to validate the link-layer address (LLA), the IPv4 or IPv6 address, and the prefix binding of the neighbors to prevent spoofing and redirect attacks.
IPv6 First-Hop Security Binding Table Recovery MechanismThe IPv6 first-hop security binding table recovery mechanism enables the binding table to recover in the event of a device reboot.

 

NEW QUESTION 115
R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:

What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1.1) by using the neighbor 1.1.1.1 route-map OUT out command?

  • A. Network 192.168.130.0/24 is not allowed in the R1 table
  • B. R1 does not accept any routes other than 192.168.130.0/24
  • C. R1 sees 192.168.130.0/24 as two AS hops away instead of one AS hop away.
  • D. R1 does not forward traffic that is destined for 192.168.30.0/24

Answer: C

 

NEW QUESTION 116
An engineer needs dynamic routing between two routers and is unable to establish OSPF adjacency. The output of the show ip ospf neighbor command shows that the neighbor state is EXSTART/EXCHANGE.
Which action should be taken to resolve this issue?

  • A. match the network types
  • B. match the hello timers
  • C. match the passwords
  • D. match the MTUs

Answer: D

Explanation:

 

NEW QUESTION 117
Drag and drop the packet types from the left onto the correct descriptions on the right.

Answer:

Explanation:

 

NEW QUESTION 118
Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?

  • A. multi-paths eibgp 2
  • B. maximum-paths ibgp 2
  • C. maximum-paths 2
  • D. multi-paths 2

Answer: B

 

NEW QUESTION 119
Refer to the exhibit.

The R1 and R2 configurations are:

The neighbor is not coming up. Which two sets of configurations bring the neighbors up? (Choose two.) A)

B)

C)

D)

E)

  • A. Option C
  • B. Option A
  • C. Option B
  • D. Option D
  • E. Option E

Answer: A,B

Explanation:

 

NEW QUESTION 120
Refer to the exhibit.

Which routes from OSPF process 5 are redistributed into EIGRP?

  • A. E1 and E2 subnets matching access list TO-OSPF
  • B. only E1 subnets matching prefix listTO-OS1
  • C. E1 and E2 subnets matching prefix list TO-OSPF
  • D. only E2 subnets matching access list TO-OSPF

Answer: A

 

NEW QUESTION 121
Refer to the exhibit.

An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface. The route has changed to flow through router R2. Which debug command is used to troubleshoot this issue?

  • A. debug ip routing
  • B. debug ip packet
  • C. debug ip flow
  • D. debug ip sla error

Answer: A

 

NEW QUESTION 122
Refer to the exhibit.

Which interface configuration must be configured on the HUB router to enable MVPN with mGRE mode?

  • A. Option C
  • B. Option B
  • C. Option D
  • D. Option A

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-dmvpn.html

 

NEW QUESTION 123
Drag and drop the MPLS VPN device types from the left onto the definitions on the right.

Answer:

Explanation:

 

NEW QUESTION 124
Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family configuration?

  • A. router ospfv3 1
    address-family ipv4
  • B. Router(config-router)#ospfv3 1 ipv4 area 0
  • C. router ospfv3 1
    address-family ipv4 unicast
  • D. Router(config-if)#ospfv3 1 ipv4 area 0

Answer: B

 

NEW QUESTION 125
Which statement about route distinguishers in an MPLS network is true?

  • A. Route distinguishers define which prefixes are imported and exported on the edge router.
  • B. Route distinguishers make a unique VPNv4 address across the MPLS network.
  • C. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
  • D. Route distinguishers are used for label bindings.

Answer: B

Explanation:
Section: VPN Technologies
Explanation/Reference:

 

NEW QUESTION 126
Refer to the exhibit.

Which two actions restrict access to router R1 by SSH? (Choose two.)

  • A. Remove class-map ANY from service-policy CoPP
  • B. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199
  • C. Configure transport input ssh on line vty and remove sequence 30 from access list 100.
  • D. Configure transport output ssh on line vty and remove sequence 20 from access list 100.
  • E. Configure transport output ssh on line vty and remove sequence 10 from access list 199.

Answer: C,D

Explanation:
To only allow SSH to R1, we have to: + Deny Telnet in ACL 100 because the action of class-map: PERMIT is "permit" + Permit Telnet in ACL 199 because the action of class-map: ANY is "drop" But:
+ In ACL 100 there is a permit statement for Telnet traffic "20 permit tcp any any eq telnet (5 matches)" which is not correct so we must remove this statement. + In ACL 199 there is an ACL statement "10 deny tcp any eq telnet any (50 matches)". This statement is aimed for Telnet traffic leaving R1 which is not correct so we must remove this statement.
Note: + The command "transport output telnet ssh" allows telnet and SSH from this device (to other devices). + Telnet is TCP port 23. + When using Telnet on source port, it affects Telnet traffic leaving from R1.

 

NEW QUESTION 127
......

Pass Your CCNP Enterprise 300-410 Exam on Dec 07, 2021 with 215 Questions: https://www.guidetorrent.com/300-410-pdf-free-download.html

300-410 Free Exam Study Guide! (Updated 215 Questions): https://drive.google.com/open?id=124Y_wzJ3Axwds7K-W2P8r0AN1oylYfER 

Related Articles

more
Cisco 300-410 Certification Practice Exam