ENCOR – NETWORK ASSURANCE Welcome to your CCNP-ENCOR-ASSURANCE 1. Which protocol or service can be configured to send unsolicited messages to alert the network administrator about a network event such as an extremely high CPU utilization on a router? A. syslog B. SNMP C. NTP D. NetFlow None 2. What conclusion can be drawn from this configuration? An administrator issued the following commands on router R1: R1(config)# logging 192.168.10.2R1(config)# logging trap 5 A. The only messages that appear on the syslog server are those with severity level of 5. B. Messages with severity level of 6 or higher appear only on the router console output. C. Messages with severity level of 5 or higher appear on the router console output and are sent to the syslog server. D. The only messages that appear on the syslog server are those with severity level of 4 or lower. None 3. What is the description for a Syslog Level 1 event? A. system unusable B. immediate action needed C. error condition D. critical condition None 4. What is the purpose of ERSPAN? A. to mirror traffic from a remote location B. to log information from monitored network devices C. to provide standardization for traffic sent from network devices to a logging server D. to analyze the type and frequency of specific data types for QoS purposes None 5. What is a primary function of the Cisco IOS IP Service Level Agreements feature? A. to measure network performance and discover a network failure as early as possible B. to detect potential network attacks C. to adjust network device configurations to avoid congestion D. to provide network connectivity for customers None 6. What is a tool in the Cisco DNA Center that can apply machine learning in order to diagnose network issues and offer guided remediation steps to fix issues? A. DNA Assurance B. syslog C. RSPAN D. SNMP E. ERSPAN None 7. What is the description for a Syslog Level 5 event? A. normal, but significant condition B. debugging message C. warning condition D. informational message None 8. What is the description for a Syslog Level 6 event? A. normal, but significant condition B. informational message C. debugging message D. warning condition None 9. Which layer of the Cisco SD-Access Architecture contains the underlay and the overlay networks? A. controller B. network C. management D. physical None 10. In the data gathering process, which type of device will listen for traffic, but only gather traffic statistics? A. NetFlow collector B. SNMP agent C. NMS D. syslog server None 11. Which type of information can an administrator obtain with the show ip cache flow command? A. the NetFlow version that is enabled B. the protocol that uses the largest volume of traffic C. whether NetFlow is configured on the correct interface and in the correct direction D. the configuration of the export parameters None 12. Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device? A. NetFlow B. SIEM C. SPAN D. Wireshark None 13. Which monitoring technology mirrors traffic flowing through a switch to an analysis device connected to another switch port? A. SIEM B. SPAN C. NetFlow D. SNMP None 14. A network administrator is using the Cisco DNA Center to monitor network health and to troubleshoot network issues. Which area should the administrator use to perform these tasks? A. ASSURANCE B. PROVISION C. PLATFORM D. POLICY None 15. Which two operations are valid for RESTCONF? (Choose two.) A. HEAD B. REMOVE C. PULL D. PATCH E. ADD F. PUSH 16. Refer to the exhibit. What does the error message relay to the administrator who is trying to configure a Cisco IOS device? A. A NETCONF request was made for a data model that does not exist. B. The device received a valid NETCONF request and serviced it without error. C. A NETCONF message with valid content based on the YANG data models was made, but the request failed. D. The NETCONF running datastore is currently locked. None 17. When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port? A. logging host 10.2.3.4 vrf mgmt transport tcp port 6514 B. logging host 10.2.3.4 vrf mgmt transport udp port 6514 C. logging host 10.2.3.4 vrf mgmt transport tcp port 514 D. logging host 10.2.3.4 vrf mgmt transport udp port 514 None 18. Which encryption hashing algorithm does NTP use for authentication? A. SSL B. MD5 C. AES128 D. AES256 None 19. Which command set configures RSPAN to capture outgoing traffic from VLAN3 on interface GigabitEthernet 0/3 while ignoring other VLAN trafic on the same interface? A. monitor session 2 source interface gigabitethernet 0/3 tx monitor session 2 filter vlan 1 - 2 , 4 - 4094 B. monitor session 2 source interface gigabitethernet 0/3 tx monitor session 2 filter vlan 3 C. monitor session 2 source interface gigabitethernet 0/3 rx monitor session 2 filter vlan 1 - 2 , 4 - 4094 D. monitor session 2 source interface gigabitethernet 0/3 rx monitor session 2 filter vlan 3 None 20. Refer to the exhibit. Based on the output generated by the show monitor session 1 command, how will SPAN operate on the switch? A. All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1. B. All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1. C. Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1. D. Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1. None 21. Refer to the exhibit. The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use? A. event manager applet EEM_IP_SLA event track 10 state down B. event manager applet EEM_IP_SLA event track 10 state unreachable C. event manager applet EEM_IP_SLA event sla 10 state unreachable D. event manager applet EEM_IP_SLA event sla 10 state down None 22. What is the description for a Syslog Level 0 event? A. error condition B. critical condition C. system unusable D. immediate action needed None 23. Refer to the exhibit. An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm? A. SPAN session 1 monitors activity on VLAN 50 of a remote switch B. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14. C. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15. D. RSPAN session 1 is incompletely configured for monitoring None 24. Which are two results of implementing this feature instead of traditional Netflow? (Choose two.) A network engineer is configuring Flexible Netflow and enters these commands: Sampler Netflow1 Mode random one-out-of 100 Interface fastethernet 1/0 Flow-sampler netflow1 A. CPU and memory utilization are reduced. B. Only the flows of top 100 talkers are exported C. The data export flow is more secure. D. The number of packets to be analyzed are reduced E. The accuracy of the data to be analyzed is improved 25. Refer to the exhibit. After implementing the configuration 172.20.20.2 stops replaying to ICMP echoes, but the default route fails to be removed. What is the reason for this behavior? A. The source-interface is configured incorrectly. B. The destination must be 172.30.30.2 for icmp-echo C. The default route is missing the track feature D. The threshold value is wrong. None 26. Refer to the exhibit. A network engineer must configure NETCONF. After creating the configuration, the engineer gets output from the command show line, but not from show runningconfig. Which command completes the configuration? A. Device(config)# netconf max-sessions 100 B. Device(config)# no netconf ssh acl 1 C. Device(config)# netconf lock-time 500 D. Device(config)# netconf max-message 1000 None 27. A network monitoring system uses SNMP polling to record the statistics of router interfaces The SNMP queries work as expected until an engineer installs a new interface and reloads the router After this action, all SNMP queries for the router fail What is the cause of this issue? A. The SNMP community is configured incorrectly B. The SNMP interface index changed after reboot. C. The SNMP server traps are disabled for the interface index D. The SNMP server traps are disabled for the link state. None 28. Refer to the exhibit. What is the result when a technician adds the monitor session 1 destination remote vlan 223 command? A. The RSPAN VLAN is replaced by VLAN 223. B. RSPAN traffic is sent to VLANs 222 and 223. C. An error is flagged for configuring two destinations. D. RSPAN traffic is split between VLANs 222 and 223. None 29. Refer to the exhibit. What is required to configure a second export destination for IP address 192.168.10.1? A. Specify a VRF. B. Specify a different UDP port. C. Specify a different flow ID D. Configure a version 5 flow-export to the same destination. E. Specify a different TCP port. None 30. Refer to the exhibit. An engineer must configure a SPAN session. What is the effect of the configuration? A. Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1 B. Traffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1 C. Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1. D. Traffic sent on VLANs 10, 11 , and 12 is copied and sent to interface g0/1 None 31. A network administrator is Implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two.) A. Configure the logging synchronous global configuration command B. Configure the logging delimiter feature C. Configure the logging synchronous command under the vty D. Press the TAB key to reprint the command in a new line E. increase the number of lines on the screen using the terminal length command 32. Refer to the exhibit. An engineer must add the SNMP interface table to the NetFlow protocol flow records. Where should the SNMP table option be added? A. under the interface B. under the flow record C. under the flow monitor D. under the flow exporter None 33. A network is being migrated from IPV4 to IPV6 using a dual-stack approach. Network management is already 100% IPV6 enabled. In a dual-stack network with two dual-stack NetFlow collections, how many flow exporters are needed per network device in the flexible NetFlow configuration? A. 1 B. 2 C. 4 D. 8 None 34. An engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded beyond the service provider domain when the LSP is down? A. Disable IP redirects only on outbound interfaces. B. Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network. C. Disable IP redirects on all ingress interfaces. D. Configure a private IP address as the destination address of the headend router of Cisco MPLS TE. None 35. Which configuration must be used? A network engineer must configure a router to send logging messages to a syslog server based on these requirements: uses syslog IP address: 10.10.10.1 uses a reliable protocol must not use any well-known TCP/UDP ports A. logging host 10.10.10.1 transport tcp port 1024 B. logging origin-id 10.10.10.1 C. logging host 10.10.10.1 transport udp port 1023 D. logging host 10.10.10.1 transport udp port 1024 None 36. Refer to the exhibit. R1 is able to ping the R3 fa0/1 interface. Why do the extended pings fail? A. The maximum packet size accepted by the command is 1476 bytes. B. R3 is missing a return route to 10.99.69.0/30 C. R2 and R3 do not have an OSPF adjacency D. The DF bit has been set None 37. Refer to the exhibit. An engineer has configured an IP SLA for UDP echo's. Which command is needed to start the IP SLA to test every 30 seconds and continue until stopped? A. ip sla schedule 100 life forever B. ip sla schedule 30 start-time now life forever C. ip sla schedule 100 start-time now life 30 D. ip sla schedule 100 start-time now life forever None 38. Refer to exhibit. What are two reasons for IP SLA tracking failure? (Choose two ) A. The destination must be 172.30 30 2 for icmp-echo B. The threshold value is wrong C. A route back to the R1 LAN network is missing in R2 D. The source-interface is configured incorrectly. E. The default route has the wrong next hop IP address 39. Refer to the exhibit. A network engineer issues the debug command while troubleshooting a network issue. What does the output confirm? A. ACL 100 is tracking ICMP traffic from 10.1.1.1 destined for 1.1.1.1. B. ACL100 is tracking all traffic from 10.1.1.1 destined for 1.1.1.1. C. ACL100 is tracking ICMP traffic from Serial1/0 destined for Serial3/0. D. ACL100 is tracking ICMP traffic from 1.1.1.1 destined for 10.1.1.1. None 40. Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network? A. NBAR2 B. IPFIX C. 8 D. flexible None 41. Which language defines the structure or modelling of data for NETCONF and RESTCONF? A. YAM B. YANG C. JSON D. XML None 42. Refer to the exhibit. Users cannot reach the web server at 192.168.100.1. What is the root cause for the failure? A. The server is attempting to load balance between links 10.100.100.1 and 10.100.200.1. B. There is a loop in the path to the server. C. The gateway cannot translate the server domain name. D. The server is out of service. None 43. Refer to the exhibit. What happens to access interfaces where VLAN 222 is assigned? A. STP BPDU guard is enabled B. A description "RSPAN" is added C. They are placed into an inactive state D. They cannot provide PoE None 44. Refer to the exhibit. A network engineer is troubleshooting an issue with the file server based on reports of slow file transmissions. Which two commands or command sets are required to switch SW1 A. SW1#show monitor B. SW1(config)#monitor session 1 source interface gigabitethernet0/3 SW1(config)#monitor session 1 destination interface gigabitethernet0/1 encapsulation replicate C. SW1#show ip route D. SW1#show vlan E. SW1(config)#monitor session 1 source interface gigabitethernet0/1 SW1(config)#monitor session 1 destination interface gigabitethernet0/3 encapsulation replicate 45. High bandwidth utilization is occurring on interface Gig0/1 of a router. An engineer must identify the flows that are consuming the most bandwidth. Cisco DNA Center is used as a flow exporter and is configured with the IP address 192.168.23.1 and UDP port 23000. Which configuration must be applied to set NetFlow data export and capture on the router? A. Option A B. Option B C. Option C D. Option D None 46. A firewall address of 192 166.1.101 can be pinged from a router but, when running a traceroute to It, this output is received. What is the cause of this issue? A. The firewall blocks ICMP traceroute traffic. B. The firewall rule that allows ICMP traffic does not function correctly C. The firewall blocks ICMP traffic. D. The firewall blocks UDP traffic None 47. Refer to the exhibit. An engineer must configure an ERSPAN tunnel that mirrors traffic from Linux1 on Switch1 to Linux2 on Switch2. Which command must be added to the destination configuration to enable the ERSPAN tunnel? A. (config-mon-erspan-dst-src)# erspan-id 172.16.10.10 B. (config mon erspan-dst-src)# erspan-id 110 C. (config-mon-erspan-dst-src)# no shut D. (config-mon-erspan-dst-src)# origin ip address 172.16.10.10 None 48. Refer to the exhibit. Which command filters the ERSPAN session packets only to interface GigabitEthernet1? A. source ip 10.10.10.1 B. source interface gigabitethernet1 ip 10.10.10.1 C. filter access-group 10 D. destination ip 10.10.10.1 None 49. Which IP SLA operation requires the IP SLA responder to be configured on the remote end? A. ICMP echo B. UDP jitter C. CMP jitter D. TCP connect None 50. Refer to the exhibit Which command must be applied to complete the configuration and enable RESTCONF? A. ip http secure-server B. ip http server C. ip http secure-port 443 D. ip http client username restconf None 51. Refer to the exhibit. These commands have been added to the configuration of a switch. Which command flags an error if it is added to this configuration? A. monitor session 1 source interface port-channel 6 B. monitor session 1 source vlan 10 C. monitor session 1 source interface FastEthernet0/1 rx D. monitor session 1 source interface port-channel 7, port-channel 8 None 52. A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use? A. SNMPtrap B. Port mirroring C. Syslog collection D. API integration None 53. Refer to the exhibit. An engineer must send the 172.16.2.0 /24 user traffic to a packet capture tool to troubleshoot an issue. Which action completes the configuration? A. Encrypt the traffic between the users and the monitoring servers. B. Disable the spanning tree protocol on the monitoring server VLAN. C. Enable the Cisco Discovery Protocol on the server interfaces. D. Define the remote span VLAN on SW1 and SW2. None 54. An engineer must use IP SLA to measure the network performance and record statistics hop-by-hop. Which configuration must be used? A. Option A B. Option B C. Option C D. Option D None 55. Refer to the exhibit. What is the result of the IP SLA configuration? A. The operation runs 300 times a day B. The operation runs 5000 C. The rate is configured to repeat every 5 minutes D. IP SLA is scheduled to run at 3 a.m None 56. Refer to the exhibit. The DevOps team noticed missing NetFlow data during peak utilization times for remote branches. Which configuration allows for this issue to be minimized or resolved? A. Configure NetFlow on the in and outbound directions. B. Change the transport type from UDP to TCP. C. Configure long byte counters when specifying a flow record. D. Change the flow monitor to IPv6 from IPv4. None 57. Which feature must be configured to allow packet capture over Layer 3 infrastructure'? A. VSPAN B. IPSPAN C. RSPAN D. ERSPAN None 58. Which statement about an RSPAN session configuration is true? A. A fitter mutt be configured for RSPAN Regions. B. Only one session can be configured at a time. C. A special VLAN type must be used as the RSPAN destination. D. Only incoming traffic can be monitored. None 59. Refer to the exhibit. Which action must be performed to allow RESTCONF access to the device? A. Enable the NETCONF service. B. Enable the SSH service. C. Enable the IOX service. D. Enable the HTTPS service. None 60. Refer to the exhibit. An administrator must collect basic statistics about the approximate amount of IPv4 and IPv6 flows entering Gi0/0 using NetFlow. However, the administrator is concerned that NetFlow processing during periods of high utilization on Gi0/0 will overwhelm the router CPU. Which configuration minimizes CPU impact and keeps the data flows across Gi0/0 intact? A. Option A B. Option B C. Option C D. Option D None 61. Which two statements about IP SLA are true? (Choose two) A. It uses NetFlow for passive traffic monitoring B. It can measure MOS C. The IP SLA responder is a component in the source Cisco device D. It is Layer 2 transport-independent correct E. It uses active traffic monitoring correct F. SNMP access is not supported 62. An engineer reviews a router's logs and discovers the following entry. What is the event's logging severity level? Router# *Jan 01 38:24:04.401: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up A. notification B. error C. informational D. warning None 63. Which level message does the WLC send to the syslog server? A. syslog level errors and less severity messages B. syslog level errors messages C. all syslog levels messages D. syslog level errors and greater severity messages None 64. What are two features of NetFlow flow monitoring? (Choose two.) A. Copies all ingress flow information to an interface B. Include the flow record and the flow importer C. Can track ingress and egress information D. Can be used to track multicast, MPLS, or bridged traffic. E. Does not required packet sampling on interfaces 65. An engineer failed to run diagnostic commands on devices using Cisco DNA center, which action in Cisco DNA center resolves the issue? A. Enable Secure Shell. B. Enable Command Runner. C. Enable APIs D. Enable CDP. None 66. Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same interface? A. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 3 B. monitor session 2 source interface gigabitethernet0/3 rx monitor session 2 filter vlan 1 - 2, 4 - 4094 C. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 3 D. monitor session 2 source interface gigabitethernet0/3 tx monitor session 2 filter vlan 1- 2, 4 - 4094 None 67. Refer to the exhibit. Which command is required on router R1 to start receiving RESTCONF requests? A. R1(config)# ip http accounting commands 12 default B. R1(config)# ip http server C. R1(config)# restconf D. R1(config)# ip http access-class 12 None 68. Refer to the exhibit. The administrator configures an ERSPAN session, but no packets are received on the destination host. Which action is required to complete the configuration? A. Ensure that the ERSPAN destination addresses are not reachable through the Mgmt-vrf VRF. B. Ensure that the ERSPAN destination is reachable from the switch. C. Configure the ERSPAN destination VLAN as an RSPAN VLAN. D. Enable the ERSPAN session. None 69. Router R1 must be configured as a UDP responder on port 6336. Which configuration accomplishes this task? A. (config)#ip sla responder udp-echo ipaddress 10.10.10.1 port 6336 B. (config)#ip sla responder udp-echo ipv4 10.10.10.1 port 6336 C. (config)#ip sla responder ipaddress 10.10.10.1 port 6336 D. (config-if)#ip sla responder udp-port ipaddress 10.10.10.1 port 6336 None 70. Refer to the exhibit. Which command is required to validate that an IP SLA configuration matches the traffic between the branch office and the central site? A. R1# show ip sla group schedule B. R1# show ip route C. R1# show ip sla configuration D. R1# show ip sla statistics None 1 out of 70 Time's up
