cisco 350-601 practice test

Implementing and Operating Cisco Data Center Core Technologies


Question 1 Topic 5

Topic 5
A network engineer must enable port security on all Cisco MDS Series Switches in the fabric. The requirement is to avoid the
extensive manual configuration of the switch ports. Which action must be taken to meet these requirements?

  • A. Enable the auto-learning port security feature.
  • B. Enable the auto-learning port security feature on a per-VSAN basis.
  • C. Activate CFS distribution and the auto-learning port security feature.
  • D. Activate CFS distribution and the auto-learning port security feature on a per-VSAN basis.
Answer:

C

Discussions

Question 2 Topic 5

Topic 5
A network administrator must perform a system upgrade on a Cisco MDS 9000 Series Switch. Due to the recent changes by
the security team:
The AAA server is unreachable.
All TCP communication between the MDS 9000 Series Switch and AAA servers is disabled.
Which actions must be used to perform the upgrade?

  • A. Log in locally to the MDS 9000 Series Switch using a network-admin role and download the upgrade files from the remote TFTP server.
  • B. Log in locally to the MDS 9000 Series Switch using a server-admin role and download the upgrade files from the remote FTP server.
  • C. Log in to a server storing the upgrade files remotely using a server-admin role and download the files to the MDS 9000 Series Switch using SFTP.
  • D. Log in to a server storing the upgrade files remotely using a network-admin role and download the files to the MDS 9000 Series Switch using HTTP.
Answer:

C

Discussions

Question 3 Topic 5

Topic 5
A network engineer needs to configure system logging on the Cisco MDS Series switch. The messages must be displayed
with the severity level of warning and above. For security reasons, the users must be logged out of the console after 5
minutes of inactivity. Which configuration must be applied to meet these requirements?

  • A. MDS-A(config)# logging console 5 MDS-A(config-console)# exec-timeout 300
  • B. MDS-A(config)# line console MDS-A(config-console)# speed 38400 MDS-A(config-console)# exec-timeout 5 MDS-A(config)# logging console 4
  • C. MDS-A(config)# logging line 4 MDS-A(config-console)# session-limit 300
  • D. MDS-A(config)# console MDS-A(config-console)# speed 38400 MDS-A(config-console)# session-limit 5 MDS-A(config)# logging console 5
Answer:

B

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/configuration/guides/fundamentals/b_Cisco_M
DS_9000_Series_NX-OS_Fundamentals_Configuration_Guide/ b_Cisco_MDS_9000_Series_NX-
OS_Fundamentals_Configuration_Guide_Release_6_chapter_0100.html

Discussions

Question 4 Topic 5

Topic 5
An engineer must configure HTTPS secure management for Cisco UCS Manager using a key ring named kr2016 and a key
size of 1024 bits. The environment consists of a primary fabric interconnect named UCS-A and a secondary fabric
interconnect named UCS-B. Which command sequence must be used to accomplish this goal?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
Answer:

B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/CLI-User-Guides/Admin-
Management/4-0/b_Cisco_UCS_Manager_CLI_Administration_Mgmt_Guide_4-0/
b_Cisco_UCS_Manager_CLI_Administration_Mgmt_Guide_4-0_chapter_0110.html

Discussions

Question 5 Topic 5

Topic 5
A network administrator must configure an extra keyring in Cisco UCS Manager. The key must provide a high level of
encryption and secure authentication when users use the web interface. Which configuration command set must be applied
to meet these requirements?

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
Answer:

B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/CLI-User-Guides/Admin-
Management/3-1/b_Cisco_UCS_Manager_CLI_Administration_Mgmt_Guide_3_1/
b_Cisco_UCS_Manager_CLI_Administration_Mgmt_Guide_3_1_chapter_0110.html

Discussions

Question 6 Topic 5

Topic 5

Refer to the exhibit. A network engineer requires remote access via SSH to a Cisco MDS 9000 Series Switch. The solution
must support secure access using the local user database when the RADIUS servers are unreachable from the switches.
Which command meets these requirements?

  • A. aaa authentication none
  • B. aaa authentication login default group radius
  • C. aaa authentication login default fallback error local
  • D. aaa authentication login default group local
Answer:

C

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-
x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/
b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_0111.html

Discussions

Question 7 Topic 5

Topic 5

Refer to the exhibit. Which action is taken to ensure that the relay agent forwards the DHCP BOOTREQUEST packet to a
DHCP server?

  • A. Configure the IP address of the DHCP server.
  • B. Verify the DHCP snooping bindings.
  • C. Configure the interface of the DHCP server as untrusted.
  • D. Enable the DHCP relay agent.
Answer:

B

Explanation:
Reference:
https://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html

Discussions

Question 8 Topic 5

Topic 5

Refer to the exhibit. What is the result of implementing the configuration?

  • A. The RADIUS server timeout value is 15 milliseconds.
  • B. RADIUS traffic is sourced from the VLAN 200 interface.
  • C. Users specify the RADIUS server when they log in.
  • D. Only the RADIUS server is used for authentication.
Answer:

D

Discussions

Question 9 Topic 5

Topic 5
An engineer is configuring AAA authentication on a Cisco MDS 9000 Series switch. The LDAP server is located under the IP
10.10.2.2. The data sent to the LDAP server should be encrypted. Which command should be used to meet these
requirements?

  • A. ldap-server 10.10.2.2 port 443
  • B. ldap-server 10.10.2.2 key SSL_KEY
  • C. ldap-server host 10.10.2.2 key SSL_KEY
  • D. ldap-server host 10.10.2.2 enable-ssl
Answer:

D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/configuration/guides/security/nx-os/sec_cli_6-
x/cradtac1.html

Discussions

Question 10 Topic 5

Topic 5
Port security is statically configured on a Cisco Nexus 7700 Series switch and F3 line card. The switch is configured with an
Advanced Services license. Which two actions delete secured MAC addresses from the interface? (Choose two.)

  • A. The address must be removed from the configuration.
  • B. Shutdown and then no shutdown must be run on the interface.
  • C. The device must be restarted manually.
  • D. The address must reach the age limit that is configured for the interface.
  • E. The interface must be converted to a routed port.
Answer:

A E

Discussions
To page 2