更新されたのは2022年03月は100%カバー率で300-410リアルな試験問題で100%合格保証
実際問題を使おうCisco問題集で100%無料で使える300-410試験問題集
Cisco 300-410 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
| トピック 11 |
|
| トピック 12 |
|
| トピック 13 |
|
| トピック 14 |
|
質問 62 
Refer to the exhibit. an engineer is trying to get 192.168.32.100 forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action forwards the packets through 10.1.1.1?
- A. Configure EIGRP to receive 192.168.32.0 route with lower metric.
- B. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24.
- C. Configure EIGRP to receive 192.168.32.0 route with longer prefix than /19.
- D. Configure EIGRP to receive 192.168.32.0 route with lower admin distance.
正解: B
質問 63
Refer to the exhibit.
A junior engineer updated a branch router configuration. Immediately after the change, the engineer receives calls from the help desk that branch personnel cannot reach any network destinations. Which configuration restores service and continues to block 10.1.1.100/32?
- A. route-map FILTER-IN permit 20
- B. ip prefix-list 102 seq 5 permit 0.0.0.0/32 le 32
- C. ip prefix-list 102 seq 15 permit 0.0.0.0/32 le 32
- D. route-map FILTER-IN deny 5
正解: A
解説:
Explanation
By using "deny" keyword in a route-map, we can filter out the prefix specified in the prefix-list.
But there is an implicit "deny all" statement in the prefix-list so we must permit other prefixes with "permit" keyword in the route-map.
質問 64
Refer to the exhibit.
The network administrator configured VRF lite for customer A.
The technician at the remote site misconfigured VRF on the router. Which configuration will resolve connectivity for both sites of customer a?
- A. Option A
- B. Option D
- C. Option C
- D. Option B
正解: B
解説:
From the exhibit, we learned:
+ VRF customer_a was exported with Route target (RT) of 1:1 so at the remote site it must be imported with the same RT 1:1.
+ VRF customer_a was imported with Route target (RT) of 1:1 so at the remote site it must be exported with the same RT 1:1.
Therefore at the remote site we must configure the command "route-target both 1:1" (which is equivalent to two commands "route-target import 1:1" & "route-target export 1:1".
質問 65
Refer to the exhibit.
After redistribution is enabled between the routing protocols; PC2, PC3, and PC4 cannot reach PC1. Which action can the engineer take to solve the issue so that all the PCs are reachable?
- A. Set the administrative distance 100 under the RIP process on R2.
- B. Redistribute the directly connected interfaces on R2.
- C. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP.
- D. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.
正解: D
質問 66
Refer to the exhibit. The output of the trace route from R5 shows a loop in the network. Which configuration prevents this loop?
- A.

- B.

- C.

- D.

正解: D
解説:
Section: Layer 3 Technologies
質問 67
R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:
What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1.1) by using the neighbor 1.1.1.1 route-map OUT out command?
- A. R1 does not forward traffic that is destined for 192.168.130.0/24.
- B. R1 does not accept any route other than 192.168.130.0/24.
- C. Network 192.168.130.0/24 is not allowed in the R1 table.
- D. R1 sees 192.168.130.0/24 as two hops away instead of one AS hop away
正解: D
質問 68
Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right.
正解:
解説:
Explanation
Same Answer is already updated below:
HTTP and HTTPs run on TCP port 80 and 443, respectively and we have to remember them.
Syslog runs on UDP port 514 while NTP runs on UDP port 123 so if we remember them we can find out the matching answers easily. But maybe there is some typos in this question as 2001:d88:800:200c::c/126 only ranges from 2001:d88:800:200c:0:0:0:c to 2001:d88:800:200c:0:0:0:f (4 hosts in total). It does not cover host 2001:0D88:0800:200c::1f. Same for 2001:D88:800:200c::e/126, which also ranges from
2001:d88:800:200c:0:0:0:c to 2001:d88:800:200c:0:0:0:f and does not cover host 2001:0D88:0800:200c::1c
.
質問 69
Refer to the exhibit.
The administrator successfully logs into R1 but cannot access privileged mode commands. What should be configured to resolve the issue?
- A. matching password on vty lines as cisco123!
- B. enable secret or enable password commands to enter into privileged mode
- C. secret cisco123! at the end of the username command instead of password cisco123!
- D. aaa authorization reverse-access
正解: B
質問 70
Refer to the exhibit.
Why is the remote NetFlow server failing to receive the NetFlow data?
- A. The flow exporter is configured but is not used.
- B. The flow monitor is applied in the wrong direction.
- C. The flow monitor is applied to the wrong interface.
- D. The destination of the flow exporter is not reachable.
正解: A
質問 71
Refer to the exhibit.
AS111 is receiving its own routes from AS200 causing a loop in the network. Which configuration provides loop prevention?
A)
B)
C)
D)
- A. Option A
- B. Option B
- C. Option D
- D. Option C
正解: D
質問 72
Refer to the exhibit.
What does the imp-null tag represent in the MPLS VPN cloud?
- A. Impose the label
- B. Exclude the EXP bit
- C. Include the EXP bit
- D. Pop the label
正解: D
解説:
The -imp-null|| (implicit null) tag instructs the upstream router to pop the tag entry off the tag stack before forwarding the packet.
Note: pop means -remove the top MPLS label||
質問 73
An engineer configured policy-based routing for a destination IP address that does not exist in the routing table. How is the packet treated through the policy for configuring the set ip default next-hop command?
- A. Packets are forwarded to the specific next hop.
- B. Packets are forwarded based on a static route.
- C. Packets are not forwarded to the specific next hop.
- D. Packets are forwarded based on the routing table.
正解: A
解説:
The set ip default next-hop command verifies the existence of the destination IP address in the routing table, and...+ if the destination IP address exists, the command does not policy route the packet, but forwards the packet based on the routing table.+ if the destination IP address does not exist, the command policy routes the packet by sending it to the specified next hop.
質問 74 
A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration:
Which command will resolve this problem when WAN connectivity is down?
- A. aaa authentication login default group tacacs+ console
- B. aaa authentication login default group tacacs+ enable
- C. aaa authentication login console group tacacs+ enable
- D. aaa authentication login default group tacacs+ local
正解: D
質問 75
When determining if a system is capable of support, what is the minimum time spacing required for a BFD control packet to receive once a control packet is arrived?
- A. Detect Mult
- B. Required Min RX Interval
- C. Required Min Echo RX Interval
- D. Desired Min TX Interval
正解: B
質問 76
What attack technique can be used to force user traffic through an attacking device, causing a man-in-the- middle attack?
- A. VLAN hopping
- B. MAC flooding
- C. Rogue device
- D. DHCP spoofing
正解: D
解説:
DHCP spoofing is an attack that can be used to force user traffic through an attacking device. This is accomplished by an attacker responding to DHCP queries form users. Eliminating the response from the correct DHCP server would make this more effective, but if the attacker's response gets to the client first, the client will accept it. The DHCP response from the attacker will include a different gateway or DNS server address. If they define a different gateway, the user traffic will be forced to travel through a device controlled by the attacker. This will allow the attacker to capture traffic and gain company information. If the attacker changes the DNS server in the response, they can use their own DNS server to force traffic to selected hosts to go to a device they control. Again, this would allow the attacker to capture traffic and gain information.
VLAN hopping is an attack that allows an attacker to access network resources on a different VLAN without passing through a router. The attacker can create a packet with two VLAN headers on it and send it to a switch.
The switch port will strip off the first header and leave the second. The second header will be seen as the originating VLAN allowing the attacker access to a VLAN they are not connected to. This becomes a security concern because this hopping can be accomplished without passing through a router and its security access lists. For this reason, private VLANs and VACLs should be used to secure access between VLANs.
MAC flooding is an attach technique which attempts to fill a switch table so the attacker can capture flooded traffic sent from the switch. The concept of this attack is to use the CAM table limit to the attacker's advantage.
The attacker would send packets addressed from a large number of MAC addresses to the switch. The switch adds the source MAC address to the MAC address table. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case.
A rogue device is a device attached to the network that is not under the control of the organization. This term is normally used to mean a wireless device, perhaps an access point that is not operating as a part of the company's infrastructure. Employees may bring their own access points and connect them to the network so they can use their computer wirelessly. This creates a security gap since the device is probably not secured to protect the traffic. An attacker could connect a rogue access point to a company's network and capture traffic from outside the company's premises.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features
References:
Cisco > Products and Services > Switches > Cisco Catalyst 6500 Series Switches > Product Literature > White Papers > Cisco Catalyst 6500 Series Switches > VLAN Security White Paper
質問 77
......
300-410問題集PDFで300-410リアル試験問題解答:https://jp.fast2test.com/300-410-premium-file.html
実際に出る300-410最新の問題集練習テスト問題集:https://drive.google.com/open?id=1r22EN5ItOwvQtswIdaeGaoEszCrpFCtL