7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #101 Topic 1

How does an MPLS Layer 3 VPN function?

A. multiple customer sites interconnect through service provider network to create secure tunnels between customer edge devices

B. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity Most Voted

C. set of sites interconnect privately over the Internet for security

D. set of sites use multiprotocol BGP at the customer site for aggregation

Correct Answer: B

Community vote distribution

B (82%) A (18%)

Question #102 Topic 1

DRAG DROP -

Drag and drop the LDP features from the left onto the descriptions on the right.

Select and Place:

Correct Answer:

https://www.examtopics.com/exams/cisco/300-410/view/3/ 1/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #103 Topic 1

Which two protocols work in the control plane of P routers across the MPLS cloud? (Choose two.)

A. ECMP

B. LDP Most Voted

C. RSVP Most Voted

D. MPLS OAM

E. LSP

Correct Answer: BC

Community vote distribution

BC (100%)

Question #104 Topic 1

Refer to the exhibit. An engineer has configured DMVPN on a spoke router.

What is the WAN IP address of another spoke router within the DMVPN network?

A. 172.18.46.2 Most Voted

B. 172.18.16.2

C. 192.168.1.1

D. 192.168.1.4

Correct Answer: A

Community vote distribution

A (96%) 4%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 2/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #105 Topic 1

What are two functions of LDP? (Choose two.)

A. It advertises labels per Forwarding Equivalence Class. Most Voted

B. It uses Forwarding Equivalence Class. Most Voted

C. It is defined in RFC 3038 and 3039.

D. It requires MPLS Traffic Engineering.

E. It must use Resource Reservation Protocol.

Correct Answer: AB

Community vote distribution

AB (100%)

Question #106 Topic 1

DRAG DROP -

Drag and drop the operations from the left onto the locations where the operations are performed on the right.

Select and Place:

Correct Answer:

https://www.examtopics.com/exams/cisco/300-410/view/3/ 3/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #107 Topic 1

Which protocol does MPLS use to support traffic engineering?

A. TDP

B. RSVP Most Voted

C. LDP

D. BGP

Correct Answer: B

Community vote distribution

B (100%)

Question #108 Topic 1

An engineer configured a company's multiple area OSPF Head Office router and Site A Cisco routers with VRF lite. Each site router is connected to

a PE router of an MPLS backbone:

Head Office & Site A -

ip cef

ip vrf abc

rd 101:101

interface FastEthernet0/0

ip vrf forwarding abc

ip address 172.16.16.X 255.255.255.252

router ospf 1 vrf abc

log-adjacency-changes

network 172.16.16.0 0.0.0.255 area 1

After finishing both site router configurations, none of the LSA 3, 4, 5, and 7 are installed at Site A router.

Which configuration resolves this issue?

A. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf abc

B. configure capability vrf-lite on both PE routers connected to Head Office and Site A routers under router ospf 1 vrf abc

C. configure capability vrf-lite on Head Office and its connected PE router under router ospf 1 abc

D. configure capability vrf-lite on Head Office and Site A routers under router ospf 1 vrf abc Most Voted

Correct Answer: D

Community vote distribution

D (87%) 13%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 4/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #109 Topic 1

Refer to the exhibit. The Los Angeles and New York routers are receiving routers from Chicago but not from each other.

Which configuration fixes the issue?

A. interface Tunnel1 no ip split-horizon eigrp 111 Most Voted

B. interface Tunnel1 ip next-hop-self eigrp 111

C. interface Tunnel1 tunnel mode ipsec ipv4

D. interface Tunnel1 tunnel protection ipsec profile IPSec-PROFILE

Correct Answer: A

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 5/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #110 Topic 1

DRAG DROP -

Drag and drop the MPLS VPN device types from the left onto the definitions on the right.

Select and Place:

Correct Answer:

https://www.examtopics.com/exams/cisco/300-410/view/3/ 6/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #111 Topic 1

Refer to the exhibit. The network administrator configured VRF lite for customer A. The technician at the remote site misconfigured VRF on the

router.

Which configuration will resolve connectivity for both sites of customer_a?

A.

B.

C.

D.

https://www.examtopics.com/exams/cisco/300-410/view/3/ 7/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Correct Answer: D

Question #112 Topic 1

What does the PE router convert the IPv4 prefix to within an MPLS VPN?

A. eBGP path association between the PE and CE sessions

B. prefix that combines the ASN, PE router-id, and IP prefix

C. 48-bit route combining the IP and PE router-id

D. VPN-IPv4 prefix combined with the 64-bit route distinguisher Most Voted

Correct Answer: D

Community vote distribution

D (100%)

Question #113 Topic 1

Refer to the exhibit. Which interface configuration must be configured on the HUB router to enable MVPN with mGRE mode?

A. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.1.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1

tunnel source 172.17.0.1 ip nhrp map 10.0.0.11 172.17.0.2 ip nhrp map 10.0.0.12 172.17.0.3 tunnel mode gre

B. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1

tunnel source 10.0.0.1 tunnel mode gre multipoint

C. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp network-id 1 tunnel source 172.17.0.1

tunnel mode gre multipoint Most Voted

D. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1

tunnel source 10.0.0.1 tunnel destination 172.17.0.2 tunnel mode gre multipoint

Correct Answer: C

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 8/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #114 Topic 1

How are MPLS Layer 3 VPN services deployed?

A. The RD and RT values must match under the VRF.

B. The import and export RT values under a VRF must always be the same.

C. The label switch path must be available between the local and remote PE routers. Most Voted

D. The RD and RT values under a VRF must match on the remote PE router.

Correct Answer: C

Community vote distribution

C (80%) B (20%)

Question #115 Topic 1

Which IGPs are supported by the MPLS LDP autoconfiguration feature?

A. IS-IS and RIPv2

B. RIPv2 and OSPF

C. OSPF and EIGRP

D. OSPF and IS-IS Most Voted

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/15-s/mp-ldp-15-s-book/mp-ldp-autoconfig.pdf

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 9/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #116 Topic 1

Refer to the exhibit.

An engineer must establish multipoint GRE tunnels between hub router R6 and branch routers R1, R2, and R3.

Which configuration accomplishes this task on R1?

A. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre multipoint ip nhrp nhs 192.168.1.6 ip nhrp

map 192.168.1.6 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3

B. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/1 tunnel mode gre multipoint ip nhrp nhs 192.168.1.6 ip nhrp

map 192. 168.1.6 192.1.10.6

C. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs

192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.6 Most Voted

D. interface Tunnel 1 ip address 192.168.1.1 255. 255.255.0 tunnel source e0/1 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs

192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3

Correct Answer: C

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 10/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #117 Topic 1

How is VPN routing information distributed in an MPLS network?

A. The top level of the customer data packet directs it to the correct CE device.

B. It is established using VPN IPsec peers.

C. It is controlled through the use of RD.

D. It is controlled using of VPN target communities. Most Voted

Correct Answer: D

Reference:

https://www.ccexpert.us/mpls-design/chapter-5-packetbased-mpls-vpns.html

Community vote distribution

D (100%)

Question #118 Topic 1

IPv6 is enabled in the infrastructure to support customers with an IPv6 network over WAN and to connect the head office to branch offices in the

local network.

One of the customers is already running IPv6 and wants to enable IPv6 over the DMVPN network infrastructure between the headend and branch

sites.

Which configuration command must be applied to establish an mGRE IPv6 tunnel neighborship?

A. ipv6 nhrp holdtime 30

B. tunnel mode gre multipoint ipv6 Most Voted

C. ipv6 unicast-routing

D. tunnel protection mode ipv6

Correct Answer: B

Community vote distribution

B (100%)

Question #119 Topic 1

What is a characteristic of Layer 3 MPLS VPNs?

A. Traffic engineering capabilities provide QoS and SLAs. Most Voted

B. Traffic engineering supports multiple IGP instances.

C. LSP signaling requires the use of unnumbered IP links for traffic engineering.

D. Authentication is performed by using digital certificates or preshared keys.

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_te_diffserv/configuration/15-mt/mp-te-diffserv-15-mt-book/mp-te-diffserv-aw.html

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 11/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #120 Topic 1

How does an MPLS Layer 3 VPN differentiate the IP address space used between each VPN?

A. by RT

B. by address family

C. by RD Most Voted

D. by MP-BGP

Correct Answer: C

Community vote distribution

C (100%)

Question #121 Topic 1

Which OSI model is used to insert an MPLS label?

A. between Layer 2 and Layer 3 Most Voted

B. between Layer 5 and Layer 6

C. between Layer 1 and Layer 2

D. between Layer 3 and Layer 4

Correct Answer: A

Community vote distribution

A (100%)

Question #122 Topic 1

Which function does LDP provide in an MPLS topology?

A. It enables a MPLS topology to connect multiple VPNs to P routers.

B. It provides hop-by-hop forwarding in an MPLS topology for LSRs. Most Voted

C. It exchanges routes for MPLS VPNs across different VRFs.

D. It provides a means for LSRs to exchange IP routes.

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 12/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #123 Topic 1

Which mechanism provides traffic segmentation within a DMVPN network?

A. BGP

B. IPsec

C. MPLS Most Voted

D. RSVP

Correct Answer: C

Community vote distribution

C (64%) B (36%)

Question #124 Topic 1

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

A.

B.

C.

D.

Correct Answer: A

https://www.examtopics.com/exams/cisco/300-410/view/3/ 13/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #125 Topic 1

Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser.

What is needed to fix the problem?

A. permit tcp port 443 Most Voted

B. permit udp port 465

C. permit tcp port 465

D. permit tcp port 22

Correct Answer: A

Community vote distribution

A (100%)

Question #126 Topic 1

DRAG DROP -

Drag and drop the packet types from the left onto the correct descriptions on the right.

Select and Place:

Correct Answer:

https://www.examtopics.com/exams/cisco/300-410/view/3/ 14/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #127 Topic 1

DRAG DROP -

Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right.

Select and Place:

Correct Answer:

Question #128 Topic 1

Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using

TACACS+.

Which action produces the desired configuration?

A. Add the aaa authentication login default none command to the global configuration.

B. Replace the capital ‫ג‬€C‫ג‬€ with a lowercase ‫ג‬€c‫ג‬€ in the aaa authentication login Console local command.

C. Add the aaa authentication login default group tacacs+ local-case command to the global configuration.

D. Add the login authentication Console command to the line configuration Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 15/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #129 Topic 1

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and

finds the displayed output when troubleshooting.

Which command must be used in configuration mode to enable SSH on the device?

A. no ip ssh disable

B. ip ssh enable

C. ip ssh version 2

D. crypto key generate rsa Most Voted

Correct Answer: D

Community vote distribution

D (92%) 8%

Question #130 Topic 1

Which statement about IPv6 ND inspection is true?

A. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.

B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. Most Voted

C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.

D. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 16/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #131 Topic 1

While troubleshooting connectivity issues to a router, these details are noticed:

✑ Standard pings to all router interfaces, including loopbacks, are successful.

✑ Data traffic is unaffected.
✑ SNMP connectivity is intermittent.
✑ SSH is either slow or disconnects frequently.
Which command must be configured first to troubleshoot this issue?

A. show policy-map control-plane Most Voted

B. show policy-map

C. show interface | inc drop

D. show ip route

Correct Answer: A

Community vote distribution

A (100%)

Question #132 Topic 1

Refer to the exhibit. Why is user authentication being rejected?

A. The TACACS+ server expects ‫ג‬€user‫ג‬€, but the NT client sends ‫ג‬€domain/user‫ג‬€.

B. The TACACS+ server refuses the user because the user is set up for CHAP.

C. The TACACS+ server is down, and the user is in the local database.

D. The TACACS+ server is down, and the user is not in the local database. Most Voted

Correct Answer: D

Reference:

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13864-tacacs-

pppdebug.html

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 17/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #133 Topic 1

Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at

higher rate?

A. policy-map SHAPE_BGP

B. policy-map LIMIT_BGP

C. policy-map POLICE_BGP

D. policy-map COPP Most Voted

Correct Answer: D

Community vote distribution

D (71%) C (29%)

Question #134 Topic 1

Which statement about IPv6 RA Guard is true?

A. It does not offer protection in environments where IPv6 traffic is tunneled. Most Voted

B. It cannot be configured on a switch port interface in the ingress direction.

C. Packets that are dropped by IPv6 RA Guard cannot be spanned.

D. It is not supported in hardware when TCAM is programmed.

Correct Answer: A

Reference:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-ra-guard.pdf

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 18/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #135 Topic 1

An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing.

Which two actions resolve the issue? (Choose two.)

A. Configure transport input ssh command on the console.

B. Configure a domain name. Most Voted

C. Configure a crypto key to be generated. Most Voted

D. Configure a source port for the SSH connection to initiate.

E. Configure a TACACS+ server and enable it.

Correct Answer: BC

Community vote distribution

BC (90%) 10%

Question #136 Topic 1

When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols

start flapping on that device.

Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?

A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the

output direction.

B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the

input direction. Most Voted

C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the

input direction.

D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the

output direction.

Correct Answer: B

Community vote distribution

B (100%)

Question #137 Topic 1

In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)

A. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways

B. by various IPv6 guard features to validate the data link layer address Most Voted

C. by the recovery mechanism to recover the binding table in the event of a device reboot Most Voted

D. by IPv6 routing protocols to securely build neighborships without the need of authentication

E. by storing hashed keys for IPsec tunnels for the built-in IPsec features

Correct Answer: BC

Community vote distribution

BC (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 19/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #138 Topic 1

Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to

Router1 IPv6 address of 2001:DB8::1.

Which configuration allows Router2 to establish a Telnet connection to Router1?

A. ipv6 unicast-routing

B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address

C. permit ip any any on access list EGRESS2 on Router1

D. IPv6 address on GigabitEthernet0/0 Most Voted

Correct Answer: D

Community vote distribution

D (54%) B (25%) C (19%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 20/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #139 Topic 1

An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that

interface for a prefix that is available in the routing table.

Which interface configuration resolves the issue?

A. ip verify unicast source reachable-via l2-src

B. ip verify unicast source reachable-via allow-default

C. ip verify unicast source reachable-via any Most Voted

D. ip verify unicast source reachable-via rx

Correct Answer: C

Community vote distribution

C (100%)

Question #140 Topic 1

Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary

traffic through the interface

Which command must be configured to resolve the issue?

A. ip access-group INTERNET in

B. ipv6 traffic-filter INTERNET in Most Voted

C. ipv6 access-class INTERNET in

D. access-class INTERNET in

Correct Answer: B

Community vote distribution

B (92%) 8%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 21/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #141 Topic 1

Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?

A. VACL blocking broadcast frames from nonauthorized hosts

B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes Most Voted

C. PVLANs with community ports associated to route advertisements and isolated ports for nodes

D. IPv4 ACL blocking route advertisements from nonauthorized hosts

Correct Answer: B

Community vote distribution

B (94%) 6%

Question #142 Topic 1

Refer to the exhibit.

Which action resolves the failed authentication attempt to the router?

A. Configure aaa authorization console global command Most Voted

B. Configure aaa authorization console command on line vty 0 4

C. Configure aaa authorization login command on line console 0

D. Configure aaa authorization login command on line vty 0 4

Correct Answer: A

Reference:

https://community.cisco.com/t5/network-access-control/console-authorization-issue/td-p/2492619

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 22/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #143 Topic 1

Refer to the exhibit. A network administrator logs into the router using TACACS+ username and password credentials, but the administrator

cannot run any privileged commands.

Which action resolves the issue?

A. Configure the username from a local database

B. Configure TACACS+ synchronization with the Active Directory admin group

C. Configure an authorized IP address for this user to access this router

D. Configure full access for the username from TACACS+ server Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 23/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #144 Topic 1

Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot

communicate with the server.

Which action resolves this issue?

A. Correct the timeout value.

B. Match the authentication port. Most Voted

C. Correct the shared secret.

D. Match the accounting port.

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 24/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #145 Topic 1

Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only partial information.

What action should be taken to resolve this issue?

A. Modify the CoPP policy to increase the configured exceeded limit for SNMP.

B. Modify the access list to include snmptrap. Most Voted

C. Modify the CoPP policy to increase the configured CIR limit for SNMP.

D. Modify the access list to add a second line to allow udp any any eq snmp.

Correct Answer: B

Community vote distribution

B (92%) 8%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 25/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #146 Topic 1

Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log config all.

Which router configuration is needed to resolve this issue?

A. MASS-RTR(config)#aaa authentication arap

B. MASS-RTR(config-archive-log-cfg)#password encryption aes

C. MASS-RTR(config)#service password-encryption

D. MASS-RTR(config-archive-log-cfg)#hidekeys Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/3/ 26/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #147 Topic 1

Refer to the exhibit. BGP is flapping after the CoPP policy is applied.

What are the two solutions to fix the issue? (Choose two.)

A. Configure a higher value for CIR under the Class COPP-CRITICAL-7600.

B. Configure a higher value for CIR under the default class to allow more packets during peak traffic. Most Voted

C. Configure BGP in the COPP-CRITICAL-7600 ACL. Most Voted

D. Configure IP CEF for CoPP policy and BGP to work.

E. Configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600.

Correct Answer: BC

Community vote distribution

BC (89%) 11%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 27/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #148 Topic 1

Refer to the exhibit. A network administrator configured an IPv6 access list to allow TCP return traffic only, but it is not working as expected.

Which changes resolve this issue?

A.

B.

C.

D.

Correct Answer: A

https://www.examtopics.com/exams/cisco/300-410/view/3/ 28/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #149 Topic 1

What are two functions of IPv6 Source Guard? (Choose two.)

A. It works independent from IPv6 neighbor discovery.

B. It denies traffic from unknown sources or unallocated addresses. Most Voted

C. It uses the populated binding table to allow legitimate traffic. Most Voted

D. It denies traffic by inspecting neighbor discovery packets for specific patterns.

E. It blocks certain traffic by inspecting DHCP packets for specific sources.

Correct Answer: BC

Community vote distribution

BC (88%) 13%

https://www.examtopics.com/exams/cisco/300-410/view/3/ 29/30
7/3/25, 4:26 PM 300-410 Exam - Free Actual Q&As, Page 3 | ExamTopics

Question #150 Topic 1

Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.)

A. Remove class-map ANY from service-policy CoPP. Most Voted

B. Configure transport output ssh on line vty and remove sequence 20 from access list 100.

C. Configure transport input ssh on line vty and remove sequence 30 from access list 100. Most Voted

D. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199.

E. Configure transport output ssh on line vty and remove sequence 10 from access list 199.

Correct Answer: AC

Community vote distribution

AC (78%) BC (22%)

 Previous Questions Next Questions 

Browse atleast 50% to increase passing rate

Viewing page 3 out of 13 pages.

Viewing questions 101-150 out of 620 questions

https://www.examtopics.com/exams/cisco/300-410/view/3/ 30/30