首页 > 题库 > 350-401

2026 思科CCNP 350-401 ENCOR考试题库与答案解析｜最新学习资料

问题 #1

Which definition describes JWT in regard to REST API security?

A. an encrypted JSON token that is used for authentication

B. an encrypted JSON token that is used for authorization

C. an encoded JSON token that is used to securely exchange information

D. an encoded JSON token that is used for authentication

正确答案：C

问题 #2

Which deployment option of Cisco NGFW provides scalability?

A. Tap

B. high availability

C. clustering

D. inline tap

正确答案：C

问题 #3

What are two characteristics of a directional antenna? (Choose two.)

A. high gain

B. low gain

C. provides the most focused and narrow beam-width

D. commonly used to cover large areas

E. receive signals equally from all directions

正确答案：AC

问题 #4

An engineer must protect their company against ransomware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

A. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

B. Use Cisco AMP deployment with the Exploit Prevention engine enabled.

C. Use Cisco Firepower and block traffic to TOR networks.

D. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

正确答案：A

问题 #5

Which language defines the structure or modeling of data for NETCONF and RESTCONF?

A. XML

B. YAML

C. YANG

D. JSON

正确答案：C

问题 #6

Which two methods are used to assign security group tags to the user in a Cisco TrustSec architecture? (Choose two.)

A. web authentication

B. IEEE 802.1X

C. modular QoS

D. policy routing

E. DHCP

正确答案：AB

问题 #7

Which two mechanisms are used with OAuth 2.0 for enhanced validation? (Choose two.)

A. custom headers

B. request management

C. accounting

D. authorization

E. authentication

正确答案：DE

问题 #8

Which access control feature does MAB provide?

A. network access based on the physical address of a device

B. simultaneous user and device authentication

C. allows devices to bypass authentication

D. user access based on IP address

正确答案：A

问题 #9

What is the calculation that is used to measure the radiated power of a signal after it has gone through the radio, antenna cable, and antenna?

A. mW

B. EIRP

C. dBi

D. dBm

正确答案：B

问题 #10

What is the purpose of data modeling languages?

A. to provide a framework to describe data flow patterns in networks

B. to translate encoded data for interoperability between different CPU architectures

C. to specify algorithms necessary to decode binary-encoded protocol data units

D. to describe a data schema convertible into any data encoding format

正确答案：D

问题 #11

A script contains the statement "while loop !=999:" Which value terminates the loop?

A. A value greater than or equal to 999.

B. A value not equal to 999.

C. A value equal to 999.

D. A value less than or equal to 999.

正确答案：C

问题 #12

How is Layer 3 roaming accomplished in a unified wireless deployment?

A. An EoIP tunnel is created between the client and the anchor controller to provide seamless connectivity as the client is associated with the new AP.

B. The new controller assigns an IP address from the new subnet to the client.

C. The client entry on the original controller is passed to the database on the new controller.

D. The client database on the original controller is updated with the anchor entry, and the new controller database is updated with the foreign entry.

正确答案：D

问题 #13

Which component does Cisco Threat Defense use to measure bandwidth, application performance, and utilization?

A. Advanced Malware Protection for Endpoints

B. TrustSec

C. NetFlow

D. Cisco Umbrella

正确答案：C

问题 #14

Which feature is available to clients using Layer 2 roaming in a wireless infrastructure?

A. Roam to a different wireless controller that is on a different subnet and maintain the same IP address.

B. Associate to a new access point on a different wireless controller and change the IP address without connectivity interruption.

C. Associate to a new access point on the same wireless controller and change the IP address without connectivity interruption.

D. Roam to a different wireless controller that shares the same subnet and maintain the same IP address.

正确答案：D

问题 #15

Which AP mode analyzes the spectrum to detect sources of interference?

A. Monitor

B. SE-Connect

C. Rogue detector

D. Sniffer

正确答案：B

问题 #16

What is the function of an intermediate node in a Cisco SD-Access fabric?

A. to route packets within the fabric based on the Layer 3 information in the header

B. to provide an entry and exit point between the fabric and external resources

C. to encapsulate and de-encapsulate packets with a VXLAN header

D. to provide reachability between fabric clients and nonfabric clients on the same subnet

正确答案：A

问题 #17

Which two functions is an edge node responsible for? (Choose two.)

A. provides a host database that maps endpoint IDs to a current location

B. provides the default exit point for fabric traffic

C. provides the default entry point for fabric traffic

D. provides multiple entry and exit points for fabric traffic

E. authenticates endpoints

正确答案：DE

问题 #18

In a Cisco SD-Access network architecture, which access layer cabling design is optimal for the underlay network?

A. Switches are cross-linked at the same layer and have a single connection to each upstream distribution device.

B. Switches are connected to each upstream distribution and core device.

C. Switches are connected to each upstream distribution device.

D. Switches are cross-linked to devices at the same layer and at the upstream and downstream devices.

正确答案：C

问题 #19

Which technology collects location information through data packets received by the APs instead of using mobile device probes?

A. Hyperlocation

B. RF fingerprinting

C. detect and locate

D. FastLocate

正确答案：D

问题 #20

How does Cisco DNA Center perform a network discovery?

A. using ICMP

B. using SNMP

C. through a DHCP server

D. using CDP with a seed IP address

正确答案：D

问题 #21

Which tool functions in a push model, supports languages like Python or Ruby, and does not require an agent to be installed per host?

A. Chef

B. Saltstack

C. Puppet

D. Ansible

正确答案：D

问题 #22

Which data format can be used for an API request?

A. JSON

B. HTML

C. PERL

D. Python

正确答案：A

问题 #23

What happens when a FlexConnect AP changes to standalone mode?

A. All clients on all WLANs are disconnected.

B. Only clients on central switching WLANs stay connected.

C. All controller-dependent activities stop working except the DFS.

D. All client roaming continues to work.

正确答案：C

问题 #24

which AP mode allows a supported AP to function like a WLAN client would, associating and identifying client connectivity issues?

A. client mode

B. SE-connect mode

C. sensor mode

D. sniffer mode

正确答案：C

问题 #25

Which JSON syntax is valid?

A. {'switch':('name': 'dist1', 'interfaces': ['gig1', 'gig2', 'gig3'])}

B. {/"switch/": {/"name/": "dist1", /"interfaces/": ["gig1", "gig2", "gig3"]}}

C. {"switch": "name": "dist1", "interfaces": ["gig1", "gig2", "gig3"]}

D. {"switch": {"name": "dist1", "interfaces": ["gig1", "gig2", "gig3"]}}

正确答案：D

问题 #26

What is a benefit of Cisco TrustSec in a multilayered LAN network design?

A. There is no requirement to run IEEE 802.1X when MACsec is enabled on a switch port.

B. Application flows between hosts on the LAN to remote destinations can be encrypted.

C. Layer 2 trunk links between switches can be secured.

D. Layer 3 links between switches can be secured.

正确答案：C

问题 #27

What is one benefit of adopting a data modeling language?

A. augmenting the use of management protocols like SNMP for status subscriptions

B. refactoring vendor and platform specific configurations with widely compatible configurations

C. augmenting management process using vendor centric actions around models

D. deploying machine-friendly codes to manage a high number of devices

正确答案：B

问题 #28

Which security feature does stateless authentication and authorization use for REST API calls?

A. cookie-based session authentication

B. SSL/TLS certificate encryption

C. OAuth 2 tokens

D. API keys

正确答案：C

问题 #29

An engineer must create an EEM applet that sends a syslog message in the event a change happens in the network due to trouble with an OSPF process. Which action should the engineer use? event manager applet LogMessage event routing network 172.30.197.0/24

A. action 1 syslog msg "OSPF ROUTING ERROR"

B. action 1 syslog send "OSPF ROUTING ERROR"

C. action 1 syslog pattern "OSPF ROUTING ERROR"

D. action 1 syslog write "OSPF ROUTING ERROR"

正确答案：A

问题 #30

A company recently decided to use RESTCONF instead of NETCONF, and many of their NETCONF Scripts contain the operation (operation="create"). Which RESTCONF operation must be used to replace these statements?

A. GET

B. PUT

C. POST

D. CREATE

正确答案：C

问题 #31

An engineer must configure a new WLAN that supports 802.11r and requires users to enter a passphrase. What must be configured to support this requirement?

A. 802.1X and SUITEB-1X

B. FT PSK and SUITEB-1X

C. 802.1X and Fast Transition

D. FT PSK and Fast Transition

正确答案：D

问题 #32

What is a fact about Cisco EAP-FAST?

A. It requires a client certificate.

B. It is an IETF standard.

C. It does not require a RADIUS server certificate.

D. It operates in transparent mode.

正确答案：C

问题 #33

Which two operational modes enable an AP to scan one or more wireless channels for rogue access points and at the same time provide wireless services to clients? (Choose two.)

A. Monitor

B. Local

C. rogue detector

D. sniffer

E. FlexConnect

正确答案：BE

问题 #34

Which authorization framework gives third-party applications limited access to HTTP services?

A. Basic Auth

B. GRE

C. OAuth 2.0

D. IPsec

正确答案：C

问题 #35

What does the statement print (format(0.8,'.0%')) display?

A. 80%

B. 8%

C. 8.8%

D. .08%

正确答案：A

问题 #36

Which feature is offered by the Cisco Advanced Malware Protection for Endpoints solution?

A. TrustSec

B. File Sandboxing

C. NetFlow

D. DNS Protection

正确答案：B

问题 #37

Which type of tunnel is required between two WLCs to enable intercontroller roaming?

A. mobility

B. LWAPP

C. IPsec

D. CAPWAP

正确答案：A

问题 #38

Which Cisco WLC feature allows a wireless device to perform a Layer 3 roam between two separate controllers without changing the client IP address?

A. GRE tunnel

B. mobile IP

C. mobility tunnel

D. LWAPP tunnel

正确答案：C

问题 #39

Which function is performed by vSmart in the Cisco SD-WAN architecture?

A. aggregation and distribution of VPN routing information

B. redistribution between OMP and other routing protocols

C. facilitation of NAT detection and traversal

D. execution of localized policies

正确答案：A

问题 #40

Which two protocols are used with YANG data models? (Choose two.)

A. RESTCONF

B. SSH

C. NETCONF

D. HTTPS

E. TLS

正确答案：AC

问题 #41

What are two benefits of virtualizing the server with the use of VMs in a data center environment? (Choose two)

A. reduced rack space, power, and cooling requirements

B. reduced IP and MAC address requirements

C. smaller Layer 2 domain

D. increased security

E. speedy deployment

正确答案：AE

问题 #42

Which new security enhancement is introduced by deploying a next-generation firewall at the data center in addition to the Internet edge?

A. firewall protection of the east-west traffic at the data center

B. DDoS protection

C. firewall protection of the south-north traffic at the data center

D. virtual private network for remote access

正确答案：A

问题 #43

In a Cisco SD-Access solution, which protocol is used by an extended node to connect to a single edge node?

A. VXLAN

B. IS-IS

C. 802.1Q

D. CTS

正确答案：C

问题 #44

What are two best practices when designing a campus Layer 3 infrastructure? (Choose two.)

A. Implement security features at the core.

B. Configure passive-interface on nontransit links.

C. Summarize routes from the aggregation layer toward the core layer.

D. Summarize from the access layer toward the aggregation layer.

E. Tune Cisco Express Forwarding load balancing hash for ECMP routing.

正确答案：CD

问题 #45

Which solution supports end-to-end line-rate encryption between two sites?

A. MACsec

B. IPsec

C. GRE

D. TrustSec

正确答案：B

问题 #46

Which feature allows HSRP to failover from the active route processor to the standby route processor without loss of data or path change?

A. stateful switchover

B. preemption

C. IP SLA tracking

D. HSRP tracking

正确答案：A

问题 #47

Which location tracking method is used when locating client devices using Cisco hyperlocation?

A. line of sight

B. TTL

C. location patterning

D. angle of arrival

正确答案：D

问题 #48

Which framework is used for third-party authorization?

A. OAuth

B. API keys

C. SOAP

D. custom tokens

正确答案：A

问题 #49

Which protocol does Cisco DNA Center SDK use to discover the topology of non-Cisco devices in a network?

A. LLDP

B. CDP

C. SSH

D. Telnet

正确答案：A

问题 #50

What is a client considered when it is in web authentication state and roams between two controllers with mobility tunnels?

A. New

B. Foreign

C. Mobile

D. Anchor

正确答案：A

问题 #51

Which Cisco SD-WAN component is responsible for distributing data plane traffic policies?

A. vBond

B. vManage

C. vSmart

D. WAN edge

正确答案：C

问题 #52

In a high-density AP environment, which feature can be used to reduce the RF cell size and not demodulate radio packets above a given threshold?

A. RX-SOP

B. 802.11k

C. RRM

D. FRA

正确答案：A

问题 #53

Why would an architect use an OSPF virtual link?

A. to merge two existing Area 0s through a nonbackbone

B. to allow a stub area to transit another stub area

C. to connect two networks that have overlapping private IP address space

D. to connect a nonbackbone area to Area 0 through another nonbackbone area

正确答案：D

查看更多题库 »