|Exam Name||:||Implementing Cisco Data Center Core Technologies (DCCOR)|
|Questions and Answers||:||195 Q & A|
|Updated On||:||Click to Check Update|
|PDF Download Mirror||:||350-601 Brain Dump|
|Get Full Version||:||Pass4sure 350-601 Full Version|
A network engineer must implement RBAC on Cisco MDS 9000 Series Multilayer Switches.
Drag and drop the Cisco MDS 9000 Series roles from the left onto the correct categories on the right.
Which two roles can be used to configure LAN connectivity policies? (Choose two.)
Which feature of enabling port security on a Cisco MDS 9000 Series Switch must be considered?
It can be distributed by using Cisco Fabric Services.
It authorizes only the configured sWWN to participate in the fabric.
It always learns about switches that are logging in.
It binds the fabric at the switch level.
An engineer is implementing security on the Cisco MDS 9000 switch.
Drag and drop the descriptions from the left onto the correct security features on the right.
An engineer has a primary fabric that is named UCS-A and a secondary fabric that is named UCS-B. A certificate request that has a subject name of sjc2016 for a keyring that is named kr2016 needs to be created. The cluster IP address is 10.68.68.68.
Which command set creates this certificate request?
UCS-A # scope keyring kr2016
UCS-A /keyring # create certreq 10.68.68.68 sjc2016
UCS-A /keyring* # commit-buffer
UCS-B # scope keyring kr2016
UCS-B /keyring # create certreq ip 10.68.68.68 subject-name sjc2016 UCS- B /keyring* # commit-both
UCS-B# scope security
UCS-B /security # scope keyring kr2016
UCS-B /security/keyring # set certreq 10.68.68.68 sjc2016
UCS-B /security/keyring* # commit-both
UCS-A# scope security
UCS-A /security # scope keyring kr2016
UCS-A /security/keyring # create certreq ip 10.68.68.68 subject-name sjc2016 UCS- A /security/keyring* # commit-buffer
zone-based access control
Kerberos-based security model
block-based file access
role-based access control
Which statement is true?
Port security can be enabled only globally and affects all VSANs.
Any devices currently logged in must be added manually to the device database.
Auto-learning is always enabled automatically when port security is enabled.
Cisco Fabric Services must be disabled before enabling port security.
When a strict CoPP policy is implemented, which statement describes an event during which packets are dropped?
A large system image is copied to a switch by using the default VRF.
Fifteen SSH sessions remain connected to the switch.
A ping sweep is performed on a network that is connected through a switch.
A web server that is connected to a switch is affected by a DDoS attack.
A host in EPG Client wants to talk to a webserver in EPG Web. A contract with default settings is defined between EPG Client and EPG Web, which allows TCP communication initiated by the client toward the webserver with TCP destination port 80.
Which statement is true?
If EPG Web is made a preferred group member, a contract between EPG Client and EPG Web is no longer required for the host in EPG Client to reach the webserver in EPG Web.
If vzAny is configured to consume and provide a "deny all" contract, traffic between EPG Client and EPG Web is no longer allowed.
The host in EPG Client can connect to TCP destination port 80 on the webserver in EPG Web. The webserver will not be able to initiate a separate TCP connection to a host port with TCP source port 80.
The host in EPG Client can connect to TCP destination port 80 on the webserver in EPG Web. The webserver can initiate a separate TCP connection to a host port with TCP source port 80.
An engineer is running an ACI fabric, has VMM integration with VMware vCenter, and wants to enable microsegmentation based on vCenter VM attributes. Which statement about microsegmentation is true?
ACI does not support microsegmentation based on vCenter VM attributes. You should use network attributes for microsegmentation.
When enabled, microsegmentation performs distributed switching and routing on the ESXi hosts.
Microsegmentation is supported only using AVE or AVS.
An ACI microsegmented EPG automatically creates a port group with a private VLAN configured on a VMware vCenter distributed virtual switch.
Drag and drop the storage technologies from the left onto the correct descriptions on the right.
local C. 802.1X
Refer to the exhibit.
What is the result of implementing this configuration?
The switch queries the TACACS+ server by using an encrypted text PAP login.
The TACACS+ server uses the type-6 encrypted format.
The switch queries the TACACS+ server by using a clear text PAP login.
The timeout value on the TACACS+ server is 10 seconds.
Refer to the exhibit.
Which setting must be configured to prevent the reuse of passwords?
No Change Interval