3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #351 Topic 1

How is a preshared key “Test” for all the remote VPN routers configured in a DMVPN using GRE over IPsec set up?

A. authentication pre-share Test address 0.0.0.0 0.0.0.0

B. set pre-share Test address 0.0.0.0 0.0.0.0

C. crypto ipsec key Test address 0.0.0.0 0.0.0.0

D. crypto isakmp key Test address 0.0.0.0 0.0.0.0 Most Voted

Correct Answer: D

Community vote distribution

D (100%)

Question #352 Topic 1

Refer to the exhibit. An engineer is trying to get 192.168.32.100 forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action

forwards the packets through 10.1.1.1?

A. Configure EIGRP to receive 192.168.32.0 route with lower metric.

B. Configure EIGRP to receive 192.168.32.0 route with lower admin distance.

C. Configure EIGRP to receive 192.168.32.0 route with longer prefix than /19.

D. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24. Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 1/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #353 Topic 1

What is a characteristic of IPv6 RA Guard?

A. It filters rogue RA broadcasts from connected hosts.

B. It is supported on the egress direction of the switch.

C. RA messages are allowed from the host port to the switch.

D. It is unable to protect tunneled traffic. Most Voted

Correct Answer: D

Community vote distribution

D (100%)

Question #354 Topic 1

A network administrator is troubleshooting a failed AAA login issue on a Cisco Catalyst c3560 switch. When the network administrator tries to log

in with SSH using TACACS+ username and password credentials, the switch is no longer authenticating and is failing back to the local account.

Which action resolves this issue?

A. Configure ip tacacs-server source-interface GigabitEthernet 1/1.

B. Configure ip tacacs source-ip 192.168.100.55.

C. Configure ip tacacs source-interface GigabitEthernet 1/1. Most Voted

D. Configure ip tacacs-server source-ip 192.168.100.55.

Correct Answer: C

Community vote distribution

C (100%)

Question #355 Topic 1

Which two solutions are used to overcome a flapping link that causes a frequent label binding exchange between MPLS routers? (Choose two.)

A. Increase input queue on links to protect the session.

B. Increase a hold-timer to protect the session.

C. Increase a session delay to protect the session.

D. Create link dampening on links to protect the session. Most Voted

E. Create targeted hellos to protect the session. Most Voted

Correct Answer: DE

Community vote distribution

DE (69%) BE (21%) 10%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 2/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #356 Topic 1

Refer to the exhibit. An engineer must filter EIGRP updates that are received to block all 10.10.10.0/24 prefixes. The engineer tests the distribute

list and finds one associated prefix. Which action resolves the issue?

A. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 255.255.255.0.

B. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 0.0.0.255. Most Voted

C. There is a permit in the route map that allows this prefix. A deny 20 statement is required with a match condition to match a new ACL that

denies all prefixes.

D. There is a permit in the route map that allows this prefix. A deny 20 statement is required with no match condition to block the prefix.

Correct Answer: B

Community vote distribution

B (88%) 13%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 3/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #357 Topic 1

A network engineer must configure a DMVPN network so that a spoke establishes a direct path to another spoke if the two must send traffic to

each other. A spoke must send traffic directly to the hub if required. Which configuration meets this requirement?

A. At the hub router:

interface tunnel10

ip nhrp nhs dynamic multipoint

ip nhrp nhs shortcut

tunnel mode gre multicast

On the spokes router:

interface tunnel10

ip nhrp nhs multicast dynamic

ip nhrp nhs redirect

tunnel mode gre multicast

B. At the hub router:

interface tunnel10

ip nhrp map dynamic multipoint

ip nhrp redirect

tunnel mode gre multicast

On the spokes router:

interface tunnel10

ip nhrp map multicast dynamic

ip nhrp shortcut

tunnel mode gre multicast

C. At the hub router:

interface tunnel10

ip nhrp nhs multicast dynamic

ip nhrp nhs shortcut

tunnel mode gre multipoint

On the spokes router:

interface tunnel10

ip nhrp nhs multicast dynamic

ip nhrp nhs redirect

tunnel mode gre multipoint

D. At the hub router:

interface tunnel10

ip nhrp map multicast dynamic

ip nhrp redirect

tunnel mode gre multipoint

On the spokes router:

interface tunnel10

ip nhrp map multicast dynamic

ip nhrp shortcut

tunnel mode gre multipoint Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 4/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #358 Topic 1

The network administrator configured R1 to authenticate Telnet connections based on Cisco ISE using TACACS+. ISE has been configured with an

IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.

The administrator has configured this on R1:

aaa new-model

tacacs server ISE1

address ipv4 192.168.1.5

key Cisco123

aaa group server tacacs+ TAC-SERV

server name ISE1

aaa authentication login telnet group TAC-SERV

The network administrator cannot authenticate to R1 based on ISE. Which configuration fixes the issue?

A. line vty 0 4

login authentication TAC-SERV

B. tacacs-server host 192.168.1.5 key Cisco123

C. ip tacacs-server host 192.168.1.5 key Cisco123

D. line vty 0 4

login authentication telnet Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 5/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #359 Topic 1

The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE using RADIUS. ISE has been configured with

an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.

The administrator has configured this on R1:

aaa new-model

radius server ISE1

address ipv4 192.168.1.5

key Cisco123

aaa group server tacacs+ RAD-SERV

server name ISE1

aaa authentication login default group RAD-SERV

The network administrator cannot authenticate to access R1 based on ISE. Which set of configurations fixes the issue?

A. line vty 0 4

login authentication RAD-SERV

B. aaa group server tacacs+ ISE1

server name RAD-SERV

C. aaa group server radius RAD-SERV

server name ISE1 Most Voted

D. line vty 0 4

login authentication default

Correct Answer: C

Community vote distribution

C (100%)

Question #360 Topic 1

Which IPv6 first-hop security feature helps to minimize denial of service attacks?

A. IPv6 Router Advertisement Guard

B. IPv6 Destination Guard Most Voted

C. DHCPv6 Guard

D. IPv6 MAC address filtering

Correct Answer: B

Community vote distribution

B (80%) A (20%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 6/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #361 Topic 1

Refer to the exhibit. A network engineer is troubleshooting a failed link between R2 and R3. No traffic loss is reported from router R5 to HQ. Which

command fixes the separated backbone?

A. R3(config-router)#area 21 virtual-link 192.168.125.5

B. R2(config-router)#area 21 virtual-link 192.168.125.5

C. R3(config-router)#no area 21 stub Most Voted

D. R2(config-router)#no area 21 stub

Correct Answer: C

Community vote distribution

C (100%)

Question #362 Topic 1

A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321 router. However, the SSH response from the router is

abnormal and stuck during the high link utilization. The problem is identified as SSH traffic does not match in the ACL. Which action resolves the

issue?

A. Apply CoPP on the control plane interface. Most Voted

B. Apply CoPP on the WAN interface inbound direction.

C. Rate-limit SSH traffic to ensure dedicated bandwidth.

D. Increase the IP precedence value of SSH traffic to 6.

Correct Answer: A

Community vote distribution

A (90%) 10%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 7/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #363 Topic 1

Refer to the exhibit. The network administrator must configure Cape Town to reach Dubai via Tokyo based on the speeds provided by the service

provider. It was noticed that Cape Town is reaching Dubai directly and failed to meet the requirement. Which configuration fixes the issue?

A. CapeTown -

router eigrp 100

variance 2

B. CapeTown -

interface E 0/0

bandwidth 5000

interface E 0/1

bandwidth 10000

C. CapeTown -

interface E 0/0

bandwidth 5000

interface E 0/1

bandwidth 10000

Dubai -

interface E 0/0

bandwidth 50000

https://www.examtopics.com/exams/cisco/300-410/view/8/ 8/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

interface E 0/1

bandwidth 5000

Tokyo -

interface E 0/0

bandwidth 50000

interface E 0/1

bandwidth 10000

Most Voted

D. Dubai -

router eigrp 100

variance 2

Correct Answer: C

Community vote distribution

C (93%) 7%

Question #364 Topic 1

DRAG DROP

Drag and drop the ICMPv6 neighbor discovery messages from the left onto the correct packet types on the right.

Correct Answer:

https://www.examtopics.com/exams/cisco/300-410/view/8/ 9/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #365 Topic 1

Refer to the exhibit. An engineer must configure a LAN-to-LAN IPsec VPN between R1 and the remote router. Which IPsec Phase 1 configuration

must the engineer use for the local router?

A. crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

crypto isakmp key cisco123 address 200.1.1.3 Most Voted

B. crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

crypto isakmp key cisco123! address 199.1.1.1

C. crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

crypto isakmp key cisco123 address 199.1.1.1

D. crypto isakmp policy 5

authentication pre-share

encryption 3des

hash md5

group 2

crypto isakmp key cisco123 address 200.1.1.3

Correct Answer: A

Community vote distribution

A (91%) 9%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 10/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #366 Topic 1

Refer to the exhibit. A shoe retail company implemented the uRPF solution for an antispoofing attack. A network engineer received the call that

the branch A server is under an IP spoofing attack. Which configuration must be implemented to resolve the attack?

A. R4 -

interface ethernet0/1

ip verify unicast source reachable-via any allow-default allow-self-ping

B. R4 -

interface ethernet0/1

ip unicast RPF check reachable-via any allow-default allow-self-ping

C. R3 -

interface ethernet0/1

ip verify unicast source reachable-via any allow-default allow-self-ping Most Voted

D. R3 -

interface ethernet0/1

ip unicast RPF check reachable-via any allow-default allow-self-ping

Correct Answer: C

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 11/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #367 Topic 1

Refer to the exhibit. An engineer configures two ASBRs, 10.4.17.6 and 10.4.15.5, in an OSPF network to redistribute routes from EIGRP. However,

both ASBRs show the EIGRP routes as equal costs even though the next-hop router 10.4.17.6 is closer to R1. How should the network traffic to the

EIGRP prefixes be sent via 10.4.17.6?

A. The administrative distance should be raised to 120 from the ASBR 10.4.17.6.

B. The redistributed prefixes should be advertised as Type 1. Most Voted

C. The ASBR 10.4.17.6 should assign a tag to match and assign a lower metric on R1.

D. The administrative distance should be raised to 120 from the ASBR 10.4.15.5.

Correct Answer: B

Community vote distribution

B (93%) 7%

Question #368 Topic 1

Which component of MPLS VPNs is used to extend the IP address so that an engineer is able to identify to which VPN it belongs?

A. RT

B. RD Most Voted

C. LDP

D. VPNv4 address family

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 12/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #369 Topic 1

Refer to the exhibit. An engineer noticed that the router log messages do not have any information about when the event occurred. Which action

should the engineer take when enabling service time stamps to improve the logging functionality at a granular level?

A. Configure the debug uptime option.

B. Configure the msec option. Most Voted

C. Configure the timezone option.

D. Configure the log uptime option.

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 13/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #370 Topic 1

Refer to the exhibit. An engineer configured SNMP Communities on UserSW2 switch, but the SNMP server cannot upload modified configurations

to the switch. Which configuration resolves this issue?

A. snmp-server community CiscoUs3r RW 11

B. snmp-server community Ciscowruser RW 11 Most Voted

C. snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 22

D. snmp-server group NETVIEW v2c priv read NETVIEW access 11

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 14/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #371 Topic 1

Refer to the exhibit. An engineer must extend VRF-Lite over a trunk to another switch for VLAN 70 (10.70.70.0/24) on port GigabitEtheret0/0 and

VLAN 80 (10.80.80.0/24) on port GigabitEthernet0/1. Which configuration accomplishes this objective?

A. interface GigabitEthernet0/0

no switchport

ip vrf forwarding 70

ip address 10.70.70.1 255.255.255.0

interface GigabitEthernet0/1

no switchport

ip vrf forwarding 80

ip address 10.80.80.1 255.255.255.0

B. interface GigabitEthernet0/0

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 70

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 80

Most Voted

C. interface GigabitEthernet0/0

switchport mode access

switchport access vlan 70

ip vrf forwarding 70

interface GigabitEthernet0/1

switchport mode access

switchport access vlan 80

ip vrf forwarding 80

D. interface GigabitEthernet0/0

switchport mode access

switchport access vlan 70

interface GigabitEthernet0/1

switchport mode access

switchport access vlan 80

Correct Answer: B

https://www.examtopics.com/exams/cisco/300-410/view/8/ 15/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Community vote distribution

B (87%) 13%

Question #372 Topic 1

Refer to the exhibit. An administrator must configure the router with OSPF for IPv4 and IPv6 networks under a single process. The OSPF

adjacencies are not established and did not meet the requirement. Which action resolves the issue?

A. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv4 address, and remove process 10 from the global

configuration.

B. Replace OSPF process 10 on the interfaces with OSPF process 1, and configure an additional router ID with IPv6 address.

C. Replace OSPF process 10 on the interfaces with OSPF process 1, and remove process 10 from the global configuration. Most Voted

D. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv6 address, and remove process 10 from the global

configuration.

Correct Answer: C

Community vote distribution

C (100%)

Question #373 Topic 1

What is the purpose of an OSPF sham-link?

A. to allow inter-area routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network

B. to allow intra-area routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network

C. to correct OSPF backdoor routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network Most Voted

D. to correct OSPF backdoor routing when OSPF is used as the PE-PE connection protocol in an MPLS VPN network

Correct Answer: C

Community vote distribution

C (71%) D (27%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 16/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #374 Topic 1

Refer to the exhibit. An engineer configured NetFlow on R1, but the flows do not reach the NMS server from R1. Which configuration resolves this

issue?

A. R1(config)#flow monitor FlowMonitort1

R1(config-flow-monitor)#destination 10.66.66.66

B. R1(config)#interface Ethernet0/0

R1(config-if)#ip flow monitor Flowmonitor1 input

R1(config-if)#ip flow monitor Flowmonitor1 output

C. R1(config)#interface Ethernet0/1

R1(config-if)#ip flow monitor Flowmonitor1 input

R1(config-if)#ip flow monitor Flowmonitor1 output

D. R1(config)#flow exporter FlowExporter1

R1(config-flow-exporter)#destination 10.66.66.66 Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 17/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #375 Topic 1

Refer to the exhibit. A network administrator is tasked to permit http and https traffic only toward the internet from the User1 laptop to adhere to

company’s security policy. The administrator can still ping to www.cisco.com. Which interface should the access list 101 be applied to resolve

this issue?

A. Interface G0/0 in the outgoing direction.

B. Interface G0/0 in the incoming direction. Most Voted

C. Interface S1/0 in the outgoing direction.

D. Interface G0/48 in the incoming direction.

Correct Answer: B

Community vote distribution

B (100%)

Question #376 Topic 1

An engineer configured routing between multiple OSPF domains and introduced a routing loop that caused network instability. Which action

resolves the problem?

A. Set a tag using the redistribute command toward a domain and deny inbound in the other domain by a matching tag. Most Voted

B. Set a tag using the redistribute command toward a different domain and deny the matching tag when exiting from that domain.

C. Set a tag using the network command in a domain and use the route-map command to deny the matching tag when exiting toward a

different domain.

D. Set a tag using the network command in a domain and use the route-map command to deny the matching tag when entering into a different

domain.

Correct Answer: A

Community vote distribution

A (55%) B (26%) D (19%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 18/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #377 Topic 1

Refer to the exhibit. A network engineer received a call from the vendor for a failed attempt to remotely log in to their managed router loopback

interface from 192.168.40.15. Which action must the network engineer take to resolve the issue?

A. The source IP summarization must be updated to include the vendor source IP address. Most Voted

B. The time-range configuration must be changed to use absolute instead of periodic.

C. The EIGRP configuration must be updated to include a network statement for loopback 100.

D. The IP access list VENDOR must be applied to interface loopback 100.

Correct Answer: A

Community vote distribution

A (95%) 5%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 19/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #378 Topic 1

DRAG DROP

Drag and drop the descriptions from the left onto the corresponding MPLS components on the right.

Correct Answer:

Question #379 Topic 1

Network operations report issues with receiving too many external routes, which caused CPU spike on routers with smaller memories. Which

action resolves the issue?

A. Configure the area range command when redistributing on ASBR.

B. Configure the summary-address command when redistributing on ABR.

C. Configure the area range command when redistributing on ABR.

D. Configure the summary-address command when redistributing on ASBR. Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 20/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #380 Topic 1

Refer to the exhibit. An engineer must configure OSPF with R9 and R10 and configure redistribution between OSPF and RIP, causing a routing loop.

Which configuration on R9 and R10 meets this objective?

A. router ospf 1

redistribute rip subnets tag 20

route-map deny_tag20 deny 10

match tag 20

route-map deny_tag20 permit 20

router ospf 1

distribute-list route-map deny_tag20 in

B. router ospf 1

redistribute rip subnets tag 20

route-map deny_tag20 deny 10

match tag 20

route-map deny_tag20 deny 20

router ospf 1

distribute-list route-map deny_tag20 in

C. router ospf 1

redistribute rip subnets tag 20

route-map deny_tag20 deny 10

match tag 20

route-map deny_tag20 permit 20

router rip 1

distribute-list route-map deny _tag20 in

D. router ospf 1

redistribute rip subnets tag 20

route-map deny_tag20 permit 10

match tag 20

https://www.examtopics.com/exams/cisco/300-410/view/8/ 21/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

route-map deny_tag20 permit 20

router ospf 1

distribute-list route-map deny_tag20 in Most Voted

Correct Answer: D

Community vote distribution

D (68%) C (16%) A (16%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 22/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #381 Topic 1

Refer to the exhibit. Bangkok is using ECMP to reach the 172.20.2.0/24 network. The network administrator must configure it in such a way that

traffic from 172.16.2.0/24 network uses the Singapore router as the preferred route. Which set of configurations accomplishes this task?

A. Bangkok -

access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255

route-map PBR1 permit 10

match ip address 101

set ip next-hop 172.19.1.2

interface Ethernet0/1

ip policy route-map PBR1

B. Dubai -

access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255

route-map PBR1 permit 10

match ip address 101

set ip next-hop 172.19.1.2

set ip next-hop peer-address

interface Ethernet0/0

ip policy route-map PBR1

C. Bangkok -

access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255

route-map PBR1 permit 10

match ip address 101

https://www.examtopics.com/exams/cisco/300-410/view/8/ 23/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

set ip next-hop 172.19.1.2

interface Ethernet0/2

ip policy route-map PBR1

Most Voted

D. Dubai -

access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255

route-map PBR1 permit 10

match ip address 101

set ip next-hop 172.19.1.2

interface Ethernet0/0

ip policy route-map PBR1

Correct Answer: C

Community vote distribution

C (100%)

Question #382 Topic 1

Which label operations are performed by a label edge router?

A. SWAP and POP

B. PUSH and POP Most Voted

C. SWAP and PUSH

D. PUSH and PHP

Correct Answer: B

Community vote distribution

B (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 24/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #383 Topic 1

Refer to the exhibits. London must reach Rome using a faster path via EIGRP if all the links are up, but it failed to take this path. Which action

resolves the issue?

A. Change the administrative distance of RIP to 150.

B. Increase the bandwidth of the link between London and Barcelona.

C. Use the network statement on London to inject the 172.16.X.0/24 networks into EIGRP.

D. Use the network statement on Rome to inject the 172.16.X.0/24 networks into EIGRP. Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 25/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #384 Topic 1

The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must

apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks.

access-list 100 permit ip 10.10.10.0 0.0.0.255 any

access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23

class-map CLASS-SSH

match access-group 100

policy-map PM-COPP

class CLASS-SSH

police 500000 conform-action transmit

interface E0/0

service-policy input PM-COPP

interface E0/1

service-policy input PM-COPP

The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue?

A. no access-list 100

access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22

access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22

B. interface E0/0

no service-policy input PM-COPP

interface E0/1

no service-policy input PM-COPP

control-plane

service-policy input PM-COPP

C. no access-list 100

access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22

access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22

policy-map PM-COPP

class CLASS-SSH

no police 500000 conform-action transmit

police 500000 conform-action transmit exceed-action drop

D. no access-list 100

access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22

access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22

interface E0/0

no service-policy input PM-COPP

interface E0/1

no service-policy input PM-COPP

control-plane

service-policy input PM-COPP Most Voted

Correct Answer: D
https://www.examtopics.com/exams/cisco/300-410/view/8/ 26/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Community vote distribution

D (86%) 14%

Question #385 Topic 1

Refer to the exhibit. With the partial configuration of a router-on-a-stick, clients in VLAN 10 on Gi2 cannot obtain IP configuration from the central

DHCP server. The DHCP server is reachable by a successful ping from the router. Which action resolves the issue?

A. Configure the ip helper-address 192.168.255.3 command on the Gi2.10 subinterface. Most Voted

B. Configure a valid IP address on the Gi2 interface so that DHCP requests can be forwarded.

C. Configure the ip dhcp pool 1 and network 192.168.210.0 255.255.255.0 commands.

D. Configure the ip dhcp excluded-address 192.168.255.3 command on the Gi2.10 subinterface.

Correct Answer: A

Community vote distribution

A (89%) 11%

Question #386 Topic 1

The IPv6 network is under attack by an unknown source that is neither in the binding table nor learned through neighbor discovery. Which feature

helps prevent the attack?

A. IPv6 Destination Guard

B. IPv6 Prefix Guard Most Voted

C. IPv6 Router Advertisement Guard

D. IPv6 Snooping

Correct Answer: B

Community vote distribution

B (84%) Other

https://www.examtopics.com/exams/cisco/300-410/view/8/ 27/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #387 Topic 1

The network administrator configured CoPP so that all routing protocol traffic toward the router CPU is limited to 1 mbps. All traffic that exceeds

this limit must be dropped. The router is running BGP and OSPF. Management traffic for Telnet and SSH must be limited to 500 kbps.

access-list 100 permit tcp any any eq 179

access-list 100 permit tcp any any range 22 23

access-list 100 permit ospf any any

class-map CM-ROUTING

match access-group 100

class-map CM-MGMT

match access-group 100

policy-map PM-COPP

class CM-ROUTING

police 1000000 conform-action transmit

class CM-MGMT

police 500000 conform-action transmit

control-plane

service-policy output PM-COPP

No traffic is filtering through CoPP, which is resulting in high CPU utilization. Which configuration resolves the issue?

A. control-plane

no service-policy output PM-COPP

service-policy input PM-COPP

B. no access-list 100

access-list 100 permit tcp any any eq 179

access-list 100 permit ospf any any

access-list 101 permit tcp any any range 22 23

class-map CM-MGMT

no match access-group 100

match access-group 101

C. no access-list 100

access-list 100 permit tcp any any eq 179

access-list 100 permit ospf any any

access-list 101 permit tcp any any range 22 23

class-map CM-MGMT

no match access-group 100

match access-group 101

control-plane

no service-policy output PM-COPP

service-policy input PM-COPP

Most Voted

D. No access-list 100 -

access-list 100 permit tcp any any eq 179

access-list 100 permit tcp any any range eq 22

access-list 100 permit tcp any any range eq 23

access-list 100 permit ospf any any

https://www.examtopics.com/exams/cisco/300-410/view/8/ 28/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Correct Answer: C

Community vote distribution

C (89%) 11%

Question #388 Topic 1

Which failure detection mechanism is used for BFD?

A. consistent rate Most Voted

B. Layer 2 protocol failure

C. variable rate

D. routing protocol failure

Correct Answer: A

Community vote distribution

A (93%) 7%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 29/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #389 Topic 1

Refer to the exhibit. The network administrator configured BGP as the backup route for 10.0.0.0/8 and it should work only when EIGRP 10.0.0.0/8

failed to install for site S4248T5E130F6. Which configuration resolves the issue?

A. configure terminal

router eigrp 1

distance eigrp 90 170

B. configure terminal

router eigrp 1

redistribute bgp metric 10000 1 255 1 1500

C. configure terminal

ip route 10.0.0.0 255.0.0.0 192.168.90.2

D. configure terminal

router eigrp 1

distance eigrp 10 170 Most Voted

Correct Answer: D

Community vote distribution

D (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 30/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #390 Topic 1

Refer to the exhibit. The administrator configured the network devices for end-to-end reachability, but the ASBRs are not propagating routes to

each other. Which set of configurations resolves this issue?

A. router bgp 100

neighbor 10.1.1.1 next-hop-self

neighbor 10.1.2.2 next-hop-self

neighbor 10.1.3.3 next-hop-self

B. router bgp 100

neighbor 10.1.1.1 update-source Loopback0

neighbor 10.1.2.2 update-source Loopback0

neighbor 10.1.3.3 update-source Loopback0

C. router bgp 100

neighbor 10.1.1.1 route-reflector-client

neighbor 10.1.2.2 route-reflector-client

neighbor 10.1.3.3 route-reflector-client

Most Voted

D. router bgp 100

neighbor 10.1.1.1 ebgp-multihop

https://www.examtopics.com/exams/cisco/300-410/view/8/ 31/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

neighbor 10.1.2.2 ebgp-multihop

neighbor 10.1.3.3 ebgp-muttihop

Correct Answer: C

Community vote distribution

C (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 32/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #391 Topic 1

Refer to the exhibit. The Customer Edge router (AS 65500) wants to use AS 100 as the preferred ISP for all external routes.

Customer Edge -

route-map SETLP

set local-preference 111

router bgp 65500

neighbor 192.168.111.1 remote-as 100

neighbor 192.168.111.1 route-map SETLP out

neighbor 192.168.112.2 remote-as 200

This configuration failed to send routes to AS 100 as the preferred path. Which set of configurations resolves the issue?

A. route-map SETLP

set local-preference 111

router bgp 65500

neighbor 192.168.111.1 remote-as 100

neighbor 192.168.111.1 route-map SETLP in

Most Voted

B. route-map SETPP

set as-path prepend 100 100

router bgp 65500

neighbor 192.168.111.1 remote-as 100

neighbor 192.168.111.1 route-map SETPP in

C. route-map SETPP

set as-path prepend 111 111

router bgp 65500

neighbor 192.168.111.1 remote-as 100

neighbor 192.168.111.1 route-map SETPP out

D. route-map SETLP

set local-preference 111

https://www.examtopics.com/exams/cisco/300-410/view/8/ 33/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

router bgp 65500

neighbor 192.168.111.1 remote-as 100

neighbor 192.168.111.1 route-map SETLP out

Correct Answer: A

Community vote distribution

A (93%) 7%

Question #392 Topic 1

Refer to the exhibit. The administrator noticed that the connection was flapping between the two ISPs instead of switching to ISP2 when the ISP1

failed. Which action resolves the issue?

A. Include a valid source-interface keyword in the icmp-echo statement. Most Voted

B. Reference the track object 1 on the default route through ISP2 instead of ISP1.

C. Modify the static routes to refer both to the next hop and the outgoing interface.

D. Modify the threshold to match the administrative distance of the ISP2 route.

Correct Answer: A

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 34/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #393 Topic 1

Refer to the exhibit. An administrator must harden a router, but the administrator failed to test the SSH access successfully to the router. Which

action resolves the issue?

A. SSH must be allowed with the transport output ssh command.

B. Configure enable secret to log in to the device.

C. SSH syntax must be ssh -l user ip to log in to the remote device. Most Voted

D. Configure SSH on the remote device to log in using SSH.

Correct Answer: C

Community vote distribution

C (82%) A (18%)

Question #394 Topic 1

Which MPLS value is combined with the IP prefix to convert to a VPNv4 prefix?

A. 8-byte Route Distinguisher Most Voted

B. 8-byte Route Target

C. 16-byte Route Target

D. 16-byte Route Distinguisher

Correct Answer: A

Community vote distribution

A (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 35/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #395 Topic 1

What are the two reasons for RD and VPNv4 addresses in an MPLS Layer 3 VPN? (Choose two.)

A. VPN RT communities are used to identify customer unique routes.

B. When the PE redistributes customer routes into MP-BGP, they must be unique. Most Voted

C. They are on a CE device to use for static configuration.

D. They are used for a BGP session with the CE device.

E. RD is prepended to each prefix to make routes unique. Most Voted

Correct Answer: BE

Community vote distribution

BE (100%)

Question #396 Topic 1

An engineer configured a leak-map command to summarize EIGRP routes and advertise specifically loopback 0 with an IP of 10.1.1.1

255.255.255.252 along with the summary route. After finishing configuration, the customer complained about not receiving the summary route

with the specific loopback address. Which two configurations will fix this issue? (Choose two.)

router eigrp 1

route-map Leak-Route deny 10

interface Serial 0/0

ip summary-address eigrp 1 10.0.0.0 255.0.0.0 leak-map Leak-Route

A. access-list 1 permit 10.1.1.0 0.0.0.3 Most Voted

B. access-list 1 permit 10.1.1.1 0.0.0.252

C. access-list 1 and match under route-map Leak-Route

D. route-map Leak-Route permit 10 and match access-list 1 Most Voted

E. route-map Leak-Route permit 20

Correct Answer: AD

Community vote distribution

AD (100%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 36/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #397 Topic 1

Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS 111. Which configuration stops Customer

AS from being used as a transit path on ISP-1?

A. ip as-path access-list 1 permit.*

B. ip as-path access-list 1 permit_111_

C. ip as-path access-list 1 permit ^$

D. ip as-path access-list 1 permit ^111$ Most Voted

Correct Answer: D

Community vote distribution

D (84%) C (16%)

https://www.examtopics.com/exams/cisco/300-410/view/8/ 37/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #398 Topic 1

What is considered the primary advantage of running BFD?

A. reduction in time needed to detect Layer 3 routing neighbor failures Most Voted

B. reduction in CPU needed to detect Layer 3 routing neighbor failures

C. reduction in time needed to detect Layer 2 switched neighbor failures

D. reduction in CPU needed to detect Layer 2 switch neighbor failures

Correct Answer: A

Community vote distribution

A (100%)

Question #399 Topic 1

Refer to the exhibit. R2 can access content on the server successfully. A network engineer finds packet drops on PC1 for traffic destined to

network 2.2.2.2/32. Which action resolves the issue?

A. Redistribute the connected metric in EIGRP.

B. Add the eigrp stub connected static command.

C. Redistribute the static metric in EIGRP. Most Voted

D. Remove the eigrp stub connected command.

Correct Answer: C

Community vote distribution

C (64%) B (21%) 14%

https://www.examtopics.com/exams/cisco/300-410/view/8/ 38/39
3/12/25, 12:31 PM 300-410 Exam - Free Actual Q&As, Page 8 | ExamTopics

Question #400 Topic 1

Refer to the exhibit. An IP SLA is configured to use the backup default route when the primary is down, but it is not working as desired. Which

command fixes the issue?

A. R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 10 track 1

B. R1(config}# ip route 0.0.0.0 0.0.0.0 2.2.2.2

C. R1(config)# ip sla track 1

D. R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1 Most Voted

Correct Answer: D

Community vote distribution

D (100%)

 Previous Questions Next Questions 

Browse atleast 50% to increase passing rate

Viewing page 8 out of 13 pages.

Viewing questions 351-400 out of 620 questions

https://www.examtopics.com/exams/cisco/300-410/view/8/ 39/39