Share your ENCOR Experience

For question 206:

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-1-2/install_guide/2ndGen/b_cisco_dna_center_install_guide_2_1_2_2ndGen/m_plan_deployment_2_1_2_2ndgen.html

So in fact there are three correct answers for this question, including TCP 23, ICMP and UDP 6007 but there are two best answers TCP 23 and ICMP (which match “fabric switches” in the question).

For QUESTION 367

if it was Initial, we could have considered it, but it is Init, like in OSPF

QUESTION 522 (Q402 dulp and wrong.)

agreed on this , will modify it

QUESTION 432

QUESTION 460

QUESTION 465

These 3 are corrected, check the new V C E file

QUESTION 489:

Agentless tool means that no software or agent needs to be installed on the client machines that are to be managed. Ansible is such an agentless tool. In contrast to agentless tool, agent-based tool requires software or agent to be installed on the client (-> Answer D is not correct).

In agentless tool, the master and slave nodes can communicate directly without the need of high-level language interpreter but agent-based tool requires interpreter to be installed on both master and slave nodes -> Answer C is not correct.

An agentless tool uses standard protocols, such as SSH, to push configurations down to a device (and it can be considered a “messaging system”).

Agentless tools like Ansible can directly communicate to slave nodes via SSH -> Answer B is not correct.

Therefore only answer A left. In this answer, “Messaging systems” should be understood as “additional software packages installed on slave nodes” to control nodes. Agentless tools do not require them.

For Q498:

Customer needs are fast evolving. Typically, a network center is a heterogenous mix of various devices at multiple layers of the network. Bulk and automatic configurations need to be accomplished. CLI scraping is not flexible and optimal. Re-writing scripts many times, even for small configuration changes is cumbersome. Bulk configuration changes through CLIs are error-prone and may cause system issues. The solution lies in using data models-a programmatic and standards-based way of writing configurations to any network device, replacing the process of manual configuration. Data models are written in a standard, industry-defined language. Although configurations using CLIs are easier (more human-friendly), automating the configuration using data models results in scalability.

Open for debate, in some dumps it is mentioned as D:

replacing the process of manual configuration. Data models are written in a standard, industry-defined language. Although configurations using CLIs are easier (more human-friendly), automating the configuration using data models results in scalability.

some say A:

Data models enable data to be easily structured, grouped, and replicated to represent information related to network devices, features, and solutions.

from:
https://developer.cisco.com/docs/nx-os/#!the-nature-of-data-models

https : // www . mediafire . com / file / pi3pk2w8otdtjw6 / Encore_350-401_updated_dumps . pdf / file

New Pdf file

Remove spaces before opening the Link

Let me know if any changes required

Make sure you delete the spaces

Beware, fake useless PPL will try to sell this.

No money involved here

@RatedR do you also have a trusted link where to download vce installer. many thanks

QUESTION 147
Correct answer is
C. The WLC is connected outside of the fabric.

Think correct D, cause local pref using for prefer outgoing route.

An engineers reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to
take a path of R1-R3-R4?
A. R1(config)#route-map RM_AS_PATH_PREPEND
R1(config-route-map)#set as-path prepend 200 200
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 route-map RM_AS_PATH_PREPEND in
R1(config-router)#end
R1#clear ip bgp 12.12.12.2 soft in
B. R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 weight 1
R1(config-router)#end
C. R2(config)#route-map RM_MED permit 10
R2(config-route-map)#set metric 1
R2(config-route-map)#exit
R2(config)#router bgp 200
R2(config-router)#neighbor 12.12.12.1 route-map RM_MED out
R2(config-router)#end
R2#clear ip bgp 12.12.12.1 soft out
D. R1(config)#route-map RM_LOCAL_PREF permit 10
R1(config-route-map)#set local-preference 101
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 route-map RM_LOCAL_PREF in
R1(config-router)#end
R1#clear ip bgp 13.13.13.3 soft in

Why not B?

An engineer must create a configuration that prevents R3 from receiving the LSA about 172.16.1.4/32. Which
configuration set achieves this goal?
A. On R3
ip access-list standard R4_L0
deny host 172.16.1.4
permit any
router ospf 200
distribute-list R4_l0 in
B. On R3
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32
router ospf 200
area 1 filter-list prefix INTO-AREA1 in
C. On R1
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32
router ospf 200
area 1 filter-list prefix INTO-AREA1 in
D. On R1
ip prefix-list INTO-AREA1 seq 5 deny 172.16.1.4/32
ip prefix-list INTO-AREA1 seq 10 permit 0.0.0.0/0 le 32
router ospf 200
area 1 filter-list prefix INTO-AREA1 out
Correct Answer: D

QUESTION 521
What is the differences between TCAM and the MAC address table?
A. Router prefix lookups happens in TCAM. MAC address table lookups happen in CAM
B. The MAC address table supports partial matches. TCAM requires an exact match
C. The MAC address table is contained in TCAM. ACL and QoS information is stored in CAM
D. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables
Correct Answer: C

Correct answer is A. ATTENTION! This is a modified question!

QUESTION 381
Refer to exhibit. What are two reasons for IP SLA tracking failure? (Choose two )
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 172.20.20.2 source-interface FastEthernet0/0
R1(config-ip-sla-echo)#timeout 5000
R1(config-ip-sla-echo)#frequency 10
R1(config-ip-sla-echo)#threshold 500
R1(config)#ip sla schedule 1 start-time now life forever
R1(config)#track 10 ip sla 1 reachability
R1(config)#ip route 0.0.0.0 0.0.0.0 172.20.20.2 track 10
R1(config)#no ip route 0.0.0.0 0.0.0.0 172.20.20.2
R1(config)#ip route 0.0.0.0 0.0.0.0 172.30.30.2 5

A. The source-interface is configured incorrectly.
B. The destination must be 172.30.30.2 for icmp-echo.
C. A route back to the R1 LAN network is missing in R2.
D. The default route has wrong next hop IP address.
E. The Threshold value is wrong
Correct Answer: CE

Correct Answer: A,C
This is an old question :)
“E” is incorrect. The threshold value is within the valid range (Range is 0 to 60000) and is less than the Timeout (which is also correct).

Q381
Correct answer: A,C
“E” is incorrect. The threshold value is within the valid range (Range is 0 to 60000) and is less than the Timeout (which is also correct).

QUESTION 401
Refer to the exhibit
Which password allows access to line con 0 for a username of “tommy” under normal operation?
A. Cisco
B. local
C. 0 Cisco
D. Tommy
Correct Answer: A

Correct Answer is D
sh run:
aaa new-model
!
aaa authentication login LOCAL group tacacs+ (LOCAL is a list name)
!
username tommy password 0 Cisco
tacacs-server host 10.0.1.5 key cisco
!
!
line con 0
login authentication LOCAL (list name)

It only works with the password “Tommy”

Q2
Which network devices secure API platform?
A. Next Generation Intrusion Detection Systems
B. Layer 3 transit network devices
C. Content Switches
D. Web Application Firewalls
Correct Answer: A

Correct answer is D. 100% sure!
Cisco Secure Web Application Firewall (WAF) and bot protection defends your online presence and ensures that website, mobile applications, and APIs are secure, protected, and “always on.”

QUESTION 12
Which threat defense mechanism, when deployed at the network perimeter, protects against zero-day attacks?
A. intrusion prevention
B. stateful inspection
C. sandbox
D. SSL decryption
Correct Answer: A

Correct answer is C
“File analysis and sandboxing: Secure Malware Analytics’ highly secure environment helps you execute, analyze, and test malware behavior to discover previously unknown ZERO-DAY threats. The integration of Secure Malware Analytics’ sandboxing technology into Malware Defense results in more dynamic analysis checked against a larger set of behavioral indicators. “

Q10 D&D not working

The .vce file is super, but not all questions are present in the sections (only 527 from 582)

Hey all,

I will try verifying the answers and post it here with explanation.

Some questions do not have exhibit and are incomplete, so it’s a random choice.

The V C E file has two sections Exam A and New questions.

Please check again.

Will try uploading V C E application

Hey Anonymous and all

the file has all questions, more than 570
Check again.

I will try verifying the answer with Digital Tut and post explanation here.

Some questions have exhibit missing, even not present on this site. So few questions it’s random choice.

And some questions are incomplete or not much is there,
So it’s a random choice.

I will go through it again and post explanation here

Some questions have missing info

So they are incomplete and answer choice Is Random

Will verify these questions posted and put it here in

RatedR

Some have asked V C E application.

You can google A+ V C E player for Android. Download a cracked version

Will try uploading windows App

@rimoov, i met your mother and fkd, no condom, no jel.

Can anybody delete fake comments, please?

@Trust48, we do not know the scenario or the exhibit here for both the questions

so it is a guess answer

QUESTION 521
What is the differences between TCAM and the MAC address table?
A. Router prefix lookups happens in TCAM. MAC address table lookups happen in CAM
B. The MAC address table supports partial matches. TCAM requires an exact match
C. The MAC address table is contained in TCAM. ACL and QoS information is stored in CAM
D. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables
Correct Answer: C

When using Ternary Content Addressable Memory (TCAM) inside routers it’s used for faster address lookup that enables fast routing.

In switches Content Addressable Memory (CAM) is used for building and lookup of mac address table that enables L2 forwarding decisions.

Besides Longest-Prefix Matching, TCAM in today’s routers and multilayer Switch devices are used to store ACL, QoS and other things from upper-layer processing.

QUESTION 381
Refer to exhibit. What are two reasons for IP SLA tracking failure? (Choose two )
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 172.20.20.2 source-interface FastEthernet0/0
R1(config-ip-sla-echo)#timeout 5000
R1(config-ip-sla-echo)#frequency 10
R1(config-ip-sla-echo)#threshold 500
R1(config)#ip sla schedule 1 start-time now life forever
R1(config)#track 10 ip sla 1 reachability
R1(config)#ip route 0.0.0.0 0.0.0.0 172.20.20.2 track 10
R1(config)#no ip route 0.0.0.0 0.0.0.0 172.20.20.2
R1(config)#ip route 0.0.0.0 0.0.0.0 172.30.30.2 5

A. The source-interface is configured incorrectly.
B. The destination must be 172.30.30.2 for icmp-echo.
C. A route back to the R1 LAN network is missing in R2.
D. The default route has wrong next hop IP address.
E. The Threshold value is wrong

There is no problem with the Fa0/0 as the source interface as we want to check the ping from the LAN interface -> Answer A is not correct.

Answer B is not correct as we must track the destination of the primary link, not backup link.

In this question, R1 pings R2 via its LAN Fa0/0 interface so maybe R1 (which is an ISP) will not know how to reply back as an ISP usually does not configure a route to a customer’s LAN -> C is correct.

There is no problem with the default route -> D is not correct.

For answer E, we need to understand about how timeout and threshold are defined:

Timeout (in milliseconds) sets the amount of time an IP SLAs operation waits for a response from its request packet. In other words, the timeout specifies how long the router should wait for a response to its ping before it is considered failed.Threshold (in milliseconds too) sets the upper threshold value for calculating network monitoring statistics created by an IP SLAs operation. Threshold is used to activate a response to IP SLA violation, e.g. send SNMP trap or start secondary SLA operation. In other words, the threshold value is only used to indicate over threshold events, which do not affect reachability but may be used to evaluate the proper settings for the timeout command.

For reachability tracking, if the return code is OK or OverThreshold, reachability is up; if not OK, reachability is down.

Therefore in this question, we are using “Reachability” tracking (via the command “track 10 ip sla 1 reachability”) so threshold value is not important and can be ignored -> Answer E is correct. In fact, answer E is not wrong but it is the best option left.

This tutorial can help you revise IP SLA tracking topic: http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/813-cisco-router-ipsla-basic.html and http://www.ciscozine.com/using-ip-sla-to-change-routing/

Note: Maybe some of us will wonder why there are these two commands:

R1(config)#ip route 0.0.0.0 0.0.0.0 172.20.20.2 track 10
R1(config)#no ip route 0.0.0.0 0.0.0.0 172.20.20.2

In fact the two commands:

ip route 0.0.0.0 0.0.0.0 172.20.20.2 track 10
ip route 0.0.0.0 0.0.0.0 172.20.20.2

are different. These two static routes can co-exist in the routing table. Therefore if the tracking goes down, the first command will be removed but the second one still exists and the backup path is not preferred. So we have to remove the second one.

for Q 381
go through Digital tut explanation

Q 401:

In this question, there are two different passwords for user “tommy”:
+ In the TACACS+ server, the password is “Tommy”
+ In the local database of the router, the password is “Cisco”.

From the line “login authentication local” we know that the router uses the local database for authentication so the password should be “Cisco”.

Note: “… password 0 …” here means unencrypted password.

Q2

Will correct this

Cisco Secure Web Application Firewall (WAF) and bot protection defends your online presence and ensures that website, mobile applications, and APIs are secure, protected, and “always on.”

Q12:

A zero-day (or 0-day) vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. By definition, no patch exists for zero-day vulnerabilities and user systems have no defenses in place, making attacks highly likely to succeed. The name “zero-day” is designed to imply how long since the vulnerability was discovered. The term also indicates that system developers have had zero days to fix it.

Intrusion Protection
While the precise methods of a zero-day exploit can’t be known in advance, a network intrusion protection system (NIPS) can monitor the firms’ network for unusual activity.

The advantage of NIPS over a traditional antivirus only system is it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by monitoring the day-to-day patterns of network activity across the network.

When traffic or events far out of the ordinary are detected action can be taken to alert system administrators and lock down the firewall. Devices such as USB drives and mobile devices can all introduce threats to the network. They can often make it past the firewall because they are physically introduced to the system.
NIPS protects against threats introduced to the network from both external and internal sources.

Reference: https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps/

V C E application:

https : // www . mediafire . com / file / 54szl6h8olulnoy / AVANSET_Visual_CertExam_v3.4.2_Incl_Crack.rar / file

RatedR

Good luck

For the BGP idle state question:

A special case are “Idle (PfxCt)” and “Idle (Admin)” in the show … summary output. Idle (PfxCt) means the session is in the Idle state because the neighbor has sent more prefixes than the configured maximum-prefixes limit. The session will remain in Idle until it’s cleared/reset with the clear bgp ipv4 unicast command. Idle (Admin) means that the BGP session is in shutdown state, as per the following configuration:

!
router bgp 65065
neighbor 192.0.2.1 remote-as 65066
neighbor 192.0.2.1 shutdown
!

This is a good way to temporarily disable a BGP session without the need to remove it from the configuration. Re-enable the session with no neighbor shutdown in the BGP section of the configuration.

For this question

An engineers reaching network 172.16.10.0/24 via the R1-R2-R4 path. Which configuration forces the traffic to
take a path of R1-R3-R4?
A. R1(config)#route-map RM_AS_PATH_PREPEND
R1(config-route-map)#set as-path prepend 200 200
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 route-map RM_AS_PATH_PREPEND in
R1(config-router)#end
R1#clear ip bgp 12.12.12.2 soft in
B. R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 weight 1
R1(config-router)#end
C. R2(config)#route-map RM_MED permit 10
R2(config-route-map)#set metric 1
R2(config-route-map)#exit
R2(config)#router bgp 200
R2(config-router)#neighbor 12.12.12.1 route-map RM_MED out
R2(config-router)#end
R2#clear ip bgp 12.12.12.1 soft out
D. R1(config)#route-map RM_LOCAL_PREF permit 10
R1(config-route-map)#set local-preference 101
R1(config-route-map)#exit
R1(config)#router bgp 100
R1(config-router)#neighbor 13.13.13.3 route-map RM_LOCAL_PREF in
R1(config-router)#end
R1#clear ip bgp 13.13.13.3 soft in

So if you want to influence your BGP routing outbound on a cisco router you can set the weight attribute.
However this value is only locally significant on the router and the information is not passed between neighbors.
This solution does not scale very well and in most cases local preference is used as this attribute is passed between iBGP neighbors.

Note: The default weight for learned routes is 0 and the default weight for a locally originated route is 32768

https://www.rogerperkin.co.uk/bgp/bgp-weight-attribute/

so there are 2 ways to influence outbound traffic, Weight and Local preference.

But in Option B, clear ip bgp * soft in is not mentioned, so the next best choice is D

@RatedR, AnonR
digitaltut does an excellent job and about 95% of the answers are correct, but not all. We have already corrected several answers together. For some, the admin keeps his own opinion. Therefore: stay critical, read the tasks carefully, test what is possible

Q521
What is the differences between TCAM and the MAC address table?
A. Router prefix lookups happens in TCAM. MAC address table lookups happen in CAM
B. The MAC address table supports partial matches. TCAM requires an exact match
C. The MAC address table is contained in TCAM. ACL and QoS information is stored in CAM
D. TCAM is used to make Layer 2 forwarding decisions. CAM is used to build routing tables
Correct Answer: C

We read answer C carefully : “ACL and QoS information is stored in CAM” and this is definitivly wrong because: (I can’t post the link)

“TCAM provides three results: 0, 1, and “don’t care.” TCAM is most useful for building tables for searching on longest matches such as IP routing tables organized by IP prefixes. The TCAM table stores ACL, QoS and other information generally associated with upper-layer processing. As a result of using TCAM, applying ACLs does not affect the performance of the switch.”

Correct Answer in this case is A. There are two different questions

Hey everyone,

Haven’t got a positive feedback from many from the VCE file and pdf that I posted here.

How many feel it was useful or people want to stick to Premium??

Hey Everyone,

I havent got a good feedback from the dump files i created and posted here.

Is it any usefull ? because i see only few responding and others dont seem to care the effort i put in

Hi RatedR. Your Dump is very usefull . Amlost all answers are correct. Big thanks. Regards, doka.

Dear RatedR: I appreciate all the efforts. Have you taken the exam as yet?

@RatedR I really appreciate your effort on providing VCE materials from app, vce file and pdf. More power to you!

RatedR,

We appreciate your effort.

It’s good that we have multiple people involved with the corrections.

It’s a community effort!

Have a great day!

@RTR
Q381
“Therefore in this question, we are using “Reachability” tracking (via the command “track 10 ip sla 1 reachability”) so threshold value is not important and can be ignored -> Answer E is correct. In fact, answer E is not wrong but it is the best option left.”
This is just a free interpretation of the documentation. In the fact is the given configuration threshold 500 is completely correct and cannot be the reason for the failure of IP SLA tracking.
On the other hand, the configuration icmp-echo 172.20.20.2 source-interface FastEthernet0/0 says that the wrong IP address of this interface (unknown) could be the reson of the failure

I’m yet to take the exam.

Will update the files once we have a collective answers.

Thank you guys, this motivates me to help everyone

@RatedR Can you create on “Take Selected exam Section” only for D&D?

After a month of intense study, I passed this exam with a score of 94% (940). Pheeeeww, I thought I had failed the exam halfway through. Thank you to everyone in this community. Seriously, you guys were a huge help to me. I used Dedier dumps published here, all the questions were the same on the exam.