Cisco 350-601 Exam Dumps & Practice Test Questions

Question 1:

What is the default virtual MAC address assigned to HSRP version 2 for group number 10?

A. 0000.5E00.0110
B. 0000.0C9F.F00A
C. 3784.0898.1C0A
D. 0000.0C9F.F010

Correct Answer: B

Explanation:

The Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol that provides network redundancy by allowing multiple routers to appear as a single virtual router to hosts on the network. This setup ensures that if the active router fails, a standby router automatically takes over with minimal disruption.

HSRP has two main versions: version 1 and version 2. Each version defines a unique pattern for generating the virtual MAC address, which is essential for the network to identify the virtual router. For HSRP version 2 (HSRPv2), the virtual MAC address format follows the pattern:
0000.0C9F.FXXX
where XXX is the group number in hexadecimal form.

For group number 10, we convert 10 decimal to hexadecimal, which is A. Thus, the default virtual MAC address for HSRPv2 group 10 becomes:
0000.0C9F.F00A

Now, examining the other choices:

• Option A (0000.5E00.0110) corresponds to HSRP version 1, where the MAC address format uses 0000.5E00.01XX, with XX as the group number. This is not applicable for HSRPv2.

• Option C (3784.0898.1C0A) is a random MAC address with no relation to HSRP’s standardized format, so it is incorrect.

• Option D (0000.0C9F.F010) represents group 16 in hexadecimal (10 decimal = 16 hexadecimal is 10?), which does not match group 10. This MAC address is for a different group.

Therefore, the correct virtual MAC address for HSRPv2 group 10 is 0000.0C9F.F00A, corresponding to option B.

Question 2:

Regarding the ERSPAN configuration shown, which statement accurately describes the relationship between session IDs and traffic sources/destinations?

A. The source of the ERSPAN mirrored traffic must use session ID 47 for the analyzer to receive the traffic.
B. Host B is the source sending ERSPAN mirrored traffic, and Host A is the traffic analyzer.
C. The ERSPAN source must be configured with session ID 48 for the traffic analyzer to receive the mirrored traffic.
D. Host A is the source of the mirrored traffic, and Host B acts as the traffic analyzer.

Correct Answer: C

Explanation:

Encapsulated Remote Switched Port Analyzer (ERSPAN) is a Cisco technology designed to replicate traffic from a source device (or interface) and send it encapsulated over an IP network to a remote traffic analyzer. This technology is highly useful for troubleshooting and network monitoring without requiring the analyzer to be physically connected to the source switch or router.

In an ERSPAN setup, session IDs are crucial because they uniquely identify the mirrored traffic stream. The source device assigns a session ID to the ERSPAN traffic it sends, and the destination device (the traffic analyzer) must be configured to expect that same session ID to properly receive and decode the mirrored packets.

Let's analyze the options:

• Option A states that the session ID must be 47 at the source. This is inaccurate because session IDs are arbitrarily assigned during configuration and don’t have to be 47. There is no fixed session number for ERSPAN.

• Option B claims Host B is the source and Host A the analyzer, which contradicts the typical roles described or the provided scenario details.
  
  

• Option C correctly points out that the source’s session ID must match what the analyzer expects—in this case, session ID 48. The analyzer listens for traffic tagged with this session ID to process it correctly. This ensures that traffic is properly mapped between source and destination.

• Option D reverses the roles of the hosts, which based on the scenario is not accurate.

Thus, the correct and best choice is C, as it precisely reflects the need for matching session IDs on both the ERSPAN source and destination to successfully forward and receive mirrored traffic.

Question 3:

Which two statements accurately describe the routing table on a leaf switch in an ACI fabric? (Select two.)

A. The subnet 10.20.1.0/24 represents a Bridge Domain (BD) subnet within ACI.
B. For the route 172.16.99.0/24, the next hop 10.0.1.14 corresponds to the Tunnel Endpoint (TEP) of a border leaf in ACI.
C. The subnet 172.16.100.0/24 is a BD subnet in ACI.
D. The next hop 10.1.168.95 for route 172.16.100.0/24 is the TEP address of a border leaf in ACI.
E. The next hop 10.0.8.65 for route 10.20.1.0/24 is the TEP address of a border leaf in ACI.

Correct Answer: A, B

Explanation:

In Cisco Application Centric Infrastructure (ACI), leaf switches maintain routing tables that are fundamental to directing traffic within the fabric and beyond. ACI uses Bridge Domains (BDs) to define Layer 2 broadcast domains, and these BDs typically have associated IP subnets configured for routing purposes. The routing table on a leaf switch reflects these subnets and the routes toward external or remote networks.

Option A is correct because the subnet 10.20.1.0/24 is commonly configured as a BD subnet within ACI. This means devices within this subnet belong to a particular BD, and the leaf switch knows how to route traffic within and outside this subnet.

Option B is also correct because in ACI, Tunnel Endpoints (TEPs) are assigned to leaf switches, especially border leaves that connect the ACI fabric to external networks. When a route such as 172.16.99.0/24 points to a next hop 10.0.1.14, this address is typically the TEP of a border leaf switch responsible for handling traffic going outside the fabric.

Option C is not necessarily true because whether 172.16.100.0/24 is a BD subnet depends on the specific ACI configuration. Without confirmation, it cannot be assumed.

Option D could be a next hop in some setups, but it’s not guaranteed that 10.1.168.95 is a border leaf TEP for 172.16.100.0/24.

Option E is unlikely because local BD subnets like 10.20.1.0/24 usually have routes that do not use a border leaf’s TEP as the next hop; traffic within the BD is switched internally without leaving the fabric.

In summary, the routing table’s local BD subnets and next-hop addresses for external traffic typically involve leaf switch TEPs, especially border leaf TEPs for external routes. Hence, A and B accurately reflect this behavior.

Question 4:

When Bidirectional PIM is implemented at a site, which multicast routing entry (mroute) state is generated?

A. *,G
B. MVPN Type-6
C. MVPN Type-7
D. S,G

Correct Answer: A

Explanation:

Bidirectional Protocol Independent Multicast (Bidir-PIM) is a multicast routing protocol designed to efficiently manage multicast traffic by using a shared distribution tree that supports traffic flow in both directions—from sources to receivers and vice versa. This contrasts with traditional PIM Sparse Mode, where multicast trees are source-specific and built separately for each source-group pair (S,G).

In Bidir-PIM, the key multicast routing state is the *,G entry. This denotes a wildcard source (the asterisk *) for a multicast group (G), meaning the multicast routing table tracks the group as a whole rather than individual sources. This shared tree approach enables more scalable and efficient multicast forwarding since all multicast traffic for that group uses a single tree rooted at a Rendezvous Point (RP).

Option A is correct because *,G entries are specifically created in Bidir-PIM environments, reflecting the protocol’s design to forward multicast packets based on the group rather than the source.

Option B and C refer to multicast VPN (MVPN) types 6 and 7, which are specialized multicast transport mechanisms over MPLS networks and unrelated to Bidir-PIM multicast routing states.

Option D (S,G) represents source-specific multicast routes, where S is a specific source and G is a multicast group. This is typical of PIM Sparse Mode but not of Bidir-PIM, which avoids per-source state to improve scalability.

In conclusion, Bidirectional PIM simplifies multicast routing by maintaining *,G entries, supporting efficient multicast delivery without needing to track each source individually. This approach is reflected in the mroute state, confirming A as the correct answer.

Question 5:

Which statement accurately describes the default gateway setup in a vPC environment?

A. Either switch can serve as the active default gateway.
B. N7K-1 functions as the default gateway for all traffic.
C. N7K-2 sends traffic destined for the default gateway over the peer link.
D. N7K-2 acts as the default gateway for all traffic.

Correct Answer: A

Explanation:

In a Virtual Port Channel (vPC) configuration, two switches—here referred to as N7K-1 and N7K-2—are paired to provide redundancy and load balancing while appearing as a single logical device to connected hosts. This setup enhances both network availability and performance by allowing traffic to be forwarded through either switch seamlessly.

Option A is correct because, in a properly configured vPC environment, both switches are capable of acting as the default gateway simultaneously. This means that either N7K-1 or N7K-2 can respond to default gateway requests from connected devices. The default gateway IP is usually configured as a shared virtual IP, which both switches own, enabling an active-active setup where either switch can route outbound traffic. This design ensures high availability, as if one switch fails, the other can continue forwarding traffic without interruption.

Option B is incorrect because it implies a single switch (N7K-1) is exclusively the default gateway for all traffic, which contradicts the fundamental principle of vPC redundancy. Both switches participate in forwarding traffic, preventing a single point of failure.

Option C is incorrect as well. While the peer link between N7K switches is crucial for synchronizing state and forwarding control information, it does not carry default gateway traffic destined for the network. Each switch forwards traffic directly rather than relaying it across the peer link for default gateway functions.

Option D is wrong because it mirrors option B but assigns the gateway role solely to N7K-2, which is not how vPC is designed. Both switches share the responsibility.

Therefore, the best understanding is that both switches in a vPC can independently act as the active default gateway, allowing seamless failover and redundancy.

Question 6:

What connection must be established to resolve an HA NOT READY status?

A. Layer 1 to Layer 2 ports
B. Server chassis
C. Management ports
D. Network uplinks

Correct Answer: D

Explanation:

High Availability (HA) systems are designed to maintain continuous operation by providing failover capabilities between devices or nodes. When an HA device reports a status of HA NOT READY, it indicates that the system is not fully prepared to provide failover functionality, often due to missing or incomplete connectivity critical for HA operations.

The correct answer is D, network uplinks. These uplinks are essential physical or logical connections that allow communication between HA peers and the wider network. Without these connections, the HA system cannot synchronize state information, exchange heartbeat signals, or manage failover properly. The lack of network uplinks means the system cannot guarantee redundancy or seamless switching over to a standby node, thus causing the HA NOT READY status.

Option A, Layer 1 to Layer 2 ports, while related to physical and data link connectivity, is too generic in this context. HA readiness specifically depends on established network uplinks that provide reliable communication paths for failover rather than just the presence of physical or data link layer ports.

Option B, the server chassis, is irrelevant for clearing HA status. The chassis houses the hardware but does not influence network or HA status directly.

Option C, management ports, are crucial for device administration and monitoring but are not responsible for the failover communication paths that determine HA readiness. Management ports typically provide out-of-band access but do not carry HA heartbeat or synchronization traffic needed for failover operations.

In summary, network uplinks are fundamental to HA functionality. They ensure that nodes within the HA cluster can communicate effectively, maintain synchronization, and perform failovers seamlessly. Connecting the network uplinks properly clears the HA NOT READY state and enables full high availability operations.

Question 7:

A small remote office is connecting to a regional hub site through an NSSA ASBR. Which type of LSA does the OSPF area in the remote office receive?

A. type 7 LSA
B. type 1 LSA
C. type 5 LSA
D. type 3 LSA

Correct Answer: A

Explanation:

In OSPF networking, different LSA (Link-State Advertisement) types serve distinct roles based on the OSPF area configuration and routing architecture. When a remote office connects through an NSSA (Not So Stubby Area) ASBR (Autonomous System Boundary Router), the kind of LSA sent to the remote office’s OSPF area is crucial for proper routing.

The correct LSA type here is the type 7 LSA. This LSA is unique to NSSAs and is used by the ASBR to inject external routes into the NSSA without flooding those external routes into other areas. NSSAs are a hybrid between stub and regular OSPF areas—they allow limited external routing but still restrict some external route types to minimize routing overhead. Type 7 LSAs carry this external route information within the NSSA, and later, an Area Border Router (ABR) can convert these type 7 LSAs into type 5 LSAs if those external routes need to be propagated beyond the NSSA.

Other LSA types do not apply in this case. Type 1 LSAs describe router links within an area but don’t carry external routes. Type 5 LSAs are used to advertise external routes in standard OSPF areas, but not directly in NSSAs. Type 3 LSAs are summary LSAs sent by ABRs to advertise routes between OSPF areas, not for external route injection within an NSSA.

Thus, in the scenario of a remote office connected via NSSA ASBR, type 7 LSAs are the appropriate LSA type for distributing external routing information, making option A the correct choice.

Question 8:

Given that N7K-1 and N7K-2 have the lowest STP priority values in the network, which statement accurately describes how STP operates on the vPC pair?

A. N7K-1 and N7K-2 present themselves as a single STP root.
B. N7K-1 alone is the STP root.
C. N7K-1 preempts N7K-2 as the STP root.
D. N7K-2 alone is the STP root.

Correct Answer: A

Explanation:

In a Virtual Port Channel (vPC) environment, two Nexus switches—here, N7K-1 and N7K-2—form a logical pair that behaves as a single switch for many Layer 2 protocols, including Spanning Tree Protocol (STP). This design aims to enhance redundancy and increase bandwidth without introducing loops or split-brain scenarios.

Because of this vPC pairing, STP treats both switches as one unified root bridge if they hold the lowest priority in the network. Even though N7K-1 and N7K-2 are separate physical devices, STP views their combined presence as a single logical root entity. This unified view avoids potential problems like conflicting root bridge elections or traffic forwarding loops.

Options B and D incorrectly imply that only one of the switches is elected as root, ignoring the fact that vPC merges the two into a single logical switch for STP purposes. Option C, which suggests preemption by one switch over the other, also misunderstands the nature of vPC. In a vPC setup, preemption is not applicable because the pair functions as a single STP root.

In summary, option A accurately reflects the way STP operates with a vPC pair: N7K-1 and N7K-2 collectively present themselves as one root bridge. This ensures network stability, redundancy, and loop avoidance, essential in modern data center designs.

Question 9:

In an enterprise network using OSPF, what is the purpose of the OSPF DR (Designated Router) election process?

A. To select a router that generates external routes into the OSPF domain
B. To designate a router responsible for exchanging routing information with all other routers on a broadcast network
C. To elect a router that manages all inter-area OSPF traffic
D. To assign a router that performs route summarization on behalf of the area

Correct Answer: B

Explanation:

The OSPF (Open Shortest Path First) protocol is a widely used interior gateway routing protocol that uses link-state information to build a topology map and compute the shortest path tree for each route. In multi-access networks like Ethernet LANs, multiple OSPF routers can be connected to the same segment. To avoid excessive flooding of routing information and reduce the complexity of adjacency relationships, OSPF uses the Designated Router (DR) election process.

The DR is elected to act as a central point of contact for exchanging OSPF routing updates within the multi-access network segment. Instead of each router forming full adjacencies with every other router on the segment (which would result in an N*(N-1)/2 number of adjacencies, where N is the number of routers), routers form a full adjacency only with the DR and Backup Designated Router (BDR). Other routers maintain a two-way communication state with the DR and BDR.

This design optimizes network resources by reducing OSPF protocol overhead and minimizes the size of routing tables exchanged on the network. The DR does not generate external routes (which are injected by Autonomous System Boundary Routers (ASBRs)) and does not perform route summarization (which is done by Area Border Routers (ABRs)).

Therefore, the correct answer is B because the DR’s role is specifically to manage OSPF routing information exchange on a broadcast network segment, ensuring efficient and scalable OSPF operation.

Question 10:

Which Cisco technology allows a network administrator to configure network devices centrally through a controller rather than configuring each device individually?

A. Cisco DNA Center
B. Cisco ACI (Application Centric Infrastructure)
C. Cisco Umbrella
D. Cisco ISE (Identity Services Engine)

Correct Answer: A

Explanation:

Cisco offers several technologies to help manage modern enterprise networks, but the ability to centrally configure and manage network devices is a critical feature offered primarily by Cisco DNA Center.

Cisco DNA Center is a comprehensive network management and command center that allows administrators to automate provisioning, policy enforcement, and assurance across Cisco devices within the network. DNA Center enables Software-Defined Access (SD-Access) by centralizing control of the network fabric, thus reducing manual device-by-device configuration tasks. It supports intent-based networking, where administrators define high-level business policies, and the system translates these policies into device configurations automatically.

Cisco DNA Center offers an intuitive dashboard, automated workflows, real-time analytics, and integrated assurance. It vastly reduces operational complexity and speeds up network deployments and troubleshooting.

Other options do not primarily serve as centralized network configuration platforms:

• Cisco ACI is focused on data center network automation and application policy management but is specialized rather than general network configuration.

• Cisco Umbrella provides cloud-delivered security services like DNS filtering but does not configure network devices.

• Cisco ISE provides identity and access management for network devices but is not a device configuration controller.

Thus, the best answer that fits the description of centralized network device configuration is A: Cisco DNA Center.