I believe this one should be Police the pir for BGP, conform-action transmit, and exceed action transmit

Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp-transmit is incorrect because "set-clp-transmit" sets the ATM Cell Loss Priority (CLP) bit from 0 to 1, which sets the traffic to "best effort" and increases the likeliness of it getting dropped.

The other answers are incorrect because we need policing, not shaping. 

https://www.cisco.com/c/en/us/td/docs/io...-mact.html

https://en.wikipedia.org/wiki/Cell_Loss_Priority

Is this right? 

If it pulls the ACL DENY-HTTP, nothing will be matched against that ACL since it is deny followed by an implicit deny.

Would this actually do anything? Would you not want two permits?

The study material was spot on! My version of the test did not have any of the simulations, but I studied them just in case.  There were about 7ish drag and drop questions.

Thanks for the help and it was well worth the investment!
Brian

which option must be used to support a wlc with an ipv6 management address and 100 cisco aironet 2800 series access points that will use dhcp to register?

answer is showing 43 but that is for ipv4
answer should be 52 (https://www.cisco.com/c/en/us/td/docs/wi...fId-102185)


The CAPWAP protocol allows a lightweight access point (AP) to use DHCP to discover a wireless controller to which it is connected to. Cisco lightweight APs running 8.0 and above support DHCP discovery for both IPv4 and IPv6 networks:

■IPv4—Cisco lightweight APs implement DHCP option 43 to supply the IPv4 management interface addresses of the primary, secondary, and tertiary wireless controllers (see the guide).

■IPv6—Cisco lightweight APs implement DHCPv6 option 52 (RFC 5417) to supply the IPv6 management interface addresses of the primary, secondary, and tertiary wireless controllers.

The recently added/modified questions section is now quite large (239 questions) and I assume over time will increase even more and this can prove quite exhausting when trying to practice as completing 239 questions in one go is quite a challenge. 


I have three suggestions that I believe will make it more efficient for us practice test-takers:


1. Split this section into more manageable chunks e.g. have 3/4 recently added sections i.e Update 1,2,3 etc.
2. After a certain time period has passed distribute the no longer "new" questions to the relevant sections.
3. Instead of having this section, just distribute to the relevant sections once new material becomes available.


I believe that implementing any of these suggestions would be a much welcome improvement.

@forumsupport, any update on the 2 lab questions that appear to be showing up on 350-401?

The question asks for "all feasible protocols", but the answer marked as correct only has "transport input telnet ssh", which only includes telnet and ssh.

"transport input all" literally includes "all" protocols, which is what the question requests, and includes the following: lat | mop | nasi | pad | rlogin | ssh | telnet | v120

Correct answer should be the one that includes "transport input all".

Question shows "Install an internal CA signed certificate on the Cisco ISE." as the correct answer.

The problem with this is the employees are able access the portal just fine, but the contractors cannot. This implies that an internal CA signed certificate is already installed on ISE and trusted by the employees' computers, because the internal CA root cert is installed in their trusted root certs store. The contractors' computers do not have the internal CA root cert installed in their trusted root certs store, so it shows up as untrusted.

By changing the cert on ISE from an internal CA signed certificate to a trusted third-party certificate, it will then be trusted by both the employees' and contractors' computers, because the publicly trusted certs are installed by default through security patches.

Correct answer should be "Install a trusted third-party certificate on the Cisco ISE."

Correct answer is "fail-safe defaults", but the question shows "OAuth" in green.

The explanation is correct and describes Fail-Safe Defaults as primary REST security design principle.

I am hearing that there is a simulator question on 350-401.  Can anyone verify and provide any details?