4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.

1 Questions – Part 6

Type text to search here...

Home > All ENCOR v1.1 Questions – Part 6

All ENCOR v1.1 Questions – Part 6

March 21st, 2025 in ENCOR Quizzes Go to comments

Result of All ENCOR v1.1 Questions – Part 6:

Total Questions Full Score Passing Rate Your Score Correct Answer Percentage Elapsed
106 1230 90% 950 77.24% 01:05:04

Sorry!

You failed :( but surely you will do it better next time!

If you want to retake this quiz, please press Ctrl + F5 on Windows or press CMD + R on Mac.

Your answers are shown below:

Question 1

Which two nodes comprise a collapsed core in a two-tier Cisco SD-Access design? (Choose two)

A. border nodes
B. distribution nodes
C. extended nodes
D. core nodes
E. edge nodes

Explanation

The physical network is usually a two-tier collapsed core/distribution with an access layer servicing several wiring closets.
Rather than colocating all roles in one device, the Very Small Site Reference Model provides added resiliency and
redundancy along with a larger number of endpoints by separating the edge node role onto dedicated devices in the access
layer. The border and control plane node are colocated in the collapsed core layer. -> Answer 'border nodes' is correct.

Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html

But there are no “control plane node” answer in this question, so maybe “edge nodes” is the best choice left.

Note:

Border nodes handle traffic entering and exiting the fabric. They connect the SD-Access fabric to external networks or
services (e.g., the Internet, data center, or WAN).

Edge nodes connect end-user devices (such as PCs, phones, and IoT devices) to the SD-Access fabric.

Comments
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 1/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 2

Which language can be used to model configuration and state data?

A. XML
B. JSON
C. XDR
D. YANG

Explanation

YANG is a data modeling language used to model configuration and state data manipulated by a NETCONF agent.

Reference: https://developer.cisco.com/docs/nso-guides-6.3/the-yang-data-modeling-language/

Question 3

How is a data modeling language used?

A. To represent finite and well-defined network elements that cannot be changed

B. To model the flows of unstructured data within the infrastructure
C. To provide human readability to scripting languages
D. To enable data to be easily structured, grouped validated, and replicated

Explanation

Customer needs are fast evolving. Typically, a network center is a heterogenous mix of various devices at multiple layers of
the network. Bulk and automatic configurations need to be accomplished. CLI scraping is not flexible and optimal. Re-
writing scripts many times, even for small configuration changes is cumbersome. Bulk configuration changes through CLIs
are error-prone and may cause system issues. The solution lies in using data models-a programmatic and standards-based
way of writing configurations to any network device, replacing the process of manual configuration. Data models are
written in a standard, industry-defined language. Although configurations using CLIs are easier (more human-friendly),
automating the configuration using data models results in scalability.

Question 4

In which forms can Cisco Catalyst SD-WAN routers be deployed at the perimeter of a site to provide SD-WAN
services?

A. hardware, virtualized, and cloud instances

B. hardware and virtualized instances
C. virtualized instances
D. hardware, software, cloud, and virtualized instances

Explanation

Cisco Catalyst SD-WAN routers can be deployed in various forms at a site’s perimeter to provide SD-WAN services. The
primary deployment models include:

+ Hardware Instances – Dedicated physical SD-WAN routers like Cisco ISR, ASR, and Catalyst 8000 Series Edge
Platforms.
+ Virtualized Instances – Software-based SD-WAN routers running on VMs or containers (e.g., Cisco CSR 1000v, vEdge

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 2/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Cloud).
+ Cloud Instances – SD-WAN routers deployed in public cloud environments such as AWS, Azure, and Google Cloud.

Question 5

Which characteristic applies to the endpoint security aspect of the Cisco Threat Defense architecture?

A. outbound URL analysis and data transfer controls

B. cloud-based analysis of threats
C. detect and block ransomware in email attachments
D. user context analysis

Explanation

The goal of the Cyber Threat Defense solution is to introduce a design and architecture that can help facilitate the
discovery, containment, and remediation of threats once they have penetrated into the network interior.

Cisco Cyber Threat Defense version 2.0 makes use of several solutions to accomplish its objectives:

..

* Content Security Appliances and Services

– Cisco Web Security Appliance (WSA) and Cloud Web Security (CWS)
– Dynamic threat control for web traffic
– Outbound URL analysis and data transfer controls -> Answer 'outbound URL analysis and data transfer controls' is
correct.
– Detection of suspicious web activity
– Cisco Email Security Appliance (ESA)
– Dynamic threat control for email traffic
– Detection of suspicious email activity

* Cisco Identity Services Engine (ISE)

– User and device identity integration with Lancope StealthWatch
– Remediation policy actions using pxGrid

Reference: https://www.cisco.com/c/dam/en/us/td/docs/security/network_security/ctd/ctd2-0/design_guides/ctd_2-
0_cvd_guide_jul15.pdf

Note: There is another version of this question with two correct answers but if we have to choose one then answer
'outbound URL analysis and data transfer controls' is the best choice.

Question 6

When using a Cisco Catalyst 9800 Series WLC, which tag/profile can be applied to APs to change the mode to
FlexConnect in a specific location?

A. site tag
B. AP join profile
C. policy tag
D. flex profile

Explanation

The Site Tag is the element that allows you to specify which AP join and/or Flex Profile is assigned to the APs.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 3/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Step 2. Inside the Site Tag, disable the Enable Local Site option (Any AP that receives a Site Tag with the Enable Local
Site option disabled is converted into FlexConnect mode)

Reference: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-
understand-flexconnect-on-9800-wireless.html

Question 7

In which two ways does PIM dense mode function in the network? (Choose two)

A. It waits to forward multicast traffic until a downstream router requests the traffic.
B. It forwards multicast traffic on all interfaces until a downstream router requests that forwarding stop.
C. It utilizes the designated forwarder election to avoid multicast packet loops.
D. It uses a push method, and fallback occurs when RP information is lost.
E. It received traffic from only one Reverse Path Forwarding interface.

Explanation

PIM-DM initially floods multicast traffic to all network segments, assuming all hosts want the multicast stream. If a router
doesn’t need the traffic, it sends a “prune” message to stop receiving it.

PIM-DM relies on the Reverse Path Forwarding (RPF) check to ensure multicast traffic comes from the expected source
via the correct interface. This prevents loops and ensures efficient delivery.

Question 8

In a three-tier hierarchical campus network design, which action is a design best-practice for the core layer?

A. provide QoS prioritization services such as marking, queueing, and classification for critical network traffic
B. provide redundant aggregation for access layer devices and first-hop redundancy protocols such as
VRRP
C. provide advanced network security features such as 802. IX, DHCP snooping, VACLs, and port security
D. provide redundant Layer 3 point-to-point links between the core devices for more predictable and faster
convergence

Explanation

The core should be highly available and redundant. The core aggregates the traffic from all the distribution layer devices,
so it must be capable of forwarding large amounts of data quickly.

Considerations at the core layer include

– Providing high-speed switching (i.e., fast transport)
– Providing reliability and fault tolerance
– Scaling by using faster, and not more, equipment
– Avoiding CPU-intensive packet manipulation caused by security, inspection, quality of service (QoS) classification, or
other processes

Reference: https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=4

Question 9

Which wireless Layer 2 security mode uses SAE between a client device and an AP before a four-way handshake
occurs?

A. WPA2-Enterprise

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 4/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
B. WPA2-Personal
C. WPA3-Enterprise
D. WPA3-Personal

Explanation

Simultaneous Authentication of Equals (SAE) is a key exchange protocol used in WPA3-Personal to replace Pre-Shared
Key (PSK) authentication used in WPA2-Personal.

Question 10

What is a benefit of implementing stateful switchover?

A. flexibility
B. scalability
C. modularity
D. resiliency

Explanation

Stateful switchover (SSO) establishes one of the supervisor engines as active while the other supervisor engine is
designated as standby, and then SSO synchronizes information between them. A switchover from the active to the
redundant supervisor engine occurs when the active supervisor engine fails, or is removed from the switch, or is manually
shut down for maintenance.

SSO is a high-availability feature used in Cisco networking devices to provide resiliency by ensuring seamless failover
between redundant supervisor engines or controllers.

Question 11

Which feature does the Cisco Catalyst Center (formerly DNA Center) User-Defined Network workflow provide?

A. interface for AP configuration

B. automatic provisioning of AP devices
C. automatic segmentation of IoT devices
D. replacement of malfunctioning devices

Explanation

The User-Defined Network service provides the following solution:

+ Easy and secure onboarding of client devices.
+ Automatic segmentation of client devices that belong to a particular user.
+ Ability to invite other users to share their devices.

Client devices here include home, consumer, and IoT devices on the network, such as printers, speakers, Apple TV, Google
Chromecast, ring doorbells, smart bulbs, and so on. -> Answer 'automatic segmentation of IoT devices' is correct.

Question 12

Drag and drop the Cisco Catalyst Center (formerly DNA Center) southbound API characteristics from the left to
the right. Not all options are used.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 5/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order.
For example: 136 (which means 1,3,6 items for the right).

Please type your answer here: 245 (correct answer: 256)

Explanation

Answer:

Cisco DNA Center southbound API

+ multivendor focus
+ supports NETCONF, SSH, SNMP, and others
+ extendable by device packages

Explanation

Southbound (Multivendor Support) APIs: allows partners to add support for managing non-Cisco devices directly from
Cisco DNA Center

Cisco DNA Center allows customers to manage their non-Cisco devices through the use of a Software Development Kit
(SDK) that can be used to create Device Packages for third-party devices.

Reference: https://developer.cisco.com/docs/dna-center/#!cisco-dna-center-platform-overview/multivendor-support-
southbound

On Southbound interface, DNA Center uses various protocols like RESTCONF, NETCONF etc. With this interface, DNA
Center can communicate with the devices it manages. Under this interface there are both the devices that support SDN
protocols like NETCONF, RESTCONF etc. and traditional devices that support SNMP,Telnet, SSH.

Reference: https://ipcisco.com/lesson/cisco-dna-center/

Note: The Intent API is a Northbound REST API. DNA Center supports both XML and JSON

Question 13

Which characteristic applies to Cisco SD-Access?

A. It uses VXLAN for the data plane

B. It uses dynamic routing the discover and provision access switches.
C. It uses VXLAN for the control plane
D. It uses dynamic routing to discover and provision border switches

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 6/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Explanation

In Cisco SD-Access the control plane is based on LISP (Locator/ID Separation Protocol), the data plane is based on
VXLAN (Virtual Extensible LAN)

Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html

Question 14

How does IGMP function with multicast routing and PIM?

A. IGMP must be enabled manually when multicast routing and PIM are configured on a router
B. IGMP is incompatible with multicast routing
C. IGMP is enabled automatically when multicast routing and PIM are configured on a router
D. IGMP is incompatible with PIM

Explanation

When PIM is enabled on a Layer 3 interface (SVI or routed interface) then IGMP is automatically enabled at the same time
in most modern Cisco IOS versions.

Question 15

What is one characteristic of Cisco SD-Access networks?

A. Scalable group tags are used for macrosegmentation.

B. Virtual networks are used for microsegmentation.
C. Devices are assigned to virtual networks based on their VLAN membership.
D. All traffic is Layer 3 within the fabric.

Explanation

Answer 'Devices are assigned to virtual networks based on their VLAN membership' is not correct as in SD-Access,
devices are assigned to Virtual Networks (VNs), not based on VLANs but on policy and intent. VLANs still exist but are
not the primary mechanism for segmentation.

Answer 'Scalable group tags are used for macrosegmentation' is not correct as SGTs are used for microsegmentation,
enforcing security policies within VNs, not for macrosegmentation.

Virtual Networks (VNs) provide macrosegmentation by creating isolated network segments, while SGTs enable
microsegmentation inside those VNs.

Answer 'All traffic is Layer 3 within the fabric' is not correct as with VXLAN, the SD-Access fabric can support Layer 2
and Layer 3 virtual topologies.

Although none of the choices are correct but if we have to choose one then answer 'All traffic is Layer 3 within the fabric'
is the best choice.

Question 16

What is one characteristic of an AP that is operating in Mobility Express mode?

A. It requires a centralized WLC.

B. At least three APs are needed for WLC redundancy.
C. It requires an AP to act as a WLC.
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 7/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
D. It is recommended for large scale deployments.

Explanation

Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this
solution is only suitable for small to midsize, or multi-site branch locations where you might not want to invest in a
dedicated WLC. A Mobility Express WLC can support up to 100 APs.

Question 17

How does Cisco DNA Center perform a network discovery?

A. through a DHCP server

B. using ICMP
C. using CDP with a seed IP address
D. using SNMP

Explanation

The Discovery feature scans the devices in your network and sends the list of discovered devices to inventory.
The Discovery feature also works with the Device Controllability feature to configure the required network settings on
devices, if these settings are not already present on the devices.

There are three ways for you to discover devices:

+ Use Cisco Discovery Protocol (CDP) and provide a seed IP address.
+ Specify a range of IP addresses. (A maximum range of 4096 devices is supported.)
+ Use Link Layer Discovery Protocol (LLDP) and provide a seed IP address.

Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-
center/2-3-3/user_guide/b_cisco_dna_center_ug_2_3_3/b_cisco_dna_center_ug_2_3_3_chapter_010.html

Question 18

What is the primary responsibility of the SD-WAN Validator?

A. to provide configuration synchronization of an WAN Edge devices

B. to provide centralized management and provisioning of all elements into the network
C. to configure NAT communication on WAN Edge routers
D. to facilitate start-up by performing authentication and authorization of all elements into the network

Explanation

In the Cisco SD-WAN architecture, the SD-WAN Validator (formerly vBond Orchestrator) is responsible for:

+ Authenticating and authorizing all SD-WAN components (vSmart, vManage, and WAN Edge routers).
+ Establishing secure control connections between devices.
+ Facilitating NAT traversal for WAN Edge devices behind NAT.

Question 19

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 8/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

POSTMAN is showing an attempt to retrieve network device information from Cisco Catalyst Center (formerly
DNA Center) API. What is the issue?
A. Authentication has failed
B. The JSON payload contains the incorrect UUID
C. The URI string is incorrect
D. The token has expired

Explanation

We tested with Postman successfully with URI https://sandboxdnac.cisco.com/dna/intent/api/v1/network-device

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 9/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

But when changing URI to https://sandboxdnac.cisco.com/dna/intent/api/v1/network-devices (appending the last letter “s”
in “network-devices”) we could reproduce the error in this question:

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 10/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Therefore we can conclude the incorrect URI is the cause of this error.

If you want to check by yourself, this is a good tutorial for your reference https://garzum.net/cisco-dna-center-rest-api-
calls-with-postman/

Question 20

What does the statement print(format(0.08, ‘.0%’)) display?

A. 8%
B. 8.8%
C. 80%
D. 08%

Explanation

The % format specifier converts a number into a percentage by multiplying it by 100 and appending a % symbol.
The .0 part indicates no decimal places should be shown.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 11/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
+ The value 0.08 is multiplied by 100 to convert it into a percentage: 0.08 * 100 = 8
+ Since .0 specifies no decimal places, it rounds the result to an integer: 8
+ Finally, a % sign is appended.

Question 21

A network administrator prepares to deploy a new software-defined fabric across campuses. What is needed to
ensure success for the overall design?

A. A fully meshed Layer 3 topology.

B. A fully meshed Layer 2 topology.
C. A point-to-point Layer 2 network with LACP between devices for redundancy.
D. A point-to-point Layer 3 underlay network with jumbo frames enabled.

Question 22

What is the function of the statement “import actions” in this script?

import actions
if process == 'http':
actions.http(site)

A. It imports a Python module

B. It imports the functions of a third-party module.
C. It imports the functions that are not available natively in Python.
D. It imports an external reference.

Explanation

In Python, use the import keyword to make code in one module available in another.

Question 23

Refer to the exhibit.

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.3 get-type next entry-op gt entry-val 80 poll-interval 5

!
action 1.0 cli command “enable”
action 2.0 syslog msg “high cpu”
action 3.0 cli command “term length 0”

An engineer must create a script that appends the output of the show process cpu sorted command to a file. Which
action completes the configuration?

A. action 4.0 cli command “show process cpu sorted | append flash:high-cpu-file”
B. action 4.0 ens-event “show process cpu sorted | append flash:high-cpu-file”
C. action 4.0 publish-event “show process cpu sorted | append flash:high-cpu-file”
D. action 4.0 syslog command “show process cpu sorted | append flash:high-cpu-file”

Question 24

What is a characteristic of an AP that operates in FlexConnect mode?

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 12/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
A. Client authentication is always performed on the AP.
B. FlexConnect groups are required to support 802.11r fast roaming.
C. Configuration is done directly on the AP rather than on a controller.
D. Dot1x authentication is not supported for AP clients in this mode.

Explanation

FlexConnect groups allow multiple APs to share key caching information, which is essential for seamless 802.11r fast
roaming (Fast BSS Transition).

Answer 'Configuration is done directly on the AP rather than on a controller' is not correct as FlexConnect APs are still
managed by the controller, though they can operate independently if disconnected. Configuration is primarily done on the
WLC.

Answer 'Dot1x authentication is not supported for AP clients in this mode' is not correct as 802.1X authentication is
supported in FlexConnect mode, both in central and local authentication modes.

Answer 'Client authentication is always performed on the AP' is not correct as in FlexConnect mode, client authentication
can be performed either centrally (by the WLC) or locally (by the AP), depending on configuration.

Question 25

A wireless administrator must create a new web authentication corporate SSID that will be using ISE as the
external RADIUS server. The guest VLAN must be specified after the authentication completes. Which action must
be performed to allow the ISE server to specify the guest VLAN?

A. enable AAA Override

B. set RADIUS Profiling
C. set AAA Policy name
D. enable NAC state

Explanation

To allow an external RADIUS server like ISE to specify the VLAN after authentication, the AAA Override option must be
enabled on the WLAN configuration. This allows the RADIUS server to send VLAN attributes that will override the
locally configured VLAN on the WLAN.

Question 26

Which feature allows HSRP to failover from the active route processor to the standby route processor without loss
of data or path change?

A. IP SLA tracking
B. HSRP tracking
C. stateful switchover
D. preemption

Explanation

Stateful Switchover (SSO) ensures that when a failover occurs between route processors, the transition happens seamlessly
without loss of data or a change in the forwarding path. In HSRP, SSO works with Nonstop Forwarding (NSF) to keep the
control plane and forwarding plane synchronized.

Question 27
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 13/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Which statement explains why Type 1 hypervisor is considered more efficient than Type 2 hypervisor?
A. Type 1 hypervisor runs directly on the physical hardware of the host machine without relying on the
underlying OS
B. Type 1 hypervisor is the only type of hypervisor that supports hardware acceleration techniques
C. Type 1 hypervisor enables other operating systems to run on it
D. Type 1 hypervisor relies on the existing OS of the host machine to access CPU, memory, storage, and network
resources

Explanation

There are two types of hypervisors: type 1 and type 2 hypervisor.

In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server. Then instances of an
operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware resources.
Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware
vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V.

In contrast to type 1 hypervisor, a type 2 hypervisor (or hosted hypervisor) runs on top of an operating system and not the
physical hardware directly. A big advantage of Type 2 hypervisors is that management console software is not required.
Examples of type 2 hypervisor are VMware Workstation (which can run on Windows, Mac and Linux) or Microsoft Virtual
PC (only runs on Windows).

Question 28

Which location tracking method is used when locating client devices using Cisco hyperlocation?

A. location patterning
B. angle of arrival
C. TTL
D. line of sight

Explanation

The Cisco Hyperlocation solution is a suite of technologies that enables advanced location capabilities through a mix of
software and hardware innovations. The Cisco Hyperlocation solution substantially increases the location accuracy of the
clients connected to Cisco Spaces. The solution uses the Angle-of-Arrival (AoA) of Wi-Fi signals to determine the
location of connected mobile devices.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/spaces/detect-and-locate/b-cisco-cle/m_hyperlocation.html

Question 29

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 14/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
An engineer must configure a new 6 GHz only SSID on a Cisco Catalyst 9800 series WLC, with these requirements:
* Provide 802.11ax data rates for supported devices
* All users authenticate using a certificate

Which wireless layer 2 security mode meets the requirements?

A. WPA3 Enterprise
B. WPA2 Enterprise
C. WPA3 Personal
D. WPA2 Personal

Explanation

The 6 GHz band is exclusively for Wi-Fi 6E (802.11ax), and only WPA3 security is allowed for client connections in this
band. WPA2 is not permitted for 6 GHz SSIDs as per Wi-Fi 6E standards.

Answer 'WPA3 Personal' is not correct as WPA3 Personal uses SAE (password-based authentication), which does not meet
the certificate-based authentication requirement.

Question 30

Which characteristics applies to Cisco SD-Access?

A. It uses GRE tor the policy plane

B. It uses VXLAN for the control plane
C. It uses PnP to discover and provision border and access switches
D. It uses dynamic routing to discover and provision the border and edge switches

Explanation

Cisco SD-Access simplifies network automation and provisioning using Cisco DNA Center. One of its key features is Plug
and Play (PnP), which automates the discovery and provisioning of border, edge (access), and control plane nodes in the
fabric.

Question 31

Which framework is used for third-party authorization?

A. API keys
B. custom tokens
C. SOAP
D. OAuth

Explanation

OAuth (Open Authorization) is a widely used framework for third-party authorization. It allows users to grant applications
limited access to their resources without sharing credentials.

Answer 'API keys' is not correct as API keys are used for authentication, but not a full framework for third-party
authorization.

Answer 'custom tokens' is not correct as some applications implement their own token systems, but they are not a
framework.

Answer 'SOAP' is not correct as SOAP is a protocol for web services, not an authorization framework.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 15/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 32

Which feature provides data-plane security for Cisco Catalyst SD-WAN networks?

A. IPS
B. SSH
C. IPsec
D. TLS/DTLS

Explanation

In SD-WAN, IPsec (Internet Protocol Security) is the primary feature used to secure the data plane. It ensures that all data
traffic passing between SD-WAN devices (such as vEdge routers) is encrypted and protected.

Question 33

Drag and drop the configuration management tools from the left onto the configuration styles they use on the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order.
For example: 123 (which means 1 for first group, 23 for second group).

Please type your answer here: 312

Explanation

Answer:

Procedural
+ Chef

Declarative
+ Puppet
+ Saltstack

Question 34

Which two characteristics apply to Type 1 hypervisors? (Choose two)

A. They are widely available to license for free.

B. They provide a platform for running bare metal operating systems.
C. They can be used to create and manage virtual storage

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 16/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
D. They provide a platform for running guest operating systems.
E. They are a software layer that runs on top of a virtual server.

Explanation

Answer 'They are widely available to license for free' is not correct as although some Type 1 hypervisors are open-source
and free, enterprise-grade Type 1 hypervisors like VMware ESXi and Microsoft Hyper-V require licensing.

Answer 'They provide a platform for running bare metal operating systems' is not correct as there is no concept of “bare
metal operating systems”.

Answer 'They can be used to create and manage virtual storage' is correct as Type 1 hypervisors support and manage virtual
storage, allowing VMs to access storage resources efficiently.

Answer 'They are a software layer that runs on top of a virtual server' is not correct as Type 1 hypervisor is a software layer
that runs on top of a physical server (bare metal), not “on top of a virtual server”.

A Type 1 hypervisor, or bare-metal hypervisor, can create VMs, which can run guest OSes. -> Answer 'They provide a
platform for running guest operating systems' is correct.

Question 35

Which configuration enables a Cisco router to send information to a TACACS+ server for individual EXEC
commands associated with privilege level 15?

A. Router(config)# aaa accounting exec default start-stop group tacacs+

B. Router(config)# aaa authorization exec default group tacacs+
C. Router(config)# aaa authorization commands 15 default group tacacs+
D. Router(config)# aaa accounting commands 15 default start-stop group tacacs+

Explanation

Authorization–Provides fine-grained control over user capabilities for the duration of the user’s session, including but not
limited to setting autocommands, access control, session duration, or protocol support. You can also enforce restrictions on
what commands a user may execute with the TACACS+ authorization feature.

Accounting–Collects and sends information used for billing, auditing, and reporting to the TACACS+ daemon. Network
managers can use the accounting facility to track user activity for a security audit or to provide information for user billing.
Accounting records include user identities, start and stop times, executed commands (such as PPP), number of packets, and
number of bytes.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_tacacs/configuration/xe-16/sec-usr-tacacs-xe-16-
book/sec-cfg-tacacs.html

Question 36

Which message type is valid for IGMPv3?

A. graft
B. source-specific membership report
C. leave group
D. hello

Explanation

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 17/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
IGMPv3 introduces source-specific multicast (SSM), allowing hosts to specify not only the multicast group they want to
join but also the specific source(s) they want to receive traffic from. The Source-Specific Membership Report (SSMR) is a
valid message type in IGMPv3 and is used for this purpose.

Question 37

Why would a network engineer configure an AP in SE-Connect mode?

A. to monitor the VLAN traffic for rogue APs

B. to redirect WLAN traffic to an endpoint for protocol analysis
C. to connect the wired LAN with the wireless infrastructure
D. to analyze the RF spectrum surrounding the AP

Explanation

Network Management AP Modes

+ Monitor: In this mode, the AP radios are dedicated to monitoring the Wi-Fi channel for RRM and rogue detection. All AP
models support this mode.

+ Rogue Detector: In this mode, the AP radios are disabled; the AP monitors the LAN to detect on-wire rogue activity. This
mode is not supported on Cisco Wave 2 or 802.11ax APs and is deprecated.

+ Sniffer: In this mode, the AP radio operates in promiscuous mode and captures all Wi-Fi traffic on a channel. These
packets are tunneled in CAPWAP to the controller, which forwards them to a machine running OmniPeek or Wireshark for
storage and analysis.

+ SE-Connect: In this mode, the AP provides a dedicated connection to CleanAir for spectrum analysis by software such
as Spectrum Expert or Chanalyzer. SE-Connect mode is supported only on SE models with CleanAir.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/managing_aps.html

In short, SE-Connect mode enables an access point to dedicate a connection to Cisco CleanAir technology for spectrum
analysis.

Question 38

What is required for a VXLAN tunnel endpoint to operate?

A. at least one Layer 2 interface and one Layer 3 interface

B. a VXLAN tunnel endpoint identifier
C. a VXLAN network identifier
D. at least one IP for the transit network and one IP for endpoint connectivity

Explanation

A VXLAN Tunnel Endpoint (VTEP) is responsible for encapsulating and de-encapsulating VXLAN traffic. For it to
operate, it requires a VXLAN Network Identifier (VNI), which is used to segment Layer 2 networks over a Layer 3
infrastructure.

Answer 'a VXLAN tunnel endpoint identifier' is not correct as VXLAN does not require a specific “identifier” for the
tunnel endpoint; it uses IP addresses for VTEP communication.

Answer 'at least one Layer 2 interface and one Layer 3 interface' is not correct as a VXLAN tunnel can operate entirely
over a Layer 3 interface.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 18/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Answer 'at least one IP for the transit network and one IP for endpoint connectivity' is not correct as each VTEP function
has two interfaces: One is a switch interface on the local LAN segment to support local endpoint communication through
bridging, and the other is an IP interface to the transport IP network. -> VTEP only needs one IP address.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/vxlan/configuration/guide/b_NX-
OS_VXLAN_Configuration_Guide/overview.pdf

Question 39

What is a characteristic of omnidirectional antennas?

A. It includes dipole antennas.

B. It provides the most focused and narrow beamwidth.
C. It includes dish antennas
D. It has high gain.

Explanation

A dipole antenna provides a 360-degree radiation pattern (omnidirectional) in the horizontal plane. This type of antenna
radiates energy equally in all directions around it, making it suitable for applications that require broad coverage.

The patterns shown are those resulting from a perfect dipole formed with two thin wires oriented vertically along the z-
axis.

Reference: https://www.industrialnetworking.com/pdf/Antenna-Patterns.pdf

Dipole antennas are a type of omnidirectional antenna commonly used in Wi-Fi and other wireless applications. They
radiate in a donut-shaped pattern around the antenna.

Question 40

An engineer is reviewing a PCAP file that contains a packet capture of a four-way handshake exchange between a
client and AP using WPA2 Enterprise. Which EAPOL message validates and confirms that the client device has
successfully installed the GTK?

A. M1-Message
B. M2-Message
C. M4-Message
D. M3-Message

Explanation

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 19/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
In a WPA2-Enterprise four-way handshake, the exchange between the client (supplicant) and AP (authenticator) ensures
secure key management. The M4 message is responsible for confirming that the client has successfully installed the Group
Temporal Key (GTK).

Breakdown of the Four-Way Handshake Messages:

M1: AP sends the ANonce (Authenticator Nonce) to the client.
M2: Client responds with the SNonce (Supplicant Nonce) and PMKID.
M3: AP sends the GTK (Group Temporal Key) and a Message Integrity Code (MIC) to the client.
M4: Client acknowledges successful installation of the GTK by sending a confirmation message back to the AP.

Question 41

Drag and drop the automation characteristics from the left to the corresponding tools on the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order.
For example: 1324 (which means 13 for first group, 2 for second group and 4 for third group).

Please type your answer here: 1432

Explanation

Answer:

Ansible
+ uses playbooks and plays
+ does not require an admin account on the client

Chef
+ uses cookbooks and recipes

Puppet
+ uses modules and manifests

Explanation

We made a comparison list of Ansible, Puppet and Chef automation tool here:

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 20/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 42

Which two benefits result from a network design that uses small and repeatable sections? (Choose two)

A. improved throughput
B. scalability
C. low latency
D. quick failure isolation
E. lower monitoring requirements

Explanation

“Small and repeatable sections” refers to “modularity”.

A modular network design separates the network into various functional network modules, each targeting a specific place
or purpose in the network. The modules represent areas that have different physical or logical connectivity. They designate
where different functions occur in the network. Using a modular approach has several benefits, including:

+ Failures that occur within a module can be isolated from the remainder of the network, providing for simpler problem
detection and higher overall system availability. (-> Answer 'scalability' is correct)
+ Network changes, upgrades, or the introduction of new services can be made in a controlled and staged fashion, allowing
greater flexibility in the maintenance and operation of the campus network.
+ When a specific module no longer has sufficient capacity or is missing a new function or service, it can be updated or
replaced by another module that has the same structural role in the overall hierarchical design.
(-> Answer 'quick failure isolation' is correct as scalability means “easier to expand without major architectural changes”)
+ Security can be implemented on a modular basis allowing for more granular security control.

Reference: https://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=5

Question 43

What is calculated using the numerical values of the transmitter power level, cable loss and antenna gain?

A. RSSI
B. SNR
C. dBi
D. EIRP

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 21/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Explanation

Once you know the complete combination of transmitter power level, the length of cable, and the antenna gain, you can
figure out the actual power level that will be radiated from the antenna. This is known as the effective isotropic radiated
power (EIRP), measured in dBm.

EIRP is a very important parameter because it is regulated by governmental agencies in most countries. In those cases, a
system cannot radiate signals higher than a maximum allowable EIRP. To find the EIRP of a system, simply add the
transmitter power level to the antenna gain and subtract the cable loss.

EIRP = Tx Power – Tx Cable + Tx Antenna

Suppose a transmitter is configured for a power level of 10 dBm (10 mW). A cable with 5-dB loss connects the transmitter
to an antenna with an 8-dBi gain. The resulting EIRP of the system is 10 dBm – 5 dB + 8 dBi, or 13 dBm.

You might notice that the EIRP is made up of decibel-milliwatt (dBm), dB relative to an isotropic antenna (dBi), and
decibel (dB) values. Even though the units appear to be different, you can safely combine them because they are all in the
dB “domain”.

Reference: CCNA Wireless 640-722 Official Cert Guide

Question 44

Which two functions is a Cisco SD-Access edge node responsible for? (Choose two)

A. authenticates endpoints
B. provides a host database that maps endpoint IDs to a current location
C. provides the default exit point for fabric traffic
D. provides the default entry point for fabric traffic
E. provides multiple entry and exit points for fabric traffic

Explanation

From below reference, we learn that answer 'provides a host database that maps endpoint IDs to a current location' is not
correct as the Control node (not Edge node) is a simple Host Database that maps Endpoint IDs to a current Location,
along with other attributes.

Also from below reference, we can see the functions of Edge Node (page 34):

Edge Node provides first-hop services for Users / Devices connected to a Fabric

+ Responsible for Identifying and Authenticating Endpoints (e.g. Static, 802.1X, Active Directory) -> Answer
'authenticates endpoints' is correct
+ Register specific Endpoint ID info (e.g. /32 or /128) with the Control-Plane Node(s)

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 22/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
+ Provide an Anycast L3 Gateway for the connected Endpoints (same IP address on all Edge nodes)
+ Performs encapsulation / de-encapsulation of data traffic to and from all connected Endpoints

Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKCRS-2818.pdf

Also from above reference, we also learn Border Node is the “default” exit if no entry is available in Control-Plane
(“Gateway of Last Resort” for any unknown destinations) -> Answer 'provides the default exit point for fabric traffic' and
answer 'provides the default entry point for fabric traffic' are not correct.

Therefore only answer 'provides multiple entry and exit points for fabric traffic' is left.

Question 45

Which action reduces sticky clients in dense RF environments?

A. Increase the mandatory minimum data rates.

B. Decrease the mandatory minimum data rates.
C. Increase radio channel widths to 160 MHz.
D. Decrease radio channel widths to 40 MHz.

Explanation

In dense RF environments, sticky clients occur when devices remain connected to an access point (AP) even when a better
AP is available. To reduce this issue, increasing the mandatory minimum data rates forces clients to roam more
aggressively by disconnecting them from weak signals faster.

Question 46

Which two namespaces does the LISP network architecture and protocol use? (Choose two)

A. DNS
B. RLOC
C. EID
D. VTEP
E. TLOC

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces
instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-
overview.html

Question 47

Drag and drop the characteristics of PIM Sparse Mode from the left to the right. Not all options are used.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 23/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order.
For example: 136 (which means 136 for the selected choices).

Please type your answer here: 356

Explanation

Answer:

PIM Sparse Mode

+ uses a pull model to distribute multicast traffic
+ builds shared distribute trees
+ requires a rendezvous point to deliver multicast traffic

Explanation

PIM Sparse Mode (PIM-SM) uses a pull model to deliver multicast traffic. Only network segments with active receivers
that have explicitly requested the data receive the traffic. PIM-SM distributes information about active sources by
forwarding data packets on the shared tree. Because PIM-SM uses shared trees (at least initially), it requires the use of an
RP. The RP must be administratively configured in the network.

Note: Both PIM Dense mode and PIM Sparse mode support source-based distribution trees.

– PIM Dense Mode always uses Source-Based Trees (no Shared Trees).
– PIM Sparse Mode initially builds a Shared Tree (Rendezvous Point-based) but later switches to Source-Based Trees for
efficiency.

Question 48

What is a characteristics of a type 1 hypervisor?

A. It runs on top of bare metal servers.

B. It has greater latency than a Type 2 hypervisor.
C. It runs on top of the host operating system.
D. It is preferred for supporting nonproduction workloads.

Explanation

In type 1 hypervisor (or native hypervisor), the hypervisor is installed directly on the physical server (bare metal). Then
instances of an operating system (OS) are installed on the hypervisor. Type 1 hypervisor has direct access to the hardware

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 24/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
resources. Therefore they are more efficient than hosted architectures. Some examples of type 1 hypervisor are VMware
vSphere/ESXi, Oracle VM Server, KVM and Microsoft Hyper-V.

Question 49

What is one advantage of using a data modeling language to develop an API client application?

A. increase in compatibility
B. stronger security properties
C. easier feature extensibility
D. lower resource requirements

Explanation

Data models help to manipulate configuration data, retrieve operational data, and perform actions. The data models replace
the process of manual configuration and are written in an industry-defined language. Although configurations using CLIs
are easier and human-readable, automating the configuration using data models results in scalability. -> Answer 'easier
feature extensibility' is the best choice

Reference: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5xx/programability/63x/b-programmability-cg-63x-
ncs5xx/cg_63_data_models_scope_need_and_benefits.pdf

Note: Although compatibility can improve, but the main benefit is making future enhancements easier.

Question 50

Refer to the exhibit.

Router1#telnet 192.168.1.1
% telnet connections not permitted from this terminal

An engineer attempts to connect to another device from Router1’s console port. Which configuration is needed to
allow telnet connections?

Option A Option B

Router1(config)#access-list 100 permit tcp any any eq Router1(config)#line vty 0 15

telnet Router1(config)#transport output telnet
Router1(config)#line console 0
Router1(config)#access-class 100 in

Option C Option D

Router1(config)#line console 0 Router1(config)#access-list 100 permit tcp any any eq

Router1(config)#transport output telnet telnet
Router1(config)#line vty
Router1(config)#access-class 100 out

A. Option A
B. Option B
C. Option C
D. Option D

Explanation

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 25/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
The following example shows how to configure the line console 0 to only allow ssh connections from the console 0
interface.
Device(config)# line console 0
Device(config-line)# transport output ssh

Reference: https://www.cisco.com/c/en/us/td/docs/routers/sdwan/command/iosxe/qualified-cli-command-reference-
guide/m-line-commands.pdf

Therefore the command “transport output telnet” under “line console 0” (Option C) will only allow Telnet connections
from the console 0 interface.

Question 51

Which two components are needed when a Cisco SD-Access fabric is designed? (Choose two)

A. Cisco Prime Infrastructure

B. Cisco Data Center Network Manager
C. Cisco Catalyst Center (formerly DNA Center) application
D. Firepower Threat Defense
E. Identity Service Engine

Explanation

The SD-Access solution is provided through a combination of Cisco Catalyst Center, the Cisco Identity Services Engine
(ISE), and wired and wireless device platforms that have fabric functionality.

Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html

Question 52

What are two of benefits of using VXLAN? (Choose two)

A. It allows multi-tenanted segmentation.

B. It uses a MAC in IP/TCP encapsulation technique.
C. It uses all available Layer 3 paths in the underlying network.
D. It allows for an unlimited number of segments.
E. It has fewer devices to manage.

Explanation

By using VXLAN, data centers can achieve virtual machine migration, multi-tenant isolation, inter-data centre
connectivity, and enhanced support for cloud service providers.

Answer 'It allows for an unlimited number of segments' is not correct as VXLAN significantly expands the number of
available segments compared to traditional VLANs (from 4,096 VLANs to 16 million VNIDs using a 24-bit identifier), but
it is not “unlimited.”

Answer 'It has fewer devices to manage' is not correct as it is not related to VXLAN.

Answer 'It uses a MAC in IP/TCP encapsulation technique' is not correct as VXLAN uses MAC-in-IP/UDP encapsulation,
not TCP. This encapsulation allows Layer 2 traffic to traverse a Layer 3 network, providing flexibility for extended LANs.

Answer 'It uses all available Layer 3 paths in the underlying network' is correct as VXLAN leverages Equal-Cost Multi-
Path (ECMP) routing in the underlying Layer 3 network, enabling better load balancing and efficient utilization of all
available network paths. This improves scalability and resilience.

1. vincent
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 26/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 53

Which data format can be used for an API request?

A. PERL
B. HTML
C. JSON
D. Python

Explanation

An example of an API request uses JSON format is shown below:

import requests

url = 'https://api.digitaltut.com/users'
headers = {'Content-Type': 'application/json'}
data = {
'name': 'John Doe',
'email': '[email protected]',
'age': 30,
'role': 'admin'
}

response = requests.post(url, json=data, headers=headers)

print(response.json()) # Prints API response

Question 54

What does a next-generation firewall that is deployed at the data center protect against?

A. DMZ web server vulnerabilities

B. zero-day attacks
C. DDoS
D. signature-based malware

Explanation

Next-generation firewalls (NGFW) offer advanced protections such as deep packet inspection, IPS, and malware detection,
surpassing traditional firewalls. Conducting a next-generation firewall review allows enterprises to find the best kind of
security solutions that fit their needs, ensuring stringent protection from zero-day vulnerabilities, ransomware, and other
advanced threats.

Reference: https://www.tufin.com/blog/next-generation-firewall-review-enhancing-network-security

Question 55

With IGMPv2, which multicast group address does the IGMP querier use to send query messages to all hosts on the
LAN?

A. 224.0.0.2
B. 239.0.0.2
C. 224.0.0.1
D. 239.0.0.1

Explanation

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 27/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Query messages are used to elect the IGMP querier as follows:
1. When IGMPv2 devices start, they each multicast a general query message to the all-systems group address of 224.0.0.1
with their interface address in the source IP address field of the message.
2. When an IGMPv2 device receives a general query message, the device compares the source IP address in the message
with its own interface address. The device with the lowest IP address on the subnet is elected the IGMP querier.
3. All devices (excluding the querier) start the query timer, which is reset whenever a general query message is received
from the IGMP querier. If the query timer expires, it is assumed that the IGMP querier has gone down, and the election
process is performed again to elect a new IGMP querier.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-
2_2_e/multicast/configuration_guide/b_mc_1522e_3750x_3560x_cg/b_ipmc_3750x_3560x_chapter_01000.html

Question 56

Which protocol is used by SD-WAN Manager to push centralized policies to SD-WAN Controllers?

A. OMP
B. TLS
C. STUN
D. NETCONF

Explanation

Cisco SD-WAN policies are used to control the packet flow across the overlay fabric. We create policies on vManage and
are pushed via NETCONF either to vSmart (centralized policies) or to vEdges (localized policies).

Note: The vManage name has been changed to SD-WAN Manager, the vSmart name has been changed to SD-WAN
Controller

Question 57

Which AP mode analyzes the spectrum to detect sources of interference?

A. Sniffer
B. SE-Connect
C. Rogue detector
D. Monitor

Explanation

SE-Connect mode enables an access point to dedicate a connection to Cisco CleanAir technology for spectrum analysis.
This is utilized by PC software, such as Cisco Spectrum Expert and MetaGeek Chanalyzer, which can be remotely
connected to the access point. The spectrum analysis data is collected and analyzed on all wireless channels to discover the
sources of interference.

Reference: https://study-ccnp.com/cisco-wireless-access-point-ap-modes-explained/

Question 58

What occurs during a Layer 2 inter-controller roam?

A. The client must be associated to a new controller where a new IP address and security context are
applied.
B. A new security context is applied for each controller to which the client is associated, but the IP address remains
the same.
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 28/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
C. The client retains the same IP address and security context.
D. The client is marked as foreign in the database of each new controller to which it is connected.

Explanation

Inter-Controller Roaming: Multiple-controller deployments support client roaming across access points managed by
controllers in the same mobility group and on the same subnet. This roaming is also transparent to the client because the
session is sustained and a tunnel between controllers allows the client to continue using the same DHCP- or client-
assigned IP address as long as the session remains active.

Question 59

In a wireless network environment, which measurement compares the received signal to the background noise?

A. free space path loss

B. fading
C. link power budget
D. SNR

Explanation

SNR is the ratio of received signal power (at wireless client) to the noise power, and its unit of expression is typically
decibels (dB). If your signal power and noise power are already in decibel form, then you can subtract the noise power
from the signal power: SNR = S – N. This is because when you subtract logarithms, it is the equivalent of dividing normal
numbers.

Question 60

Which task is mandatory when provisioning a device through the plug-and-play workflow in Cisco DNA Center?

A. site assignment
B. golden image upgrade
C. slack serial number assignment
D. template configuration application

Explanation

Plug and Play provisioning provides a way to automatically and remotely provision and onboard new network devices with
minimal network administrator and field personnel involvement.
Using Plug and Play provisioning, you can do the following:
– Provision devices by assigning a site, deploying site settings, installing a device software image, and applying a custom
onboarding configuration.
…

Reference: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-
center/2-3-5/user_guide/b_cisco_dna_center_ug_2_3_5/m_onboard-and-provision-devices-with-plug-and-play.html

Question 61

Which next generation firewall feature supports separate security services for multiple departments?

A. virtual switch mode to provide traffic inspection capabilities for the flows entering the firewall and dropping
packets based on policy configuration
B. state sharing mode to .trade the user data sessions and replication to the neighbor firewall using a failover link
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 29/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
C. multicontext mode with specific logical or physical interface allocation within each context and
grouped into security zones
D. Layer 3 mode with resource tracking capabilities and automatic configuration synchronization between the
nodes and security zones

Explanation

Multicontext mode is a feature of next-generation firewalls (NGFWs) that allows a single physical firewall to be
partitioned into multiple virtual firewalls, each with its own:

+ Security policies
+ Routing instances
+ Administrative controls

This capability is particularly useful for organizations with multiple departments that require separate security services
while sharing the same physical firewall.

Question 62

Refer to the exhibit.

Router#show running-config
! lines omitted for brevity
username cisco password 0 cisco
aaa authentication login group1 group radius line
line con 0
password 0 cisco123
login authentication group1
line vty 0 4
password 0 cisco111

Authentication for users must first use RADIUS, and fall back to the local database on the router if the RADIUS
server is unavailable. Which two configuration sets are needed to achieve this result? (Choose two)

A. line vty 0 4
login authentication group2
B. aaa authentication login group2 radius local
C. aaa authentication login group2 group radius none
D. aaa authentication login group2 radius enable

Question 63

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 30/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

A customer reports that many wireless clients cannot reliably receive multicast audio. Which action resolves this
issue?
A. Set the RSSI Threshold to -67dBm.
B. Set the Fragmentation Threshold to 1250 bytes
C. Set the 24 Mbps and 54 Mbps data rates to Supported.
D. Disable RSSI Low Check.

Explanation

Multicast traffic is transmitted at the lowest mandatory data rate in the WLAN. If the data rate is too low, it can cause
packet loss, latency, and poor reliability for multicast applications like audio streaming.

By setting 24 Mbps and 54 Mbps to “Supported” instead of “Mandatory” or “Disabled,” multicast packets can be
transmitted at a higher, more efficient rate, improving reliability and performance.

Question 64

A corporate policy mandates that a certificate-based authentication system must be implemented on the wireless
infrastructure. All corporate clients will contain a certificate that will be used in conjunction with ISE and user
credentials to perform authentication before the clients are allowed to connect to the corporate Wi-Fi. Which
authentication key option must be selected to ensure that this authentication can take place?

A. CCKM
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 31/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
B. none
C. PSK
D. 802.1x

Explanation

802.1X is an authentication framework that provides certificate-based authentication for wireless clients when used with
Cisco Identity Services Engine (ISE). Since the corporate policy requires certificate-based authentication with user
credentials, 802.1X is the appropriate choice.

Question 65

Which lag/profile on a Cisco Catalyst 9800 Series WLC must be modified to allow Cisco ISE to dynamically assign
VLANs to users on an 802.1X-based SSID?

A. interface lag
B. site tag
C. policy profile
D. WLAN profile

Explanation

Dynamic VLAN assignment is one such feature that places a wireless user into a specific VLAN based on the credentials
supplied by the user. The task to assign users to a specific VLAN is handled by a RADIUS authentication server, such as
Cisco ISE. This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a
campus network.

Catalyst 9800 WLC Configuration

This configuration requires these steps:
+ Configure the WLC with the Details of the Authentication Server.
+ Configure the VLANs.
+ Configure the WLANs (SSID).
+ Configure the Policy Profile. -> Answer 'policy profile' is correct.
+ Configure the Policy tag.
+ Assign the Policy tag to an AP.

Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/217043-configure-dynamic-vlan-
assignment-with-c.html

Question 66

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 32/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

A customer reports occasional brief audio dropouts on its Cisco Wi-Fi phones. The environment consists of a Cisco
Catalyst 9800 Series WLC with Catalyst 9120 APs running RRM. The phones connect on the 5-GHz band. Which
action resolves this issue?
A. Set WMM Policy to Required.
B. Disable Coverage Hole Detection.
C. Enable Media Stream Multicast-direct.
D. Enable Defer Priority 6.

Explanation

Cisco Wi-Fi phones use 802.11e/WMM (Wireless Multimedia Extensions) to prioritize voice traffic. Priority 6 is used for
voice traffic, and enabling Defer Priority 6 ensures that lower-priority traffic does not interfere with real-time voice
packets. This helps prevent brief audio dropouts caused by contention and collisions on the wireless medium.

Question 67

Refer to the exhibit.

client.connect(sd, port=22, username=username, password=password, allow_agent=False)
stdin, stdout, stderr = client.exec_command('show lld neighbors\n')
u = 0
for u in stdout:
if 'Router' not in u and 'Capability' not in u and 'Repeater' not in u:
if 'Device ID' not in u and 'displayed' not in u:

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 33/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
u101 = u.split()
if len(u101) != 0:
u2.append(u101)
if 'displayed:' in u:
cx = u.split()
c0 = cx[3]
d1 = {'x0': u1, 'c0': c0}

What is achieved by this Python script?

A. It displays the Layer 3 neighbors from show lldp neighbors on the terminal screen.
B. It displays the output from show lldp neighbors into a standard output.
C. It reads the output from show lldp neighbors into an array object.
D. It reads the neighbor count from show lldp neighbors into a dictionary list.

Explanation

An example of the output of “show lldp neighbors” command is shown below:

switch# show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID Local Intf Hold-time Capability Port ID

SW-1 E0/1 120 SW E0/1
SW-2 E0/0 120 SW E0/0
Total entries displayed: 2

With the example above, our d1 variable will have this information:

d1 = {
'x0': [
['SW-1', 'E0/1', '120', 'SW', 'Ethernet0/1'],
['SW-2', 'E0/0', '120', 'SW', 'Ethernet0/0'],
],
'c0': '2'
}

We don’t care about most of the code. We only need to focus on this part:
if 'displayed:' in u:
cx = u.split()
c0 = cx[3]

This code tries to get the (last) line of the output (with keyword “displayed”):

“Total entries displayed: 2”

and c0 = cx[3] will get the text at 4th position: “2” which is the number of devices. d1 variable is type of dict.

Question 68

Refer to the exhibit.

event manager applet config-alert

event cli pattern “conf t.*” sync yes

A network engineer must be notified when a user switches to configuration mode. Which script should be applied to
receive an SNMP trap and a critical-level log message?

A. action 1.0 snmp-trap strdata “Configuration change critical alarm”

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 34/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
B. action 1.0 snmp-trap strdata “Configuration change alarm”
action 1.1 syslog priority critical msg “Configuration change alarm”
C. action 1.0 snmp-trap strdata “Configuration change alarm”
action 2.0 syslog msg “Configuration change alarm”
D. action 1.0 snmp-trap strdata “Configuration change alarm”
action 1.0 syslog priority critical msg “Configuration change alarm”

Explanation

We need to create critical-level log so our action must include “priority critical”. Also we need to define two different
action (1.0 and 1.1).

Question 69

Which technology collects location information through data packets received by the APs instead of using mobile
device probes?

A. hyperlocation
B. detect and locate
C. RF fingerprinting
D. FastLocate

Explanation

As data packets are more frequent than probe request packets, they can be aggregated better. FastLocate enables higher
location refresh rates by collecting RSSI or location information through data packets received by the APs.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/location_services.html

Question 70

In a Cisco SD-Access wireless architecture, which device manages endpoint ID to Edge Node bindings?

A. fabric edge node

B. fabric wireless controller
C. fabric border node
D. fabric control plane node

Explanation

SD-Access Wireless Architecture Control Plane Node –A Closer Look

Fabric Control-Plane Node is based on a LISP Map Server / Resolver

Runs the LISP Endpoint ID Database to provide overlay reachability information

+ A simple Host Database, that tracks Endpoint ID to Edge Node bindings (RLOCs)
+ Host Database supports multiple types of Endpoint ID (EID), such as IPv4 /32, IPv6 /128* or MAC/48
+ Receives prefix registrations from Edge Nodes for wired clients, and from Fabric mode WLCs for wireless clients
+ Resolves lookup requests from FE to locate Endpoints
+ Updates Fabric Edge nodes, Border nodes with wireless client mobility and RLOC information

Reference: https://www.ciscolive.com/c/dam/r/ciscolive/latam/docs/2018/pdf/BRKEWN-2020.pdf

Question 71
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 35/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Which design principle states that a user has no access by default to any resource, and unless a resource is explicitly
granted, it should be denied?
A. economy of mechanism
B. fail-safe defaults
C. least privilege
D. complete mediation

Explanation

The Principle of Fail-Safe Defaults states that, unless a subject is given explicit access to an object, it should be denied
access to that object.

Note: By the principle of least privilege, that administrator should only be able to access the subjects and objects involved
in mail queueing and delivery. As we saw, this minimizes the threats if that administrator’s account is compromised. The
mail system can be damaged or destroyed, but nothing else can be.

Reference: https://us-cert.cisa.gov/bsi/articles/knowledge/principles/failing-securely

Question 72

Refer to the exhibit.

Router A
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# ip address 10.1.0.1 255.0.0.0
Router(config-if)# vrrp 1 priority 100
Router(config-if)# vrrp 1 authentication cisco
Router(config-if)# vrrp 1 timers advertise 3
Router(config-if)# vrrp 1 timers learn
Router(config-if)# vrrp 1 ip 10.1.0.10

Router B
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# ip address 10.1.0.2 255.0.0.0
Router(config-if)# vrrp 1 priority 110
Router(config-if)# vrrp 1 authentication cisco
Router(config-if)# vrrp 1 timers advertise 3
Router(config-if)# vrrp 1 timers learn
Router(config-if)# vrrp 1 ip 10.1.0.11

An engineer must adjust the configuration so that Router A becomes the active router. Which commands should be
applied to router A? (Choose two)

A. vrrp 1 priority 90
B. vrrp 1 timers advertise 1
C. vrrp 1 ip 10.1.0.11
D. vrrp 1 priority 120
E. ip address 10.1.0.11 255.0.0.0

Explanation

The virtual IP address must match between two VRRP routers -> Answer 'vrrp 1 ip 10.1.0.11' is correct.

Since Router B has a priority of 110, we have to set Router A’s priority to a higher value to make it the active router ->
Answer 'vrrp 1 priority 120' is correct.

Question 73

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 36/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
What is the function of an intermediate node in a Cisco SD-Access fabric?
A. to encapsulate and de-encapsulate packets with a VXLAN header
B. to provide an entry and exit point between the fabric and external resources
C. to route packets within the fabric based on the Layer 3 information in the header
D. to provide reachability between fabric clients and nonfabric clients on the same subnet

Explanation

In an SD-Access fabric, intermediate nodes are part of the Layer 3 network (underlay) that facilitates connectivity between
border and edge nodes, routing IP traffic within the fabric without VXLAN encapsulation or decapsulation.

Note:

The SD-Access fabric is composed of four types of nodes: the border node; the edge node; the control plane node; and the
intermediate nodes.

The border node and control plane nodes are the equivalents of the core; the intermediate nodes are the equivalent of the
distribution layer; and the edge nodes are the equivalent to the access layer.

Question 74

In a virtual environment, what is an OVA file?

A. A zip file connecting a virtual machine configuration file and a virtual disk.
B. A file containing information about snapshots of a virtual machine.
C. A configuration file containing settings for a virtual machine such as a guest OS.
D. A file containing a virtual machine disk drive.

Explanation

An OVA file is an Open Virtualization Appliance that contains a compressed, “installable” version of a virtual machine.
When you open an OVA file it extracts the VM and imports it into whatever virtualization software you have installed on
your computer.

Question 75

To support new clients in the environment, an engineer must enable Fast Transition on the corporate WLAN. Which
command must be applied on a Cisco Catalyst 9800 Series WLC?

A. security wpa akm dot1x

B. security ft adaptive
C. security wpa akm psk
D. security wpa akm ft psk

Explanation

Device(config-wlan)# security ft //Configures 802.11r Fast Transition.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/802-11r-bss-fast-
transition.html

Note: Device(config-wlan)# security wpa akm ft psk //Configures Fast Transition PSK support.

March 28th, 2025

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 37/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 76

In a Cisco SD-Access network architecture, which access layer cabling design is optimal for the underlay network?

A. Switches are connected to each upstream distribution device.

B. Switches are cross-finned at the same layer and have a single connection to each upstream distribution device
C. Switches are connected to each upstream distribution and core device.
D. Switches are cross-linked to devices at the same layer and at the upstream and downstream devices.

Explanation

In a Cisco SD-Access network architecture, the optimal cabling design for the underlay network is to have switches cross-
linked at the same layer with a single connection to each upstream distribution device. This design supports redundancy
and efficient traffic flow.

Question 77

When deploying Cisco SD-Access Fabric APs, where does the data plane VXLAN tunnel terminate?

A. directly on the fabric APs

B. on the WLC node
C. on the first-hop fabric edge switch
D. on the fabric border node switch

Explanation

The VXLAN tunnel destination is always the Fabric Edge where the access tunnel is terminated.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 38/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Reference: https://www.cisco.com/c/dam/en/us/td/docs/cloud-systems-management/network-automation-and-
management/dna-center/deploy-guide/cisco-dna-center-sd-access-wl-dg.pdf

Question 78

Which method does FastLocate use to collect location-based information?

A. client probing
B. RFID
C. beacons
D. data packets

Explanation

Whenever available, RSSI from data packets and probe frames is used for calculating the location of a device.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/spaces/detect-and-locate/b-cisco-cle/m_fastlocate.html

But this Cisco link only mentions about data packets so answer 'data packets' is the better choice:

“As data packets are more frequent than probe request packets, they can be aggregated better. FastLocate enables higher
location refresh rates by collecting RSSI or location information through data packets received by the APs.”

Question 79

What is a TLOC in a Cisco SD-WAN deployment?

A. component set by the administrator to differentiate similar nodes that offer a common service
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 39/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
B. value that identifies a specific tunnel within the Cisco SD-WAN overlay
C. identifier that represents a specific service offered by nodes within the Cisco SD-WAN overlay
D. attribute that acts as a next hop for network prefixes

Explanation

TLOCs serve another important function besides data plane connectivity. In OMP terms (the routing protocol used over the
SD-WAN Fabric), the TLOC serves as a next-hop for route advertisements. OMP is very similar to BGP in many ways, and
just as the next-hop must be resolvable for BGP to install a route, the same is true of OMP.

Reference: https://carpe-dmvpn.com/2019/12/14/tlocs-cisco-sd-wan/

Question 80

Which Cisco Catalyst SD-WAN component is responsible for distributing data plane traffic policies?

A. WAN edge
B. SD-WAN Controller
C. SD-WAN Manager
D. SD-WAN Validator

Explanation

The SD-WAN Controller (formerly vSmart) is responsible for distributing data plane traffic policies, including:

+ Routing policies
+ Traffic engineering policies
+ Security policies
+ Application-aware routing

Question 81

Which type of API enables Cisco Catalyst Center (formerly DNA Center) to focus on outcome instead of the
individual steps that are required to achieve the outcome?

A. westbound Integration
B. southbound Multivendor Support
C. northbound Intent
D. eastbound Events and Notifications

Explanation

Cisco Catalyst Center (formerly DNA Center) provides intent-based networking, which means it focuses on high-level
business outcomes rather than low-level configurations. Northbound Intent APIs enable this by allowing external
applications to specify desired network states and behaviors without needing to define the specific steps to achieve them.

Question 82

Which tool functions in a push model, supports languages like Python or Ruby, and does not require an agent to be
installed per host?

A. Puppet
B. Saltstack
C. Chef
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 40/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
D. Ansible

Explanation

Ansible uses an agentless architecture to manage network devices. Agentless means that the managed device does not need
any code (agent) to be installed on it. Therefore Ansible uses SSH (NETCONF over SSH in particular) to “push” changes
and extract information to managed devices. Use YAML, Python for device configuration.

Question 83

At which plane does SD-WAN Validator operate in Cisco SD-WAN solutions?

A. orchestration plane
B. management plane
C. data plane
D. control plane

Explanation

Orchestration plane (SD-WAN Validator, formerly vBond) assists in securely onboarding the SD-WAN WAN Edge
routers into the SD-WAN overlay. The vBond controller, or orchestrator, authenticates and authorizes the SD-WAN
components onto the network. The vBond orchestrator takes an added responsibility to distribute the list of vSmart and
vManage controller information to the WAN Edge routers. vBond is the only device in SD-WAN that requires a public IP
address as it is the first point of contact and authentication for all SD-WAN components to join the SD-WAN fabric. All
other components need to know the vBond IP or DNS information.

Question 84

In a high-density AP environment, which feature can be used to reduce the RF cell size and not demodulate radio
packets above a given threshold?

A. RRM
B. RX-SOP
C. FRA
D. 802.11k

Explanation

In a high-density Access Point (AP) environment, Receive Start of Packet threshold (RX-SOP) is used to reduce the RF
cell size by increasing the minimum signal strength required for an AP to demodulate packets. This helps mitigate
interference by ensuring that only stronger signals (closer clients) are received while weaker signals (farther clients) are
ignored. By adjusting RX-SOP, we effectively shrink the AP’s coverage area and reduce co-channel interference.

Rx-SOP works by introduced RSSI thresholds to wireless frames received by an AP. This threshold is measured in dBm.
+ If the signal received by the AP is above the threshold, the frame is received and demodulated.
+ However, if the signal received is below the threshold, the AP ignores the frame and treats it as noise.

Note: There is a typo in this question, it should be “… below a given threshold”, not “above a given threshold”.

Question 85

Which solution should be used in a high-density wireless environment to increase bandwidth for each user?

A. Increase the cell size of each AP.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 41/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
B. Increase antenna size.
C. Increase TX power.
D. Increase the mandatory minimum data rate.

Explanation

A “Minimum Mandatory” data rate is the lowest data rate that we set as mandatory, and this data rate has some special
properties. Every client that wishes to join our cell “Must” support – and use that data rate or higher to associate and
authenticate on our cell.

Higher data rates take less airtime and allow more bandwidth for all. A higher Data Rate = smaller cell and more efficient
(higher capacity BW) coverage -> Answer 'Increase the mandatory minimum data rate' is correct.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-
7/b_wireless_high_client_density_design_guide.html

Answer 'Increase the cell size of each AP' is not correct as increasing the cell size creates overlapping coverage areas,
which increases co-channel interference (CCI) and decreases performance in high-density environments.

Answer 'Increase TX power' is not correct as higher transmission power may extend the coverage area of an AP but also
increases interference with neighboring APs. This leads to lower overall performance in dense environments.

Answer 'Increase antenna size' is not correct as larger antennas can improve signal strength, but they do not inherently
increase bandwidth per user.

Question 86

Which IEEE standard provides the capability to permit or deny network connectivity based on the user or device
identity?

A. 802.1w
B. 802.1x
C. 802.1d
D. 802.1q

Explanation

802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a
user’s identity and authorizes them for access to the network. The user’s identity is determined based on their credentials or
certificate, which is confirmed by the RADIUS server.

Reference: https://www.securew2.com/solutions/802-1x

Question 87

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 42/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

A POST/discovery request spawns an asynchronous task. After querying for more information about the task, the
Cisco DNA Center platform returns the REST API response. What is the status of the discovery task?
A. stopped
B. successful
C. failed
D. restarted

Explanation

From the first line “Status Code: 202” we can say the request was successful.

Note: HTTP status code of 2xx means “Success”, which indicates that the client’s request was accepted successfully.

Question 88

Which technology is the Cisco SD-Access control plane based on?

A. LISP
B. Cisco TrustSec
C. VXLAN
D. IS-IS

Explanation

In Cisco SD-Access, the control plane is based on LISP (Locator/ID Separation Protocol). LISP is responsible for:

+ Mapping endpoints to locations (network devices)

+ Enabling mobility within the fabric network
+ Providing scalable control-plane communication

Question 89

When deploying a Cisco Unified Wireless solution, what is a design justification for using a distributed WLC
deployment model?

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 43/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
A. It reduces the number of WLCs that network administrators must support by locating them in a common location
B. There are no latency concerns about LWAPP and CAPWAP tunnels traversing the campus core network
C. The number of wireless clients is low and the size of the physical campus is small
D. It more evenly distributes MAC ARP and ND processing over multiple switches which helps with
scalability

Explanation

In a distributed Wireless LAN Controller (WLC) deployment model, MAC, ARP, and ND processing are distributed across
multiple switches, enabling better scalability and fault tolerance compared to a centralized approach.

Question 90

Which feature is needed to maintain the IP address of a client when an inter-controller Layer 3 roam is performed
between two WLCs that are using different mobility groups?

A. interface groups
B. auto anchor
C. AAA override
D. RF groups

Explanation

When a client roams between two Wireless LAN Controllers (WLCs) in different mobility groups, its IP address would
normally change because different controllers assign different subnets. To maintain the client’s IP address during inter-
controller Layer 3 roaming, Auto Anchor Mobility (also known as Guest Anchor) is required.

Question 91

What are two characteristics of Cisco Catalyst SD-WAN? (Choose two)

A. control plane operates over DTLS/TLS authenticated and secured tunnels

B. unified data plane and control plane
C. centralized reachability, security, and application policies
D. distributed control plane
E. time-consuming configuration and maintenance

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 44/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
Explanation

Control plane (SD-WAN Controller, formerly vSmart) builds and maintains the network topology and make decisions on
the traffic flows. The Controller disseminates control plane information between WAN Edge devices, implements control
plane policies and distributes data plane policies to network devices for enforcement.

The SD-WAN Controllers communicate to each other and WAN Edge via DTLS Tunnels.

Question 92

Which AP mode allows administrators to generate pcap files to use for troubleshooting?

A. H-REAP
B. Local
C. Monitor
D. Sniffer

Explanation

Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where
you can use protocol analysis tool (Wireshark, Airopeek, etc) to review the packets and diagnose issues. Strictly used for
troubleshooting purposes.

Question 93

Which action controls the maximum cell size in a high-density wireless environment?

A. Set mandatory data rates.

B. Statically set TX power on access points to max.
C. Decrease TX power on access points.
D. Disable low data rates.

Explanation

In a high-density wireless environment, controlling the maximum cell size is important to:

+ Prevent excessive co-channel interference

+ Encourage client roaming to better access points
+ Optimize airtime utilization

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 45/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
By decreasing the transmit (TX) power on access points, we reduce the coverage area (cell size), which helps manage
interference and improve overall network performance.

Question 94

What is a client considered when it is in web authentication state and roams between two controllers with mobility
tunnels?

A. new
B. mobile
C. anchor
D. foreign

Explanation

If a client roams in web authentication state, the client is considered as a new client on another controller instead of being
identified as a mobile client.

Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/mobility.html

Note:

In Cisco Wireless Controllers, when a client roams across different WLCs connected via a mobility tunnel, the original
controller (Anchor WLC) maintains authentication.

The second controller (Foreign WLC) temporarily handles traffic but forwards it back to the Anchor WLC.

Question 95

Refer to the exhibit.

Drag and drop the snippets into the RESTCONF request to form the request that returns this response. Not all
options are used.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 46/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Note: Please type the corresponding numbers of each item at the bottom to the blank below so that they match the
corresponding textboxes A, B and C on the top. For example: 326 (which means 3 for A, 2 for B, 6 for C).
Please type your answer here: 352

Explanation

Answer:

1 – interface/GigabitEthernet/1/
2 – GET
3 – Accept

Question 96

Which tunneling technique is used when designing a Cisco SD-Access fabric data plane?

A. VRF
B. VRF Lite
C. LISP
D. VXLAN

Explanation

The tunneling technology used for the fabric data plane is based on Virtual Extensible LAN (VXLAN). VXLAN
encapsulation is UDP based, meaning that it can be forwarded by any IP-based network (legacy or third party) and creates
the overlay network for the SD-Access fabric. Although LISP is the control plane for the SD-Access fabric, it does not use
LISP data encapsulation for the data plane; instead, it uses VXLAN encapsulation because it is capable of encapsulating
the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not. Using VXLAN allows the SD-
Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays) and the ability to operate over any IP-based
network with built-in network segmentation (VRF instance/VN) and built-in group-based policy.

Reference: CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide

Question 97

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 47/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

A customer asks an engineer to create a new secure WLAN to support only WPA3. Users must connect using a
passphrase. Which encryption and key management configuration is required?
A. GCMP256 encryption with 802.1x key management
B. CCMP128 encryption with OWE key management
C. CCMP256 encryption with CCKM key management
D. CCMP128 encryption with SAE key management

Explanation

Simultaneous Authentication of Equals (SAE) is a key establishment protocol used in WPA3-Personal, designed to provide
stronger security and mitigate vulnerabilities of traditional PSK methods.

SAE in WPA3-Personal still requires users to enter a passphrase (password) when connecting to the Wi-Fi network.
However, unlike WPA2-PSK, SAE enhances security by:

+ Preventing Offline Dictionary Attacks: WPA2-PSK was vulnerable to offline attacks where an attacker could capture a
handshake and try multiple passwords offline. SAE mitigates this by requiring an interactive exchange.

+ Using a Secure Handshake: Instead of sending a hashed version of the password, SAE establishes a secure handshake
based on a zero-knowledge proof mechanism, ensuring mutual authentication.

This is how to configure WPA3 with SAE in WLC:

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 48/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 98

Which DNS record type is needed to allow a Cisco AP to discover a WLC when using IPv4?

A. SOA record
B. NS record
C. A record
D. CNAME record

Explanation

When a Cisco Access Point needs to discover a Wireless LAN Controller, it can use DNS-based discovery. This requires a
DNS A (Address) record to resolve the hostname of the WLC to its IPv4 address.

Question 99

Refer to the exhibit.

list = [1, 2, 3, 4]
list[3] = 10
print(list)

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 49/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
What is the value of the variable list after the code is run?
A. [1, 2, 10]
B. [1, 2, 10, 4]
C. [1, 2, 3, 10]
D. [1, 10, 10, 10]

Explanation

The first element of an array is at index 0 so list[3] gets the fourth element of the array.

Question 100

Which new security enhancement is introduced by deploying a next-generation firewall at the data center in
addition to the Internet edge?

A. DDoS protection
B. virtual private network for remote access
C. firewall protection of the east-west traffic at the data center
D. firewall protection of the south-north traffic at the data center

Explanation

Traditional firewalls focus on north-south traffic (traffic entering or leaving the network). Next-generation firewall
(NGFWs) at the data center help inspect and secure internal traffic, preventing threats from spreading laterally between
servers (east-west traffic).

Question 101

Which technology is the Cisco SD-Access control plane based on?

A. CTS
B. SGT
C. VRF
D. LISP

Explanation

In Cisco SD-Access the control plane is based on LISP (Locator/ID Separation Protocol), the data plane is based on
VXLAN (Virtual Extensible LAN), the policy plane is based on Cisco TrustSec, and the management plane is enabled and
powered by Cisco Catalyst Center.

Reference: https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html

Question 102

What is the structure of a JSON web token?

A. payload and signature

B. three parts separated by dots version header and signature
C. three parts separated by dots header payload, and signature
D. header and payload

Explanation
https://www.digitaltut.com/all-encor-v1-1-questions-part-6 50/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely
transmitting information between parties as a JSON object. This information can be verified and trusted because it is
digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or
ECDSA.

JSON Web Tokens are composed of three parts, separated by a dot (.): Header, Payload, Signature. Therefore, a JWT
typically looks like the following:

xxxxx.yyyyy.zzzzz

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such
as HMAC SHA256 or RSA.
The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the
user) and additional data.
To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in
the header, and sign that.

Reference: https://jwt.io/introduction/

Question 103

What is the intent API in Cisco Catalyst Center (formerly DNA Center)?

A. northbound consumer-facing RESTful API, which enables network discovery and configuration
management
B. westbound interface, which allows the exchange of data such as ITSM. IPAM, and reporting information
C. interface between the controller and the network devices, which enables network discovery and configuration
management
D. southbound consumer-facing RESTful API. which enables network discovery and configuration management

Explanation

Cisco DNA Center APIs are grouped into four categories: northbound, southbound, eastbound and westbound:
+ Northbound (Intent) APIs: enable developers to access Cisco DNA Center Automation and Assurance workflows. For
example: provision SSIDs, QoS policies, update software images running on the network devices, and application health.
…

Question 104

Which action is a LISP Map Resolver responsible for?

A. accepting registration requests from ETRs

B. accepting map-request messages from ITRs
C. finding EID-to-RLOC mappings
D. forwarding user data traffic

Explanation

Map resolver (MR): The MR performs the following functions:

+ Receives MAP requests, which are encapsulated by ITRs.
+ Provides a service interface to the ALT router, de-encapsulates MAP requests, and forwards on the ALT topology.
+ Sends negative MAP replies in response to MAP requests for non-LISP sites.

Reference: https://www.ciscopress.com/articles/article.asp?p=2992605

What is one characteristic of Cisco SD-Access networks?

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 51/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Question 105

Drag and drop the characteristics from the left onto the corresponding orchestration tool on the right.

Please type the corresponding numbers of each item on the left to the blank below and sort them in ascending order.
For example: 1324 (which means 13 for first group, 24 for second group).

Please type your answer here: 1423

Explanation

Answer:

Puppet
+ managed hosts pull configuration from the main node
+ requires an agent to be installed on hosts

Ansible
+ configuration files are procedural
+ uses SSH

Explanation

Ansible uses a procedural (or imperative) programming approach, which tries to preserve the configuration of an IT
infrastructure by defining the steps to reach a desired state.

Ansible uses an agentless architecture to manage network devices. Agentless means that the managed device does not
need any code (agent) to be installed on it.

Puppet is built on server-client architecture which comprises a master (centralized server) and some/many nodes (clients).
In each node, a Puppet Agent is installed to communicate with the Puppet Master.

Question 106

Refer to the exhibit.

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 52/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Which command set is required on router R1 to allow the network administrator to authenticate via RADIUS?
A. aaa new-model
aaa authentication login default
B. aaa new-model
aaa authentication login console
C. aaa new-model
aaa authentication login default group radius
D. aaa new-model
aaa authorization exec default group radius

A. Devices are assigned to virtual networks based on their VLAN membership.

B. Virtual networks are used for microsegmentation.wrong
C. Scalable group tags are used for macrosegmentation.
D. All traffic is Layer 3 within the fabric.

** Then correct answer is C. Scalable group tags are used for macrosegmentation.

1. No trackbacks yet.
Add a Comment
Nickname (Please don't use real n

Submit Comment
Subscribe to comments feed
New ENCOR v1.1 Questions – Part 6 Question 82 to 106 New ENCOR v1.1 Questions – Part 6 Question 61 to 81

Premium Member Zone

Welcome phani raj!

Welcome Premium Member!

ENCOR v1.1 Questions - Part 1
ENCOR v1.1 Questions - Part 2
ENCOR v1.1 Questions - Part 3
ENCOR v1.1 Questions - Part 4
ENCOR v1.1 Questions - Part 5

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 53/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
ENCOR v1.1 Questions - Part 6
=== Lab Sims for ENCOR v1.1 ===
EVE-NG Guide
Rapid PVST+ and LACP Sim
VRF Configuration Sim
OSPF DR BDR Sim
eBGP Neighbor Sim
OSPF & Prefix-list Sim
OSPF DR & Summarization Sim
Trunk UDLD & LACP Sim
OSPF DR BDR Sim 2
VTY Login Sim (Draft Version)
OSPF Summarization Sim
eBGP Neighbor Sim 2
OSPF Summarization Sim 2
LACP & Root Bridge Sim
NetFlow Sim
NetFlow Sim 2
OSPF Advertised & Summarized Sim
Access-list & CoPP Sim
Time Based ACL Sim (Draft Version)
VRF Configuration Sim 2
=== Old ENCOR Questions Listed Below but please learn them as well ===
ENCOR Questions - Part 4
ENCOR Questions - Part 5
ENCOR Questions - Part 6
ENCOR Questions - Part 7
ENCOR Questions - Part 8
ENCOR Questions - Part 9
ENCOR Questions - Part 10
ENCOR Questions - Part 11
Composite Quizzes
=== Below Sims are old and retired so you do not need to learn them ===
BGP Configuration Sim
HSRP Configuration Sim
GLBP Configuration Sim
EEM Configuration Sim
OSPF Configuration Sim
OSPF Authentication Sim
Logging and NetFlow Sim
SPAN and NetFlow Sim
Port-Channel and Native VLAN Sim
VRRP Configuration Sim
OSPF Authentication with Different Areas Sim
BGP Neighbor Sim

Logout

ENCOR Training
Basic Labs
Lab Challenges
ENCOR Knowledge
Connect Python to GNS3 for Automation in Win10
Python for ENCOR
Point to Point Protocol (PPP) Tutorial
Gateway Load Balancing Protocol GLBP Tutorial
Border Gateway Protocol BGP Tutorial

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 54/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6
GRE Tunnel Tutorial
NETCONF tutorial
Use Postman to configure CSR1000v router on Cisco Sandbox with RESTCONF
Embedded Event Manager (EEM) Tutorial
LISP Tutorial
JSON Web Token (JWT) Tutorial
NetFlow Tutorial
VXLAN Tutorial
OSPF LSA Types Tutorial
PPP over Ethernet (PPPoE) Tutorial

ENCOR 350-401 v1.1

Architecture Questions
Etherchannel Questions
Trunking Questions
SD-WAN & SD-Access Solutions
SD-WAN & SD-Access Solutions 2
SD-WAN & SD-Access Solutions 3
QoS Questions
Switching Mechanism Questions
Virtualization Questions
Virtualization Questions 2
LISP & VXLAN Questions
EIGRP & OSPF Questions
EIGRP & OSPF Questions 2
BGP Questions
Wireless Questions
Wireless Questions 2
Wireless Questions 3
HSRP & VRRP Questions
HSRP & VRRP Questions 2
Network Assurance Questions
IP SLA Questions
NetFlow Questions
SPAN Questions
Troubleshooting Questions
AAA Questions
GRE Tunnel Questions
NAT Questions
STP Questions
DNA Center Questions
Security Questions
Access-list Questions
Access-list Questions 2
Multicast Questions
NTP Questions
CoPP Questions
Automation Questions
Automation Questions 2
Automation Questions 3
Miscellaneous Questions
Drag Drop Questions
Drag Drop Questions 2
ENCOR FAQs & Tips
Share your ENCOR v1.1 Experience

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 55/56
4/6/25, 4:18 PM ENCOR Training » All ENCOR v1.1 Questions – Part 6

Network Resources
CCNA Website

ENCOR Website

ENSDWI Website

ENARSI Website

DevNet Website

CCIE R&S Website

Security Website

Wireless Website

Design Website

Data Center Website

Service Provider Website

Collaboration Website

Top

Copyright © 2015 - 2025 ENCOR Training

Privacy Policy | Disclaimer | Contact Us

https://www.digitaltut.com/all-encor-v1-1-questions-part-6 56/56