[UPDATED Apr-2026] Best Value Available Preparation Guide for 300-420 Exam
1 Full 300-420 Practice Test and 341 Unique Questions, Get it Now!
Cisco 300-420 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Cisco 300-420 exam focuses on designing and implementing advanced enterprise network architectures using Cisco technologies. It covers topics such as network automation, virtualization, security, and network assurance. 300-420 exam consists of 60-70 questions and has a duration of 90 minutes. The questions are in various formats, including multiple-choice, drag-and-drop, and simulation.
NEW QUESTION # 62
Which statement describes what happens if all VSL connections between the virtual switch members are lost?
- A. Both virtual switch members cease to forward traffic.
- B. The VSS transitions to the dual active recovery mode, and both virtual switch members continue to forward traffic independently.
- C. The VSS transitions to the dual active recovery mode, and only the new active virtual switch continues to forward traffic.
- D. The virtual switch members reload.
Answer: C
Explanation:
Q. What happens if all VSL connections between the virtual switch members are lost?
A. VSLs can be configured with up to eight links between the two switches across any combination of line cards or supervisor ports to provide a high level of redundancy. If for some rare reason all VSL connections are lost between the virtual switch members leaving both the virtual switch members up, the VSS will transition to the dual active recovery mode.
The dual active state is detected rapidly (subsecond) by any of the following three methods:
Enhancement to PagP used in MEC with connecting Cisco switches
L3 Bidirectional Forwarding Detection (BFD) configuration on a directly connected link (besides VSL) between virtual switch members or through an L2 link through an access layer switch L2 Fast-Hello Dual-Active Detection configuration on a directly connected link (besides VSL) between virtual switch members (supported with 12.2(33)SXI) In the dual active recovery mode, all interfaces except the VSL interfaces are in an operationally shut down state in the formerly active virtual switch member. The new active virtual switch continues to forward traffic on all links.
Reference: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/ prod_qas0900aecd806ed74b.html
NEW QUESTION # 63
What are the three foundational elements required for the new operational paradigm? (Choose three.)
- A. centralization
- B. fabric
- C. assurance
- D. application QoS
- E. policy-based automated provisioning of network
- F. multiple technologies at multiple OSI layers
Answer: B,C,E
NEW QUESTION # 64
Which two steps can be taken to improve convergence in an OSPF network? (Choose two.)
- A. Tune OSPF parameters
- B. Use Bidirectional Forwarding Detection
- C. Merge all the areas into one backbone area
- D. Span the same IP network across multiple areas.
- E. Make all non-backbone areas stub areas
Answer: A,B
Explanation:
Network convergence is the time that is needed for the network to respond to events.
One of the significant factors in routing convergence is the detection of link or node failure (events).
This is where BFD comes in to play.
OSPF Timers
The default OSPF LSA propagation timers are quite conservative. Lowering the values of the timers that control OSPF LSA generation can significantly improve OSPF convergence times
https://www.ciscopress.com/articles/article.asp?p=1763921&seqNum=6
NEW QUESTION # 65
Drag and drop the characteristics from the left onto the configuration protocols they describe on the right.
Answer:
Explanation:
Explanation:
https://www.ipspace.net/kb/CiscoAutomation/070-netconf.html#:~:text=NETCONF%20provides%
20mechanisms%20to%20install,on%20top%20of%20HTTP%2FHTTPS.
NEW QUESTION # 66
Refer to the exhibit.
EIGRP has been configured on all links. The spoke nodes have been configured as EIGRP stubs, and the WAN links to R3 have higher bandwidth and lower delay than the links to R4. When a link failure occurs at the R1-R2 link, what happens to traffic on R1 that is destined for a subnet attached to R2?
- A. R1 load-balances across the paths through R3 and R4 to reach R2
- B. R1 forwards the traffic to R3, but R3 drops the traffic
- C. R1 has no route to R2 and drops the traffic
- D. R1 forwards the traffic to R3 in order to reach R2
Answer: C
Explanation:
Explanation
The EIGRP stub routing feature will prevent the remote device from advertising core routes back to the distribution devices. Routes learned by the remote device from Distribution 1 will not be advertised to Distribution 2. Therefore, Distribution 2 will not use the remote device as a transit for traffic destined to the network core
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-eigrp-s
NEW QUESTION # 67
How are wireless endpoints registered in the HTDB in a Cisco SD-Access architecture?
- A. Fabric WLCs update the HTDB as new clients connect to the wireless network
- B. Fabric APs update the HTDB with the clients' ElD and RLOC
- C. Fabric edge nodes update the HTDB based on CAPPWAP messaging from the AP
- D. Border nodes first register endpoints and then update the HTDB
Answer: A
Explanation:
NEW QUESTION # 68
An engineer must design an in-band management solution for a customer with branch sites. The solution must allow remote management of the branch sites using management protocols over an MPLS WAN. Queueing is implemented at the remote sites using these classes:
- Class1 equals voice traffic
- Class2 equals mission-critical traffic
- Class3 equals default traffic
How must the solution prioritize the management traffic over the WAN?
- A. Mark the traffic with DSCP CS2 and map into Class2 with a minimum bandwidth assigned by reducing the bandwidth available to Class3
- B. Mark the traffic with DSCP EF and map into Class1 with a minimum bandwidth assigned by reducing the bandwidth available to Class2.
- C. Mark the traffic with DSCP CS6 and map into Class1 with a minimum bandwidth assigned by reducing the bandwidth available to Class2
- D. Mark the traffic with DSCP CS1 and map into Class2 with a minimum bandwidth assigned by reducing the bandwidth available to CIass3.
Answer: A
Explanation:
NW-Mgmt is the traffic in question i guess which equals CF2 (recommendation) and is to be placed in class 2 which and reduces less important class3 bandwith.
NEW QUESTION # 69
Which two routing protocols allow for unequal cost load balancing? (Choose two.)
- A. EIGRP
- B. IS-IS
- C. RIPng
- D. OSPF
- E. BGP
Answer: A,E
Explanation:
Section: Advanced Addressing and Routing Solutions
NEW QUESTION # 70
Drag and drop the elements from the left onto the protocols where they are used on the right.
Answer:
Explanation:
NEW QUESTION # 71
An engineer is designing an EIGRP network for a small branch site where there is only one Layer 3 router. The engineer wants the router to advertise the local LAN network to remote EIGRP neighbors without sending any unnecessary multicast messages on the local LAN. Which action should the engineer take?
- A. Advertise the local LAN using the network command and the passive-interface feature
- B. Redistribute the local LAN network using the redistribute connected command
- C. Advertise the local LAN subnet as a stub network
- D. Use a static default route for this site instead of EIGRP
Answer: A
NEW QUESTION # 72
Refer to the exhibit.
Refer to the exhibit. An architect is designing a BGP solution to connect a remote branch to a service provider. There are several prefixes within the branch that the company does not want to be advertised to the internet. Which solution should the architect use to accomplish this?
- A. Attach the No-Export community with the prefixes to exclude
- B. Implement the NOPEER community.
- C. Set the BGP Internet community for all prefixes.
- D. Use the BGP No-Advertise community for the prefixes to exclude.
Answer: A
NEW QUESTION # 73
Drag and drop the model driven telemetry characteristics from the left onto the mode they belong to on the right.
Answer:
Explanation:
NEW QUESTION # 74
During the integration of ISE and DNA Center, which of the following are used to establish trust through ISE?
- A. pxGRID services
- B. SGACLs
- C. Scalable groups
- D. REST APIs
Answer: A
NEW QUESTION # 75
Drag and drop the characteristics from the left onto the Yang model they describe on the right.
Select and Place:
Answer:
Explanation:
NEW QUESTION # 76 
Refer to the exhibit. A network engineer with an employee ID: 4384:99:754 must design a BGP solution based on these conditions:
* Traffic sessions occur between the branches and the data center.
* Branch B has limited resources to process routing updates.
* HQ must filter out all prefixes from branch A to R4.
Which outbound route filtering (ORF) solution must the engineer choose?
- A. Use a prefix list with the 10.10.10.0/24 subnet for ORF on R2
- B. Use a prefix list with the 10.10.10.0/24 subnet for ORF on R5.
- C. Use a prefix list with the 192.168.10.0/24 subnet for ORF on R2.
- D. Use a prefix list with the 192.168.10.0/24 subnet for ORF on R4.
Answer: A
NEW QUESTION # 77 
Refer to the exhibit. An engineer is planning an IPv4 to IPv6 migration solution for a customer. The routers in the network can support IPv4 and IPv6, except for the DWDM routers. The DWDM routers provide a Layer 2 link in which the routers peer directly with each other across a DWDM circuit. The circuit also provides connectivity between the mail servers. Which IPv6 migration technique must the engineer deploy?
- A. dual-stack
- B. 6rd
- C. 6to4
- D. ISATAP
Answer: B
NEW QUESTION # 78
Refer to the exhibit.
An architect is designing a network for a customer supporting a Wake-on-LAN application. Which solution must the architect choose?
- A. IP directed-broadcasts on R1
- B. spanning-tree uplinkfast on SW2
- C. spanning-tree uplinkfast on SW1
- D. IP directed-broadcasts on R2
Answer: D
Explanation:
"IP directed broadcast" must be supported on the last router to the destination subnet. Since the sleeping PC's dont have IP adresses, the machines must be calles awake by broadcast that behaves like an unicast untill they reach the destination network. There the directed broadcast is handled like a proper broadcast to wake all WOL machines.
https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91672-catl3-wol-vlans.html
NEW QUESTION # 79
Which consideration must be taken into account when using the DHCP relay feature in a Cisco SD-Access Architecture?
- A. DHCP-relay must be enabled on fabric edge nodes to provide the correct mapping of DHCP scope to the local anycast gateway.
- B. A DHCP server must be enabled on the border nodes to allow subnets to span multiple fabric edges.
- C. DHCP servers must support Cisco SD-Access extensions to correctly assign IPs to endpoints in an SDAccess fabric with anycast gateway.
- D. DHCP Option-82 must be enabled to map the circuit IP option to the access fabric node where the DHCP discover originated.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design- guide.html#FabricDHCPOverviewandDesign
NEW QUESTION # 80
Refer to the exhibit.
EIGRP has been configured on all links. The spoke nodes have been configured as EIGRP stubs, and the WAN links to R3 have higher bandwidth and lower delay than the links to R4. When a link failure occurs at the R1-R2 link, what happens to traffic on R1 that is destined for a subnet attached to R2?
- A. R1 has no route to R2 and drops the traffic
- B. R1 load-balances across the paths through R3 and R4 to reach R2
- C. R1 forwards the traffic to R3 in order to reach R2
- D. R1 forwards the traffic to R3, but R3 drops the traffic
Answer: C
NEW QUESTION # 81
A client is moving to Model-Driven Telemetry and requires periodic updates. What must the network architect consider with this design?
- A. Empty data subscriptions do not generate empty update notifications.
- B. Periodic updates include a full copy of the data that is subscribed to.
- C. Updates that contain changes within the data are sent only when changes occur.
- D. The primary push update is sent immediately and cannot be delayed.
Answer: B
Explanation:
Periodic updates contain a full copy of the subscribed data element or table for all supported transport protocols https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/166
/b_166_programmability_cg/model_driven_telemetry.html
NEW QUESTION # 82
Instructions
The main screen consists of two parts; the Main scenario and the Topology tabs. The main scenario describes TSHOOT.com test bed. The Topology tabs allow you to display the appropriate and select the trouble ticket.
To complete the item, you will first need to familiarize yourself with the TSHOOT.com test bed by clicking on the master scenario first and then the topologies tabs. Once you are familiar with the test bed and the topologies, you should start evaluating the trouble ticket. You will be presented with a Trouble Ticket scenario that will describe the fault condition. You will need to determine on which device the fault condition is located, to which technology the fault condition is related, and the solution to each trouble ticket. This will be done by answering three questions.
Ticket Selection
To begin, click on the Ticket on the Topology tabs.
Please note. Some of the questions will require you to use the scroll bar to see all options.
Fault Isolation
Read the ticket scenario to understand the fault condition.
Open the appropriate topology, based upon the ticket scenario.
Open the console of the desired device by clicking on that device in the topology, based upon your troubleshooting methodology.
Use the supported show, ping and trace commands to begin your fault isolation process.
Move to other devices as need by clicking on those devices within the topology.
Fault Identification
The trouble ticket will include three questions that you will need to answer:
1. Which device contains the fault
2. Which technology the fault condition is related to
3. What is the solution to the issue
To advance to the next question within the ticket click on "Next Question".
When you click "DONE", the trouble ticket will turn RED and will no longer be accessible.
You may also use the "Previous Question" button to review questions within that specific ticket.
To complete a trouble ticket, answer all three questions and click "DONE". This will store your response to the questions. Do not click on "DONE" unless you have answered all questions within the ticket.
Item Completion
Click the NEXT button on the bottom of the screen once a ticket is RED. This action moves you to the next item.
Scenario
The company has created the test bed network shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range, R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and the outside (209.65.200.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server. The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistribution is enabled where necessary.
Recently the implementation group has been using the test bed to do a 'proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
The implementation group has been using the test bed to do a 'proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, and FHRP services, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolate the cause of this fault and answer the following questions.
The fault condition is related to which technology?
- A. Switch-to-Switch Connectivity
- B. VLAN ACL / Port ACL
- C. Loop Prevention
- D. Switch Virtual Interface
- E. Port Security
- F. Access Vlans
- G. NTP
Answer: A
Explanation:
Steps need to follow as below:-1.When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4Ipconfig ----- Client will be getting 169.X.X.X2.On ASW1 port Fa1/0/ 1 & Fa1/0/2 access port VLAN 10 was assigned which is using IPaddress 10.2.1.0/24Sh run ------- & check for running config of int fa1/0/1 & fa1/0/2====================================================interface FastEthernet1/0/1switchport mode accessswitchport access vlan 10interface FastEthernet1/0/2switchport mode accessswitchport access vlan 10
3.We need to check on ASW 1 trunk port the trunk Po13 & Po23 were receiving VLAN 20 &200 but not VLAN
10 so that switch could not get DHCP IP address and was failing to reach IPaddress of Internet4.
Change required:
On ASW1 below change is required for switch-to-switch connectivity..int range portchannel13,portchannel23switchport trunk allowed vlan noneswitchport trunk allowed vlan 10,200
NEW QUESTION # 83
Drag and drop the description from the left onto the corresponding WAN connectivity types and categories on the right.
Answer:
Explanation:
NEW QUESTION # 84
......
Cisco 300-420 exam, also known as Designing Cisco Enterprise Networks, is a certification exam that validates the knowledge and skills of IT professionals in designing enterprise networks using Cisco technologies. 300-420 exam is intended for network designers, architects, and engineers who are responsible for designing and implementing complex enterprise networks.
Get Instant Access to 300-420 Practice Exam Questions: https://prepaway.testkingpass.com/300-420-testking-dumps.html