Question 1

According to RFC 4577, OSPF for BGP/MPLS IP VPNs, when must the down bit be set?

A when an OSPF route is distributed from the PE to the CE, for Type 3 LSAs
B. when an OSPF route is distributed from the PE to the CE, for Type 5 LSAs
C. when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs
D. when an OSPF route is distributed from the PE to the CE, for all types of LSAs

 

Answer: C

Explanation

If an OSPF route is advertised from a PE router into an OSPF area, the Down bit (DN) is set. Another PE router in the same area does not redistribute this route into iBGP of the MPLS VPN network if down is set.

The RFC 4577 says:

“When a type 3 LSA is sent from a PE router to a CE router, the DN bit in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further. When a PE router needs to distribute to a CE router a route that comes from a site outside the latter’s OSPF domain, the PE router presents itself as an ASBR (Autonomous System Border Router), and distributes the route in a type 5 LSA. The DN bit [OSPF-DN] MUST be set in these LSAs to ensure that they will be ignored by any other PE routers that receive them.”

For more information about Down bit according to RFC 4577 please read more here: http://tools.ietf.org/html/rfc4577#section-4.2.5.1.

Question 2

Refer to the exhibit.

Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1?

A. The interface Ethernet0/1 is in down state.
B. The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router.
C. The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0.
D. OSPF is not enabled on the interface Ethernet0/1.

 

Answer: D

Explanation

From the output of the “show ip ospf database” command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR’s next hop interface for other routers to reach network 192.168.10.0.

The Forwarding Address is determined by these conditions:
* The forwarding address is set to 0.0.0.0 if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes.

* These conditions set the forwarding address field to a non-zero address:
+ OSPF is enabled on the ASBR’s next hop interface AND
+ ASBR’s next hop interface is non-passive under OSPF AND
+ ASBR’s next hop interface is not point-to-point AND
+ ASBR’s next hop interface is not point-to-multipoint AND
+ ASBR’s next hop interface address falls under the network range specified in the router ospf command.

* Any other conditions besides these set the forwarding address to 0.0.0.0.

-> We can see E0/1 interface is not running OSPF because it does not belong to network 110.110.0.0 0.0.255.255 which is declared under OSPF process -> F.A address is set to 0.0.0.0.

(Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html)

Question 3

Refer to the exhibit.

router ospf 100 router-id 4.4.4.4 area 110 nssa summary-address 192.168.0.0 255.255.0.0 nssa-only redistribute static metric-type 1 subnets tag 704 network 110.110.0.0 0.0.255.255 area 110

This is the configuration of the ASBR of area 110. Which option explains why the remote ABR should not translate the type 7 LSA for the prefix 192.168.0.0/16 into a type 5 LSA?

A. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR.
B. The ASBR sets the forwarding address to 0.0.0.0 which instructs the ABR not to translate the LSA into a type 5 LSA.
C. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600.
D. The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16.

 

Answer: D

Explanation

When external routing information is imported into an NSSA, LSA Type 7 is generated by the ASBR and it is flooded within that area only. To further distribute the external information, type 7 LSA is translated into type 5 LSA at the NSSA border. The P-bit in LSA Type 7 field indicates whether the type 7 LSA should be translated. This P-bit is automatically set by the NSSA ABR (also the Forwarding Address (FA) is copied from Type 7 LSA). The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area . If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5.

The nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device.

Note: If a router is attached to another AS and is also an NSSA ABR, it may originate a both a type-5 and a type-7 LSA for the same network. The type-5 LSA will be flooded to the backbone and the type-7 will be flooded into the NSSA. If this is the case, the P-bit must be reset (P=0) in the type-7 LSA so the type-7 LSA isn’t again translated into a type-5 LSA by another NSSA ABR.

(Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-15-e-book/iro-ospfv3-nssa-cfg.html)

Question 4

Which statement about OSPF multiaccess segments is true?

A. The designated router is elected first.
B. The designated and backup designated routers are elected at the same time.
C. The router that sent the first hello message is elected first.
D. The backup designated router is elected first.

 

Answer: D

Explanation

According to the RFC, the BDR is actually elected first, followed by the DR. The RFC explains why:

“The reason behind the election algorithm’s complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities.

The above procedure may elect the same router to be both Designated Router and Backup Designated Router, although that router will never be the calculating router (Router X) itself.”

(Reference: http://www.ietf.org/rfc/rfc2328.txt – [Page 76])

Question 5

Consider a network that mixes link bandwidths from 128 kb/s to 40 Gb/s. Which value should be set for the OSPF reference bandwidth?

A. Set a value of 128.
B. Set a value of 40000.
C. Set a manual OSPF cost on each interface
D. Use the default value.
E. Set a value of 40000000.
F. Set a value of 65535.

 

Answer: C

Question 6

Which statement about a type 4 LSA in OSPF is true?

A. It is an LSA that is originated by an ABR, that is flooded throughout the AS, and that describes a route to the ASBR.
B. It is an LSA that is originated by an ASBR, that is flooded throughout the AS, and that describes a route to the ASBR.
C. It is an LSA that is originated by an ASBR, that is flooded throughout the area, and that describes a route to the ASBR.
D. It is an LSA that is originated by an ABR, that is flooded throughout the AS, and that describes a route to the ABR.
E. It is an LSA that is originated by an ABR, that is flooded throughout the area, and that describes a route to the ASBR.

 

Answer: E

Explanation

LSA Type 4 (called Summary ASBR LSA) is generated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR.

Question 7

Which two functions are performed by the DR in OSPF? (Choose two)

A. The DR originates the network LSA on behalf of the network.
B. The DR is responsible for the flooding throughout one OSPF area.
C. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies.
D. The DR is responsible for originating the type 4 LSAs into one area.

 

Answer: A C

Explanation

DR originates the network LSA (LSA Type 2) which lists all the routers on the segment it is adjacent to -> A is correct.

Types 2 are flooded within its area only; does not cross ABR -> B is incorrect.

The broadcast and non-broadcast network types elect a DR/BDR. They form adjacencies to all other OSPF routers on the network and help synchronize the Link State Database (LSDB) across the adjacencies -> C is correct.

LSAs Type 4 are originated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR -> D is incorrect.

Note: To learn more about OSPF LSA Types, please read our OSPF LSA Types Tutorial.

Question 8

Refer to the exhibit.

Which two statements are true? (Choose two)

A. This is the output of the show ip ospf command.
B. This is the output of the show ip protocols command.
C. This router is an ABR.
D. This router is an ASBR.
E. Authentication is not configured for the area.

 

Answer: A E

Question 9

Refer to the exhibit.

R1 ! interface Fastethernet0/0 ip address 10.1.1.5 255.255.255.0 ! router ospf 1 network 10.1.1.5 0.0.0.0 area 0 passive-interface default ! R2 ! interface FastEthernet0/1 ip address 10.1.1.6 255.255.255.0 ! router ospf 10 network 10.1.1.6 0.0.0.0 area 0 !

Which additional configuration is necessary for R1 and R2 to become OSPF neighbors?

A.
R1
!
router ospf 1
no passive-interface FastEthernet0/0
!

B.
R2
!
router ospf 10
no network 10.1.1.6 0.0.0.0 area 0
network 10.1.1.6 0.0.0.0 area 1
!

C.
R1
!
interface FastEthernet0/0
ip ospf mtu-ignore
!
R2
!
interface FastEthernet0/1
ip ospf mtu-ignore
!

D.
R1
!
no router ospf 1
router ospf 10
network 10.1.1.5 0.0.0.0 area 0

 

Answer: A

Question 10

Refer to the exhibit.

R3 prefers the path through R1 to reach host 10.1.1.1.

Which option describes the reason for this behavior?

A. The OSPF reference bandwidth is too small to account for the higher speed links through R2.
B. The default OSPF cost through R1 is less than the cost through R2.
C. The default OSPF cost through R1 is more than the cost through R2.
D. The link between R2 and R1 is congested.

 

Answer: A

Explanation

The default formula to calculate OSPF bandwidth is BW = Bandwidth Reference / interface bandwidth [bps] = 10^8 / / interface bandwidth [bps]
BW of the R1-R3 link = 10^8 / 100Mbps = 10^8 / 10^8 = 1
BW of the R2-R3 link = 10^8 / 1Gbps = 10^8 / 10^9 = 1 (round up)

Therefore OSPF considers the two above links have the same Bandwidth -> R3 will go to 10.1.1.1 via the R1-R3 link. The solution here is to increase the Bandwidth Reference to a higher value using the “auto-cost reference-bandwidth” command under OSPF router mode. For example:

Router(config)#router ospf 1
Router(config-router)#auto-cost reference-bandwidth 10000

This will increase the reference bandwidth to 10000 Mbps which increases the BW of the R2-R3 link to 10^10 / 10^8 = 100.

Question 11

Refer to the exhibit.

Why is the prefix 1.1.1.1/32 not present in the routing table of R1?

A. There is a duplicate router ID
B. There is a subnet mask mismatch on Ethernet0/0
C. The router LSA has an invalid checksum
D. There is an OSPF network type mismatch that causes the advertising router to be unreachable

 

Answer: D

Question 1

Refer to the exhibit.

Switch1#show int fastEthernet0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 2 (VLAN0002) Trunking Native Mode VLAN: 3 (VLAN0003) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member?

A. VLAN 1
B. VLAN 2
C. VLAN 3
D. VLAN 4

 

Answer: B

Explanation

When typing:

Switch(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or trunk mode

trunk Set trunking mode to TRUNK unconditionally

 

and

 

Switch(config-if)#switchport mode dynamic ?

auto Set trunking mode dynamic negotiation parameter to AUTO

desirable Set trunking mode dynamic negotiation parameter to DESIRABLE

So if we configure Fa0/1 as dynamic auto mode, it will not initiate any negotitation but waiting for the other end negotiate to be a trunk with DTP. If the other end does not ask it to become a trunk then it will become an access port. Therefore when using the “show interface fastEthernet0/1 switchport” command we will see two output lines “Administrative Mode: dynamic auto” and “Operational Mode: static access“

Note: To set this port to VLAN 2 as the output above just use one additional command: “switchport access vlan 2”.

Now back to our question, from the output we see that Fa0/1 is operating as an access port on VLAN 2 so if it receive untagged frame it will suppose that frame is coming from VLAN 2.

Question 2

Refer to the exhibit.

Switch1#show interfaces fastEthernet0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 3 (VLAN0003) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: 4-100 Pruning VLANs Enabled: 100-200 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none

Which VLANs are permitted to send frames out port FastEthernet0/1?

A. 100-200
B. 4-100
C. 1 and 4-100
D. 3 and 4-100

 

Answer: D

Explanation

Traffic on the native vlan does not get tagged as it crosses a trunk, so there is no dot1q tag in the first place to be filtered. And you don’t need to allow the native vlan. But if we force to tag the native vlan (with the “switchport trunk native vlan tag” command) then if the native vlan is not in the “allowed vlan” list it will be dropped.

Question 1

Refer to the exhibit.

All switches have default bridge priorities, and originate BPDUs with MAC addresses as indicated. The numbers shown are STP link metrics. Which two ports are in blocking state after STP converges? (Choose two)

A. the port on switch SWD that connects to switch SWE
B. the port on switch SWF that connects to switch SWG
C. the port on switch SWD that connects to switch SWC
D. the port on switch SWB that connects to switch SWD

 

Answer: C D

Question 2

Refer to the exhibit.

All switches have default bridge priorities, and originate BPDUs with MAC addresses as indicated. The numbers shown are STP link metrics. Which two ports are forwarding traffic after STP converges? (Choose two)

A. The port connecting switch SWD with switch SWE
B. The port connecting switch SWG with switch SWF
C. The port connecting switch SWC with switch SWE
D. The port connecting switch SWB with switch SWC

 

Answer: C D

Question 3

Refer to the exhibit.

Which two statements about the output are true? (Choose two)

A. 802.1D spanning tree is being used.
B. Setting the priority of this switch to 0 for VLAN1 would cause it to become the new root.
C. The hello, Max-age, and forward delay timers are not set to their default values.
D. Spanning-tree PortFast is enabled on GigabitEthernet1/1.

 

Answer: A B

Question 4

Which statement is true regarding UDLD and STP timers?

A. The UDLD message timer should be two times the STP forward delay to prevent loops.
B. UDLD and STP are unrelated features, and there is no relation between the timers.
C. The timers need to be synced by using the spanning-tree udld-sync command.
D. The timers should be set in such a way that UDLD is detected before the STP forward delay expires.

 

Answer: D

Question 5

Refer to the exhibit.

Which technology does the use of bi-directional BPDUs on all ports in the topology support?

A. RSTP
B. MST
C. Bridge Assurance
D. Loop Guard
E. Root Guard
F. UDLD

 

Answer: C

Question 6

Refer to the exhibit.

Which two statements are true about the displayed STP state? (Choose two)

A. The STP version configured on the switch is IEEE 802.1w.
B. Port-channel 1 is flapping and the last flap occurred 1 minute and 17 seconds ago.
C. The switch does not have PortFast configured on Gi0/15.
D. BPDUs with the TCN bit set are transmitted over port channel 1.

 

Answer: C D

Question 7

Refer to the exhibit.

While troubleshooting high CPU utilization on one of your Cisco Catalyst switches, you find that the issue is due to excessive flooding that is caused by STP. What can you do to prevent this issue from happening again?

A. Disable STP completely on the switch.
B. Change the STP version to RSTP.
C. Configure PortFast on port-channel 1.
D. Configure UplinkFast on the switch.
E. Configure PortFast on interface Gi0/15.

 

Answer: E

Question 8

Which two statements are true about RSTP? (Choose two)

A. By default, RSTP uses a separate TCN BPDU when interoperating with 802.1D switches.
B. By default, RSTP does not use a separate TCN BPDU when interoperating with 802.1D switches.
C. If a designated port receives an inferior BPDU, it immediately triggers a reconfiguration.
D. By default, RSTP uses the topology change TC flag.
E. If a port receives a superior BPDU, it immediately replies with its own information, and no reconfiguration is triggered.

 

Answer: B D

Question 1

Which two statements about private VLANs are true? (Choose two)

A. Only one isolated VLAN can be mapped to a primary VLAN.
B. Only one community VLAN can be mapped to a primary VLAN.
C. Multiple isolated VLANs can be mapped to a primary VLAN.
D. Multiple community VLANs can be mapped to a primary VLAN.

 

Answer: A D

Explanation

The main purpose of Private VLAN (PVLAN) is to provide the ability to isolate hosts at Layer 2 instead of Layer 3. As you know, a VLAN is a broadcast domain, by using PVLAN we are splitting that domain into some smaller broadcast domains. For example, without PVLAN, a service provider wants to increase security by isolating customers into separate domains so that they can’t access each other, they have to assign them into different VLANs and use different subnets. This can result in a waste of IP addresses and difficulty in VLAN management. Private VLANs (PVLANs) can solve this problem by allowing the isolation of devices at Layer 2 in the same subnet. PVLAN can be considered “VLANs inside VLAN”.
There are three types of ports in PVLAN:
* Isolated: only communicate with promiscuous ports. Notice that it cannot even communicate with another isolated port. Also, there can be only 1 isolated VLAN per PVLAN.
* Promiscuous: can communicate with all other ports. The default gateway is usually connected to this port so that all devices in PVLAN can go outside.
* Community: can communicate with other members of that community and promiscuous ports but cannot communicate with other communities. There can be multiple community VLANs per PVLAN.

For example, in the topology above:
+ Host A cannot communicate with Host B, C, D, E and F. It can only communicate with Promiscuous port to the router. Notice that even two Isolated ports in the same VLAN cannot communicate with each other.
+ Host C can communicate with Host D because they are in the same community but Host C cannot communicate with E and F because they are in a different community.
+ All hosts can go outside through promiscuous port.
Also I want to mention about the concept of “primary VLAN” and “secondary VLAN”. PVLAN can have only one primary VLAN; all VLANs in a PVLAN domain share the same primary VLAN. Secondary VLANs are isolated or community VLANs.

Question 2

Refer to the exhibit.

If you change the Spanning Tree Protocol from pvst to rapid-pvst, what is the effect on the interface Fa0/1 port state?

A. It transitions to the listening state, and then the forwarding state.
B. It transitions to the learning state and then the forwarding state.
C. It transitions to the blocking state, then the learning state, and then the forwarding state.
D. It transitions to the blocking state and then the forwarding state.

 

Answer: C

Question 1

Refer to the exhibit.

R1 ! interface FastEthernet0/0 description TO R2 ip address 172.17.17.1 255.255.255.128 ! interface FastEthernet0/1 description TO R3 ip address 10.17.12.1 255.255.255.0 ! ip route 172.29.168.3 255.255.255.255 172.17.17.2 ! router eigrp 10 no auto-summary network 172.17.17.0 0.0.0.127 network 10.17.12.0 0.0.0.255

R2 interface FastEthernet0/0 description TO R1 ip address 172.17.17.2 255.255.255.128 ! ip route 0.0.0.0 0.0.0.0 172.17.17.1 ! router eigrp 10 no auto-summary network 172.17.17.0 0.0.0.255

R3 ! interface loopback0 ip address 172.29.168.3 255.255.255.255 ! interface FastEthernet0/0 description TO R1 ip address 10.17.12.3 255.255.255.128 ! router eigrp 10 no auto-summary network 172.29.168.3 0.0.0.0 network 10.17.12.3 255.255.255.0 !

Routers R1, R2, and R3 are configured as shown, and traffic from R2 fails to reach 172.29.168.3. Which action can you take to correct the problem?

A. Correct the static route on R1.
B. Correct the default route on R2.
C. Edit the EIGRP configuration of R3 to enable auto-summary.
D. Correct the network statement for 172.29.168.3 on R3.

 

Answer: A

Explanation

On R1 we see there is a wrongly configured static route : ip route 172.29.168.3 255.255.255.255 172.17.17.2. It should be ip route 172.29.168.3 255.255.255.255 10.17.12.3.

Question 2

Refer to the exhibit.

Video Source S is sending interactive video traffic to Video Receiver R. Router R1 has multiple routing table entries for destination R. Which load-balancing mechanism on R1 can cause out-of-order video traffic to be received by destination R?

A. per-flow load balancing on R1 for destination R
B. per-source-destination pair load balancing on R1 for destination R
C. CEF load balancing on R1 for destination R
D. per-packet load balancing on R1 for destination R

 

Answer: D

Question 1

What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 authentication?

A. classic router mode, interface XX, authentication mode hmac-sha-256 B. named router mode, address-family statement, authentication mode hmac-sha-256 C. named router mode, address-family statement, af-interface default, authentication mode hmac- sha-256 D. named router mode, address-family statement, authentication mode hmac-sha-256

 

Answer: C

Explanation

The example below shows how to configure EIGRP HMAC-SHA2 on Cisco router:

Device(config)# router eigrp name1
Device(config-router)# address-family ipv4 autonomous-system 45000
Device(config-router-af)# af-interface ethernet 0/0
Device(config-router-af-interface)# authentication mode hmac-sha-256 0 password1
Device(config-router-af-interface)# end

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-15-sy-book/ire-sha-256.html

Question 2

What are two reasons to define static peers in EIGRP? (Choose two)

A. Security requirements do not allow dynamic learning of neighbors.
B. The link between peers requires multicast packets.
C. Back-level peers require static definition for successful connection.
D. The link between peers requires unicast packets.

 

Answer: A D

Explanation

There are two ways we can create EIGRP neighbor relationship:
+ Use “network ” command: this is the more popular way to create EIGRP neighbor relationship. That router will check which interfaces whose IP addresses belong to the and turn EIGRP on that interface. EIGRP messages are sent via multicast packets.
+ Use “neighbor” command: The interface(s) that have this command applied no longer send or receive EIGRP multicast packets. EIGRP messages are sent via unicast. The router only accepts EIGRP packets from peers that are explicitly configured with a neighbor statement. Consequently, any messages coming from routers without a corresponding neighbor statement are discarded. This helps prevent the insertion of unauthorized routing peers -> A and D are correct.

Question 3

Which statement about the feasibility condition in EIGRP is true?

A. The prefix is reachable via an EIGRP peer that is in the routing domain of the router.
B. The EIGRP peer that advertises the prefix to the router has multiple paths to the destination.
C. The EIGRP peer that advertises the prefix to the router is closer to the destination than the router.
D. The EIGRP peer that advertises the prefix cannot be used as a next hop to reach the destination.

 

Answer: C

Explanation

The advertised metric from an EIGRP neighbor (peer) to the local router is called Advertised Distance (or reported distance) while the metric from the local router to that network is called Feasible Distance. For example, R1 advertises network 10.10.10.0/24 with a metric of 20 to R2. For R2, this is the advertised distance. R2 calculates the feasible distance by adding the metric from the advertised router (R1) to itself. So in this case the feasible distance to network 10.10.10.0/24 is 20 + 50 = 70.

Before a router can be considered a feasible successor, it must pass the feasibility condition rule. In short, the feasibility condition says that if we learn about a prefix from a neighbor, the advertised distance from that neighbor to the destination must be lower than our feasible distance to that same destination.

Therefore we see the Advertised Distance always smaller than the Feasible Distance to satisfy the feasibility condition.

Question 4

How does EIGRP derive the metric for manual summary routes?

A. It uses the best composite metric of any component route in the topology table.
B. It uses the worst composite metric of any component route in the topology table.
C. It uses the best metric vectors of all component routes in the topology table.
D. It uses the worst metric vectors of all component routes in the topology table.

 

Answer: A

Explanation

For example if your router has a routing table like this:

D 192.168.8.0/24 [90/2632528] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.9.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.10.0/24 [90/2195456] via 192.168.0.1, 00:00:12, Serial0/0 D 192.168.11.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0

Now suppose you want to manually summarize all the routes above, you can use this command (on the router that advertised these routes to our router):

Router(config-if)#ip summary-address eigrp 1 192.168.8.0 255.255.248.0

After that the routing table of your router will look like this:

D 192.168.8.0/21 [90/2195456] via 192.168.0.1, 00:01:42, Serial0/0

And we can see the manual summary route takes the smallest metric of the specific routes.

Question 5

Refer to the exhibit.

You have configured two routing protocols across this point-to-point link. How many BFD sessions will be established across this link?

A. three per interface
B. one per multicast address
C. one per routing protocol
D. one per interface

 

Answer: D

Explanation

Cisco devices will use one Bidirectional Forwarding Detection (BFD) session for multiple client protocols in the Cisco implementation of BFD for Cisco IOS Releases 12.2(18)SXE, 12.0(31)S, and 12.4(4)T. For example, if a network is running OSPF and EIGRP across the same link to the same peer, only one BFD session will be established, and BFD will share session information with both routing protocols.

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053749)

Question 6

Which two configuration changes should be made on the OTP interface of an EIGRP OTP route reflector? (Choose two)

A. passive-interface
B. no split-horizon
C. no next-hop-self
D. hello-interval 60, hold-time 180

 

Answer: B C

Explanation

The EIGRP Over the Top feature enables a single end-to-end Enhanced Interior Gateway Routing Protocol (EIGRP) routing domain that is transparent to the underlying public or private WAN transport that is used for connecting disparate EIGRP customer sites. When an enterprise extends its connectivity across multiple sites through a private or a public WAN connection, the service provider mandates that the enterprise use an additional routing protocol, typically the Border Gateway Protocol (BGP), over the WAN links to ensure end-to-end routing. The use of an additional protocol causes additional complexities for the enterprise, such as additional routing processes and sustained interaction between EIGRP and the routing protocol to ensure connectivity, for the enterprise. With the EIGRP Over the Top feature, routing is consolidated into a single protocol (EIGRP) across the WAN.

Perform this task to configure a customer edge (CE) device in a network to function as an EIGRP Route Reflector:

1. enable
2. configure terminal
3. router eigrp virtual-name
4. address-family ipv4 unicast autonomous-system as-number
5. af-interface interface-type interface-number
6. no next-hop-self
7. no split-horizon
8. exit
9. remote-neighbors source interface-type interface-number unicast-listen lisp-encap
10. network ip-address
11. end

Note: Use no next-hop-self to instructs EIGRP to use the received next hop and not the local outbound interface address as the next hop to be advertised to neighboring devices. If no next-hop-self is not configured, the data traffic will flow through the EIGRP Route Reflector.

(Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html)

Question 7

What is the purpose of EIGRP summary leaking?

A. to allow a summary to be advertised conditionally on specific criteria
B. to allow a component of a summary to be advertised in addition to the summary
C. to allow oveR1apping summaries to exist on a single interface
D. to modify the metric of the summary based on which components of the summary are operational

 

Answer: B

Explanation

When you do manual summarization, and still you want to advertise some specific routes to the neighbor, you can do that using leak-map. Please read more about leaking routes here: http://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_i1.html#wp1037685.

Question 8

Which statement about the function of poison reverse in EIGRP is true?

A. It tells peers to remove paths that previously might have pointed to this router.
B. It tells peers to remove paths to save memory and bandwidth.
C. It provides reverse path information for multicast routing.
D. It tells peers that a prefix is no longer reachable.

 

Answer: A

Explanation

Poison Reverse in EIGRP states: “Once you learn of a route through an interface, advertise it as unreachable back through that same interface”. For more information please read here: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html#splithorizon.

Question 9

What is the preferred method to improve neighbor loss detection in EIGRP?

A. EIGRP natively detects neighbor down immediately, and no additional feature or configuration is required.
B. BFD should be used on interfaces that support it for rapid neighbor loss detection.
C. Fast hellos (subsecond) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.
D. Fast hellos (one-second hellos) are preferred for EIGRP, so that it learns rapidly through its own mechanisms.

 

Answer: B

Question 10

Which two statements about the function of the stub feature in EIGRP are true? (Choose two)

A. It stops the stub router from sending queries to peers.
B. It stops the hub router from sending queries to the stub router.
C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.
D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers.

 

Answer: B C

Question 1

What is the function of an EIGRP sequence TLV packet?

A. to acknowledge a set of sequence numbers during the startup update process
B. to list the peers that should listen to the next multicast packet during the reliable multicast process
C. to list the peers that should not listen to the next multicast packet during the reliable multicast process
D. to define the initial sequence number when bringing up a new peer

 

Answer: C

Explanation

EIGRP sends updates and other information between routers using multicast packets to 224.0.0.10. For example in the topology below, R1 made a change in the topology and it needs to send updates to R2 & R3. It sends multicast packets to EIGRP multicast address 224.0.0.10. Both R2 & R3 can receive the updates and acknowledge back to R1 using unicast. Simple, right?

But what if R1 sends out updates, only R2 replies but R3 never does? In the case a router sends out a multicast packet that must be reliable delivered (like in this case), an EIGRP process will wait until the RTO (retransmission timeout) period has passed before beginning a recovery action. This period is calculated from the SRTT (smooth round-trip time). After R1 sends out updates it will wait for this period to expire. Then it makes a list of all the neighbors from which it did not receive an Acknowledgement (ACK). Next it sends out a packet telling these routers stop listening to multicast until they are been notified that it is safe again. Finally the router will begin sending unicast packets with the information to the routers that didn’t answer, continuing until they are caught up. In our example the process will be like this:

1. R1 sends out updates to 224.0.0.10
2. R2 responds but R3 does not
3. R1 waits for the RTO period to expire
4. R1 then sends out an unreliable-multicast packet, called a sequence TLV (Type-Length-Value) packet, which tells R3 not to listen to multicast packets any more
5. R1 continues sending any other muticast traffic it has and delivering all traffic, using unicast to R3, until it acknowledges all the packets
6. Once R3 has caught up, R1 will send another sequence TLV, telling R3 to begin listening to multicast again.

The sequence TLV packet contains a list of the nodes that should not listen to multicast packets while the recovery takes place. But notice that the TLV packet in step 6 does not contain any nodes in the list.

Note: In the case R3 still does not reply in step 4, R1 will attempt to retransmit the unicast 16 times or continue to retransmit until the hold time for the neighbor in question expires. After this time, R1 will declare a retransmission limit exceeded error and will reset the neighbor.

(Reference: EIGRP for IP: Basic Operation and Configuration)

Question 2

EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two)

A. Received packets are authenticated by the key with the smallest key ID.
B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.
C. Received packets are authenticated by any valid key that is chosen.
D. Sent packets are authenticated by the key with the smallest key ID.

 

Answer: C D

Explanation

Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work:

Router1(config)#key chain KeyChainR1 Router1(config-keychain)#key 1 Router1(config-keychain-key)#key-string FirstKey Router1(config-keychain-key)#key 2 Router1(config-keychain-key)#key-string SecondKey Router2(config)#key chain KeyChainR2 Router2(config-keychain)#key 1 Router2(config-keychain-key)#key-string FirstKey Router2(config-keychain-key)#key 2 Router2(config-keychain-key)#key-string SecondKey

Apply these key chains to R1 & R2:

Router1(config)#interface fastEthernet 0/0 Router1(config-if)#ip authentication mode eigrp 1 md5 Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 Router2(config)#interface fastEthernet 0/0 Router2(config-if)#ip authentication mode eigrp 1 md5 Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2

There are some rules to configure MD5 authentication with EIGRP:

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1” & “KeyChainR2” do not match)
+ The key number and key-string on the two potential neighbors must match (for example “key 1” & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router)

Also some facts about MD5 authentication with EIGRP
+ When sending EIGRP messages the lowest valid key number is used -> D is correct.
+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong.

Answer A is not correct because we need valid key to authenticate.

As mentioned above, although answer C is not totally correct but it puts some light on why answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used.

Note: There are some books saying that the key numbers DO NOT have to match but if you have time please do a lab to verify that both key numbers and key-strings must match.

Question 3

Refer to the exhibit.

R1: interface Loopback0 ip address 1.1.1.1 255.255.255.0 ipv6 address 2001:12::1/128 ipv6 eigrp 100 ! interface FastEthernet0/0 ip address 10.1.12.1 255.255.255.0 duplex auto speed auto ipv6 address 2001:112::1/64 ipv6 eigrp 100 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ipv6 router eigrp 100 no shutdown ! control-plane !

R2: interface Loopback0 ip address 2.2.2.2 255.255.255.0 ipv6 address 2001:12::2/128 ipv6 eigrp 100 ! interface FastEthernet0/0 ip address 10.1.12.2 255.255.255.0 duplex auto speed auto ipv6 address 2001:112::2/64 ipv6 eigrp 100 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ipv6 router eigrp 100 shutdown ! control-plane !

How many EIGRP routes will appear in the routing table of R2?

A. 0
B. 1
C. 2
D. 3

 

Answer: A

Explanation

EIGRPv6 on R2 was shut down so there is no EIGRP routes on the routing table of R2. If we turn on EIGRPv6 on R2 (with “no shutdown” command) then we would see the prefix of the loopback interface of R1 in the routing table of R2.

Note: EIGRPv6 requires the “ipv6 unicast-routing” global command to be turned on first or it will not work.

Question 4

In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available?

A. stub
B. named mode
C. classic mode
D. passive

 

Answer: B

Explanation

The EIGRP IPv6 VRF Lite feature provides EIGRP IPv6 support for multiple VRFs. EIGRP for IPv6 can operate in the context of a VRF. The EIGRP IPv6 VRF Lite feature provides separation between routing and forwarding, providing an additional level of security because no communication between devices belonging to different VRFs is allowed unless it is explicitly configured. The EIGRP IPv6 VRF Lite feature simplifies the management and troubleshooting of traffic belonging to a specific VRF.

The EIGRP IPv6 VRF Lite feature is available only in EIGRP named configurations.

(Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2mt/ipv6-15-2mt-book/ip6-eigrp.html#GUID-92B4FF4F-2B68-41B0-93C8-AAA4F0EC1B1B)

Question 1

Refer to the exhibit.

RouterA# conf t router isis 1 net 49.5200.1580.3500.6002.00 RouterB# conf t router isis 1 net 49.5200.1580.3500.6002.00

Router A and router B are physically connected over an Ethernet interface, and ISIS is configured as shown. Which option explains why the ISIS neighborship is not getting formed between router A and router B?

A. same area ID
B. same N selector
C. same domain ID
D. same system ID

 

Answer: D

Question 2

Which three statements about IS-IS are true? (Choose three)

A. IS-IS can be used only in the service provider network.
B. IS-IS can be used to route both IP and CLNP.
C. IS-IS has three different levels of authentication: interface level, process level, and domain level.
D. IS-IS is an IETF standard.
E. IS-IS has the capability to provide address summarization between areas.

 

Answer: B C E

Question 3

Which three elements compose a network entity title? (Choose three)

A. area ID
B. domain ID
C. system ID
D. NSAP selector
E. MAC address
F. IP address

 

Answer: A C D

Question 4

Refer to the exhibit.

Why is the neighbor relationship between R2 and R4 shown as ES-IS?

A. because there is an MTU mismatch between R2 and R4
B. because interface S3/0 of R4 is configured as L1/L2
C. because interface S3/0 of R2 is configured as L1
D. because there is a hello interval mismatch between R2 and R4

 

Answer: C

Question 5

Refer to the exhibit.

Which statement is true?

A. IS-IS has been enabled on R4 for IPv6, single-topology.
B. IS-IS has been enabled on R4 for IPv6, multitopology.
C. IS-IS has been enabled on R4 for IPv6, single-topology and multitopology.
D. R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS.

 

Answer: A

Question 6

Refer to the exhibit.

Why is the neighbor relationship between R1 & R2 and R1 & R3 an L2-type neighborship?

A. because the area ID on R1 is different as compared to the area ID of R2 and R3
B. because the circuit type on those three routers is L1/L2
C. because the network type between R1, R2, and R3 is point-to-point
D. because the hello interval is not the same on those three routers

 

Answer: A

Question 7

With which ISs will an ISIS Level 1 IS exchange routing information?

A. Level 1 ISs
B. Level 1 ISs in the same area
C. Level 1 and Level 2 ISs
D. Level 2 ISs

 

Answer: B

Question 8

Which three statements about the designated router election in IS-IS are true? (Choose three)

A. If the IS-IS DR fails, a new DR is elected.
B. The IS-IS DR will preempt. If a new router with better priority is added, it just becomes active in the network.
C. If there is a tie in DR priority, the router with a higher IP address wins.
D. If there is a tie in DR priority, the router with a higher MAC address wins.
E. If the DR fails, the BDR is promoted as the DR.
F. The DR is optional in a point-to-point network.

 

Answer: A B D

Question 1

Refer to the exhibit.

Which statement is true?

A. BGP peer 10.1.2.3 is performing inbound filtering.
B. BGP peer 10.1.2.3 is a route reflector.
C. R1 is a route reflector, but BGP peer 10.1.2.3 is not a route reflector client.
D. R1 still needs to send an update to the BGP peer 10.1.2.3.

 

Answer: D

Question 2

Refer to the exhibit.

BGP(0): 10.1.3.4 rcvd UPDATE w/ attr: nexthop 10.1.3.4, origin i, metric 0/ merged path 4, AS PATH BGP(0): 10.1.3.4 rcvd 10.100.1.1/32…duplicate ignored

Notice that debug ip bgp updates has been enabled. What can you conclude from the debug output?

A. This is the result of the clear ip bgp 10.1.3.4 in command.
B. This is the result of the clear ip bgp 10.1.3.4 out command.
C. BGP neighbor 10.1.3.4 performed a graceful restart.
D. BGP neighbor 10.1.3.4 established a new BGP session.

 

Answer: A

Question 3

Refer to the exhibit.

Which command is configured on this router?

A. bgp update-delay 60
B. neighbor 10.100.1.1 maximum-prefix 200
C. neighbor 10.100.1.1 maximum-path 2
D. neighbor 10.100.1.1 ebgp-multihop 2

 

Answer: B

Question 4

Refer to the exhibit.

What is a reason for the RIB-failure?

A. CEF is not enabled on this router.
B. The route 10.100.1.1/32 is in the routing table, but not as a BGP route.
C. The routing table has yet to be updated with the BGP route.
D. The BGP route is filtered inbound and hence is not installed in the routing table.

 

Answer: B

Question 5

Refer to the exhibit.

Why is R2 unable to ping the loopback interface of R4?

A. The local preference is too high.
B. The weight is too low.
C. The next hop is not reachable from R2.
D. The route originated from within the same AS.

 

Answer: C

Question 6

Refer to the exhibit.

Why is network 172.16.1.0/24 not installed in the routing table?

A. There is no ARP entry for 192.168.1.1.
B. The router cannot ping 192.168.1.1.
C. The neighbor 192.168.1.1 just timed out and BGP will flush this prefix the next time that the BGP scanner runs.
D. There is no route for 192.168.1.1 in the routing table.

 

Answer: D

Question 7

Refer to the exhibit.

Which two statements are true? (Choose two)

A. This router is not 4-byte autonomous system aware.
B. This router is 4-byte autonomous system aware.
C. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, and this router is 4-byte autonomous system aware.
D. The prefix 10.100.1.1/32 was learned through an autonomous system number with a length of 4 bytes, and this router is not 4-byte autonomous system aware.
E. The prefix 10.100.1.1/32 was originated from a 4-byte autonomous system.

 

Answer: A D

Question 8

Refer to the exhibit.

R2 is mutually redistributing between EIGRP and BGP.

Which configuration is necessary to enable R1 to see routes from R3?

A. The R3 configuration must include ebgp-multihop to the neighbor statement for R2.
B. The R2 BGP configuration must include bgp redistribute-intemal.
C. R1 must be configured with next-hop-self for the neighbor going to R2.
D. The AS numbers configured on R1 and R2 must match.

 

Answer: B

Question 9

Which group of neighbors can be configured as a BGP peer group?

A. a group of iBGP neighbors that have the same outbound route policies
B. a group of iBGP and eBGP neighbors that have the same inbound distribute-list
C. a group of eBGP neighbors in the same autonomous system that have different outbound route policies
D. a group of iBGP neighbors that have different outbound route policies

 

Answer: A

Question 10

Refer to the exhibit.

*May20 12:16: BGP(4):10.1.1.2 rcvd UPDATE w/ attr:nexthop 10.1.1.2,origin ?, localpref 100,metric 0,extended community RT:999:999 *May20 12:16: BGP(4):10.1.1.2 rcvd 999:999:192.168.1.99/32,label 29—DENIED due to:extended community not supported

You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table. Which two statements are true? (Choose two)

A. VPNv4 is not configured between PE1 and PE3.
B. address-family ipw4 vrf is not configured on PE3.
C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.
D. PE1 will reject the route due to automatic route filtering.
E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.

 

Answer: D E

Question 1

Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE?

A. OSPF domain identifier
B. OSPF route type
C. OSPF router ID
D. MED
E. OSPF network type

 

Answer: E

Question 2

Refer to the exhibit.

What does “(received-only)” mean?

A. The prefix 10.1.1.1 can not be advertised to any eBGP neighbor.
B. The prefix 10.1.1.1 can not be advertised to any iBGP neighbor.
C. BGP soft reconfiguration outbound is applied.
D. BGP soft reconfiguration inbound is applied.

 

Answer: D

Question 3

Which statement describes the BGP add-path feature?

A. It allows for installing multiple IBGP and EBGP routes in the routing table.
B. It allows a network engineer to override the selected BGP path with an additional path created in the config.
C. It allows BGP to provide backup paths to the routing table for quicker convergence.
D. It allows multiple paths for the same prefix to be advertised.

 

Answer: D

Question 4

Refer to the exhibit.

*>172.21.95.0/22 172.17.192.1 0 120 0 65534 65535 65100 65235 ?

For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table?

A. The AS number of the BGP is specified in the given AS_PATH.
B. The origin of the given route is unknown.
C. BGP is designed only for publicly routed addresses.
D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed.
E. BGP does not allow the AS number 65535.

 

Answer: A

Question 5

Which statement about the BGP originator ID is true?

A. The route reflector always sets the originator ID to its own router ID.
B. The route reflector sets the originator ID to the router ID of the route reflector client that injects the route into the AS.
C. The route reflector client that injects the route into the AS sets the originator ID to its own router ID.
D. The originator ID is set to match the cluster ID.

 

Answer: B

Question 6

Refer to the exhibit.

AS#1 and AS#2 have multiple EBGP connections with each other. AS#1 wants all return traffic that is destined to the prefix 10.10.10.1/32 to enter through the router R1 from AS#2. In order to achieve this routing policy, the AS 1 advertises a lower MED from R1, compared to a higher MED from R3, to their respective BGP neighbor for the prefix 10.10.10.0/24. Will this measure guarantee that the routing policy is always in effect?
AS #1 and AS #2 have multiple EBGP connections with each other. AS #1 wants all return traffic that is destined to the prefix 10.10.10.1/32 to enter through the router R1 from AS #2. In order to achieve this routing policy, the AS#1 advertises a lower MED from R1, compared to a higher MED from R3, to their respective BGP neighbor for the prefix 10.10.10.0/24. Will this measure guarantee that the routing policy is always in effect?

A. Yes, because MED plays a deterministic role in return traffic engineering in BGP.
B. Yes, because a lower MED forces BGP best-path route selection in AS #2 to choose R1 as the best path for 10.10.10.0/24.
C. Yes, because a lower MED in AS #2 is the highest BGP attribute in BGP best-path route selection.
D. No, AS #2 can choose to alter the weight attribute in R2 for BGP neighbor R1, and this weight value is cascaded across AS #2 for BGP best-path route selection.
E. No, AS #2 can choose to alter the local preference attribute to overwrite the best-path route selection over the lower MED advertisement from AS #1. This local preference attribute is cascaded across AS #2 for the BGP best-path route selection.

 

Answer: E

Question 7

Refer to the exhibit. All iBGP routes should have the iBGP peer as the next hop address. Why is this not the case for BGP routes learned between R1 and R2?

A. R2 is missing the next-hop-self option under the neighbor command for R1
B. ISP-A is missing the next-hop-self option under the neighbor command for R1
C. ISP-B is missing the next-hop-self option under the neighbor command for R1
D. R2, ISP-A, and ISP-B are missing the next-hop-self option under the neighbor command for R1

 

Answer: A

Explanation

In this case networks 10.0.0.0, 172.17.0.0, 172.18.0.0, 192.168.60.0, 192.168.70.0 are networks learned and advertised from R2. We see that the next-hop of these networks are 209.165.202.158 while they should be 209.165.202.130. With the next-hop of 209.165.202.158, R1 may not know how to send traffic to above networks and the traffic is dropped. To avoid this failure we should configure the ‘next-hop-self’ under the neighbor command for R1 like this:
R2(config-router)#neighbor 209.165.202.129 next-hop-self

Question 8

Refer to the exhibit. By default, why will BGP choose a locally originated route over any iBGP or eBGP learned route?

A. The IGP metric to the next hop is always shorter.
B. Locally originated routes have a better AD than eBGP or iBGP routes.
C. All locally originated routes have a better origin code.
D. Locally originated routes have a higher metric.
E. Locally originated routes have a weight of 32,768.

 

Answer: E

Question 9

Refer to the exhibit. The next hops are learned via OSPF and IS-IS. Which path is selected as the best path for 10.168.0.1?

A. path 1, because it is an MPLS labeled path
B. path 1, because the next hop is learned via OSPF with an AD of 110, compared to 115 for IS-IS
C. path 2, because it has the highest router ID
D. path 2, because it has the lowest IGP metric

 

Answer: D

Question 10

Which set of commands conditionally advertises 172.16.0.0/24 as long as 10.10.10.10/32 is in the routing table?
A)

neighbor x.x.x.x advertise-map ADV exist-map EXT route-map ADV match ip address prefix-list ADV ! route-map EXT match ip address prefix-list EXT ! ip prefix-list EXT permit 172.16.0.0/24 ! ip prefix-list ADV permit 10.10.10.10/32

B)

neighbor x.x.x.x advertise-map ADV exist-map EXT route-map ADV match ip address prefix-list ADV ! route-map EXT match ip address prefix-list EXT ! ip prefix-list ADV permit 172.16.0.0/24 ! ip prefix-list EXT permit 10.10.10.10/32

C)

neighbor x.x.x.x advertise-map ADV route-map ADV match ip address prefix-list ADV match ip address prefix-list EXT ! ip prefix-list ADV permit 172.16.0.0/24 ! ip prefix-list EXT permit 10.10.10.10/32

D)

neighbor x.x.x.x exist-map EXT route-map EXT match ip address prefix-list ADV match ip address prefix-list ADV match ip address prefix-list EXT ! ip prefix-list ADV permit 172.16.0.0/24 ! ip prefix-list EXT permit 10.10.10.10/32

A. Option A
B. Option B
C. Option C
D. Option D

 

Answer: B

Explanation

Advertise maps are used for conditional routing to advertise specified prefixes if something which is specified in exist map exists. In our question we need to advertise 172.16.0.0/24 if 10.10.10.10/32 exists in the routing table so we have to use command: “neighbor x.x.x.x advertise-map <prefix-list of 172.16.0.0/24> exist-map <prefix-list of 10.10.10.10/32>”. Therefore B is correct.

Question 1

What is a reason to use DHCPv6 on a network that uses SLAAC?

A. to get a record of the IPs that are used by the clients
B. to push DNS and other information to the clients
C. no reason, because there is no need for DHCPv6 when using SLAAC
D. because DHCPv6 can be used only in stateful mode with SLAAC to record the IPs of the clients
E. because DHCPv6 can be used only in stateless mode with SLAAC to record the IPs of the clients
F. because DHCPv6 is required to use first-hop security features on the switches

 

Answer: B

Explanation

SLAAC is by far the easiest way to configure IPv6 addresses, simply because you don’t have to configure any IPv6 address. With SLAAC, a host uses the IPv6 Neighbor Discovery Protocol (NDP) to determine its IP address and default routers. Using SLAAC, a host requests and listens for Router Advertisements (RA) messages, and then taking the prefix that is advertised to form a unique address that can be used on the network. For this to work, the prefix that is advertised must advertise a prefix length of 64 bits (i.e., /64). But the most significant of Stateless Address Autoconfiguration (SLAAC) is it provided no mechanism for configuring DNS resolver information.

Therefore SLACC can be used along with DHCPv6 (Stateless) to push DNS and other information to the clients.

Question 2

Which two DHCP messages are always sent as broadcast? (Choose two)

A. DHCPOFFER
B. DHCPDECLINE
C. DHCPRELEASE
D. DHCPREQUEST
E. DHCPDISCOVER

 

Answer: D E

Question 1

Refer to the exhibit.

R4 interface FastEthernet0/1 ip address 192.168.2.1 255.255.255.0 ip pim sparse-dense-mode duplex auto speed auto standby 1 ip 192.168.2.4 standby 1 priority 150 standby 1 preempt R5 interface FastEthernet0/1 ip address 192.168.2.2 255.255.255.0 ip pim sparse-dense-mode duplex auto speed auto standby 1 ip 192.168.2.4

The interface FastEthernet0/1 of both routers R4 and R5 is connected to the same Ethernet segment with a multicast receiver. Which two statements are true? (Choose two)

A. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R4.
B. Both routers R4 and R5 will send PIM join messages to the RP.
C. Only router R5 will send a multicast join message to the RP.
D. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R5.

 

Answer: C D

Question 2

Which technology can be used to prevent flooding of IPv6 multicast traffic on a switch?

A. IGMP snooping
B. IGMP filtering
C. MLD snooping
D. MLD filtering

Answer: C

Question 3

Which two statements are true about IPv6 multicast? (Choose two)

A. Receivers interested in IPv6 multicast traffic use IGMPv6 to signal their interest in the IPv6 multicast group.
B. The PIM router with the lowest IPv6 address becomes the DR for the LAN.
C. An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8.
D. The IPv6 all-routers multicast group is FF02:0:0:0:0:0:0:2.

 

Answer: C D

Question 4

Refer to the exhibit.

Which two statements about the device that generated the output are true? (Choose two)

A. The SPT-bit is set.
B. The sparse-mode flag is set.
C. The RP-bit is set.
D. The source-specific host report was received.

 

Answer: A D

Question 5

Refer to the exhibit.

Which three statements about the output are true? (Choose three)

A. This switch is currently receiving a multicast data stream that is being forwarded out VLAN 150.
B. A multicast receiver has requested to join one or more of the multicast groups.
C. Group 224.0.1.40 is a reserved address, and it should not be used for multicast user data transfer.
D. One or more multicast groups are operating in PIM dense mode.
E. One or more of the multicast data streams will be forwarded out to neighbor 10.85.20.20.
F. Group 239.192.1.1 is a reserved address, and it should not be used for multicast user data transfer.

 

Answer: A B C

Question 6

Which statement is true about IGMP?

A. Multicast sources send IGMP messages to their first-hop router, which then generates a PIM join message that is then sent to the RP.
B. Multicast receivers send IGMP messages to their first-hop router, which then forwards the IGMP messages to the RP.
C. IGMP messages are encapsulated in PIM register messages and sent to the RP.
D. Multicast receivers send IGMP messages to signal their interest to receive traffic for specific multicast groups.

 

Answer: D

Question 7

Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud?

A. spoke-spoke
B. nowhere, because multicast does not work over DMVPN
C. spoke-spoke and spoke-hub
D. spoke-hub

 

Answer: D

Question 8

Refer to the exhibit.

What is the meaning of the asterisk (*) in the output?

A. PIM neighbor 10.1.5.6 is the RPF neighbor for the group 232.1.1.1 for the shared tree.
B. PIM neighbor 10.1.5.6 is the one that is seen as the RPF neighbor when performing the command show ip rpf 10.1.4.7.
C. PIM neighbor 10.1.5.6 is the winner of an assert mechanism.
D. The RPF neighbor 10.1.5.6 is invalid.

 

Answer: C

Question 1

Which two statements are true about an EVPL? (Choose two)

A. It has a high degree of transparency.
B. It does not allow for service multiplexing.
C. The EVPL service is also referred to as E-line.
D. It is a point-to-point Ethernet connection between a pair of UNIs.

 

Answer: C D

Question 2

Which mechanism does Cisco recommend for CE router interfaces that face the service provider for an EVPL circuit with multiple EVCs and multiple traffic classes?

A. HCBWFQ
B. LLQ
C. tail drop
D. WRED

 

Answer: A

Question 3

Which Carrier Ethernet service supports the multiplexing of multiple point-to-point EVCs across as a single UNI?

A. EPL
B. EVPL
C. EMS
D. ERMS

 

Answer: B

Question 4

Which two statements are true about an EPL? (Choose two)

A. It is a point-to-point Ethernet connection between a pair of NNIs.
B. It allows for service multiplexing.
C. It has a high degree of transparency.
D. The EPL service is also referred to as E-line.

 

Answer: C D

Question 1

Which statement about the RPF interface in a BIDIR-PIM network is true?

A. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the PIM rendezvous point.
B. In a BIDIR-PIM network, the RPF interface can be the interface that is used to reach the PIM rendezvous point or the interface that is used to reach the source.
C. In a BIDIR-PIM network, the RPF interface is always the interface that is used to reach the source.
D. There is no RPF interface concept in BIDIR-PIM networks.

 

Answer: A

Question 2

Refer to the exhibit.

Which three statements about the output are true? (Choose three)

A. An mrouter port can be learned by receiving a PIM hello packet from a multicast router.
B. This switch is configured as a multicast router.
C. Gi2/0/1 is a trunk link that connects to a multicast router.
D. An mrouter port is learned when a multicast data stream is received on that port from a multicast router.
E. This switch is not configured as a multicast router. It is configured only for IGMP snooping.
F. IGMP reports are received only on Gi2/0/1 and are never transmitted out Gi2/0/1 for VLANs 10 and 20.

 

Answer: A B C

Question 3

Which mechanism can be used on Layer 2 switches so that only multicast packets with downstream receivers are sent on the multicast router-connected ports?

A. IGMP snooping
B. Router Guard
C. PIM snooping
D. multicast filtering

 

Answer: C

Question 4

Refer to the exhibit.

Router#show ip pim tunnel Tunnel0 Type : PIM Encap RP : 10.1.100.2* Source: 10.1.100.2 Tunnel1* Type : PIM Decap RP : 10.1.100.2* Source: –

What is the role of this multicast router?

A. a first-hop PIM router
B. a last-hop PIM router
C. a PIM rendezvous point
D. a PIM inter-AS router

 

Answer: C

Question 1

What is a reason for 6PE to use two MPLS labels in the data plane instead of one?

A. 6PE allows penultimate hop popping and has a requirement that all P routers do not have to be IPv6 aware.
B. 6PE does not allow penultimate hop popping.
C. It allows MPLS traffic engineering to work in a 6PE network.
D. It allows 6PE to work in an MPLS network where 6VPE is also deployed.

 

Answer: A

Question 2

For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor command?

A. 6VPE
B. MPLS Carrier’s carrier
C. inter-AS MPLS VPN option D
D. inter-AS MPLS VPN option C
E. Unified MPLS

 

Answer: E

Question 3

Refer to the exhibit.

Which statement is true?

A. This is an MPLS TE point-to-multipoint LSP in an MPLS network.
B. This is an MPLS TE multipoint-to-point LSP in an MPLS network.
C. This is a point-to-multipoint LSP in an MPLS network.
D. This is a multipoint-to-multipoint LSP in an MPLS network.

 

Answer: D

Question 4

A service provider is deploying L2VPN LAN services in its MPLS cloud. Which statement is true regarding LDP signaling and autodiscovery?

A. LDP signaling requires that each PE is identified, and that an LDP session is active with its P neighbor for autodiscovery to take place.
B. LDP signaling requires that each P is identified, and that a targeted LDP session is active for autodiscovery to take place.
C. LDP signaling requires that each PE is identified, and that a targeted LDP session with a BGP route reflector is active for autodiscovery to take place. j D. LDP signaling requires that each PE is identified, and that a targeted LDP session is active for autodiscovery to take place.

 

Answer: D

Question 5

Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization? (Choose two)

A. alternating cost links
B. the unique-ID/universal-ID algorithm
C. Cisco Express Forwarding antipolarization
D. different hashing inputs at each layer of the network

 

Answer: B D

Question 6

Service provider SP 1 is running the MPLS-VPN service. The MPLS core network has MP-BGP configured with RR-1 as route reflector. What will be the effect on traffic between PE1 and PE2 if router P1 goes down?

A. No effect, because all traffic between PE1 and PE2 will be rerouted through P2.
B. No effect, because P1 was not the only P router in the forwarding path of traffic.
C. No effect, because RR-1 will find an alternative path for MP-BGP sessions to PE-1 and PE-2.
D. All traffic will be lost because RR-1 will lose the MP-BGP sessions to PE-1 and PE-2.

 

Answer: D

Question 7

Refer to the exhibit.

Which statement is true?

A. R1 routes this pseudowire over MPLS TE tunnel 1 with transport label 20.
B. The default route 0.0.0.0/0 is available in the IPv4 routing table.
C. R1 is using an MPLS TE tunnel for this pseudowire, because the IP path is not available.
D. R1 has preferred-path configured for the pseudowire.

 

Answer: D

Question 8

Refer to the exhibit.

CE1#trace Protocol [ip]: ipv6 Target IPv6 address: 2001:db8:100:1::7 Source address: 2001:db8:100:1::5 Insert source routing header? [no]: Numeric display? [no]: Timeout in seconds [3]: Probe count [3]: Minimum Time to Live [1]: Maximum Time to Live [30]: Priority [0]: Port Number [0]: Type escape sequence to abort. Tracing the route to 2001:10:100:1::7 1 2001:db8:1:5::1 1 msec 1 msec 1 msec 2 ::FFFF:10.1.2.4 [MPLS: Labels 17/23 Exp 0] 2 msec 2 msec 2 msec 3 2001:db8:1:7::2 [AS 1] [MPLS: Label 23 Exp 0] 2 msec 1 msec 1 msec 4 2001:db8:1:7::7 [AS 1] 2 msec 1 msec 2 msec

Which statement is true?

A. There is an MPLS network that is running 6PE, and the ingress PE router has no mpls ip propagate-ttl.
B. There is an MPLS network that is running 6VPE, and the ingress PE router has no mpls ip propagate-ttl.
C. There is an MPLS network that is running 6PE or 6VPE, and the ingress PE router has mpls ip propagate-ttl.
D. There is an MPLS network that is running 6PE, and the ingress PE router has mpls ip propagate-ttl.
E. There is an MPLS network that is running 6VPE, and the ingress PE router has mpls ip propagate-ttl.

 

Answer: C

Question 9

Which statement is true comparing L2TPv3 to EoMPLS?

A. L2TPv3 requires OSPF routing, whereas EoMPLS does not.
B. EoMPLS requires BGP routing, whereas L2TPv3 does not.
C. L2TPv3 carries L2 frames inside MPLS tagged packets, whereas EoMPLS carries 12 frames inside IPv4 packets.
D. L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets.

 

Answer: D

Question 10

What is a key advantage of Cisco GET VPN over DMVPN?

A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs.
B. Cisco GET VPN supports certificate authentication for tunnel establishment.
C. Cisco GET VPN has a better anti-replay mechanism.
D. Cisco GET VPN does not require a secondary overlay routing infrastructure.

 

Answer: D

Question 1

Which statement is true about VPLS?

A. MPLS is not required for VPLS to work.
B. VPLS carries packets as Layer 3 multicast.
C. VPLS has been introduced to address some shortcomings of OTV.
D. VPLS requires an MPLS network.

 

Answer: D

Question 2

Which two statements are true about VPLS? (Choose two)

A. It can work over any transport that can forward IP packets.
B. It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, or GLBP.
C. It includes automatic detection of multihoming.
D. It relies on flooding to propagate MAC address reachability information.
E. It can carry a single VLAN per VPLS instance.

 

Answer: D E

Question 3

Which two statements are true about VPLS? (Choose two)

A. It can work over any transport that can forward IP packets.
B. It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, or GLBP.
C. It includes automatic detection of multihoming.
D. It relies on flooding to propagate MAC address reachability information.
E. It can carry a single VLAN per VPLS instance.

 

Answer: D E

Question 4

Which three statements describe the characteristics of a VPLS architecture? (Choose three)

A. It forwards Ethernet frames.
B. It maps MAC address destinations to IP next hops.
C. It supports MAC address aging.
D. It replicates broadcast and multicast frames to multiple ports.
E. It conveys MAC address reachability information in a separate control protocol.
F. It can suppress the flooding of traffic.

 

Answer: A C D

Question 1

Which is the way to enable the control word in an L2 VPN dynamic pseudowire connection on router R1?

A.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# set control-word

B.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# enable control-word

C.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# default control-word

D.
R1(config)# pseudowire-class cw-enable
R1(config-pw-class)# encapsulation mpls
R1(config-pw-class)# control-word

 

Answer: D

Question 2

Refer to the exhibit.

R1 ! ip vrf R2 rd 1:1 ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.252 ! router eigrp 100 no auto-summary address-family ipv4 vrf R2 network 192.168.0.0 0.0.0.255 ! R2 ! interface FastEthernet0/0 ip address 192.168.0.2 255.255.255.252 ! router eigrp 100 no auto-summary network 192.168.0.2 0.0.0.1 !

Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two)

A. Configure R2 to use a VRF to send routes to R1.
B. Configure the autonomous system in the EIGRP configuration of R1.
C. Correct the network statement on R2.
D. Add the interface on R1 that is connected to R2 into a VRF.

 

Answer: B D

Explanation

In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without running MPLS”. This is an example of how to configure VRF Lite with EIGRP:

ip vrf FIRST rd 1:1 ! ip vrf SECOND rd 1:2 ! router eigrp 1 no auto-summary ! address-family ipv4 vrf FIRST network 10.1.1.1 0.0.0.0 no auto-summary autonomous-system 200 exit-address-family ! address-family ipv4 vrf SECOND network 10.1.2.1 0.0.0.0 no auto-summary autonomous-system 100 exit-address-family ! interface FastEthernet0/0 ip vrf forwarding FIRST ip address 10.1.1.1 255.255.255.0 ! interface FastEthernet0/1 ip vrf forwarding SECOND ip address 10.1.2.1 255.255.255.0

The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2”. And R1 needs an interface configured under that VRF.

Note: R2 does not run VRF at all! Usually R2 resides on customer side.

Question 3

Refer to the exhibit.

Which two statements about the VPN solution are true? (Choose two)

A. Customer A and customer B will exchange routes with each other.
B. R3 will advertise routes received from R1 to R2.
C. Customer C will communicate with customer A and B.
D. Communication between sites in VPN1 and VPN2 will be blocked.
E. R1 and R2 will receive VPN routes advertised by R3.

 

Answer: C E (and D ?)

Explanation

+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.
+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3.
-> Customer A can communicate with Customer C

+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.
+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3.
-> Customer B can communicate with Customer C

Therefore answer C is correct.

Also answer E is correct because R1 & R2 import R3 routes.

Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.

Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.

Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.

Question 4

Refer to the exhibit.

vrf definition one rd 1:1 route-target export 100:1 route-target import 100:1 ! address-family ipv4 route-target import 100:2 exit-address-family ! address-family ipv6 route-target export 100:3 route-target import 100:3 exit-address-family

Which statement is true about a VPNv4 prefix that is present in the routing table of vrf one and is advertised from this router?

A. The prefix is advertised only with route target 100:1.
B. The prefix is advertised with route targets 100:1 and 100:2.
C. The prefix is advertised only with route target 100:3.
D. The prefix is not advertised.
E. The prefix is advertised with route targets 100:1,100:2, and 100:3.

 

Answer: A

Question 5

What is the purpose of Route Target Constraint?

A. to avoid using route reflectors in MPLS VPN networks
B. to avoid using multiple route distinguishers per VPN in MPLS VPN networks
C. to be able to implement VPLS with BGP signaling
D. to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router
E. to avoid BGP having to perform route refreshes

 

Answer: D

Explanation

Some service providers have a very large number of routing updates being sent from RRs to PEs, using considerable resources. A PE does not need routing updates for VRFs that are not on the PE; therefore, the PE determines that many routing updates it receives are “unwanted.” The PE can filter out the unwanted updates using Route Target Constraint.

For more information please read http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/iproute_bgp/configuration/guide/2_xe/irg_xe_book/irg_rt_filter_xe.html.

Question 6

Refer to the exhibit.

interface GigabitEthernet0 ip vrf forwarding Mgmt-intf ip address 1.1.1.1 255.255.255.0 ! ip access-list extended telnet-acl permit tcp any 1.1.1.1 0.0.0.0 eq 23 log ! line vty 0 4 access-class telnet-acl in transport input telnet

Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?

A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list..
D. The access class needs to have the vrf-also keyword added.

 

Answer: D

Explanation

The correct command should be “access-class telnet-acl in vrf-also”. If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.

Question 7

Refer to the exhibit.

! ip vrf Cust123 rd 200:3000 export map Cust123mgmt route-target export 200:3000 ! route-map Cust123mgmt permit 10 set extcommunity rt 200:9999

What will be the extended community value of this route?

A. RT:200:3000 RT:200:9999
B. RT:200:9999 RT:200:3000
C. RT:200:3000
D. RT:200:9999

 

Answer: D

Question 1

The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed. Which statement describes a possible cause of this error?

A. There is a verification failure on the IPsec packet.
B. The SA has expired or has been cleared.
C. The pre-shared keys on the peers are mismatched.
D. There is a failure due to a transform set mismatch.
E. An incorrect packet was sent by an IPsec peer.

 

Answer: C

Question 2

Refer to the exhibit.

IPSEC(ipsec process proposal): proxy identities not supported

What is a possible reason for the IPSEC tunnel not establishing?

A. The peer is unreachable.
B. The transform sets do not match.
C. The proxy IDs are invalid.
D. The access lists do not match.

 

Answer: D

Question 3

What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment?

A. It does not use Diffie-Hellman for secret exchange.
B. It does not support dead peer detection.
C. It does not support NAT traversal.
D. It does not hide the identity of the peer.

 

Answer: D

Question 4

Which three statements are functions that are performed by IKE phase 1? (Choose three)

A. It builds a secure tunnel to negotiate IKE phase 1 parameters.
B. It establishes IPsec security associations.
C. It authenticates the identities of the IPsec peers.
D. It protects the IKE exchange by negotiating a matching IKE SA policy.
E. It protects the identities of IPsec peers.
F. It negotiates IPsec SA parameters.

 

Answer: C D E

Question 1

Refer to the exhibit.

police cir percent 10 conform-action proceed exceed-action set-mpls-experimental-topmost 6

A PE router is configured with a policy map that contains the policer shown. The policy map is configured in the inbound direction of an interface feeing a CE router. If the PE router receives 12Mb/s of traffic with the CoS value set to 7 on a 100-Mb/s interface from the CE router, what value of MPLS EXP is set when this traffic goes through the policer shown?

A. 0
B. 6
C. 7
D. 8

 

Answer: B

Question 2

Refer to the exhibit.

Which two statements about how the configuration processes Telnet traffic are true? (Choose two)

A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.
B. All Telnet traffic is dropped.
C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.
D. Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted.
E. Telnet traffic is permitted to all IP addresses.

 

Answer: A C

Question 1

Refer to the exhibit.

interface Tunnel0 ip address 172.16.1.2 2 55. 255.255.0 ip nhrp map 172.16.1.1 192 .168.1.1 ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 tunnel source 192.168.2 . 2 ip mtu 1416

What is wrong with the configuration of the tunnel interface of this DMVPN Phase II spoke router?

A. The interface MTU is too high.
B. The tunnel destination is missing.
C. The NHRP NHS IP address is wrong.
D. The tunnel mode is wrong.

 

Answer: D

Question 1

Refer to the exhibit.

NHRP registration is failing; what might be the problem?

A. invalid IP addressing
B. fragmentation
C. incorrect NHRP mapping
D. incorrect NHRP authentication

 

Answer: D

Question 2

Refer to the exhibit.

A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router- B, but both spoke sites can reach the hub. What is the likely cause of this issue?

A. There is a router doing PAT at site B.
B. There is a router doing PAT at site A.
C. NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.
D. There is a routing issue, as NHRP registration is working.

 

Answer: B

Question 1

Which technology is an application of MSDP, and provides load balancing and redundancy between the RPs?

A. static RP
B. PIM BSR
C. auto RP
D. anycast RP

 

Answer: D

 

Question 1

What is the goal of Unicast Reverse Path Forwarding?

A. to verify the reachability of the destination address in forwarded packets
B. to help control network congestion
C. to verify the reachability of the destination address in multicast packets
D. to verify the reachability of the source address in forwarded packets

 

Answer: D

Question 2

Which implementation can cause packet loss when the network includes asymmetric routing paths?

A. the use of ECMP routing
B. the use of penultimate hop popping
C. the use of Unicast RPF
D. disabling Cisco Express Forwarding

 

Answer: C

Question 1

Refer to the exhibit.

Which statement is true?

A. The Cisco PfR state is UP; however, the external interface Et0/1 of border router 10.1.1.1 has exceeded the maximum available bandwidth threshold.
B. The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP session to the master controller.
C. The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been successful between the master controller and the border routers.
D. The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic.
E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links.

 

Answer: E

Question 2

Which three factors does Cisco PfR use to calculate the best exit path? (Choose three)

A. quality of service
B. packet size
C. delay
D. loss
E. reachability
F. administrative distance

 

Answer: C D E

Question 3

What can PfR passive monitoring mode measure for TCP flows?

A. only delay
B. delay and packet loss
C. delay and reachability
D. delay, packet loss, and throughput j E. delay, packet loss, throughput, and reachability

 

Answer: E

Question 4

Which three modes are valid PfR monitoring modes of operation? (Choose three)

A. route monitor mode (based on BGP route changes)
B. RMON mode (based on RMONv1 and RMONv2 data)
C. passive mode (based on NetFlow data)
D. active mode (based on Cisco IP SLA probes)
E. fast mode (based on Cisco IP SLA probes)
F. passive mode (based on Cisco IP SLA probes)

 

Answer: C D E

Question 1

Refer to the exhibit.

R1#show ipv6 route C 2001:DB8::/64 [0/0] via Ethernet0/0, directly connected L 2001:DB8::1/128 [0/0] via Ethernet0/0, receive

Which statement is true?

A. 2001:DB8::1/128 is a local host route, and it can be redistributed into a dynamic routing protocol.
B. 2001 :DB8::1/128 is a local host route, and it cannot be redistributed into a dynamic routing protocol.
C. 2001:DB8::1/128 is a local host route that was created because ipv6 unicast-routing is not enabled on this router.
D. 2001:DB8::1/128 is a route that was put in the IPv6 routing table because one of this router’s loopback interfaces has the IPv6 address 2001:DB8::1/128.

 

Answer: B

Question 2

Which three actions are required when configuring NAT-PT? (Choose three)

A. Enable NAT-PT globally.
B. Specify an IPv4-to-IPv6 translation.
C. Specify an IPv6-to-IPv4 translation.
D. Specify a ::/96 prefix that will map to an IPv4 address.
E. Specify a ::/48 prefix that will map to a MAC address.
F. Specify a :.732 prefix that will map to an IPv6 address.

 

Answer: B C D

Question 3

Which two features does the show ipv6 snooping features command show information about? (Choose two)

A. RA guard
B. DHCP guard
C. ND inspection
D. source guard

 

Answer: A C

Question 4

Refer to the exhibit.

Which statement is true?

A. There is no issue with forwarding IPv6 traffic from this router.
B. IPv6 traffic can be forwarded from this router, but only on Ethernet1/0.
C. IPv6 unicast routing is not enabled on this router.
D. Some IPv6 traffic will be blackholed from this router.

 

Answer: D

Question 5

Refer to the exhibit.

Which part of the joined group addresses list indicates that the interface has joined the EIGRP multicast group address?

A. FF02::1
B. FF02::1:FF00:200
C. FF02::A
D. FF02::2

 

Answer: C

Question 1

Which authentication method does OSPFv3 use to secure communication between neighbors?

A. plaintext
B. MD5HMAC
C. PKI
D. IPSec

 

Answer: D

Question 2

Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header?

A. checksum
B. router ID
C. AuType
D. instance ID

 

Answer: D

Question 3

Like OSPFv2, OSPFv3 supports virtual links.Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two)

A. It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor.
B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor.
C. It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor.
D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address.
E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor.
F. Only prefixes with the LA-bit set can be used as a virtual neighbor address.

 

Answer: E F

Question 4

Which three statements are true about OSPFv3? (Choose three)

A. The only method to enable OSPFv3 on an interface is via the interface configuration mode.
B. Multiple instances of OSPFv3 can be enabled on a single link.
C. There are two methods to enable OSPFv3 on an interface, either via the interface configuration mode or via the router configuration mode.
D. For OSPFv3 to function, IPv6 unicast routing must be enabled.
E. For OSPFv3 to function, IPv6 must be enabled on the interface.
F. Only one instance of OSPFv3 can be enabled on a single link.

 

Answer: B D E

Question 5

Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two)

A. mismatch of subnet masks
B. mismatch of network types
C. mismatch of authentication types
D mismatch of instance IDs
E. mismatch of area types

 

Answer: D E

Question 6

Consider an OSPFv3 network with four parallel links between each pair of routers. Which measure can you use to reduce the CPU load and at the same time keep all links available for ECMP?

A. Configure some interfaces as passive interface.
B. Configure ipv6 ospf priority 0 on some interfaces.
C. Configure some routers with a distribute list in ingress of the OSPFv3 process.
D. Configure ipv6 ospf database-filter all out on some interfaces.

 

Answer: D

Question 1

Refer to the exhibit.

What kind of load balancing is done on this router?
A. per-packet load balancing
B. per-flow load balancing
C. per-label load balancing
D. star round-robin load balancing

 

Answer: A

Question 2

Refer to the exhibit.

Which statement is true?

A. It is impossible for the destination interface to equal the source interface.
B. NAT on a stick is performed on interface Et0/0.
C. There is a potential routing loop.
D. This output represents a UDP flow or a TCP flow.

 

Answer: C

Question 3

Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two)

A. NetFlow version 9 adds support for IPv6 headers.
B. NetFlow version 9 adds support for MPLS labels.
C. NetFlow version 9 adds support for the Type of Service field.
D. NetFlow version 9 adds support for ICMP types and codes.

 

Answer: A B

Question 4

Refer to the exhibit.

Which statement about the output is true?

A. The flow is an HTTPS connection to the router, which is initiated by 144.254.10.206.
B. The flow is an HTTP connection to the router, which is initiated by 144.254.10.206.
C. The flow is an HTTPS connection that is initiated by the router and that goes to 144.254.10.206.
D. The flow is an HTTP connection that is initiated by the router and that goes to 144.254.10.206.

 

Answer: A

Question 1

Refer to the exhibit.

DOT1X-SP-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet4/8, New MAC address 0080.ad00.c2e4 is seen on the interface in Single host mode %PM-SP-4-ERR_DISABLE: security-violation error detected on Gi4/8, putting Gi4/8 in err-disable state

Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?

A. Configure dot1x-port control auto on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface

 

Answer: D

Question 2

Which three conditions can cause excessive unicast flooding? (Choose three)

A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding

 

Answer: A B E

Question 3

Which three statements are true about PPP CHAP authentication? (Choose three)

A. PPP encapsulation must be enabled globally.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.

 

Answer: D E F

Question 4

Refer to the exhibit.

interface GigabitEthernet0/0/0 ip address 192.168.1.1 255.255.255.0 ! ip ssh version 2 ! ip access-list extended protect-ssh permit ip any any eq 22 ! line vty 0 4 access-class protect-ssh in transport input ssh

Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?

A. int Gig0/0/0
management-interface

B. class-map ssh-class
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
control-plane
service-policy input control-plane-in

C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh

D. interface Gig0/0/0
ip access-group protect-ssh in

 

Answer: C

Question 5

Which type of port would have root guard enabled on it?

A. A root port
B. An alternate port
C. A blocked port
D. A designated port

 

Answer: D

Question 6

Which three features are considered part of the IPv6 first-hop security suite? (Choose three)

A. DNS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard
F. DoS guard

 

Answer: B C E

Question 7

Which three steps are necessary to enable SSH? (Choose three)

A. generating an RSA or DSA cryptographic key
B. configuring the version of SSH
C. configuring a domain name
D. configuring VTY lines for use with SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key

 

Answer: A C D

Question 8

Refer to the exhibit.

aaa new-model aaa authentication login default local username cisco privilege 15 password cisco User Access Verification Username: cisco Password: Router>en % Error in authentication. Router>

While configuring AAA with a local database, users can log in via Telnet, but receive the message “error in authentication” when they try to go into enable mode. Which action can solve this problem?

A. Configure authorization to allow the enable command.
B. Use aaa authentication login default enable to allow authentication when using the enable command.
C. Verify whether an enable password has been configured.
D. Use aaa authentication enable default enable to allow authentication when using the enable command.

 

Answer: C

Question 1

Which statement about shaped round robin queuing is true?

A. Queues with higher configured weights are serviced first.
B. The device waits a period of time, set by the configured weight, before servicing the next queue.
C. The device services a single queue completely before moving on to the next queue.
D. Shaped mode is available on both the ingress and egress queues.

 

Answer: A

Question 2

Refer to the exhibit.

What is the PHB class on this flow?

A. EF
B. none
C. AF21
D. CS4

 

Answer: D

Question 3

Refer to the exhibit.

class-map VOICE match ip dscp ef class-map VIDEO match ip dscp 41 policy-map EGRESS class VOICE priority percent 20 class VIDEO bandwidth percent 50 class class-default bandwidth remaining percent 15 interface FastEthernet0/0 description CUSTOMER-100Mbps ip address 192.168.1.1 255.255.255.0 1 interface FastEthernet0/1 description INTERNET—10Mbps ip address 209.165.200.226 255.255.255.224 service-policy output EGRESS

You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network. Which two options are possible reasons for this limitation? (Choose two)

A. The web traffic class has too little bandwidth reservation.
B. Video traffic is using too much bandwidth.
C. The service-policy is on the wrong interface.
D. The service-policy is going in the wrong direction.
E. The NAT policy is adding too much overhead.

 

Answer: A B

Question 4

Which congestion-avoidance or congestion-management technique can cause global synchronization?

A. Tail drop
B. Random eaR1y detection
C. Weighted random eaR1y detection
D. Weighted fair queuing

 

Answer: A

Question 5

In the DiffServ model, which class represents the highest priority with the highest drop probability?

A. AF11
B. AF13
C. AF41
D. AF43

 

Answer: D

Question 6

What is the most efficient way to confirm whether microbursts of traffic are occurring?

A. Monitor the output traffic rate using the show interface command.
B. Monitor the output traffic rate using the show controllers command.
C. Check the CPU utilization of the router.
D. Sniff the traffic and plot the packet rate over time.

 

Answer: D

Question 7

Refer to the exhibit.

Which statement about this COS-DSCP mapping is true?

A. COS 3 is mapped to the expedited forwarding DSCP.
B. COS 16 is mapped to DSCP 2.
C. The default COS is mapped to DSCP 32.
D. This mapping is the default COS-DSCP mapping on Cisco switches.

 

Answer: A

Question 8

Which two options are reasons for TCP starvation? (Choose two)

A. The use of tail drop
B. The use of WRED
C. Mixing TCP and UDP traffic in the same traffic class
D. The use of TCP congestion control

 

Answer: C D

Question 9

In the DiffServ model, which class represents the lowest priority with the lowest drop probability?

A. AF11
B. AF13
C. AF41
D. AF43

 

Answer: A

Question 1

Refer to the exhibit.

Which two are causes of output queue drops on FastEthernet0/0? (Choose two)

A. an oversubscribed input service policy on FastEthemet0/0
B. a duplex mismatch on FastEthernet0/0
C. a bad cable connected to FastEthernet0/0
D. an oversubscribed output service policy on FastEthernet0/0
E. The router trying to send more than 100 Mb/s out of FastEthernet0/0

 

Answer: D E

Question 2

Refer to the exhibit.

%C4K_L3HWFORWARDING-2-FWDCAMFULL: L3 routing table is full. Switching to software forwarding

While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. What can be the cause of this issue, and how can it be prevented?

A. The hardware routing table is full. Redistribute from BGP into IGP.
B. The software routing table is full. Redistribute from BGP into IGP.
C. The hardware routing table is full. Reduce the number of routes in the routing table.
D. The software routing table is full. Reduce the number of routes in the routing table.

 

Answer: C

Question 3

Refer to the exhibit.

ICMP Echo requests from host A are not reaching the intended destination on host B. What is the problem?

A. The ICMP payload is malformed.
B. The ICMP Identifier (BE) is invalid.
C. The negotiation of the connection failed,
D. The packet is dropped at the next hop.
E. The link is congested.

 

Answer: D

Question 4

Refer to the exhibit.

Which statement describes the effect on the network if FastEthernet0/1 goes down temporarily?

A. FastEthernet0/2 forwards traffic only until FastEthernet0/1 comes back up.
B. FastEthernet0/2 stops forwarding traffic until FastEthernet0/1 comes back up.
C. FastEthernet0/2 forwards traffic indefinitely.
D. FastEthernet0/1 goes into standby.

 

Answer: C

Question 5

A GRE tunnel is down with the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error. Which two options describe possible causes of the error? (Choose two)

A. Incorrect destination IP addresses are configured on the tunnel.
B. There is link flapping on the tunnel.
C. There is instability in the network due to route flapping.
D. The tunnel mode and tunnel IP address are misconfigured.
E. The tunnel destination is being routed out of the tunnel interface.

 

Answer: C E

Question 1

Refer to the exhibit.

Which two statements about the EEM applet configuration are true? (Choose two)

A. The EEM applet runs before the CLI command is executed.
B. The EEM applet runs after the CLI command is executed.
C. The EEM applet requires a case-insensitive response.
D. The running configuration is displayed only if the letter Y is entered at the CLI.

 

Answer: A C

Question 2

Which variable in an EEM applet is set when you use the sync yes option?

A. $_cli_result
B. $_result
C. $_string_result
D. $_exit_status

 

Answer: D

Question 1

Drag and drop the multicast protocol definition on the left to the correct default time interval on the right.

 

Answer:

+ 30 seconds: PIMv1 query interval
+ 60 seconds: IGMPv2 query interval + IGMPv1 query interval + IGMPv3 query interval
+ 120 seconds: IGMPv2 querier timeout

Question 2

Drag and drop the BGP attribute on the left to the correct category on the right.

Answer:

BGP Well-Known Mandatory Attribute:
+ AS_path
+ Next-Hop

BGP Well-Known Discretionary Attribute:
+ Local-Pref

BGP Optional Nontransitive Attribute:
+ Originator ID

Question 3

Drag and drop the items on the left to the correct category on the right.

 

Answer:

RADIUS:
+ Uses less memory and CPU on a router
+ Combines authentication and authorization

TACACS+:
+ Encrypts the entire session
+ Can limit router commands based on user groups

Question 4

Drag and drop the IPv6 address on the left to the correct IPv6 address type on the right.

 

Answer:

+ Link Local Unicast: FE80:2a5b::5
+ Global Unicast: 2005:CA75:D095::5
+ Multicast: FF01::2
+ Unique Local Unicast: FDF8:E5F3:83E4:FEAA::53

Question 5

Drag and drop the router preference on the left to the correct routing sequence (from most preferred to least preferred) on the right.

 

Answer:

1: Most specific prefix
2: Directly connected route
3: Static route
4: EBGP route

Question 6

Drag and drop the OSPF network type on the left to the correct traffic type category on the right.

 

Answer:

Unicast:
+ Nonbroadcast
+ Point-to-Multipoint Nonbroadcast

Multicast:
+ Broadcast
+ Point-to-Point
+ Point-to-Multipoint

Stub:
+ Loopback

Question 7

What is the correct order of the VSS initialization process? drag the actions on the left to the correct initialization step on the right.

 

Answer:

+ initialization step 1: preparse config
+ initialization step 2: bring up VSL links
+ initialization step 3: run VSLP
+ initialization step 4: run RRP
+ initialization step 5: interchassis SSO
+ initialization step 6: continue system bootup

Question 8

Drag and drop the events on the left to display the correct sequence on the right when CoPP is enabled.

 

Answer:

1: A packet enters the switch that is configured with CoPP on the egress port
2: The port performs any applicable input port and QoS services.
3: The packet gets forwarded to the switch CPU
4: The switch makes a routing or a switching decision, which determines whether or not the packet is destined for the control plane
5: Packets that are destined for the control plane are processed by CoPP and are dropped or delivered to the control plane according to each traffic class policy. Packets that have other destinations are forwarded normally

Question 9

Drag and drop the QoS requirement on the left to the correct QoS technology on the right.

 

Answer:

+ Police: Limits an amount of bandwidth
+ CBWFQ: Guarantees an amount of bandwidth
+ Shaping: Buffers bursting traffic
+ LLQ: Prioritizes real-time voice traffic
+ NBAR: Is an application classification

Question 10

Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right.

 

Answer:

+ FF02::D: PIM routers
+ FF02::6: OSPFv3 all DR routers
+ FF02::2: All routers
+ FF02::A: EIGRP
+ FF02::1: All nodes
+ FF02::9: RIP routers

Question 11

Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right.

 

Answer:

+ 224.0.0.13: PIMv2
+ 232.0.0.0/8: Source Specific Multicast (SSM)
+ 224.0.1.40: Auto-RP discovery
+ 224.0.0.102: GLBP
+ 224.0.1.39: Auto-RP announcement

Question 1

Refer to the exhibit.

Which statement about this IP SLA is true?

A. The SLA must also have a schedule configured before it will start.
B. The TTL of the SLA packets is 10
C. The SLA has a timeout of 3.6 seconds.
D. The SLA has a lifetime of 5 seconds.

 

Answer: A

 

Question 1

Which two statements are true about OTV? (Choose two)

A. It relies on flooding to propagate MAC address reachability information.
B. It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic.
C. It can work over any transport that can forward IP packets.
D. It supports automatic detection of multihoming.

 

Answer: C D

Question 2

What is a cause for unicast flooding?

A. Unicast flooding occurs when multicast traffic arrives on a Layer 2 switch that has directly connected multicast receivers.
B. When PIM snooping is not enabled, unicast flooding occurs on the switch that interconnects the PIM-enabled routers.
C. A man-in-the-middle attack can cause the ARP cache of an end host to have the wrong MAC address. Instead of having the MAC address of the default gateway, it has a MAC address of the man-in-the-middle. This causes all traffic to be unicast flooded through the man-in-the-middle, which can then sniff all packets.
D. Forwarding table overflow prevents new MAC addresses from being learned, and packets destined to those MAC addresses are flooded until space becomes available in the forwarding table.

 

Answer: D

Question 3

A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but attempts to transmit larger amounts of data hang and then time out. What is the cause of this problem?

A. A link is flapping between two intermediate devices.
B. The processor of an intermediate router is averaging 90 percent utilization.
C. A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached.
D. There is a PMTUD failure in the network path.

 

Answer: D

Question 4

Refer to the exhibit.

RouterA(config) #ip options drop

At which location will the benefit of this configuration be observed?

A. on Router A and its upstream routers
B. on Router A and its downstream routers
C. on Router A only
D. on Router A and all of its ARP neighbors

 

Answer: B

Question 5

In GETVPN, which key is used to secure the control plane?

A. Traffic Encryption Key (TEK)
B. content encryption key (CEK)
C. message encryption key (MEK)
D. Key Encryption Key (KEK).

 

Answer: D

Question 6

Which two options are causes of out-of-order packets? (Choose two)

A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-switched on a transit router

 

Answer: D E

Question 7

Which two statements describe characteristics of HDLC on Cisco routers? (Choose two)

A. It supports multiple Layer 3 protocols.
B. It supports multiplexing.
C. It supports only synchronous interfaces.
D. It supports authentication.

 

Answer: A C

Question 8

Refer to the exhibit.

snmp-server community public RO 2 snmp-server trap-source Loopback0 snmp-server chassis-id HONGKONG snmp-server enable traps snmp linkdown linkup coldstart snmp-server enable traps ospf state-change snmp-server enable traps bgp state-changes snmp-server enable traps pim neighbor-change snmp-server enable traps cpu threshold snmp-server enable traps mpls ldp snmp-server host 192.168.252.254 version 2c public

Which statement about this device configuration is true?

A. The NMS needs a specific route configured to enable it to reach the Loopback0 interface of the device.
B. The ifindex of the device could be different when the device is reloaded.
C. The device will allow anyone to poll it via the public community.
D. The device configuration requires the AuthNoPriv security level.

 

Answer: B

Question 9

Which two methods change the IP MTU value for an interface? (Choose two)

A. Configure the default MTU.
B. Configure the IP system MTU.
C. Configure the interface MTU.
D. Configure the interface IP MTU.

 

Answer: C D

Question 10

Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three)

A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.

 

Answer: A B C

Question 1

Which statement is true about Fast Link Pulses in Ethernet?

A. They are used during collision detection.
B. They are used only if the media type is optical.
C. They are part of UniDirectional Link Detection.
D. They are used during autonegotiation.

 

Answer: D

Question 2

What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?

A. a hardware failure of the interface
B. a software bug
C. a bad cable
D. microbursts of traffic

 

Answer: D

Question 3

Which statement about MSS is true?

A. It is negotiated between sender and receiver.
B. It is sent in all TCP packets.
C. It is 20 bytes lower than MTU by default.
D. It is sent in SYN packets.
E. It is 28 bytes lower than MTU by default.

 

Answer: D

Question 4

Refer to the exhibit.

San_Jose#show debug Load for five secs: 0%/0%; one minute: 0%; five minutes: 0% Time source is NTP, 09:10:59.124 PST Thu Aug 22 2013 Condition 1: ip 172.16.129.4 (0 flags triggered)

Which statement about the debug behavior of the device is true?

A. The device debugs all IP events for 172.16.194.4.
B. The device sends all debugging information for 172.16.194.4.
C. The device sends only NTP debugging information to 172.16.194.4.
D. The device sends debugging information every five seconds.

 

Answer: A

Question 5

Which two statements about port ACLs are true? (Choose two)

A. Port ACLs are supported on physical interfaces and are configured on a Layer 2 interface on a switch.
B. Port ALCs support both outbound and inbound traffic filtering.
C. When it is applied to trunk ports, the port ACL filters only native VLAN traffic.
D. When it is applied to a port with voice VLAN, the port ACL filters both voice and data VLAN traffic.

 

Answer: A D

Question 6

Which switching technology can be used to solve reliability problems in a switched network?

A. fragment-free mode
B. cut-through mode
C. check mode
D. store-and-forward mode

 

Answer: D

Question 7

Which statement describes the function of the tracking object created by the track 10 ip route 192.168.99.0/24 reachability command?

A. It tracks the reachability of route 192.168.99.0/24.
B. It tracks the line protocol status of the interface on which route 192.168.99.0/24 is received.
C. It tracks exactly 10 occurrences of route 192.168.99.0/24.
D. It tracks the summary route 192.168.99.0/24 and all routes contained within.

 

Answer: A

Question 8

Which two mechanisms provide Cisco IOS XE Software with control plane and data plane separation? (Choose two)

A. Forwarding and Feature Manager
B. Forwarding Engine Driver
C. Forwarding Performance Management
D. Forwarding Information Base

 

Answer: A B

Question 9

Which option is the default maximum age of the MAC address table?

A. 300 seconds
B. 500 seconds
C. 1200 seconds
D. 3600 seconds

 

Answer: A