CCIE Flashcards
Refer to the exhibit.
If you change the Spanning Tree Protocol from pvst to rapid-pvst, what is the effect on the interface Fa0/1 port state?
A. It transitions to the listening state, and then the forwarding state.
B. It transitions to the learning state and then the forwarding state.
C. It transitions to the blocking state, then the learning state, and then the forwarding state.
D. It transitions to the blocking state and then the forwarding state.
Correct Answer: C
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software? A. int Gig0/0/0
management-interface
B. class-map ssh-class
match access-group protect-ssh policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop control-plane
service-policy input control-plane-in
C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
D. interface Gig0/0/0
ip access-group protect-ssh in
c
QUESTION 3
Which two options are causes of out-of-order packets? (Choose two.)
A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-switched on a transit router
D E
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-switched on a transit router
A TCP/IP host is able to transmit small amounts of data (typically less than 1500 bytes), but attempts to transmit larger amounts of data hang and then time out. What is the cause of this problem?
A. A link is flapping between two intermediate devices.
B. The processor of an intermediate router is averaging 90 percent utilization.
C. A port on the switch that is connected to the TCP/IP host is duplicating traffic and sending it to a port that has a sniffer attached. D. There is a PMTUD failure in the network path
d
ICMP Echo requests from host A are not reaching the intended destination on host B. What is the problem?
A. The ICMP payload is malformed.
B. The ICMP Identifier (BE) is invalid.
C. The negotiation of the connection failed.
D. The packet is dropped at the next hop.
E. The link is congested.
D
Which statement is true?
A. It is impossible for the destination interface to equal the source interface.
B. NAT on a stick is performed on interface Et0/0.
C. There is a potential routing loop.
D. This output represents a UDP flow or a TCP flow.
c
Which three conditions can cause excessive unicast flooding? (Choose three.)
A. Asymmetric routing B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
ABE
Which congestion-avoidance or congestion-management technique can cause global synchronization?
A. Tail drop
B. Random early detection
C. Weighted random early detection
D. Weighted fair queuing
A. Tail Drop
Which two options are reasons for TCP starvation? (Choose two.)
A. The use of tail drop
B. The use of WRED
C. Mixing TCP and UDP traffic in the same traffic class
D. The use of TCP congestion control
CD
Mixing TCP and UDP traffic in the same traffic class
The use of TCP congestion control
A. A root port
B. An alternate port
C. A blocked port
D. A designated port
D. A designated port
Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?
A. Configure dot1x-port control auto on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface
D
Configure multidomain authentication on this interface
While troubleshooting high CPU utilization on one of your Cisco Catalyst switches, you find that the issue is due to excessive flooding that is caused by STP. What can you do to prevent this issue from happening again?
A. Disable STP completely on the switch.
B. Change the STP version to RSTP.
C. Configure PortFast on port-channel 1.
D. Configure UplinkFast on the switch.
E. Configure PortFast on interface Gi0/15.
While troubleshooting high CPU utilization on one of your Cisco Catalyst switches, you find that the issue is due to excessive flooding that is caused by STP. What can you do to prevent this issue from happening again?
A. Disable STP completely on the switch. B. Change the STP version to RSTP.
C. Configure PortFast on port-channel 1. D. Configure UplinkFast on the switch.
E. Configure PortFast on interface Gi0/15.
Correct Answer: E Section: (none) Explanation
E. Configure PortFast on interface Gi0/15.
While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. What can be the cause of this issue, and how can it be prevented?
A. The hardware routing table is full. Redistribute from BGP into IGP.
B. The software routing table is full. Redistribute from BGP into IGP.
C. The hardware routing table is full. Reduce the number of routes in the routing table.
D. The software routing table is full. Reduce the number of routes in the routing table.
C.
The hardware routing table is full. Reduce the number of routes in the routing table.
All switches have default bridge priorities, and originate BPDUs with MAC addresses as indicated. The numbers shown are STP link metrics. Which two ports are forwarding traffic after STP converges? (Choose two.)
A. The port connecting switch SWD with switch SWE
B. The port connecting switch SWG with switch SWF
C. The port connecting switch SWC with switch SWE
D. The port connecting switch SWB with switch SWC
cd
C. The port connecting switch SWC with switch SWE
D. The port connecting switch SWB with switch SWC
Switch#: show up igmp mrouter
VLAN ports
10 Gi2/0/1 (dynamic), Router
20 Gi2/0/1 (dynamic) Router
Which three statements about the output are true? (Choosethree.)
A. An mrouter port can be learned by receiving a PIM hello packet from a multicast router.
B. This switch is configured as a multicast router.
C. Gi2/0/1 is a trunk link that connects to a multicast router.
D. An mrouter port is learned when a multicast data stream is received on that port from a multicast router.
E. This switch is not configured as a multicast router. It is configured only for IGMP snooping.
F. IGMP reports are received only on Gi2/0/1 and are never transmitted out Gi2/0/1 for VLANs 10 and 20.
ABC
A. An mrouter port can be learned by receiving a PIM hello packet from a multicast router.
B. This switch is configured as a multicast router.
C. Gi2/0/1 is a trunk link that connects to a multicast router
If a port is configured as shown and receives an untagged frame, of which VLAN will the untagged frame be a member?
A. VLAN 1
B. VLAN 2
C. VLAN 3
D. VLAN 4
B
Which statement describes the effect on the network if FastEthernet0/1 goes down temporarily?
A. FastEthernet0/2 forwards traffic only until FastEthernet0/1 comes back up.
B. FastEthernet0/2 stops forwarding traffic until FastEthernet0/1 comes back up.
C. FastEthernet0/2 forwards traffic indefinitely.
D. FastEthernet0/1 goes into standby.
c
C. FastEthernet0/2 forwards traffic indefinitely.
Which technology does the use of bi-directional BPDUs on all ports in the topology support?
A. RSTP
B. MST
C. Bridge Assurance
D. Loop Guard
E. Root Guard
F. UDLD
C
Bridge Assurance
Which three statements are true about PPP CHAP authentication? (Choose three.)
A. PPP encapsulation must be enabled globally.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.
DEF
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer
Which two statements are true about an EPL? (Choose two.)
A. It is a point-to-point Ethernet connection between a pair of NNIs.
B. It allows for service multiplexing.
C. It has a high degree of transparency.
D. The EPL service is also referred to as E-line.
D
D. The EPL service is also referred to as E-line.
Which two statements describe characteristics of HDLC on Cisco routers? (Choose two.)
A. It supports multiple Layer 3 protocols.
B. It supports multiplexing.
C. It supports only synchronous interfaces.
D. It supports authentication.
AC
A. It supports multiple Layer 3 protocols.
C. It supports only synchronous interfaces.
What is the meaning of the asterisk (*) in the output?
A. PIM neighbor 10.1.5.6 is the RPF neighbor for the group 232.1.1.1 for the shared tree.
B. PIM neighbor 10.1.5.6 is the one that is seen as the RPF neighbor when performing the command show ip rpf 10.1.4.7.
C. PIM neighbor 10.1.5.6 is the winner of an assert mechanism.
D. The RPF neighbor 10.1.5.6 is invalid.
c
C. PIM neighbor 10.1.5.6 is the winner of an assert mechanism.
Tunnel 10
Type : PIM Encap
RP : 10.1.100.2*
Source: 10.1.100.2
Tunnel*
Type :PIM Decap
RP: 10.1.100.2*
Source : -
What is the role of this multicast router?
A. a first-hop PIM router
B. a last-hop PIM router
C. a PIM rendezvous point
D. a PIM inter-AS router
C
C. a PIM rendezvous point
Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1?
A. The interface Ethernet0/1 is in down state.
B. The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router.
C. The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0.
D. OSPF is not enabled on the interface Ethernet0/1.
D
D. OSPF is not enabled on the interface Ethernet0/1.
You have configured two routing protocols across this point-to-point link. How many BFD sessions will be established across this link?
A. three per interface
B. one per multicast address
C. one per routing protocol
D. one per interface
D. one per interface
c 2001: db8::/64 [0/0]
L 2001:DB8::1/128 [0/0]
via Ethernet0/0, receive
Which statement is true?
A. 2001:DB8::1/128 is a local host route, and it can be redistributed into a dynamic routing protocol.
B. 2001:DB8::1/128 is a local host route, and it cannot be redistributed into a dynamic routing protocol.
C. 2001:DB8::1/128 is a local host route that was created because ipv6 unicast-routing is not enabled on this router.
D. 2001:DB8::1/128 is a route that was put in the IPv6 routing table because one of this router’s loopback interfaces has the IPv6 address 2001:DB8::1/128.
B
2001:DB8::1/128 is a local host route, and it cannot be redistributed into a dynamic routing protocol.
Routers R1, R2, and R3 are configured as shown, and traffic from R2 fails to reach 172.29.168.3. Which action can you take to correct the problem?
A. Correct the static route on R1.
B. Correct the default route on R2.
C. Edit the EIGRP configuration of R3 to enable auto-summary.
D. Correct the network statement for 172.29.168.3 on R3.
A. Correct the static route on R1.
R3 prefers the path through R1 to reach host 10.1.1.1.
Which option describes the reason for this behavior?
A. The OSPF reference bandwidth is too small to account for the higher speed links through R2.
B. The default OSPF cost through R1 is less than the cost through R2.
C. The default OSPF cost through R1 is more than the cost through R2. D. The link between R2 and R1 is congested.
A. The OSPF reference bandwidth is too small to account for the higher speed links through R2.
For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table?
A. The AS number of the BGP is specified in the given AS_PATH.
B. The origin of the given route is unknown.
C. BGP is designed only for publicly routed addresses.
D. The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed.
E. BGP does not allow the AS number 65535.
A. The AS number of the BGP is specified in the given AS_PATH.
Which statement about the feasibility condition in EIGRP is true?
A. The prefix is reachable via an EIGRP peer that is in the routing domain of the router.
B. The EIGRP peer that advertises the prefix to the router has multiple paths to the destination.
C. The EIGRP peer that advertises the prefix to the router is closer to the destination than the router.
D. The EIGRP peer that advertises the prefix cannot be used as a next hop to reach the destination.
C.
The EIGRP peer that advertises the prefix to the router is closer to the destination than the router.
Which two statements about the function of the stub feature in EIGRP are true? (Choose two.)
A. It stops the stub router from sending queries to peers.
B. It stops the hub router from sending queries to the stub router.
C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.
D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers
BC
B. It stops the hub router from sending queries to the stub router.
C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers.
In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available?
A. stub
B. named mode
C. classic mode
D. passive
B. named mode
Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)
A. mismatch of subnet masks
B. mismatch of network types
C. mismatch of authentication types
D. mismatch of instance IDs
E. mismatch of area types
D. mismatch of instance IDs
E. mismatch of area types
Like OSPFv2, OSPFv3 supports virtual links.Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two.)
A. It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor.
B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor.
C. It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor.
D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address.
E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor.
F. Only prefixes with the LA-bit set can be used as a virtual neighbor address.
EF
E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor.
F. Only prefixes with the LA-bit set can be used as a virtual neighbor address.
Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header?
A. checksum
B. router ID
C. AuType
D. instance ID
D. instance ID
QUESTION 36
Which two functions are performed by the DR in OSPF? (Choose two.)
A. The DR originates the network LSA on behalf of the network.
B. The DR is responsible for the flooding throughout one OSPF area.
C. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies.
D. The DR is responsible for originating the type 4 LSAs into one area.
AC
A. The DR originates the network LSA on behalf of the network.
C. The DR forms adjacencies with all other OSPF routers on the network, in order to synchronize the LSDB across the adjacencies.
AS #1 and AS #2 have multiple EBGP connections with each other. AS #1 wants all return traffic that is destined to the prefix 10.10.10.1/32 to enter through the router R1 from AS #2. In order to achieve this routing policy, the AS 1 advertises a lower MED from R1, compared to a higher MED from R3, to their respective BGP neighbor for the prefix 10.10.10.0/24. Will this measure guarantee that the routing policy is always in effect?
A. Yes, because MED plays a deterministic role in return traffic engineering in BGP.
B. Yes, because a lower MED forces BGP best-path route selection in AS #2 to choose R1 as the best path for 10.10.10.0/24.
C. Yes, because a lower MED in AS #2 is the highest BGP attribute in BGP best-path route selection.
D. No, AS #2 can choose to alter the weight attribute in R2 for BGP neighbor R1, and this weight value is cascaded across AS #2 for BGP best-path route selection.
E. No, AS #2 can choose to alter the local preference attribute to overwrite the best-path route selection over the lower MED advertisement from AS #1. This local preference attribute is cascaded across AS #2 for the BGP best-path route selection.
E. No, AS #2 can choose to alter the local preference attribute to overwrite the best-path route selection over the lower MED advertisement from AS #1. This local preference attribute is cascaded across AS #2 for the BGP best-path route selection.
What does “(received-only)” mean?
A. The prefix 10.1.1.1 can not be advertised to any eBGP neighbor.
B. The prefix 10.1.1.1 can not be advertised to any iBGP neighbor.
C. BGP soft reconfiguration outbound is applied.
D. BGP soft reconfiguration inbound is applied.
D
D. BGP soft reconfiguration inbound is applied.
Which regular expression will only allow prefixes that originated from AS 65000 and that are learned through AS 65001?
A. ^65000_65001$
B. 65000_65001$
C. ^65000_65001
D. ^65001_65000$
D. ^65001_65000$
Which statement describes the BGP add-path feature?
A. It allows for installing multiple IBGP and EBGP routes in the routing table.
B. It allows a network engineer to override the selected BGP path with an additional path created in the config.
C. It allows BGP to provide backup paths to the routing table for quicker convergence.
D. It allows multiple paths for the same prefix to be advertised.
D. It allows multiple paths for the same prefix to be advertised.
What is a reason for the RIB-failure?
A. CEF is not enabled on this router.
B. The route 10.100.1.1/32 is in the routing table, but not as a BGP route.
C. The routing table has yet to be updated with the BGP route.
D. The BGP route is filtered inbound and hence is not installed in the routing table.
B. The route 10.100.1.1/32 is in the routing table, but not as a BGP route.
Which statement is true?
A. BGP peer 10.1.2.3 is performing inbound filtering.
B. BGP peer 10.1.2.3 is a route reflector.
C. R1 is a route reflector, but BGP peer 10.1.2.3 is not a route reflector client.
D. R1 still needs to send an update to the BGP peer 10.1.2.3.
D. R1 still needs to send an update to the BGP peer 10.1.2.3.
Router A and router B are physically connected over an Ethernet interface, and ISIS is configured as shown. Which option explains why the ISIS neighborship is not getting formed between router A and router B?
A. same area ID
B. same N selector
C. same domain ID
D. same system ID
D. same system ID
Which statement is true?
A. There is no issue with forwarding IPv6 traffic from this router.
B. IPv6 traffic can be forwarded from this router, but only on Ethernet1/0. C. IPv6 unicast routing is not enabled on this router.
D. Some IPv6 traffic will be blackholed from this router.
D. Some IPv6 traffic will be blackholed from this router.
Which statement is true?
A. IS-IS has been enabled on R4 for IPv6, single-topology.
B. IS-IS has been enabled on R4 for IPv6, multitopology.
C. IS-IS has been enabled on R4 for IPv6, single-topology and multitopology.
D. R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS.
A. IS-IS has been enabled on R4 for IPv6, single-topology.
Why is the neighbor relationship between R2 and R4 shown as ES-IS?
A. because there is an MTU mismatch between R2 and R4
B. because interface S3/0 of R4 is configured as L1/L2
C. because interface S3/0 of R2 is configured as L1
D. because there is a hello interval mismatch between R2 and R4
C. because interface S3/0 of R2 is configured as L1
This is the configuration of the ASBR of area 110.Which option explains why the remote ABR should not translate the type 7 LSA for the prefix 192.168.0.0/16 into a type 5 LSA?
A. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR.
B. The ASBR sets the forwarding address to 0.0.0.0 which instructs the ABR not to translate the LSA into a type 5 LSA.
C. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600.
D. The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16.
D. The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16.
The interface FastEthernet0/1 of both routers R4 and R5 is connected to the same Ethernet segment with a multicast receiver. Which two statements are true? (Choose two)
A. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R4.
B. Both routers R4 and R5 will send PIM join messages to the RP.
C. Only router R5 will send a multicast join message to the RP.
D. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R5.
C. Only router R5 will send a multicast join message to the RP.
D. Multicast traffic that is destined to a receiver with IP address 192.168.2.6 will flow through router R5.
What is the function of an EIGRP sequence TLV packet?
A. to acknowledge a set of sequence numbers during the startup update process
B. to list the peers that should listen to the next multicast packet during the reliable multicast process
C. to list the peers that should not listen to the next multicast packet during the reliable multicast process
D. to define the initial sequence number when bringing up a new peer
C. to list the peers that should not listen to the next multicast packet during the reliable multicast process
What are two reasons to define static peers in EIGRP? (Choose two.)
A. Security requirements do not allow dynamic learning of neighbors.
B. The link between peers requires multicast packets.
C. Back-level peers require static definition for successful connection.
D. The link between peers requires unicast packets.
AD
A. Security requirements do not allow dynamic learning of neighbors.
D. The link between peers requires unicast packets.
R2 is mutually redistributing between EIGRP and BGP.
Which configuration is necessary to enable R1 to see routes from R3?
A. The R3 configuration must include ebgp-multihop to the neighbor statement for R2.
B. The R2 BGP configuration must include bgp redistribute-internal.
C. R1 must be configured with next-hop-self for the neighbor going to R2. D. The AS numbers configured on R1 and R2 must match.
B. The R2 BGP configuration must include bgp redistribute-internal.
What is the purpose of EIGRP summary leaking?
A. to allow a summary to be advertised conditionally on specific criteria
B. to allow a component of a summary to be advertised in addition to the summary
C. to allow overlapping summaries to exist on a single interface
D. to modify the metric of the summary based on which components of the summary are operational
B. to allow a component of a summary to be advertised in addition to the summary
You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table. Which two statements are true? (Choose two.)
A. VPNv4 is not configured between PE1 and PE3.
B. address-family ipv4 vrf is not configured on PE3.
C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.
D. PE1 will reject the route due to automatic route filtering.
E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.
DE
D. PE1 will reject the route due to automatic route filtering.
E. . After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted
NHRP registration is failing; what might be the problem?
A. invalid IP addressing
B. fragmentation
C. incorrect NHRP mapping
D. incorrect NHRP authentication
D
D. incorrect NHRP authentication
In GETVPN, which key is used to secure the control plane?
A. Traffic Encryption Key (TEK)
B. content encryption key (CEK)
C. message encryption key (MEK)
D. Key Encryption Key (KEK).
D
D. Key Encryption Key (KEK).
Which statement is true comparing L2TPv3 to EoMPLS?
A. L2TPv3 requires OSPF routing, whereas EoMPLS does not.
B. EoMPLS requires BGP routing, whereas L2TPv3 does not.
C. L2TPv3 carries L2 frames inside MPLS tagged packets, whereas EoMPLS carries L2 frames inside IPv4 packets.
D. L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets.
D
D. L2TPv3 carries L2 frames inside IPv4 packets, whereas EoMPLS carries L2 frames inside MPLS packets.
Which statement is true about VPLS?
A. MPLS is not required for VPLS to work.
B. VPLS carries packets as Layer 3 multicast.
C. VPLS has been introduced to address some shortcomings of OTV.
D. VPLS requires an MPLS network.
D
D. VPLS requires an MPLS network.
Service provider SP 1 is running the MPLS-VPN service. The MPLS core network has MP-BGP configured with RR-1 as route reflector. What will be the effect on traffic between PE1 and PE2 if router P1 goes down?
A. No effect, because all traffic between PE1 and PE2 will be rerouted through P2.
B. No effect, because P1 was not the only P router in the forwarding path of traffic.
C. No effect, because RR-1 will find an alternative path for MP-BGP sessions to PE-1 and PE-2.
D. All traffic will be lost because RR-1 will lose the MP-BGP sessions to PE-1 and PE-2.
D
D. All traffic will be lost because RR-1 will lose the MP-BGP sessions to PE-1 and PE-2.
According to RFC 4577, OSPF for BGP/MPLS IP VPNs, when must the down bit be set?
A. when an OSPF route is distributed from the PE to the CE, for Type 3 LSAs
B. when an OSPF route is distributed from the PE to the CE, for Type 5 LSAs
C. when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs
D. when an OSPF route is distributed from the PE to the CE, for all types of LSAs
C
C. when an OSPF route is distributed from the PE to the CE, for Type 3 and Type 5 LSAs
What is a possible reason for the IPSEC tunnel not establishing?
A. The peer is unreachable.
B. The transform sets do not match.
C. The proxy IDs are invalid.
D. The access lists do not match.
D
D. The access lists do not match.
What is a key advantage of Cisco GET VPN over DMVPN?
A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs.
B. Cisco GET VPN supports certificate authentication for tunnel establishment.
C. Cisco GET VPN has a better anti-replay mechanism.
D. Cisco GET VPN does not require a secondary overlay routing infrastructure.
d
D. Cisco GET VPN does not require a secondary overlay routing infrastructure.
What is wrong with the configuration of the tunnel interface of this DMVPN Phase II spoke router?
A. The interface MTU is too high.
B. The tunnel destination is missing.
C. The NHRP NHS IP address is wrong.
D. The tunnel mode is wrong.
D
D. The tunnel mode is wrong.
Which two statements are true about VPLS? (Choose two.)
A. It can work over any transport that can forward IP packets.
B. It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, or GLBP.
C. It includes automatic detection of multihoming.
D. It relies on flooding to propagate MAC address reachability information. E. It can carry a single VLAN per VPLS instance.
DE
D. It relies on flooding to propagate MAC address reachability information. E. It can carry a single VLAN per VPLS instance.
Ipvrf Cust 123
rd 200:3000
export mqp Cust123mgmt
route-target export 200:3000
!
route-map Cust123mgmt permit 10
set extcommunity rt 200:9999
What will be the extended community value of this route?
A. RT:200:3000 RT:200:9999
B. RT:200:9999 RT:200:3000
C. RT:200:3000
D. RT:200:9999
D
D. RT:200:9999
Which statement is true?
A. There is an MPLS network that is running 6PE, and the ingress PE router has no mpls ip propagate-ttl.
B. There is an MPLS network that is running 6VPE, and the ingress PE router has no mpls ip propagate-ttl.
C. There is an MPLS network that is running 6PE or 6VPE, and the ingress PE router has mpls ip propagate-ttl.
D. There is an MPLS network that is running 6PE, and the ingress PE router has mpls ip propagate-ttl.
E. There is an MPLS network that is running 6VPE, and the ingress PE router has mpls ip propagate-ttl.
C
C. There is an MPLS network that is running 6PE or 6VPE, and the ingress PE router has mpls ip propagate-ttl.
Which statement is true about a VPNv4 prefix that is present in the routing table of vrf one and is advertised from this router?
A. The prefix is advertised only with route target 100:1.
B. The prefix is advertised with route targets 100:1 and 100:2.
C. The prefix is advertised only with route target 100:3.
D. The prefix is not advertised.
E. The prefix is advertised with route targets 100:1, 100:2, and 100:3.
A. The prefix is advertised only with route target 100:1.
Which is the way to enable the control word in an L2 VPN dynamic pseudowire connection on router R1?
A. R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# set control-word
B. R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# enable control-word
C. R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# default control-word
D. R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# control-word
D
D. R1(config)# pseudowire-class cw-enable R1(config-pw-class)# encapsulation mpls R1(config-pw-class)# control-word
What is the goal of Unicast Reverse Path Forwarding?
A. to verify the reachability of the destination address in forwarded packets
B. to help control network congestion
C. to verify the reachability of the destination address in multicast packets
D. to verify the reachability of the source address in forwarded packets
d
D. to verify the reachability of the source address in forwarded packets
Which three features are considered part of the IPv6 first-hop security suite? (Choose three.)
A. DNS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard F. DoS guard
BCE
B. destination guard
C. DHCP guard
E. RA guard
Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?
A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list.. D. The access class needs to have the vrf-also keyword added.
D
D. The access class needs to have the vrf-also keyword added.
Which three modes are valid PfR monitoring modes of operation? (Choose three.)
A. route monitor mode (based on BGP route changes)
B. RMON mode (based on RMONv1 and RMONv2 data)
C. passive mode (based on NetFlow data)
D. active mode (based on Cisco IP SLA probes)
E. fast mode (based on Cisco IP SLA probes)
F. passive mode (based on Cisco IP SLA probes)
CDE
C. passive mode (based on NetFlow data)
D. active mode (based on Cisco IP SLA probes)
E. fast mode (based on Cisco IP SLA probes)
Which statement is true?
A. The Cisco PfR state is UP; however, the external interface Et0/1 of border router 10.1.1.1 has exceeded the maximum available bandwidth threshold.
B. The Cisco PfR state is UP; however, an issue is preventing the border router from establishing a TCP session to the master controller.
C. The Cisco PfR state is UP and is able to monitor traffic flows; however, MD5 authentication has not been successful between the master controller and the border routers.
D. The Cisco PfR State is UP; however, the receive capacity was not configured for inbound traffic.
E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links.
E
E. The Cisco PfR state is UP, and the link utilization out-of-policy threshold is set to 90 percent for traffic exiting the external links.
In the DiffServ model, which class represents the highest priority with the highest drop probability?
A. AF11
B. AF13
C. AF41
D. AF43
D
D. AF43
Which statement about this IP SLA is true?
A. The SLA must also have a schedule configured before it will start.
B. The TTL of the SLA packets is 10.
C. The SLA has a timeout of 3.6 seconds.
D. The SLA has a lifetime of 5 seconds
A
A. The SLA must also have a schedule configured before it will start.
Which three actions are required when configuring NAT-PT? (Choose three.)
A. Enable NAT-PT globally.
B. Specify an IPv4-to-IPv6 translation.
C. Specify an IPv6-to-IPv4 translation.
D. Specify a ::/96 prefix that will map to an IPv4 address.
E. Specify a ::/48 prefix that will map to a MAC address.
F. Specify a ::/32 prefix that will map to an IPv6 address.
BCD
B. Specify an IPv4-to-IPv6 translation.
C. Specify an IPv6-to-IPv4 translation.
D. Specify a ::/96 prefix that will map to an IPv4 address
Which two are causes of output queue drops on FastEthernet0/0? (Choose two.)
A. an oversubscribed input service policy on FastEthernet0/0
B. a duplex mismatch on FastEthernet0/0
C. a bad cable connected to FastEthernet0/0
D. an oversubscribed output service policy on FastEthernet0/0
E. The router trying to send more than 100 Mb/s out of FastEthernet0/0
DE
D. an oversubscribed output service policy on FastEthernet0/0
E. The router trying to send more than 100 Mb/s out of FastEthernet0/0
Which two DHCP messages are always sent as broadcast? (Choose two.)
A. DHCPOFFER
B. DHCPDECLINE
C. DHCPRELEASE
D. DHCPREQUEST
E. DHCPDISCOVER
DE
D. DHCPREQUEST
E. DHCPDISCOVER
Router: # show ip cache flow
SRCf SRCip address Dstif DSt ip address PR SRCP DstP pkts
V11 144.254.10.206 Local 10.48.77.208 06 C#63 01BB
Which statement about the output is true?
A. The flow is an HTTPS connection to the router, which is initiated by 144.254.10.206.
B. The flow is an HTTP connection to the router, which is initiated by 144.254.10.206.
C. The flow is an HTTPS connection that is initiated by the router and that goes to 144.254.10.206.
D. The flow is an HTTP connection that is initiated by the router and that goes to 144.254.10.206.
A
A. The flow is an HTTPS connection to the router, which is initiated by 144.254.10.206.
Which statement about this COS-DSCP mapping is true?
A. COS 3 is mapped to the expedited forwarding DSCP.
B. COS 16 is mapped to DSCP 2.
C. The default COS is mapped to DSCP 32.
D. This mapping is the default COS-DSCP mapping on Cisco switches.
A
A. COS 3 is mapped to the expedited forwarding DSCP.
Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
ABC
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
At which location will the benefit of this configuration be observed?
A. on Router A and its upstream routers
B. on Router A and its downstream routers
C. on Router A only
D. on Router A and all of its ARP neighbors
B
B. on Router A and its downstream routers
Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud?
A. spoke-spoke
B. nowhere, because multicast does not work over DMVPN
C. spoke-spoke and spoke-hub
D. spoke-hub
D
D. spoke-hub
A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router- B, but both spoke sites can reach the hub. What is the likely cause of this issue?
A. There is a router doing PAT at site B.
B. There is a router doing PAT at site A.
C. NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.
D. There is a routing issue, as NHRP registration is working.
B
B. There is a router doing PAT at site A.
Which mechanism can be used on Layer 2 switches so that only multicast packets with downstream receivers are sent on the multicast router-connected ports?
A. IGMP snooping
B. Router Guard
C. PIM snooping
D. multicast filtering
c
C. PIM snooping
What is the cause of ignores and overruns on an interface, when the overall traffic rate of the interface is low?
A. a hardware failure of the interface
B. a software bug
C. a bad cable
D. microbursts of traffic
Correct Answer: D
D. microbursts of traffic
With which ISs will an ISIS Level 1 IS exchange routing information?
A. Level 1 ISs
B. Level 1 ISs in the same area
C. Level 1 and Level 2 ISs
D. Level 2 ISs
Correct Answer: B
Why is the neighbor relationship between R1 & R2 and R1 & R3 an L2-type neighborship?
A. because the area ID on R1 is different as compared to the area ID of R2 and R3
B. because the circuit type on those three routers is L1/L2
C. because the network type between R1, R2, and R3 is point-to-point
D. because the hello interval is not the same on those three routers
Correct Answer: A
Which three statements about the designated router election in IS-IS are true? (Choose three.)
A. If the IS-IS DR fails, a new DR is elected.
B. The IS-IS DR will preempt. If a new router with better priority is added, it just becomes active in the network.
C. If there is a tie in DR priority, the router with a higher IP address wins.
D. If there is a tie in DR priority, the router with a higher MAC address wins.
E. If the DR fails, the BDR is promoted as the DR.
F. The DR is optional in a point-to-point network
ABD
A. If the IS-IS DR fails, a new DR is elected.
B. The IS-IS DR will preempt. If a new router with better priority is added, it just becomes active in the network.
D. If there is a tie in DR priority, the router with a higher MAC address wins.
Which three elements compose a network entity title? (Choose three.)
A. area ID
B. domain ID
C. system ID
D. NSAP selector
E. MAC address
F. IP address
ACD
area id
system id
NSAP selector
Which statement about shaped round robin queuing is true?
A. Queues with higher configured weights are serviced first.
B. The device waits a period of time, set by the configured weight, before servicing the next queue. C. The device services a single queue completely before moving on to the next queue.
D. Shaped mode is available on both the ingress and egress queues.
A
Queues with higher configured weights are serviced first.
You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network.
Which two options are possible reasons for this limitation? (Choose two.)
A. The web traffic class has too little bandwidth reservation.
B. Video traffic is using too much bandwidth.
C. The service-policy is on the wrong interface.
D. The service-policy is going in the wrong direction.
E. The NAT policy is adding too much overhead.
AB
A. The web traffic class has too little bandwidth reservation.
B. Video traffic is using too much bandwidth
sh debug
Which statement about the debug behavior of the device is true?
A. The device debugs all IP events for 172.16.194.4.
B. The device sends all debugging information for 172.16.194.4.
C. The device sends only NTP debugging information to 172.16.194.4.
D. The device sends debugging information every five seconds.
A
A. The device debugs all IP events for 172.16.194.4.
Which statement about this device configuration is true?
A. The NMS needs a specific route configured to enable it to reach the Loopback0 interface of the device.
B. The ifindex of the device could be different when the device is reloaded.
C. The device will allow anyone to poll it via the public community.
D. The device configuration requires the AuthNoPriv security level.
B
B. The ifindex of the device could be different when the device is reloaded.
Which three steps are necessary to enable SSH? (Choose three.)
A. generating an RSA or DSA cryptographic key
B. configuring the version of SSH
C. configuring a domain name
D. configuring VTY lines for use with SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key
ACD
A. generating an RSA or DSA cryptographic key
C. configuring a domain name
D. configuring VTY lines for use with SSH
Which two features does the show ipv6 snooping features command show information about? (Choose two.)
A. RA guard
B. DHCP guard
C. ND inspection
D. source guard
AC
A. RA guard
C. ND inspection
Which two statements about how the configuration processes Telnet traffic are true? (Choose two.)
A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.
B. All Telnet traffic is dropped.
C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.
D. Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted.
E. Telnet traffic is permitted to all IP addresses
AC
A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.
C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.
Which three statements are functions that are performed by IKE phase 1? (Choose three.)
A. It builds a secure tunnel to negotiate IKE phase 1 parameters.
B. It establishes IPsec security associations.
C. It authenticates the identities of the IPsec peers.
D. It protects the IKE exchange by negotiating a matching IKE SA policy.
E. It protects the identities of IPsec peers.
F. It negotiates IPsec SA parameters.
CDE
C. It authenticates the identities of the IPsec peers.
D. It protects the IKE exchange by negotiating a matching IKE SA policy.
E. It protects the identities of IPsec peers.
The session status for an IPsec tunnel with -in- IPv6IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed.
Which statement describes a possible cause of this error?
A. There is a verification failure on the IPsec packet.
B. The SA has expired or has been cleared.
C. The pre-shared keys on the peers are mismatched.
D. There is a failure due to a transform set mismatch.
E. An incorrect packet was sent by an IPsec peer.
C
C. The pre-shared keys on the peers are mismatched.
Which three statements describe the characteristics of a VPLS architecture? (Choose three.)
A. It forwards Ethernet frames.
B. It maps MAC address destinations to IP next hops.
C. It supports MAC address aging.
D. It replicates broadcast and multicast frames to multiple ports.
E. It conveys MAC address reachability information in a separate control protocol.
F. It can suppress the flooding of traffic.
ACD
A. It forwards Ethernet frames.
C. It supports MAC address aging.
D. It replicates broadcast and multicast frames to multiple ports.
A GRE tunnel is down with the error message %TUN-5-RECURDOWN: Tunnel0 temporarily disabled due to recursive routing error. Which two options describe possible causes of the error? (Choose two.)
A. Incorrect destination IP addresses are configured on the tunnel.
B. There is link flapping on the tunnel.
C. There is instability in the network due to route flapping.
D. The tunnel mode and tunnel IP address are misconfigured.
E. The tunnel destination is being routed out of the tunnel interface.
CE
C. There is instability in the network due to route flapping.
E. The tunnel destination is being routed out of the tunnel interface.
Which two statements about the VPN solution are true? (Choose two.)
A. Customer A and customer B will exchange routes with each other.
B. R3 will advertise routes received from R1 to R2.
C. Customer C will communicate with customer A and B.
D. Communication between sites in VPN1 and VPN2 will be blocked.
E. R1 and R2 will receive VPN routes advertised by R3.
CE
C. Customer C will communicate with customer A and B.
E. R1 and R2 will receive VPN routes advertised by R3.
Which three statements about IS-IS are true? (Choose three.)
A. IS-IS can be used only in the service provider network.
B. IS-IS can be used to route both IP and CLNP.
C. IS-IS has three different levels of authentication: interface level, process level, and domain level.
D. IS-IS is an IETF standard.
E. IS-IS has the capability to provide address summarization between areas.
BCE
B. IS-IS can be used to route both IP and CLNP.
C. IS-IS has three different levels of authentication: interface level, process level, and domain level.
E. IS-IS has the capability to provide address summarization between areas.
Which mechanism does Cisco recommend for CE router interfaces that face the service provider for an EVPL circuit with multiple EVCs and multiple traffic classes?
A. HCBWFQ
B. LLQ
C. tail drop
D. WRED
A
A. HCBWFQ
Which Carrier Ethernet service supports the multiplexing of multiple point-to-point EVCs across as a single UNI?
A. EPL
B. EVPL
C. EMS
D. ERMS
B
EVPL
Which technology can be used to prevent flooding of IPv6 multicast traffic on a switch?
A. IGMP snooping
B. IGMP filtering
C. MLD snooping
D. MLD filtering
C
C. MLD snooping
Which two statements about the EEM applet configuration are true? (Choose two.)
A. The EEM applet runs before the CLI command is executed.
B. The EEM applet runs after the CLI command is executed.
C. The EEM applet requires a case-insensitive response.
D. The running configuration is displayed only if the letter Y is entered at the CLI.
AC
A. The EEM applet runs before the CLI command is executed.
C. The EEM applet requires a case-insensitive response.
Which variable in an EEM applet is set when you use the sync yes option?
A. $_cli_result
B. $_result
C. $_string_result
D. $_exit_status
d
D. $_exit_status
Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two.)
A. NetFlow version 9 adds support for IPv6 headers.
B. NetFlow version 9 adds support for MPLS labels.
C. NetFlow version 9 adds support for the Type of Service field.
D. NetFlow version 9 adds support for ICMP types and codes.
AB
A. NetFlow version 9 adds support for IPv6 headers.
B. NetFlow version 9 adds support for MPLS labels.
Which two statements about the output are true? (Choose two.)
A. It indicates that prefix aggregation cache export is enabled on the device.
B. It was obtained with the show ip cache flow command.
C. It indicates that the device is using NetFlow version 5.
D. It indicates that the flows are being sent to a destination using an RFC1918 address.
CD
C. It indicates that the device is using NetFlow version 5.
D. It indicates that the flows are being sent to a destination using an RFC1918 address.
