CCNP ROUTE Practice Qs Flashcards
Routers R2, R3, R4, and R5 have OSPF enabled. What should be configured on the routers in area 1 to ensure that all default summary routes and redistributed EIGRP routes will be forwarded from R6 to area 1, and only a default route for all other OSPF routes will be forwarded from R5 to area 1.
A. R5(config-router)# area 1 stubR6(config-router)# area 1 stub
B. R5(config-router)# area 1 stub no-summaryR6(config-router)# area 1 stub
C. R5(config-router)# area 1 nssaR6(config-router)# area 1 nssa
D. R5(config-router)# area 1 nssa no-summaryR6(config-router)# area 1 nssa
Answer: D
Explanation:
External RIP routes are being routed in OSPF area 1 where they are injected as type 7 so we use (area 1 NSSA) command on the ASBR(R2) and (Area 1 NSSA no-summary) command on R3 and R4.
You can verify issuing the command “show ip ospf database” and you will see the type 7 lsa’s on ASBR(R2) and LSA’s Type 5 and 7 on both the ABR routers(R3 ,R4).
Which two statements are correct regarding the routes to be redistributed into OSPF?
A. The network 192.168.1.0 will be allowed and assigned a metric of 100.
B. The network 192.168.1.0 will be allowed and assigned a metric of 200.
C. All networks except 10.0.0.0/8 will be allowed and assigned a metric of 200.
D. The network 172.16.0.0/16 will be allowed and assigned a metric of 200.
E. The network 10.0.10.0/24 will be allowed and assigned a metric of 200.
(Choose two.)
Answer: A,D
A network administrator is troubleshooting a redistribution of OSPF routes into EIGRP.
router eigrp 1
network 10.0.0.0
!
router ospf 1
network 172.10.0.0 0.0.255.255 area 0
redistribute eigrp 1
Given the exhibited commands, which statement is true?
A. Redistributed routes will have an external type of 1 and a metric of 1.
B. Redistributed routes will have an external type of 2 and a metric of 20.
C. Redistributed routes will maintain their original OSPF routing metric.
D. Redistributed routes will have a default metric of 0 and will be treated as reachable and advertised.
E. Redistributed routes will have a default metric of 0 but will be treated as unreachable
and not advertised.
Answer: B
Explanation:
By default, all routes redistributed into OSPF will be tagged as external type 2 (E2) with a metric of 20, except for BGP routes (with a metric of 1).
Note: The cost of a type 2 route is always the external cost, irrespective of the interior cost to reach that route. A type 1 cost is the addition of the external cost and the internal cost used to reach that route.
Which three steps are most helpful in verifying proper route redistribution? (Choose three.)
A. On the routers not performing the route redistribution, use the show ip route command to see if the redistributed routes show up.
B. On the ASBR router performing the route redistribution, use the show ip protocol command to verify the redistribution configurations.
C. On the ASBR router performing the route redistribution, use the show ip route command to verify that the proper routes from each routing protocol are there.
D. On the routers not performing the route redistribution, use the show ip protocols command to verify the routing information sources.
E. On the routers not performing the route redistribution, use the debug ip routing command to verify the routing updates from the ASBR.
Answer: A,B,C
Explanation:
In order to verify proper route redistribution, use the “show ip route” command on all routers within the network, as well as the ABSR, to verify that the routes are properly being advertised to all routers.
In addition, issuing the “show ip protocol” can be used on the router performing the redistribution to verify that routes are being redistributed into each other.
Into which two types of areas would an area border router (ABR) inject a default route?
(Choose two.)
A. stub
B. the autonomous system of an exterior gateway protocol (EGP)
C. NSSA
D. totally stubby
E. the autonomous system of a different interior gateway protocol (IGP)
F. area 0
Answer: A,D
Explanation:
Both stub area & totally stubby area allow an ABR to inject a default route. The main difference between these 2 types of areas is:
- Stub area replaces LSA Type 5 (External LSA – created by an ASBR to advertise network from another autonomous system) with a default route
- Totally stubby area replaces both LSA Type 5 and LSA Type 3 (Summary LSA – created by an ABR to advertise network from other areas, but still within the AS, sometimes called interarea routes) with a default route.
Below summarizes the LSA Types allowed and not allowed in area types:
Area Type/Type 1 & 2 (within area)/Type 3 (from other areas)/Type 4/Type 5/Type 7
Standard & Backbone/yes/yes/yes/yes/no
Stub/yes/yes/no/no/no
Totally Stub/yes/no/no/no/no
NSSA/yes/yes/no/no/yes
Totally Stubby NSSA/yes/no/no/no/yes
What is the benefit of deploying IPv6 in a campus network using dual stack mode?
A. Dual Stack Mode takes advantage of IPv6 over IPv4 tunnel ithin a network.
B. IPv4 and IPv6 run alongside one another and have no ependency on each other to function
C. IPv4 and IPv6 share network resources.
D. IPv6 can depend on existing IPv4 routing, QoS, security, and multicast policies.
Answer: B
Explanation:
Deploying IPv6 in the campus using the dual-stack model offers several advantages over the hybrid and service block models.
The primary advantage of a dual stack model is that it does not require tunneling within the campus network.
The dual stack model runs the two protocols as ships in the night, meaning that IPv4 and IPv6 run alongside one another and have no dependency on each other to function except that they share network resources.
Both have independent routing.
Router E is configured with the EIGRP variance 2 command.
What path will Router E take to reach Router A?
A. only E-D-A
B. only E-B-A
C. only E-C-A
D. both E-B-A and E-C-A
E. both E-B-A and E-D-A
F. all available paths.
Answer: D
Explanation:
By using the “variance 2 command we can share traffic to other feasible successor routes.
But by default, EIGRP only shares traffic to 4 paths. So we need to use the “maximum-paths 6” to make sure all of these routes are used.
A network administrator recently redistributed RIP routes into an OSPF domain. However, the administrator wants to configure the network so that instead of 32 external type-5 LSAs flooding into the OSPF network, there is only one.
What must the administrator do to accomplish this?
A. Configure summarization on R1 with area 1 range 172.16.32.0 255.255.224.0
B. Configure summarization on R1 with summary-address 172.16.32.0 255.255.224.0
C. Configure area 1 as a stub area with area 1 stub
D. Configure area 1 as a NSSA area with area 1 stub nssa
Answer: B
Explanation:
In many cases, the router doesn’t even need specific routes to each and every subnet (for example, 172.16.1.0/24). It would be just as happy if it knew how to get to the major network (for example, 172.16.0.0/16) and let another router take it from there.
In our telephone network example, the local telephone switch should only need to know to route a phone call to the switch for the called area code. Similarly, a router’s ability to take a group of subnetworks and summarize them as one network (in other words, one advertisement) is called route summarization.
Besides reducing the number of routing entries that a router must keep track of, route summarization can also help protect an external router from making multiple changes to its routing table due to instability within a particular subnet.
For example, let’s say that we were working on a router that connected to 172.16.2.0/24. As we were working on the router, we rebooted it several times. If we were not summarizing our routes, an external router would see each time 172.16.2.0/24 went away and came back.
Each time, it would have to modify its own routing table. However, if our external router were receiving only a summary route (i.e., 172.16.0.0/16), then it wouldn’t have to be concerned with our work on one particular subnet. This is especially a problem for EIGRP, which can create stuck in active (SIA) routes that can lead to a network melt-down.
Summarization Example: We have the following networks that we want to advertise as a single summary route: * 172.16.100.0/24 * 172.16.101.0/24 * 172.16.102.0/24 * 172.16.103.0/24 * 172.16.104.0/24 * 172.16.105.0/24 * 172.16.106.0/24
If R1 is configured for 6to4 tunneling, what will the prefix of its IPv6 network be?
A. 1723:1100:1::/48
B. FFFF:AC1F:6401::/16
C. AC1F:6401::/32
D. 2002:AC1F:6401::/48
E. 3FFE:AC1F:6401::/32
Answer: D
To configure 6to4 on a dual-stack edge router. Which three of the following are valid in 6to4 Tunneling configuration? (Choose three)
A. IPv4 Tunnel IP address
B. Tunnel mode (6to4)
C. Tunnel Keepalives
D. IPv4 Tunnel Destination
E. IPv4 Tunnel Source.
F. 6to4 IPv6 address (within 2002 /16)
Answer: B,E,F
How is network layer addressing accomplished in the OSI protocol suite?
A. Internet Protocol address
B. Media Access Control address
C. Packet Layer Protocol address
D. Network Service Access Point address
E. Authority and Format Identifier address
Answer: D
Explanation:
OSI network-layer addressing is implemented by using two types of hierarchical addresses: network service access-point addresses and network-entity titles.
A network service-access point (NSAP) is a conceptual point on the boundary between the network and the transport layers.
The NSAP is the location at which OSI network services are provided to the transport layer. Each transport-layer entity is assigned a single NSAP, which is individually addressed in an OSI internetwork using NSAP addresses.
A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?
A. router(config-if)#ip helper-address 172.20.14.225
B. router(config-if)#udp helper-address 172.20.14.225
C. router(config-if)#ip udp helper-address 172.20.14.225
D. router(config-if)#ip helper-address 172.20.14.225 69 53 49
Answer: A
Refer to the exhibit. Will redistributed RIP routes from OSPF Area 2 be allowed in Area 1?
A. Because Area 1 is an NSSA, redistributed RIP routes will not be allowed.
B. Redistributed RIP routes will be allowed in Area 1 because they will be changed into type 5 LSAs in Area 0 and passed on into Area 1.
C. Because NSSA will discard type 7 LSAs, redistributed RIP routes will not be allowed in Area 1.
D. Redistributed RIP routes will be allowed in Area 1 because they will be changed into type 7 LSAs in Area 0 and passed on into Area 1.
E. RIP routes will be allowed in Area 1 only if they are first redistributed into IGRP.
Answer: A
Router RTA is configured as follows:
RTA (config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#distribute-list 44 in interface BRIO
RTA(config-router)#exit
RTA(config)#access-list 44 deny 172.16.1.0 0.0.0.255
RTA(config)#access-list 44 permit any
Answer: C,E
Explanation:
Distribute list are used to filter routing updates and they are based on access lists.
In this case, an access list of 44 was created to deny the route from network 172.16.1.0/24 so this route will not be entered into the routing table of RTA. But the route from RTW can be entered because it is not filtered by the access list
A and B are not correct because the distribute list is applied to the inbound direction of interface BRI0 so outgoing routing updated will not be filtered.
Distribute list just filters routing updates so user traffic from network 172.16.1.0 will not be denied.
Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?
A. source address
B. destination address
C. router interface
D. default gateway
Answer: A
A router is configured for redistribution to advertise EIGRP routes into OSPF on a boundary router. Given the configuration:
router ospf 1
redistribute eigrp 1 metric 25 subnets
What is the function of the 25 parameter in the redistribute command?
A. It specifies the seed cost to be applied to the redistributed routes.
B. It specifies the administrative distance on the redistributed routes.
C. It specifies the metric limit of 25 subnets in each OSPF route advertisement.
D. It specifies a new process-id to inject the EIGRP routes into OSPF.
Answer: A
Which routing protocol will continue to receive and process routing updates from neighbors
after the passive interface router configuration command is entered?
A. EIGRP
B. RIP
C. OSPF
D. IS-IS
Answer: B
R1 and R2 belong to the RIP routing domain that includes the networks 10.20.0.0/16 and 10.21.0.0/16. R3 and R4 are performing two-way route redistribution between OSPF and RIP.
A network administrator has discovered that R2 is receiving OSPF routes for the networks 10.20.0.0/16 and 10.21.0.0/16 and a routing loop has occurred.
Which action will correct this problem?
A. Apply an inbound ACL to the R2 serial interface.
B. Change the RIP administrative distance on R3 to 110.
C. Configure distribute-lists on R3 and R4.
D. Set the OSPF default metric to 20.
E. Change the OSPF administrative distance on R3 to 110.
Answer: C
Explanation:
Distribute List is Like an access-list, use to deny or permit the routing update to pass through a router/interface. Distribute List allow you apply an access list to a routing updates.
It can be apply on in or out bond of an interface under a routing process. e.g in fig. R1 want to send a routing update to it neighbor, this update will go through from interface S0/0, router will check, is there some Distribute List apply to this interface. If there is a Distribute List which would contain the allow route to pass through this interface.
Which three route filtering statements are true? (Choose three)
A. After the router rip and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any RIP updates, but will receive routing updates on that interface.
B. After the router eigrp 10 and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any EIGRP updates, but will receive routing updates on that interface
C. After the router ospf 10 and passive-interface s0/0 commands have been issued , the s0/0 interface will not send any OSPF updates, but will receive routing updates on that interface
D. When you use the passive-interface command with RIPv2, multicasts are sent out the specified interface
E. When you use the passive-interface command with EIGRP, hello messages are not sent out the specified interface
F. When you use the passive-interface command with OSPF, hello messages are not sent out the specified interface
Answer: A,E,F
Explanation:
Passive-interface command is used in all routing protocols to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another”
- In RIP, this command will not allow sending multicast updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors. This means that the router will still be able to receive updates o n that passive interface and use them in its routing table.
In EIGRP and OSPF the passive-interface command stops sending outgoing hello packets, hence the router can not form any neighbor relationship via the passive interface. This behavior stops both outgoing and incoming routing updates.
Which traffic does the following configuration allow?
ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in
A. all traffic to vty 0 4 from source 2001:DB8:0:4::32
B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all
Answer: C
On the basis of the partial configuration, which two statements are correct? (Choose two.)
A. Only routes matching 10.0.1.0/24 will be advertised out Ethernet 0.
B. Only routes 10.0.1.0/24 will be sent out all interfaces.
C. Only routes 10.0.1.0/24 will be allowed in the routing table.
D. Only routes matching 10.0.0.0/8 will be advertised out Ethernet 0.
E. Only routes matching 10.0.0.0/8 will be advertised out interfaces other than Ethernet 0.
F. All routes will be advertised out interfaces other than Ethernet 0.
Answer: A,E
Explanation:
In this case, the following algorithm is used when multiple distribute-lists are used:
1. First check which interface is being sent out. If it is Ethernet 0, distribute-list 2 is applied first. If the network is denied then no further checking is done for this network. But if distribute-list 2 permits that network then distribute-list 1 is also checked. If both distributelists allow that network then it will be sent out.
- If the interface is not Ethernet 0 then only distribute-list 1 is applied.
Now let’s take some examples. + If the advertised network is 10.0.1.0/24, it will be sent out all interfaces, including Ethernet 0.+ If the advertised network is 10.0.2.0/24, it will be sent out all interfaces, excepting Ethernet 0.+ If the advertised network is 11.0.0.0/8, it will be dropped.
Note: It is possible to define one interface-specific distribute-list per interface and one protocol-specific distribute-list for each process/autonomous-system.
(For more information, please read:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080208748.shtml)
Which command should be added to RTB under router bgp 100 to allow only the external OSPF routes to be redistributed to RTC?
A. redistribute ospf 1
B. redistribute ospf 1 match external 1
C. redistribute ospf 1 match external 2
D. redistribute ospf 1 match external 1 external 2
Answer: D
Explanation:
Use the external keyword along with the redistribute command under router bgp to redistribute OSPF external routes into BGP. With the external keyword, you have three choices: 1. redistribute both external type-1 and type-2 (Default)
- redistribute type-1
- redistribute type-2 Enter the commands in the configuration mode as described here:
RTB(config-router)# router bgp 100 RTB(config-router)# redistribute ospf 1 match external.
A network engineer notices that transmission rates of senders of tcp traffic sharply increase and decrease simultaneously during periods of congestion.
Which condition causes this?
A. Global synchronization
B. Tail drop
C. Random early detection
D. Queue management algorithm
Correct answer: A
Which three problems results from application mixing of UDP and TCP streams within a network with no QoS (choose three)
A. Starvation
B. Jitter
C. Latency
D. windowing
E. Lower throughput
Correct answer:ACE
Which method allows IPv4 and IPv6 to work together without requiring both to be used for a single connection during the migration process?
A. Dual stack method
B. 6to4 tunneling
C. GRE tunneling
D. NAT-PT
Correct Answer:A
Which statement about the use of tunneling to migrate to IPv6 is true?
A. Tunneling is less secure than dual stack or translation.
B. Tunneling is more difficult to configure than dual stack or translation
C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts.
D. Tunneling destination are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 address
Correct Answer:C
A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two)
A. IP routing
B. FIB
C. ARP cache
D. MAC address table
E. Cisco Express Forwarding table
F. Topology table
Correct Answer:AB
Which switching method is used when entries are present in the output of the command show ip cache?
A. Fast switching
B. Process switching
C. Cisco Express Forwarding Switching
D. Cut-through packet switching
Correct answer: A
Which two actions must you perform to enable and use window scaling on a router? (Choose two)
A. Execute the command ip tcp windows-size 65536
B. Set window scaling to be used on the remote host.
C. Execute the command ip tcp queuemax.
D. Set TCP options to “enabled” on the remote host.
E. Execute the command ip tcp adjust-mss
Correct Answer:AB
Which three TCP enhancements can be used with TCP selective acknowledgments?
A. Header compression
B. Explicit congestion notification
C. Keepalive
D. Time stamps
E. TCP path recovery
F. MTU window
Correct Answer: BCD
A network administrator uses IP SLA to measure UDP performance and notices that packets on one router have a higher one-way delay compared to the opposite direction. Which UDP characteristic does this scenario describe?
A. Latency
B. Starvation
C. Connectionless communication
D. Nonsequencing unordered packets
E. Jitter
Correct Answer:A
Under which condition does UDP dominance occur?
A. When TCP traffic is in the same class as UDP
B. When UDP flows are assigned a lower priority queue
C. When WRED is enabled
D. When ACLs are in place to block TCP traffic.
Correct Answer:A
Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed?
A. Disable CDP on the interface.
B. Execute the vpdn enable command
C. Execute the no switchport command
D. Enable QoS FiFo for PPPoE support
Correct Answer:B
A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?
A. PAP
B. Dot1x
C. Ipsec
D. CHAPE. ESP
Correct Answer:D
A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even if not interested traffic exists. which feature can be found to accomplish this task?
A. TCT Adjust
B. Dialer persistent
C. PPPoE groups
D. Half-bridging
E. Peer Neighbor Route
Correct answer: B
Which PPP authentication method sent authentication information in clear text? A. MS CHAP B. CDPCP C. CHAP D. PAP
Correct answer: D
Which protocol uses dynamic address mapping to request the next-hope protocol address for specific connection? A. Frame Relay inverse ARP B. Static DLCI mapping C. Frame Relay broadcast queue D. Dynamic DLCI mapping
Correct answer:A
Which statement is true about PPP session phase of PPPoE?
A. PPP options are negotiated and authentication is not performed. Once the link set up is completed, PPPOE functions as layer 3 encapsulation method that allows data to be transferred over PPP link within the PPPoE headers.
B. PPP options are not negotiated and authentication is performed. Once the link setup is complete, PPPoE functions as a layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
C. PPP options are automatically enabled and authorization is performed. Once the link setup is completed, PPPoE functions as a layer 2 encapsulation method that allows data to be encrypted over PPP link within PPPoE headers.
D. PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
Correct Answer: D
PPPoE is composed of which two phases?
A. Active Authentication phase and PPP Session Phase
B. Passive Discovery Phase and PPP session phase
C. Active authorization phase and PPP Session pahse
D. Active Discovery phase and PPP Session phase
Correct Answer: D
A router with an interface that is configured with iPv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. Router-advertisement
C. Neighbor-solicitation
D. Redirect
Correct Answer:B
A router with an interface that is configured with IPv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. Router-advertisement
C. Neighbor-solicitation
D. Redirect
Correct Answer:B
An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:
MAC address C601.420F.0007
Subnet 2001:DB8:0:1::/64
Which IPv6 addresses should the engineer add to the documentation?
A. 2001:DB8:0:1:C601:42FF:FE0F:7
B. 2001:DB8:0:1:FFFF:C601:420F:7
C. 2001:DB8:0:1:FE80:C601:420F:7
D. 2001:DB8:0:1:C601:42FE:800F:7
Correct Answer: A
For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?
A. The traffic filter is blocking all ICMPv6 traffic
B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.
C. The link-local addresses that were used by OSPFV3 were explicit denied, which caused the neighbor relationships to fail.
D. IPv6 traffic filtering can be implemented only on SVIs.
Correct Answer: C
What is the purpose of the autonomous-system {autonomous-system-number} command?
A. It sets the EIGRP autonomous system number in a VRF
B. It sets the BGP autonomous system number in a VRF
C. Its sets the global EIGRP autonomous system number
D. It sets the global BGP autonomous system number
Correct Answer:A
What is the default OSPF hello interval on a Frame Relay point-to-point network?
A. 10
B. 20
C. 30
D. 40
Correct Answer:A
Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?
A. 10.9.1.0/24
B. 10.8.0.0/24
C. 10.8.0.0/16
D. 10.8.0.0/23
Correct Answer:B
Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFV3. The Network that are advertised from Router A do not show up in Router B routing table. After debugging IPv6 packets, the message “not a router” is found in the output. Why is the routing information not being learned by router B?
A. OSPFV3 timers were not adjusted for fast convergence.
B. The networks were not advertised properly under the OSPFV3 process.
C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A
D. IPv6 unicast routing is not enabled on router A or router B.
Correct Answer: D
After you review the output of the command show IPv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of fFFE inserted into the address. Based on this information, what do you conclude about these IPV6 addresses?
A. IEEE EUI-64 was implemented when assigning IPV6 addresses on the device.
B. The addresses were misconfigured and will not function as intended.
C. IPv6 addresses containing “FFFE” indicate that the address is reversed for multicast.
D. The IPv6 universal/local flag (bit 7) was flipped E. IPv6 unicast Forwarding was enable, but IPv6 Cisco Express Forwarding was disabled.
Correct Answer:A
A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage?
A. Router acknowledgement message will be forwarded upstream, where the DHCP server will allocate addresses to the local host.
B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery.
C. Duplicate Address detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment.
Correct Answer:B
A company has just opened two remote branch office that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. Interface Tunnel0 Bandwidth 1536 Ip address 209.165.200.230 255.255.255.224 Tunnel source serial0/0 Tunnel mode gre multipoint
B. Interface fa0/0 Bandwidth 1536 IP address 209.165.200.230 255.255.255.224 Tunnel mode gre multipoint
C. Interface tunnel0 Bandwidth 1536 IP address 209.165.200.231 255.255.255.224 Tunnel source 209.165.201.1 Tunnel-mode dynamic
D. Interface fa0/0 Bandwidth 1536 IP address 209.165.200.231 255.255.255.224 Tunnel source 192.168.161.2 Tunnel destination 209.165.201.1 Tunnel-mode dynamic
Correct Answer:A
A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output.
A. Inbound crypto map
B. Remaining key lifetime
C. Path MTU
D. Tagged packets
E. Untagged packets
F. Invalid identity packets
Correct Answer:ABC
Refer to the following output:Router#show ip nhrp detail
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12 expire 01:59:47 typE. Dynamic, Flags: authoritative unique nat registered used NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server.
B. Data packets are process switches for this mapping entry.
C. NHRP mapping is for network that are local to this router.
D. The mapping entry was created in response to an NHRP registration request.
E. The NHRP mapping entry cannot be overwritten.
Correct Answer:A
Which common issue causes intermittent DMVPN tunnel flaps?
A. A routing neighbor reachability issue
B. A suboptimal routing table
C. Interface bandwidth congestion
D. That the GRE tunnel to hub router is not encrypted
Correct Answer: A
Which encapsulation supports an interface that is configured for an EVN trunk?
A. 802.1Q
B. ISL
C. PPP
D. Frame Relay
E. MPLSF. HDLC
Correct answer:A
Which three characteristics are shared by subinterfaces and associated EVNs?
A. IP address
B. Routing table
C. Forwarding control lists
E. NetFlow configuration
Correct Answer:ABC
A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable?
A. EZVPN
B. Ipsec VPN client access
C. VPDN client access
D. SSL VPN client access
Correct Answer:D
Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding?
A. Flex VPN
B. DMVPN
C. GetVPN
D. Cisco Easy VPN
Correct answer:B
Which traffic does the following configuration allow?IPv6 access-list ciscoPermit ipv6 host 2001:DB8:0:4::32 any eq sshLine vty 0 4IPv6 access-class cisco in
A. All traffic to vty 0 4 from source 2001:DB8:0:4:32
B. Only ssh traffic to vty 0 4 from source all
C. Only ssh traffic to vty 0 4 from source 2001:DB:8:0:4::32
D. All traffic to vty 0 4 from source all
Correct Answer:C
For troubleshooting purposes, which method can you use in combination with the “debug ip packet” command to limit the amount of output data?
A. You can disable the IP route cache globally
B. You can use the KRON scheduler.
C. You can use an extended access list.
D. You can use an IOS parser.
E. You can use the RITE traffic exporter.
Correct Answer:C
Refer to the following access list. Access-list 100 permit ip any any logAfter applying the access list on a cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this?
A. A packet that matches access-list with the “log” keyword is cisco express Forwarding switched.
B. A packet that matches access-list with the “log” keyword is fast switched.
C. A packet that matches access-list with the “log” keyword is process switched
D. A large amount of IP traffic is being permitted on the router
Correct Answer:C
Which address is used by Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?
A. Source address
B. Destination address
C. Router interface
D. Default gateway
Correct Answer:A
What are three modes of Unicast Reverse Path Forwarding?
A. Strict mode, loose mode, and VRF mode
B. Strict mode, loose mode, and broadcast mode
C. Strict mode, broadcast mode, and VRF mode
D. Broadcast mode, loose mode, and VRF mode
Correct Answer: A
What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? Router(config)#access-list 101 deny ip 10.0.0.0 255.255.255.255 any logRouter(config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any logRouter(config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any logRouter(config)#interface fastEthernet 1/0Router(config-ip)#ip access-group 101 in
A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts
B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.
D. It prevents private internal addresses to be accessed directly from outside.
Correct Answer:C
Refer to the following command:
Router(config)# ip http secure-port 4433
Which statement is true?
A. The router will listen on port 4433 for HTTPS traffic
B. The router will listen on port 4433 for HTTP traffic
C. The router will never accept any HTTP and HTTPS traffic.
D. The router will listen listen to HTTP and HTTP traffic on port 4433
Correct Answer: A
A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?
A. Router(config-if)# ip helper-address 172.20.14.225
B. Router(config-if)# udp helper-address 172.20.14.225
C. Router(config-if)# ip udp helper-address 172.20.14.225
Correct Answer: A
A network engineer is configuring SNMP on the network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirement of this scenario?
A. Router(config)#snmp-server host 172.16.201.28 traps version 2c CiSCORO
B. Router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. Router(config)# snmp-server host 172.16.201.28 traps version 3 auth CISCORO
Correct Answer: A
When using SNMPv3 with NoauthNopriv, which string is math ed for sithentication?
A. Username
B. Password
C. Community-string
D. Encryption-key
Correct answer:A
After a recent DoS attack on a network, senior management ask you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? Choose two
A. Use the msec option to enable service time stamps
B. Increase the logging history
C. Set the logging severity level to 1
D. Specify a logging rate limitE. Disable event logging on all noncritical items
Correct Answer: A,B
A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection?
A. Secure copy protocol
B. Core dumps
C. Warm reloads
D. SNMPE. Netflow
Correct Answer: B
A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?
A. It enables receiving NTP broadcast on the interface where the command was executed
B. It enables receiving NTP broadcast on all interfaces globally.
C. It enables a device to be an NTP peer to another device.
D. It enables a devices to receive NTP broadcast and unicast packets
Correct Answer: A
What is a function of NPTv6?
A. It interferes with encryption of the full IP payload
B. It maintains a per-node state
C. It is checksum-neutral
D. It rewrites transport layer headers.
Correct Answer: C
IPv6 has just been deployed to all of the hosts within a network, but not to the servers. Which features allows ipv6 devices to communicate with ipv4 servers?
A. NAT
B. NATng
C. NAT64
D. Dual-stack NAT
E. DNS64
Correct Answer: C
A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?
A. Connectionless-oriented
B. Service-oriented
C. Connection-oriented
D. Application-oriented
Correct Answer:C
A network engineer executes the “ipv6 flowset” command. What is the result?
A. Flow-label marking in 1280-byte or larger packets is enabled.
B. Flow-set marking in 1280-byte or larger packets is enabled.
C. Ipv6 PMTU is enabled on the router
D. IPv6 flow control is enabled on the router.
Correct Answer: A
A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and report packets are not being sent?
A. Output drops
B. Enqueuing for the RP
C. Fragmentation failures
D. Adjacency issues
Correct Answer:A
A network engineer is asked to configure a site-to-site IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command
ip nat inside source lost 1 int s0/0 overload.
Which functions do the two commands serve in this scenario?
A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one” access for all devices on a defined segment to share a single IP address upon existing the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon existing the external interface.
Correct Answer: D
A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?
A. Track the up/down state of a loopback interface and shutdown this interface during maintenance.
B. Adjust the HSRP priority without the use of preemption
C. Disable and unable all active interface on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.
Correct Answer:A
What is the effect of the distribute-list command in the R1 configuration?
A. R1 will permit only the 10.0.0.0/24 route in the R2 RIP updates
B. R1 will not filter any routes because there is no exact prefix match
C. R1 will filter the 10.1.0.0/24 and the 172.24.1.0/24 routes from the R2 RIP updates
D. R1 will filter only the 172.24.1.0/24 route from the R2 RIP updates
Answer: C
Explanation:
The command “distribute-list 10 in Serial0 will create an incoming distribute list for interface serial 0 and refers to access list 10.
So it will permit routing updates from 10.0.x.x network while other entries (in this case the 10.1.0.0/24 and 172.24.1.0/24 networks) will be filtered out from the routing update received on interface S0.
R3#show run | include defaultip
default-network 140.140.0.0
ip default-network 130.130.0.0
R3#show ip route | begin Gateway
Gateway of last resort is 0.0.0.0 to network 130.130.0.0
116.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 116.16.37.0/30 is directly connected, Serial1/0.2
C 116.16.32.0/30 is directly connected, Serial2/0.2
C 116.16.34.0/28 is directly connected, Serial1/0.1
C 116.16.35.0/28 is directly connected, Serial2/0.1
S 116.0.0.0/8 [1/0] via 116.16.34.0
* 140.140.0.0/32 is subnetted, 3 subnets
O 140.140.1.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
O 140.140.3.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
O 140.140.2.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
* 130.130.0.0/16 is variably subnetted, 4 subnets, 2 masks
D* 130.130.0.0/16 is a summary, 00:30:04, Null0
C 130.130.1.0/24 is directly connected, Ethernet0/0
C 130.130.2.0/24 is directly connected, Ethernet0/1
C 130.130.3.0/24 is directly connected, Ethernet1/0
D 150.150.0.0/16 [90/679936] via 116.16.35.5, 00:02:58, Serial2/0.1
Refer to the exhibit.
Why is the 140.140.0.0 network not used as the gateway of last resort
even though it is configured first?
A. The last default-network statement will always be preferred.
B. A route to the 140.140.0.0 network does not exist in the routing table.
C. Default-network selection will always prefer the statement with the lowest IP address.
D. A router will load balance across multiple default-networks; repeatedly issuing the show ip route command would show the gateway of last resort changing between the two networks.
Answer: B
Explanation:
As you can see in the exhibit, 140.140.0.0 doesn’t appear in the routing table.
What two situations could require the use of multiple routing protocols? (Choose two)
A. when using UNIX host-based routers
B. when smaller broadcast domains are desired
C. because having multiple routing protocols confuses hackers
D. when migrating from an older Interior Gateway Protocol (IGP) to a new IGP
E. when all equipment is manufactured by Cisco
F. when there are multiple paths to destination networks
Answer: A,D
Explanation:
Simple routing protocols work well for simple networks, but networks grow and become more complex.
While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, including company mergers, multiple departments managed by multiple network administrators, multivendor environments, or simply because the original routing protocol is no longer the best choice.
Often, the multiple protocols are redistributed into each other during a migration period from one protocol to the other.
Which three statements are true when configuring redistribution for OSPF? (Choose three)
A. The default metric is 10.
B. The default metric is 20.
C. The default metric type is 2.
D. The default metric type is 1.
E. Subnets do not redistribute by default.
F. Subnets redistribute by default.
Answer: B,C,E
If the command variance 3 were added to RTE, which path or paths would be chosen to route traffic to network X?
A. E-B-A
B. E-B-A and E-C-A
C. E-C-A and E-D-A
D. E-B-A, E-C-A and E-D-A
Answer: B
Explanation:
Advertised distance of RTD is greater than FD of RTE-RTC-RTA, so the route through D will not be used.
Which two statements about EVNs are true? (Choose two)
A. VRF using MPLS require a trunk interface that use EVN
B. VRF-Lite requires a trunk interface that uses EVN
C. All EVNs within a trunk interface can share the same IP infrastructure
D. Each EVN within a trunk interface must be configured separately
E. Commands that are specified once under a trunk interface can be inherited by all ENVs
Answer: C,E
An EUI-64 bit address is formed by adding a reserved 16-bit value in which position of the Mac address?
A. between the vendor OID and the NIC-specific part of the MAC address.
B. after the NIC-specific part of the MAC address.
C. before the vendor OID part of the MAC address.
D. anywhere in the Mac address, because the value that is added is reserved.
Answer: A
Which OSPF area prevent LSA type 4, LSA type 5? (Choose two)
A. Stub Area
B. Totally Stubby Area
C. Not-So-Stubby Area
D. Totally Not-So-Stubby Area
Answer: B,D
Explanation: Source :
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-pathfirst-
ospf/13703-8.html#anc2
What is the purpose of configuring the router as a PPPoE client?
A. to provide VPN access over L2TP
B. to enable PPP session from the router to the termination device at the headend for metroEthernet connectivity
C. for DSL connectivity and removing the need for the end-user PC to run the PPPoE client software
D. for connecting the router to a cable modem, which bridges the Ethernet frames from the router to the cable modem termination system
Answer: C
Explanation:
DSL Technology used PPPoE protocol (service provide end) and user end required to be used same Protcol running as client to communicate with it
The Cisco SA 500 Series Security Appliances are built specifically for businesses with less than 100 employees. What are three important benefits of this device? (Choose three)
A. business-grade firewall
B. premium support via SMART net
C. site-to-site VPN for remote offices
D. Cisco IOS software-based
E. email security
F. XML support
Answer: A,C,E
What is a function of NPTv6?
A. It interferes with encryption of the full IP payload.
B. It maintains a per-node state.
C. It is checksum-neutral.
D. It rewrites transport layer headers.
Answer: C
Which two protocols are required for DMVPN? (Choose two)
A. IPsec
B. PPTP
C. mGRE
D. NHRP
E. Open VPN
Answer: A,D
Explanation: The DMVPN feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE)
tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).
http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
Which type of access list allows granular session filtering for upper-level protocols?
A. content-based access lists
B. context-based access-lists
C. reflexive access-lists
D. extended access lists
Answer: D
Which two statements about NetFlow templates are true? (Choose two)
A. Only NetFlow version 9 is template based.
B. NetFlow Version 5 and version 9 are template based.
C. Only NetFlow version 5 is template based.
D. Template can increased bandwidth usage
E. They can increase overall performance.
F. They can reduce bandwidth usage.
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, and into the core of an Enterprise network.
The branch also allows local hosts to communicate directly with public sites in the Internet over this same DSL connection.
Which of the following answers defines how the branch NAT config avoids performing NAT for the Enterprise directed traffic but does perform NAT for the Internet-directed traffic?
A. By not enabling NAT on the IPsec tunnel interface
B. By not enabling NAT on the GRE tunnel interface
C. By configuring the NAT-referenced ACL to not permit the Enterprise traffic
D. By asking the ISP to perform NAT in the cloud
Answer: C
Explanation:
The NAT configuration acts only on packets permitted by a referenced ACL. As a result, the ACL can permit packets destined for the Internet, performing NAT on those packets. The ACL also denies packets going to the Enterprise, meaning that the router does not apply NAT to those packets.
Which IPV6 address type does RIPng use for next-hop addresses?
A. anycast
B. global
C. multicast
D. site-local
E. link-local
Answer: E
An EUI-64 bit address is formed by inserting which 16-bit value into the MAC address of adevice?
A. 3FFE
B. FFFE
C. FF02
D. 2001
Answer: B
Drag and drop the steps in the NAT process for IPv4-initiated packers from the left into the correct sequence on the right.