CCNP ROUTE Practice Qs Flashcards

1
Q

Routers R2, R3, R4, and R5 have OSPF enabled. What should be configured on the routers in area 1 to ensure that all default summary routes and redistributed EIGRP routes will be forwarded from R6 to area 1, and only a default route for all other OSPF routes will be forwarded from R5 to area 1.

A. R5(config-router)# area 1 stubR6(config-router)# area 1 stub
B. R5(config-router)# area 1 stub no-summaryR6(config-router)# area 1 stub
C. R5(config-router)# area 1 nssaR6(config-router)# area 1 nssa
D. R5(config-router)# area 1 nssa no-summaryR6(config-router)# area 1 nssa

A

Answer: D
Explanation:

External RIP routes are being routed in OSPF area 1 where they are injected as type 7 so we use (area 1 NSSA) command on the ASBR(R2) and (Area 1 NSSA no-summary) command on R3 and R4.

You can verify issuing the command “show ip ospf database” and you will see the type 7 lsa’s on ASBR(R2) and LSA’s Type 5 and 7 on both the ABR routers(R3 ,R4).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which two statements are correct regarding the routes to be redistributed into OSPF?

A. The network 192.168.1.0 will be allowed and assigned a metric of 100.
B. The network 192.168.1.0 will be allowed and assigned a metric of 200.
C. All networks except 10.0.0.0/8 will be allowed and assigned a metric of 200.
D. The network 172.16.0.0/16 will be allowed and assigned a metric of 200.
E. The network 10.0.10.0/24 will be allowed and assigned a metric of 200.

(Choose two.)

A

Answer: A,D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A network administrator is troubleshooting a redistribution of OSPF routes into EIGRP.

router eigrp 1
network 10.0.0.0
!
router ospf 1
network 172.10.0.0 0.0.255.255 area 0
redistribute eigrp 1

Given the exhibited commands, which statement is true?

A. Redistributed routes will have an external type of 1 and a metric of 1.
B. Redistributed routes will have an external type of 2 and a metric of 20.
C. Redistributed routes will maintain their original OSPF routing metric.
D. Redistributed routes will have a default metric of 0 and will be treated as reachable and advertised.
E. Redistributed routes will have a default metric of 0 but will be treated as unreachable
and not advertised.

A

Answer: B

Explanation:
By default, all routes redistributed into OSPF will be tagged as external type 2 (E2) with a metric of 20, except for BGP routes (with a metric of 1).

Note: The cost of a type 2 route is always the external cost, irrespective of the interior cost to reach that route. A type 1 cost is the addition of the external cost and the internal cost used to reach that route.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which three steps are most helpful in verifying proper route redistribution? (Choose three.)

A. On the routers not performing the route redistribution, use the show ip route command to see if the redistributed routes show up.
B. On the ASBR router performing the route redistribution, use the show ip protocol command to verify the redistribution configurations.
C. On the ASBR router performing the route redistribution, use the show ip route command to verify that the proper routes from each routing protocol are there.
D. On the routers not performing the route redistribution, use the show ip protocols command to verify the routing information sources.
E. On the routers not performing the route redistribution, use the debug ip routing command to verify the routing updates from the ASBR.

A

Answer: A,B,C

Explanation:
In order to verify proper route redistribution, use the “show ip route” command on all routers within the network, as well as the ABSR, to verify that the routes are properly being advertised to all routers.

In addition, issuing the “show ip protocol” can be used on the router performing the redistribution to verify that routes are being redistributed into each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Into which two types of areas would an area border router (ABR) inject a default route?
(Choose two.)
A. stub
B. the autonomous system of an exterior gateway protocol (EGP)
C. NSSA
D. totally stubby
E. the autonomous system of a different interior gateway protocol (IGP)
F. area 0

A

Answer: A,D

Explanation:
Both stub area & totally stubby area allow an ABR to inject a default route. The main difference between these 2 types of areas is:

  • Stub area replaces LSA Type 5 (External LSA – created by an ASBR to advertise network from another autonomous system) with a default route
  • Totally stubby area replaces both LSA Type 5 and LSA Type 3 (Summary LSA – created by an ABR to advertise network from other areas, but still within the AS, sometimes called interarea routes) with a default route.

Below summarizes the LSA Types allowed and not allowed in area types:

Area Type/Type 1 & 2 (within area)/Type 3 (from other areas)/Type 4/Type 5/Type 7

Standard & Backbone/yes/yes/yes/yes/no

Stub/yes/yes/no/no/no

Totally Stub/yes/no/no/no/no

NSSA/yes/yes/no/no/yes

Totally Stubby NSSA/yes/no/no/no/yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the benefit of deploying IPv6 in a campus network using dual stack mode?

A. Dual Stack Mode takes advantage of IPv6 over IPv4 tunnel ithin a network.
B. IPv4 and IPv6 run alongside one another and have no ependency on each other to function
C. IPv4 and IPv6 share network resources.
D. IPv6 can depend on existing IPv4 routing, QoS, security, and multicast policies.

A

Answer: B
Explanation:
Deploying IPv6 in the campus using the dual-stack model offers several advantages over the hybrid and service block models.

The primary advantage of a dual stack model is that it does not require tunneling within the campus network.

The dual stack model runs the two protocols as ships in the night, meaning that IPv4 and IPv6 run alongside one another and have no dependency on each other to function except that they share network resources.

Both have independent routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Router E is configured with the EIGRP variance 2 command.

What path will Router E take to reach Router A?
A. only E-D-A
B. only E-B-A
C. only E-C-A
D. both E-B-A and E-C-A
E. both E-B-A and E-D-A
F. all available paths.

A

Answer: D

Explanation:
By using the “variance 2 command we can share traffic to other feasible successor routes.
But by default, EIGRP only shares traffic to 4 paths. So we need to use the “maximum-paths 6” to make sure all of these routes are used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network administrator recently redistributed RIP routes into an OSPF domain. However, the administrator wants to configure the network so that instead of 32 external type-5 LSAs flooding into the OSPF network, there is only one.

What must the administrator do to accomplish this?
A. Configure summarization on R1 with area 1 range 172.16.32.0 255.255.224.0
B. Configure summarization on R1 with summary-address 172.16.32.0 255.255.224.0
C. Configure area 1 as a stub area with area 1 stub
D. Configure area 1 as a NSSA area with area 1 stub nssa

A

Answer: B
Explanation:
In many cases, the router doesn’t even need specific routes to each and every subnet (for example, 172.16.1.0/24). It would be just as happy if it knew how to get to the major network (for example, 172.16.0.0/16) and let another router take it from there.

In our telephone network example, the local telephone switch should only need to know to route a phone call to the switch for the called area code. Similarly, a router’s ability to take a group of subnetworks and summarize them as one network (in other words, one advertisement) is called route summarization.

Besides reducing the number of routing entries that a router must keep track of, route summarization can also help protect an external router from making multiple changes to its routing table due to instability within a particular subnet.

For example, let’s say that we were working on a router that connected to 172.16.2.0/24. As we were working on the router, we rebooted it several times. If we were not summarizing our routes, an external router would see each time 172.16.2.0/24 went away and came back.

Each time, it would have to modify its own routing table. However, if our external router were receiving only a summary route (i.e., 172.16.0.0/16), then it wouldn’t have to be concerned with our work on one particular subnet. This is especially a problem for EIGRP, which can create stuck in active (SIA) routes that can lead to a network melt-down.

Summarization Example: We have the following networks that we want to advertise as a single summary route: * 172.16.100.0/24 * 172.16.101.0/24 * 172.16.102.0/24 * 172.16.103.0/24 * 172.16.104.0/24 * 172.16.105.0/24 * 172.16.106.0/24

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If R1 is configured for 6to4 tunneling, what will the prefix of its IPv6 network be?
A. 1723:1100:1::/48
B. FFFF:AC1F:6401::/16
C. AC1F:6401::/32
D. 2002:AC1F:6401::/48
E. 3FFE:AC1F:6401::/32

A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To configure 6to4 on a dual-stack edge router. Which three of the following are valid in 6to4 Tunneling configuration? (Choose three)
A. IPv4 Tunnel IP address
B. Tunnel mode (6to4)
C. Tunnel Keepalives
D. IPv4 Tunnel Destination
E. IPv4 Tunnel Source.
F. 6to4 IPv6 address (within 2002 /16)

A

Answer: B,E,F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How is network layer addressing accomplished in the OSI protocol suite?

A. Internet Protocol address

B. Media Access Control address

C. Packet Layer Protocol address

D. Network Service Access Point address

E. Authority and Format Identifier address

A

Answer: D
Explanation:
OSI network-layer addressing is implemented by using two types of hierarchical addresses: network service access-point addresses and network-entity titles.

A network service-access point (NSAP) is a conceptual point on the boundary between the network and the transport layers.

The NSAP is the location at which OSI network services are provided to the transport layer. Each transport-layer entity is assigned a single NSAP, which is individually addressed in an OSI internetwork using NSAP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?

A. router(config-if)#ip helper-address 172.20.14.225
B. router(config-if)#udp helper-address 172.20.14.225
C. router(config-if)#ip udp helper-address 172.20.14.225
D. router(config-if)#ip helper-address 172.20.14.225 69 53 49

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit. Will redistributed RIP routes from OSPF Area 2 be allowed in Area 1?

A. Because Area 1 is an NSSA, redistributed RIP routes will not be allowed.
B. Redistributed RIP routes will be allowed in Area 1 because they will be changed into type 5 LSAs in Area 0 and passed on into Area 1.
C. Because NSSA will discard type 7 LSAs, redistributed RIP routes will not be allowed in Area 1.
D. Redistributed RIP routes will be allowed in Area 1 because they will be changed into type 7 LSAs in Area 0 and passed on into Area 1.
E. RIP routes will be allowed in Area 1 only if they are first redistributed into IGRP.

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Router RTA is configured as follows:
RTA (config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#distribute-list 44 in interface BRIO
RTA(config-router)#exit
RTA(config)#access-list 44 deny 172.16.1.0 0.0.0.255
RTA(config)#access-list 44 permit any

A

Answer: C,E
Explanation:
Distribute list are used to filter routing updates and they are based on access lists.

In this case, an access list of 44 was created to deny the route from network 172.16.1.0/24 so this route will not be entered into the routing table of RTA. But the route from RTW can be entered because it is not filtered by the access list

A and B are not correct because the distribute list is applied to the inbound direction of interface BRI0 so outgoing routing updated will not be filtered.

Distribute list just filters routing updates so user traffic from network 172.16.1.0 will not be denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?

A. source address
B. destination address
C. router interface
D. default gateway

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A router is configured for redistribution to advertise EIGRP routes into OSPF on a boundary router. Given the configuration:

router ospf 1
redistribute eigrp 1 metric 25 subnets

What is the function of the 25 parameter in the redistribute command?

A. It specifies the seed cost to be applied to the redistributed routes.
B. It specifies the administrative distance on the redistributed routes.
C. It specifies the metric limit of 25 subnets in each OSPF route advertisement.
D. It specifies a new process-id to inject the EIGRP routes into OSPF.

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which routing protocol will continue to receive and process routing updates from neighbors
after the passive interface router configuration command is entered?

A. EIGRP
B. RIP
C. OSPF
D. IS-IS

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

R1 and R2 belong to the RIP routing domain that includes the networks 10.20.0.0/16 and 10.21.0.0/16. R3 and R4 are performing two-way route redistribution between OSPF and RIP.

A network administrator has discovered that R2 is receiving OSPF routes for the networks 10.20.0.0/16 and 10.21.0.0/16 and a routing loop has occurred.

Which action will correct this problem?
A. Apply an inbound ACL to the R2 serial interface.
B. Change the RIP administrative distance on R3 to 110.
C. Configure distribute-lists on R3 and R4.
D. Set the OSPF default metric to 20.
E. Change the OSPF administrative distance on R3 to 110.

A

Answer: C
Explanation:
Distribute List is Like an access-list, use to deny or permit the routing update to pass through a router/interface. Distribute List allow you apply an access list to a routing updates.

It can be apply on in or out bond of an interface under a routing process. e.g in fig. R1 want to send a routing update to it neighbor, this update will go through from interface S0/0, router will check, is there some Distribute List apply to this interface. If there is a Distribute List which would contain the allow route to pass through this interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which three route filtering statements are true? (Choose three)

A. After the router rip and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any RIP updates, but will receive routing updates on that interface.
B. After the router eigrp 10 and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any EIGRP updates, but will receive routing updates on that interface
C. After the router ospf 10 and passive-interface s0/0 commands have been issued , the s0/0 interface will not send any OSPF updates, but will receive routing updates on that interface
D. When you use the passive-interface command with RIPv2, multicasts are sent out the specified interface
E. When you use the passive-interface command with EIGRP, hello messages are not sent out the specified interface
F. When you use the passive-interface command with OSPF, hello messages are not sent out the specified interface

A

Answer: A,E,F
Explanation:

Passive-interface command is used in all routing protocols to disable sending updates out from a specific interface. However the command behavior varies from one protocol to another”

  • In RIP, this command will not allow sending multicast updates via a specific interface but will allow listening to incoming updates from other RIP speaking neighbors. This means that the router will still be able to receive updates o n that passive interface and use them in its routing table.

In EIGRP and OSPF the passive-interface command stops sending outgoing hello packets, hence the router can not form any neighbor relationship via the passive interface. This behavior stops both outgoing and incoming routing updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which traffic does the following configuration allow?

ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in

A. all traffic to vty 0 4 from source 2001:DB8:0:4::32
B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all

A

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

On the basis of the partial configuration, which two statements are correct? (Choose two.)
A. Only routes matching 10.0.1.0/24 will be advertised out Ethernet 0.
B. Only routes 10.0.1.0/24 will be sent out all interfaces.
C. Only routes 10.0.1.0/24 will be allowed in the routing table.
D. Only routes matching 10.0.0.0/8 will be advertised out Ethernet 0.
E. Only routes matching 10.0.0.0/8 will be advertised out interfaces other than Ethernet 0.
F. All routes will be advertised out interfaces other than Ethernet 0.

A

Answer: A,E
Explanation:

In this case, the following algorithm is used when multiple distribute-lists are used:
1. First check which interface is being sent out. If it is Ethernet 0, distribute-list 2 is applied first. If the network is denied then no further checking is done for this network. But if distribute-list 2 permits that network then distribute-list 1 is also checked. If both distributelists allow that network then it will be sent out.

  1. If the interface is not Ethernet 0 then only distribute-list 1 is applied.
    Now let’s take some examples. + If the advertised network is 10.0.1.0/24, it will be sent out all interfaces, including Ethernet 0.+ If the advertised network is 10.0.2.0/24, it will be sent out all interfaces, excepting Ethernet 0.+ If the advertised network is 11.0.0.0/8, it will be dropped.

Note: It is possible to define one interface-specific distribute-list per interface and one protocol-specific distribute-list for each process/autonomous-system.
(For more information, please read:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080208748.shtml)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which command should be added to RTB under router bgp 100 to allow only the external OSPF routes to be redistributed to RTC?

A. redistribute ospf 1
B. redistribute ospf 1 match external 1
C. redistribute ospf 1 match external 2
D. redistribute ospf 1 match external 1 external 2

A

Answer: D
Explanation:
Use the external keyword along with the redistribute command under router bgp to redistribute OSPF external routes into BGP. With the external keyword, you have three choices: 1. redistribute both external type-1 and type-2 (Default)

  1. redistribute type-1
  2. redistribute type-2 Enter the commands in the configuration mode as described here:

RTB(config-router)# router bgp 100 RTB(config-router)# redistribute ospf 1 match external.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A network engineer notices that transmission rates of senders of tcp traffic sharply increase and decrease simultaneously during periods of congestion.

Which condition causes this?
A. Global synchronization
B. Tail drop
C. Random early detection
D. Queue management algorithm

A

Correct answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which three problems results from application mixing of UDP and TCP streams within a network with no QoS (choose three)

A. Starvation

B. Jitter

C. Latency

D. windowing

E. Lower throughput

A

Correct answer:ACE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which method allows IPv4 and IPv6 to work together without requiring both to be used for a single connection during the migration process?

A. Dual stack method

B. 6to4 tunneling

C. GRE tunneling

D. NAT-PT

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which statement about the use of tunneling to migrate to IPv6 is true?

A. Tunneling is less secure than dual stack or translation.

B. Tunneling is more difficult to configure than dual stack or translation

C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts.

D. Tunneling destination are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 address

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two)

A. IP routing

B. FIB

C. ARP cache

D. MAC address table

E. Cisco Express Forwarding table

F. Topology table

A

Correct Answer:AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which switching method is used when entries are present in the output of the command show ip cache?

A. Fast switching

B. Process switching

C. Cisco Express Forwarding Switching

D. Cut-through packet switching

A

Correct answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which two actions must you perform to enable and use window scaling on a router? (Choose two)

A. Execute the command ip tcp windows-size 65536

B. Set window scaling to be used on the remote host.

C. Execute the command ip tcp queuemax.

D. Set TCP options to “enabled” on the remote host.

E. Execute the command ip tcp adjust-mss

A

Correct Answer:AB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which three TCP enhancements can be used with TCP selective acknowledgments?

A. Header compression

B. Explicit congestion notification

C. Keepalive

D. Time stamps

E. TCP path recovery

F. MTU window

A

Correct Answer: BCD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A network administrator uses IP SLA to measure UDP performance and notices that packets on one router have a higher one-way delay compared to the opposite direction. Which UDP characteristic does this scenario describe?

A. Latency

B. Starvation

C. Connectionless communication

D. Nonsequencing unordered packets

E. Jitter

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Under which condition does UDP dominance occur?

A. When TCP traffic is in the same class as UDP

B. When UDP flows are assigned a lower priority queue

C. When WRED is enabled

D. When ACLs are in place to block TCP traffic.

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed?

A. Disable CDP on the interface.

B. Execute the vpdn enable command

C. Execute the no switchport command

D. Enable QoS FiFo for PPPoE support

A

Correct Answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?

A. PAP

B. Dot1x

C. Ipsec

D. CHAPE. ESP

A

Correct Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even if not interested traffic exists. which feature can be found to accomplish this task?

A. TCT Adjust

B. Dialer persistent

C. PPPoE groups

D. Half-bridging

E. Peer Neighbor Route

A

Correct answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which PPP authentication method sent authentication information in clear text? A. MS CHAP B. CDPCP C. CHAP D. PAP

A

Correct answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which protocol uses dynamic address mapping to request the next-hope protocol address for specific connection? A. Frame Relay inverse ARP B. Static DLCI mapping C. Frame Relay broadcast queue D. Dynamic DLCI mapping

A

Correct answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which statement is true about PPP session phase of PPPoE?

A. PPP options are negotiated and authentication is not performed. Once the link set up is completed, PPPOE functions as layer 3 encapsulation method that allows data to be transferred over PPP link within the PPPoE headers.

B. PPP options are not negotiated and authentication is performed. Once the link setup is complete, PPPoE functions as a layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.

C. PPP options are automatically enabled and authorization is performed. Once the link setup is completed, PPPoE functions as a layer 2 encapsulation method that allows data to be encrypted over PPP link within PPPoE headers.

D. PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.

A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

PPPoE is composed of which two phases?

A. Active Authentication phase and PPP Session Phase

B. Passive Discovery Phase and PPP session phase

C. Active authorization phase and PPP Session pahse

D. Active Discovery phase and PPP Session phase

A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A router with an interface that is configured with iPv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?

A. DHCPv6 request

B. Router-advertisement

C. Neighbor-solicitation

D. Redirect

A

Correct Answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A router with an interface that is configured with IPv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?

A. DHCPv6 request

B. Router-advertisement

C. Neighbor-solicitation

D. Redirect

A

Correct Answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:

MAC address C601.420F.0007

Subnet 2001:DB8:0:1::/64

Which IPv6 addresses should the engineer add to the documentation?

A. 2001:DB8:0:1:C601:42FF:FE0F:7

B. 2001:DB8:0:1:FFFF:C601:420F:7

C. 2001:DB8:0:1:FE80:C601:420F:7

D. 2001:DB8:0:1:C601:42FE:800F:7

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?

A. The traffic filter is blocking all ICMPv6 traffic

B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.

C. The link-local addresses that were used by OSPFV3 were explicit denied, which caused the neighbor relationships to fail.

D. IPv6 traffic filtering can be implemented only on SVIs.

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the purpose of the autonomous-system {autonomous-system-number} command?

A. It sets the EIGRP autonomous system number in a VRF

B. It sets the BGP autonomous system number in a VRF

C. Its sets the global EIGRP autonomous system number

D. It sets the global BGP autonomous system number

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the default OSPF hello interval on a Frame Relay point-to-point network?

A. 10

B. 20

C. 30

D. 40

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?

A. 10.9.1.0/24

B. 10.8.0.0/24

C. 10.8.0.0/16

D. 10.8.0.0/23

A

Correct Answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFV3. The Network that are advertised from Router A do not show up in Router B routing table. After debugging IPv6 packets, the message “not a router” is found in the output. Why is the routing information not being learned by router B?

A. OSPFV3 timers were not adjusted for fast convergence.

B. The networks were not advertised properly under the OSPFV3 process.

C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A

D. IPv6 unicast routing is not enabled on router A or router B.

A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

After you review the output of the command show IPv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of fFFE inserted into the address. Based on this information, what do you conclude about these IPV6 addresses?

A. IEEE EUI-64 was implemented when assigning IPV6 addresses on the device.

B. The addresses were misconfigured and will not function as intended.

C. IPv6 addresses containing “FFFE” indicate that the address is reversed for multicast.

D. The IPv6 universal/local flag (bit 7) was flipped E. IPv6 unicast Forwarding was enable, but IPv6 Cisco Express Forwarding was disabled.

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage?

A. Router acknowledgement message will be forwarded upstream, where the DHCP server will allocate addresses to the local host.

B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery.

C. Duplicate Address detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment.

A

Correct Answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A company has just opened two remote branch office that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?

A. Interface Tunnel0 Bandwidth 1536 Ip address 209.165.200.230 255.255.255.224 Tunnel source serial0/0 Tunnel mode gre multipoint

B. Interface fa0/0 Bandwidth 1536 IP address 209.165.200.230 255.255.255.224 Tunnel mode gre multipoint

C. Interface tunnel0 Bandwidth 1536 IP address 209.165.200.231 255.255.255.224 Tunnel source 209.165.201.1 Tunnel-mode dynamic

D. Interface fa0/0 Bandwidth 1536 IP address 209.165.200.231 255.255.255.224 Tunnel source 192.168.161.2 Tunnel destination 209.165.201.1 Tunnel-mode dynamic

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output.

A. Inbound crypto map

B. Remaining key lifetime

C. Path MTU

D. Tagged packets

E. Untagged packets

F. Invalid identity packets

A

Correct Answer:ABC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Refer to the following output:Router#show ip nhrp detail

10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12 expire 01:59:47 typE. Dynamic, Flags: authoritative unique nat registered used NBMA address: 10.12.1.2

What does the authoritative flag mean in regards to the NHRP information?

A. It was obtained directly from the next-hop server.

B. Data packets are process switches for this mapping entry.

C. NHRP mapping is for network that are local to this router.

D. The mapping entry was created in response to an NHRP registration request.

E. The NHRP mapping entry cannot be overwritten.

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which common issue causes intermittent DMVPN tunnel flaps?

A. A routing neighbor reachability issue

B. A suboptimal routing table

C. Interface bandwidth congestion

D. That the GRE tunnel to hub router is not encrypted

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which encapsulation supports an interface that is configured for an EVN trunk?

A. 802.1Q

B. ISL

C. PPP

D. Frame Relay

E. MPLSF. HDLC

A

Correct answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which three characteristics are shared by subinterfaces and associated EVNs?

A. IP address

B. Routing table

C. Forwarding control lists

E. NetFlow configuration

A

Correct Answer:ABC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable?

A. EZVPN

B. Ipsec VPN client access

C. VPDN client access

D. SSL VPN client access

A

Correct Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding?

A. Flex VPN

B. DMVPN

C. GetVPN

D. Cisco Easy VPN

A

Correct answer:B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which traffic does the following configuration allow?IPv6 access-list ciscoPermit ipv6 host 2001:DB8:0:4::32 any eq sshLine vty 0 4IPv6 access-class cisco in

A. All traffic to vty 0 4 from source 2001:DB8:0:4:32

B. Only ssh traffic to vty 0 4 from source all

C. Only ssh traffic to vty 0 4 from source 2001:DB:8:0:4::32

D. All traffic to vty 0 4 from source all

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

For troubleshooting purposes, which method can you use in combination with the “debug ip packet” command to limit the amount of output data?

A. You can disable the IP route cache globally

B. You can use the KRON scheduler.

C. You can use an extended access list.

D. You can use an IOS parser.

E. You can use the RITE traffic exporter.

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Refer to the following access list. Access-list 100 permit ip any any logAfter applying the access list on a cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this?

A. A packet that matches access-list with the “log” keyword is cisco express Forwarding switched.

B. A packet that matches access-list with the “log” keyword is fast switched.

C. A packet that matches access-list with the “log” keyword is process switched

D. A large amount of IP traffic is being permitted on the router

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which address is used by Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?

A. Source address

B. Destination address

C. Router interface

D. Default gateway

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What are three modes of Unicast Reverse Path Forwarding?

A. Strict mode, loose mode, and VRF mode

B. Strict mode, loose mode, and broadcast mode

C. Strict mode, broadcast mode, and VRF mode

D. Broadcast mode, loose mode, and VRF mode

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? Router(config)#access-list 101 deny ip 10.0.0.0 255.255.255.255 any logRouter(config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any logRouter(config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any logRouter(config)#interface fastEthernet 1/0Router(config-ip)#ip access-group 101 in

A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts

B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the internet.

C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.

D. It prevents private internal addresses to be accessed directly from outside.

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Refer to the following command:

Router(config)# ip http secure-port 4433

Which statement is true?

A. The router will listen on port 4433 for HTTPS traffic

B. The router will listen on port 4433 for HTTP traffic

C. The router will never accept any HTTP and HTTPS traffic.

D. The router will listen listen to HTTP and HTTP traffic on port 4433

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?

A. Router(config-if)# ip helper-address 172.20.14.225

B. Router(config-if)# udp helper-address 172.20.14.225

C. Router(config-if)# ip udp helper-address 172.20.14.225

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A network engineer is configuring SNMP on the network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirement of this scenario?

A. Router(config)#snmp-server host 172.16.201.28 traps version 2c CiSCORO

B. Router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO

C. Router(config)# snmp-server host 172.16.201.28 traps version 3 auth CISCORO

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

When using SNMPv3 with NoauthNopriv, which string is math ed for sithentication?

A. Username

B. Password

C. Community-string

D. Encryption-key

A

Correct answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

After a recent DoS attack on a network, senior management ask you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? Choose two

A. Use the msec option to enable service time stamps

B. Increase the logging history

C. Set the logging severity level to 1

D. Specify a logging rate limitE. Disable event logging on all noncritical items

A

Correct Answer: A,B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection?

A. Secure copy protocol

B. Core dumps

C. Warm reloads

D. SNMPE. Netflow

A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?

A. It enables receiving NTP broadcast on the interface where the command was executed

B. It enables receiving NTP broadcast on all interfaces globally.

C. It enables a device to be an NTP peer to another device.

D. It enables a devices to receive NTP broadcast and unicast packets

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is a function of NPTv6?

A. It interferes with encryption of the full IP payload

B. It maintains a per-node state

C. It is checksum-neutral

D. It rewrites transport layer headers.

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

IPv6 has just been deployed to all of the hosts within a network, but not to the servers. Which features allows ipv6 devices to communicate with ipv4 servers?

A. NAT

B. NATng

C. NAT64

D. Dual-stack NAT

E. DNS64

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?

A. Connectionless-oriented

B. Service-oriented

C. Connection-oriented

D. Application-oriented

A

Correct Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

A network engineer executes the “ipv6 flowset” command. What is the result?

A. Flow-label marking in 1280-byte or larger packets is enabled.

B. Flow-set marking in 1280-byte or larger packets is enabled.

C. Ipv6 PMTU is enabled on the router

D. IPv6 flow control is enabled on the router.

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and report packets are not being sent?

A. Output drops

B. Enqueuing for the RP

C. Fragmentation failures

D. Adjacency issues

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

A network engineer is asked to configure a site-to-site IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command

ip nat inside source lost 1 int s0/0 overload.

Which functions do the two commands serve in this scenario?

A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.

B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one” access for all devices on a defined segment to share a single IP address upon existing the external interface.

C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.

D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon existing the external interface.

A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?

A. Track the up/down state of a loopback interface and shutdown this interface during maintenance.

B. Adjust the HSRP priority without the use of preemption

C. Disable and unable all active interface on the active HSRP node.

D. Enable HSRPv2 under global configuration, which allows for maintenance mode.

A

Correct Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What is the effect of the distribute-list command in the R1 configuration?

A. R1 will permit only the 10.0.0.0/24 route in the R2 RIP updates
B. R1 will not filter any routes because there is no exact prefix match
C. R1 will filter the 10.1.0.0/24 and the 172.24.1.0/24 routes from the R2 RIP updates
D. R1 will filter only the 172.24.1.0/24 route from the R2 RIP updates

A

Answer: C

Explanation:
The command “distribute-list 10 in Serial0 will create an incoming distribute list for interface serial 0 and refers to access list 10.

So it will permit routing updates from 10.0.x.x network while other entries (in this case the 10.1.0.0/24 and 172.24.1.0/24 networks) will be filtered out from the routing update received on interface S0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

R3#show run | include defaultip
default-network 140.140.0.0
ip default-network 130.130.0.0

R3#show ip route | begin Gateway
Gateway of last resort is 0.0.0.0 to network 130.130.0.0
116.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 116.16.37.0/30 is directly connected, Serial1/0.2
C 116.16.32.0/30 is directly connected, Serial2/0.2
C 116.16.34.0/28 is directly connected, Serial1/0.1
C 116.16.35.0/28 is directly connected, Serial2/0.1
S 116.0.0.0/8 [1/0] via 116.16.34.0
* 140.140.0.0/32 is subnetted, 3 subnets
O 140.140.1.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
O 140.140.3.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
O 140.140.2.1 [110/65] via 116.16.34.4, 00:14:54, Serial1/0.1
* 130.130.0.0/16 is variably subnetted, 4 subnets, 2 masks
D* 130.130.0.0/16 is a summary, 00:30:04, Null0
C 130.130.1.0/24 is directly connected, Ethernet0/0
C 130.130.2.0/24 is directly connected, Ethernet0/1
C 130.130.3.0/24 is directly connected, Ethernet1/0
D 150.150.0.0/16 [90/679936] via 116.16.35.5, 00:02:58, Serial2/0.1

Refer to the exhibit.

Why is the 140.140.0.0 network not used as the gateway of last resort
even though it is configured first?

A. The last default-network statement will always be preferred.
B. A route to the 140.140.0.0 network does not exist in the routing table.
C. Default-network selection will always prefer the statement with the lowest IP address.
D. A router will load balance across multiple default-networks; repeatedly issuing the show ip route command would show the gateway of last resort changing between the two networks.

A

Answer: B
Explanation:
As you can see in the exhibit, 140.140.0.0 doesn’t appear in the routing table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What two situations could require the use of multiple routing protocols? (Choose two)

A. when using UNIX host-based routers
B. when smaller broadcast domains are desired
C. because having multiple routing protocols confuses hackers
D. when migrating from an older Interior Gateway Protocol (IGP) to a new IGP
E. when all equipment is manufactured by Cisco
F. when there are multiple paths to destination networks

A

Answer: A,D
Explanation:
Simple routing protocols work well for simple networks, but networks grow and become more complex.

While running a single routing protocol throughout your entire IP internetwork is desirable, multiprotocol routing is common for a number of reasons, including company mergers, multiple departments managed by multiple network administrators, multivendor environments, or simply because the original routing protocol is no longer the best choice.

Often, the multiple protocols are redistributed into each other during a migration period from one protocol to the other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which three statements are true when configuring redistribution for OSPF? (Choose three)

A. The default metric is 10.
B. The default metric is 20.
C. The default metric type is 2.
D. The default metric type is 1.
E. Subnets do not redistribute by default.
F. Subnets redistribute by default.

A

Answer: B,C,E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

If the command variance 3 were added to RTE, which path or paths would be chosen to route traffic to network X?

A. E-B-A
B. E-B-A and E-C-A
C. E-C-A and E-D-A
D. E-B-A, E-C-A and E-D-A

A

Answer: B
Explanation:
Advertised distance of RTD is greater than FD of RTE-RTC-RTA, so the route through D will not be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Which two statements about EVNs are true? (Choose two)

A. VRF using MPLS require a trunk interface that use EVN
B. VRF-Lite requires a trunk interface that uses EVN
C. All EVNs within a trunk interface can share the same IP infrastructure
D. Each EVN within a trunk interface must be configured separately
E. Commands that are specified once under a trunk interface can be inherited by all ENVs

A

Answer: C,E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

An EUI-64 bit address is formed by adding a reserved 16-bit value in which position of the Mac address?

A. between the vendor OID and the NIC-specific part of the MAC address.
B. after the NIC-specific part of the MAC address.
C. before the vendor OID part of the MAC address.
D. anywhere in the Mac address, because the value that is added is reserved.

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which OSPF area prevent LSA type 4, LSA type 5? (Choose two)

A. Stub Area
B. Totally Stubby Area
C. Not-So-Stubby Area
D. Totally Not-So-Stubby Area

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

What is the purpose of configuring the router as a PPPoE client?

A. to provide VPN access over L2TP
B. to enable PPP session from the router to the termination device at the headend for metroEthernet connectivity
C. for DSL connectivity and removing the need for the end-user PC to run the PPPoE client software
D. for connecting the router to a cable modem, which bridges the Ethernet frames from the router to the cable modem termination system

A

Answer: C

Explanation:
DSL Technology used PPPoE protocol (service provide end) and user end required to be used same Protcol running as client to communicate with it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

The Cisco SA 500 Series Security Appliances are built specifically for businesses with less than 100 employees. What are three important benefits of this device? (Choose three)

A. business-grade firewall
B. premium support via SMART net
C. site-to-site VPN for remote offices
D. Cisco IOS software-based
E. email security
F. XML support

A

Answer: A,C,E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

What is a function of NPTv6?

A. It interferes with encryption of the full IP payload.
B. It maintains a per-node state.
C. It is checksum-neutral.
D. It rewrites transport layer headers.

A

Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Which two protocols are required for DMVPN? (Choose two)

A. IPsec
B. PPTP
C. mGRE
D. NHRP
E. Open VPN

A

Answer: A,D
Explanation: The DMVPN feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE)
tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).

http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which type of access list allows granular session filtering for upper-level protocols?

A. content-based access lists
B. context-based access-lists
C. reflexive access-lists
D. extended access lists

A

Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which two statements about NetFlow templates are true? (Choose two)

A. Only NetFlow version 9 is template based.
B. NetFlow Version 5 and version 9 are template based.
C. Only NetFlow version 5 is template based.
D. Template can increased bandwidth usage
E. They can increase overall performance.
F. They can reduce bandwidth usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, and into the core of an Enterprise network.

The branch also allows local hosts to communicate directly with public sites in the Internet over this same DSL connection.

Which of the following answers defines how the branch NAT config avoids performing NAT for the Enterprise directed traffic but does perform NAT for the Internet-directed traffic?

A. By not enabling NAT on the IPsec tunnel interface
B. By not enabling NAT on the GRE tunnel interface
C. By configuring the NAT-referenced ACL to not permit the Enterprise traffic
D. By asking the ISP to perform NAT in the cloud

A

Answer: C

Explanation:
The NAT configuration acts only on packets permitted by a referenced ACL. As a result, the ACL can permit packets destined for the Internet, performing NAT on those packets. The ACL also denies packets going to the Enterprise, meaning that the router does not apply NAT to those packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Which IPV6 address type does RIPng use for next-hop addresses?

A. anycast
B. global
C. multicast
D. site-local
E. link-local

A

Answer: E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

An EUI-64 bit address is formed by inserting which 16-bit value into the MAC address of adevice?

A. 3FFE
B. FFFE
C. FF02
D. 2001

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Drag and drop the steps in the NAT process for IPv4-initiated packers from the left into the correct sequence on the right.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Which statement is true about an IPsec/GRE tunnel?

A. The GRE tunnel source and destination addresses are specified within the IPsec transform set.
B. An IPsec/GRE tunnel must use IPsec tunnel mode.
C. GRE encapsulation occurs before the IPsec encryption process.
D. Crypto map ACL is not needed to match which traffic will be protected.

A

Answer: C

98
Q

Sampler: mysampler, id: 1,packets matched: 10,mode: random sampling mode

Which statement about the output of the show flow-sampler command is true?

A. The sampler matched 10 packets, each packet randomly chosen from every group of 100 packets.
B. The sampler matched 10 packets, one packet every 100 packets.
C. The sampler matched 10 packets, each one randomly chosen from every 100-second interval.
D. The sampler matched 10 packets, one packet every 100 seconds.

A

Answer: A

99
Q

Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office? (Choose two.)

A. DMVPN
B. MPLS VPN
C. Virtual Tunnel Interface (VTI)
D. SSL VPN
E. PPPoE

A

Answer: A,C

100
Q

Which statement is correct regarding the operation of NAT-PT between the IPv4 and IPv6 networks shown?

A. The router will determine the IPv4 destination address.
B. The source IPv6 host can use DNS to determine the IPv6-to-IPv4 address mapping.
C. The host is statically configured with the IPv6-to-IPv4 address mapping.
D. ICMP can be used to determine the IPv6-to-IPv4 address mapping.

A

Answer: B

101
Q

If you configure one router in your network with the auto-cost reference bandwidth 100 command, which effect on the data path is true?

A. The data path remains the same for all links.
B. The data path changes for 10 Mbps links only.
C. The data path changes for all links.
D. The data path changes for 10 Gbps links only.

A

Answer: C

102
Q

Which two statements about Frame Relay Point-to-Point connections are true? (Choose Two)

A. Changing a point-to-point sub interface to a different type requires the device to be reloaded.
B. They use two DLCIs to communicate with multiple endpoints over the Frame Relay cloud.
C. The device can establish a point-to-point connection to the cloud without a DLCI.
D. They can operate normally without a DLCI map.
E. Each physical interface that extends to the Frame Relay cloud can support a single SVC.

A

Answer: A,B

103
Q

Which two debug commands can you use to view issues with CHAP and PAP
authentication? (Choose Two)

A. debug tacacs
B. debug ppp authentication
C. debug radius
D. debug aaa authentication
E. debug ppp negotiation

104
Q

During which DMVPN phase is spoke-to-spoke communication enabled?

A. Phase 1
B. Phase 6
C. Phase 5
D. Phase 2
E. Phase 4

A

Answer: D

105
Q

A network engineer is modifying RIPng timer configuration. Which configuration mode should the engineer use?

A. router(config-rtr)#
B. router(config-ripng)#
C. router(config-if)#
D. router(config)#

106
Q

What is a key benefit of using a GRE tunnel to provide connectivity between branch offices and headquarters?

A. authentication, integrity checking, and confidentiality
B. less overhead
C. dynamic routing over the tunnel
D. granular QoS support
E. open standard
F. scalability

A

Answer: C

Explanation:
Generic routing encapsulation. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.

107
Q

Which of the following is a GRE Tunnel characteristic?

A. GRE impose more CPU overhead than IPSec on VPN gateways
B. GRE tunnels can run through IPsec tunnels.
C. GRE Tunnel doesn’t have support for IPv6
D. GRE consists of two sub-protocols: Encapsulated Security Payload (ESP) and
Authentication Header (AH).

A

Answer: B

Explanation:
If you run an IPsec tunnel through a GRE tunnel then we call it as “IPsec over GRE”

108
Q

When policy-based routing (PBR) is being configured,

Which three criteria can the set command specify? (Choose three.)
A. all interfaces through which the packets can be routed
B. all interfaces in the path toward the destination
C. adjacent next hop router in the path toward the destination
D. all routers in the path toward the destination
E. all networks in the path toward the destination
F. type of service and precedence in the IP packets

A

Answer: A,C,F

Explanation:
Configuring Policy-Based Routing (PBR):
You can configure PBR by following these steps. Some of the steps may be omitted depending on your application for PBR. For this example, note the set condition options listed is step 3 (answers are bolded).

Step1
Define and configure the route map needed for the policy. This is accomplished with the route-map command, as discussed previously.

Step2
Define and configure the match statements the route map will use. The most common match statements used are the following:

  • match ip address [access-list number]

The match ip address is used to call a standard, extended, or expanded-range ACL.

match length [min_packet_length_0-2147483647] [max_packet_length_0-2147483647]

The match length is used to match the Layer 3 packet length, in bytes, with all associated headers and trailers included. You must enter the minimum and maximum packet length. Use the match length command to policy route traffic based on packet size. You can deploy this to route traffic with large or small packet sizes to specific areas of the network.

Step3
Configure and define the new routing policy with set commands. Multiple set commands may be used; if multiple commands are used, they are executed in the following order:

  • set ip {precedence [value_0-7 | name] | tos [value_0-8 | name]}
  • set ip next-hop ip_address
  • set interface interface_name
  • set ip default next-hop ip_address
  • set default interface interface_name
  • set ip precedence {[1-7]|[routine|critical|flash|flashoverride|
  • immediate|internet|network|priority]}
109
Q

Which two methods of deployment can you use when implementing NAT64? (Choose two.)

A. stateless
B. stateful
C. manual
D. automatic
E. static
F. functional
G. dynamic

A

Answer: A,B

110
Q

After a recent DoS attack on a network, senior management asks you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? (Choose two.)

A. Use the msec option to enable service time stamps.
B. Increase the logging history.
C. Set the logging severity level to 1.
D. Specify a logging rate limit.
E. Disable event logging on all noncritical items.

A

Answer: A,B

111
Q

Which statement about stateless and stateful IPv6 autoconfiguration are true?

A. Both stateless and stateful autoconfiguration require additional setup
B. Stateless autoconfiguration requires no additional setup, whereas stateful
autoconfiguration requires additional setup
C. Stateless autoconfiguration requires additional setup, whereas stateful autoconfiguration requires no additional setup
D. Both stateless and stateful autoconfiguration require no additional setup

A

Answer: B

112
Q

Which three statements about SNMP are true? (Choose Three)

A. The manager configures and send traps to the agent.
B. The manager sends GET and SET messages.
C. SNMPv3 supports authentication and encryption.
D. The manager polls the agent using UDP port 161
E. The MIB database can be altered only by the SNMP agent.
F. The agent is the monitoring device.

A

Answer: C,D,F

113
Q

Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.)

A. DNS
B. NAT
C. port redirection
D. stateless translation
E. session handling

A

Answer: A,B

114
Q

config terminal
ip flow-export destination 192.168.10.1 9981
ip flow-export version 9

How can you configure a second export destination for IP address 192.168.10.1?

A. Specify a different TCP Port
B. Specify a different UDP port.
C. Specify a VRF
D. Configure a version 5 flow-export to the same destination.
E. Specify a different flow ID

A

Answer: C

115
Q

Which two options are limitations of stateful NAT64? (Choose two)

A. It is unable to route VRF traffic.
B. IT is unable to route multicast traffic.
C. It supports FTP traffic only with an ALG.
D. It supports DNS64 only.
E. Layer 4 supports TCP only

A

Answer: B,E

116
Q

Which item does EIGRP IPv6 require before it can start running?

A. router ID
B. DHCP server
C. subnet mask
D. default gateway

117
Q

A company’s corporate policy has been updated to require that stateless, 1-to-1, and IPv6 to IPv6 translations at the Internet edge are performed. What is the best solution to ensure compliance with this new policy?

A. NAT64
B. NAT44
C. NATv6
D. NPTv4
E. NPTv6

A

Answer: E

118
Q

Which two statements about password-protecting device access are true (choose two)

A. The more system:running-config command displays encrypted passwords in clear text
B. The service password-encryption command forces a remote device to encrypt the password
C. A network administrator can recover an encrypted password
D. The privilege level command controls the commands a specific user can execute
E. The password can be encrypted in the running configuration

A

Answer: D,E

119
Q

IPv6 has just been deployed to all of the hosts within a network, but not to the servers. Which feature allows IPv6 devices to communicate with IPv4 servers?

A. NAT
B. NATng
C. NAT64
D. dual-stack NAT
E. DNS64

A

Answer: C

120
Q

A network engineer is asked to configure a “site-to-site” IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?

A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one”
access for all devices on a defined segment to share a single IP address upon exiting the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface.

A

Answer: D

121
Q

Which value does Frame Relay use to identify a connection between a DTE and DCE?

A. DLCI
B. IP address
C. MAC address
D. VLAN ID

A

Answer: A

122
Q

What are the four main steps in configuring a GRE tunnel over IPsec on Cisco routers? (Choose Four)

A. Configure a physical interface or create a loopback interface to use as the tunnel endpoint.
B. Create the GRE tunnel interfaces.
C. Add the tunnel interfaces to the routing process so that it exchanages routing updates across that interface.
D. Add the tunnel subnet to the routing process so that it exchanages routing updates across that interface.
E. Add all subnets to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.
F. Add GRE traffic to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.

A

Answer: A,B,D,F

123
Q

What is the international standard for transmitting data over a cable system?

A. PPPoE
B. DOCSIS
C. CMTS
D. AAL5

A

Answer: B

124
Q

A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?

A. connectionless-oriented
B. service-oriented
C. connection-oriented
D. application-oriented

A

Answer: C

125
Q

Which values identifies VPNs in an EVN environment?

A. DLCI
B. route target
C. virtual network tag
D. VLAN ID

126
Q

A new TAC engineer came to you for advice. A GRE over IPsec tunnel was configured, but the tunnel is not coming up. What did the TAC engineer configure incorrectly?

A. The crypto isakmp configuration is not correct.
B. The crypto map configuration is not correct.
C. The network 172.16.1.0 is not included in the OSPF process.
D. The interface tunnel configuration is not correct.

A

Answer: D

127
Q

A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?

A. It enables receiving NTP broadcasts on the interface where the command was executed.
B. It enables receiving NTP broadcasts on all interfaces globally.
C. It enables a device to be an NTP peer to another device.
D. It enables a device to receive NTP broadcast and unicast packets.

A

Answer: A

128
Q

Which two protocols can cause TCP starvation? (Choose two)

A. TFTP
B. SNMP
C. SMTP
D. HTTPS
E. FTP

A

Answer: A,B

129
Q

Drag and drop steps in the TACACS+ authentication process from the left onto the actors that perform on the right.

A
130
Q

When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?

A. username
B. password
C. community-string
D. encryption-key

A

Answer: A

131
Q

Which two statements about configuring Frame Relay point-to-multipoint connections are true? (Choose two)

A. They ignore the broadcast keyword in the frame-relay DLCI mapping.
B. They require the same DLCI on each side of the link.
C. Changing a point-to-multipoint subinterface to a different type requires the interface to be deleted and recreated.
D. They require the frame-relay mapping command to be configured.
E. They require inverse ARP.

A

Answer: D,E

132
Q

A new TAC engineer came to you for advice. A GRE over IPsec tunnel was configured, but the tunnel is not coming up. What did the TAC engineer configure incorrectly?

A. The crypto isakmp configuration is not correct.
B. The crypto map configuration is not correct.
C. The interface tunnel configuration is not correct.
D. The network configuration is not correct; network 172.16.1.0 is missing.

A

Answer: A

133
Q

Drag and drop the adverse network conditions from the left onto the correct descriptions on the right.

A
134
Q

AS6500

(R1)-(R2)-(R3)

||

||

(R4)(R5)

||

10.1.0.0/16 10.2.0.0/16

AS65001 AS65002 Second | should be between R3 and R5

Refer to exhibit. If the IGP in AS65000 is RIPv2, which networks are displayed when you enter show ip route on router R2?

A. VLSM subnts in 10.0.0.0/16 and the major network 10.2.0.0/16 only
B. VLSM subnets in 10.0.0.0/16 and the major network 10.2.0.0/16 only
C. VLSM subnets in 10.0.0.0/16 only
D. major networks 10.1.0.0/16 and 10.2.0.0/16 only
E. VLSM subnets in 10.0.0.0/16 and the major networks 10.1.0.0/16 10.2.0.0/16

A

Answer: D

135
Q

Router(config)#ntp source loopback0
Router(config)#interface e0/0
Router(config-if)#ntp disable

Which statement about the configuration on the Cisco router is true?
A. The router sends only NTP traffic, using the loopback interface, and it disables eth0/0 from sending NTP traffic.
B. Eth0/0 sends NTP traffic on behalf of the loopback interface
C. The router sends only NTP traffic, using the eth0/0 interface, and it disables loopback0 from sending NTP traffic.
D. The router never sends NTP traffic, as using the loopback interface for NTP traffic is not supported on IOS routers.

A

Answer: C

136
Q

By default, which type of IPv6 address is used to build the EUI-64 bit format?

A. unique-local address
B. IPv4-compatible IPv6 address
C. link-local address
D. aggregatable-local address

137
Q

A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered:

switch#show flow exporter Flow_Exporter-1

What is the expected output?

A. configuration of the specified flow exporter
B. current status of the specified flow exporter
C. status and statistics of the specified flow monitor
D. configuration of the specified flow monitor

A

Answer: B

138
Q

A network administrator uses GRE over IPSec to connect two branches together via VPN tunnel. Which one of the following is the reason for using GRE over IPSec?

A. GRE over IPSec provides better QoS mechanism and is faster than other WAN technologies.
B. GRE over IPSec decreases the overhead of the header.
C. GRE supports use of routing protocol, while IPSec supports encryption.
D. GRE supports encryption, while IPSec supports use of routing protocol.

A

Answer: C

139
Q

Which option to the command service timestamps debug enables the logging server to capture the greatest amount of information from the router?

A. uptime
B. show-timezone
C. year
D. msec

A

Answer: D

140
Q

Which two addresses types are included in NAT?

A. inside global
B. global outside
C. outside internet
D. inside internet
E. outside local

A

Answer: A,E

141
Q

For a GRE tunnel to be up between two routers, which of the following must be configured?

A. Loopback Interface
B. IP reachability between the loopback interfaces
C. Dynamic Routing between routers.
D. Tunnel interfaces must be in the same subnet.

A

Answer: D

142
Q

A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and export packets are not being sent?

A. output drops
B. enqueuing for the RP
C. fragmentation failures
D. adjacency issues

A

Answer: A

143
Q

A network engineer wants to verify the status of a recently configured NTP setup on one of the routers. The engineer executes the show ntp associations command. What does the output indicate?

A. the synchronized NTP servers that are configured on the device.
B. the authentication mode that is used with the NTP server.
C. the security key value for the configured NTP server.
D. the facility that is configured for the NTP server.

A

Answer: A

144
Q

A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?

A. Track the up/down state of a loopback interface and shut down this interface during maintenance.
B. Adjust the HSRP priority without the use of preemption.
C. Disable and enable all active interfaces on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.

A

Answer: A

145
Q

A user calls from another branch office with a request to establish a simple VPN tunel to test a new router’s tunneling capability Based on the configuration in the exhibit, which type of tunnel was configured?

A. PPTP
B. IPsec site-to-site
C. 6to4
D. EZVPN

A

Answer: C

146
Q

Which NetFlow component is applied to an interface and collects information about flows?

A. flow monitor
B. flow exporter
C. flow sampler
D. flow collector

A

Answer: A

147
Q

What is the result of the command ip flow-export destination 10.10.10.1 5858?

A. It configures the router to export cache flow information to IP 10.10.10.1 on port UDP/5858.
B. It configures the router to export cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.
C. It configures the router to receive cache flow information from IP 10.10.10.1 on port UDP/5858.
D. It configures the router to receive cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.

A

Answer: A

148
Q

Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network.
Which of the following answers best describes the router’s logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?

A. When the packet received on the LAN interface is permitted by the ACL listed on the tunnel gre acl command under the incoming interface
B. When routing the packet, matching a route whose outgoing interface is theGRE tunnel interface
C. When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interface
D. When permitted by an ACL that was referenced in the associated crypto map

A

Answer: B

Explanation:
As for the correct answer, the process of routing a packet out a GRE tunnel interface triggers the GRE encapsulation action. As for the incorrect answers:

There is no tunnel gre acl command.

There is no IPsec tunnel interface.

Finally, one answer refers to logic that would describe a router’s logic when determining whether to encapsulate a packet into an IPsec tunnel.

149
Q

What is the minimum privilege level to enter all commands in usermode?

A. Level1
B. Level0
C. Level14
D. Level15

A

Answer: A

150
Q

Which two protocols can be affected by MPP? (Choose two)

A. POP
B. SMTP
C. HTTP
D. SFTP
E. SSH

A

Answer: C,E

Explanation:
Following are the management protocols that the MPP feature supports.

151
Q

Which type of traffic does DHCP snooping drop?

A. discover messages
B. DHCP messages where the source MAC and client MAC do not match
C. traffic from a trusted DHCP server to client
D. DHCP messages where the destination MAC and client MAC do not match

A

Answer: B

152
Q

Which of the below mentioned conditions form a neighbor relationship in EIGRP? (Choose three)

A. Hello or ACK received
B. AS number match
C. Hello timer match
D. Identical metric (k values)
E. Dead Timer Match

A

Answer: A,B,D

153
Q

r1# show run | inc ntp
ntp master 5
ntp authenticate
ntp authentication-key 1 md4 123Cisco
ntp authentication-key 5 md4 Cisco123
ntp trusted-key 1

Which effect of this configuration is true?
A. R1 synchronizes with systems that include authentication key 5 in their packets.
B. R1 acts as an authoritative clock with a priority ID of 1.
C. R1 acts as an authoritative clock at stratum 5.
D. R1 is the NTP client for a stratum 1 server.

A

Answer: C

154
Q

Which two statements about GRE tunnel interfaces are true?

A. To establish a tunnel, the source interface must be in the up/up state.
B. A tunnel destination must be routable, but it can be unreachable.
C. A tunnel can be established when the source interface is in the up/down state.
D. To establish a tunnel, the source interface must be a loopback.

155
Q

Which cisco Express Forwarding component maintains Layer 2 addressing information?

A. dCEF
B. adjacency table.
C. FIB
D. fast switching
E. RIB

A

Answer: B

Explanation: Adjacency TablesNodes in the network are said to be adjacent if they can reach each other with a single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend Layer 2 addressing information. The adjacency table maintains Layer 2 next-hop addresses for all FIB entries

http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/configuration/guide/fswtch_c/xcfcef.html

156
Q

Which command enables NAT-PT on an IPv6 interface?

A. IPv6 nat-pt enable
B. ipv6 nat
C. Ipv6 nat-pt
D. Ipv6 nat enable

157
Q

A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption.

Which command satisfies the requirements of this scenario?

A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO
B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO

A

Answer: A

158
Q

Drag and drop the statements from the left onto the correct IPv6 router security features on the right.

A
159
Q

What two features are benefits of using GRE tunnels with IPsec over using an IPsec tunnel alone in building-to-building site-to-site VPNs? (Choose two.)

A. allows dynamic routing securely over the tunnel
B. IKE keepalives are unidirectional and sent every ten seconds
C. reduces IPsec headers overhead since tunnel mode is used
D. supports non-IP traffic over the tunnel
E. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

A

Answer: A,D

160
Q

An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?

A. Cisco Express Forwarding has not been configured globally.
B. NetFlow output has been filtered by default.
C. Flow Export version 9 is in use.
D. The command ip flow-capture fragment-offset has been enabled.

A

Answer: A

161
Q

Which DSL encapsulation method requires client software running on the end-user PC that is directly connected to a DSL modem?

A. PPPoA
B. PPPoE
C. PPP
D. L2TP
E. ATM

A

Answer: B

162
Q

Which protocols support DMVPN?

A. EIGRP
B. RIP2
C. OSPF
D. BGP
E. ISIS

A

Answer: A,B,C

163
Q
A
164
Q

Which two features does RADIUS combine? (choose two)

A. Telnet
B. Accouting
C. SSH
D. Authenticaiton
E. Authorization

A

Answer: D,E

165
Q

A new TAC engineer came to you for advice. A GRE over IPsec tunnel was configured, but the tunnel is not coming up.

What did the TAC engineer configure incorrectly?

A. The crypto map is not configured correctly.
B. The crypto ACL is not configured correctly.
C. The crypto map is not applied to the correct interface.
D. The OSPF network is not configured correctly.

A

Answer: B

166
Q

Given the partial configuration in the exhibit, which IPv6 statement is true?

A. The configuration is an example of an encrypted IPv6 VPN tunnel.
B. The configuration is an example of a one to one IPv6 tunnel.
C. The configuration is an example of a 6to4 tunnel.
D. The configuration is an example of a 4to6 tunnel.

A

Answer: C

167
Q

Which interface type does a PPPoE client use to establish a session?

A. Physical
B. loopback
C. visual-template
D. dialer

168
Q

A network engineer finds that a core router has crashed without warning. In this situation,which feature can the engineer use to create a crash collection?

A. secure copy protocol
B. core dumps
C. warm reloads
D. SNMP
E. NetFlow

A

Answer: B

169
Q

Which option is a prerequisite for stateful NAT64?

A. IPsec for IPv6
B. DNS64
C. application level gateway
D. ICMP64

A

Answer: B

170
Q
A
171
Q

In the network diagram, Area 1 is defined as a stub area. Because redistribution is not allowed in the stub area, EIGRP routes cannot be propagated into the OSPF domain. How does defining area 1 as a not-so-stubby area (NSSA) make it possible to inject EIGRP routes into the OSPF NSSA domain?

A. by creating type 5 LSAs
B. by creating type 7 LSAs
C. by creating a link between the EIGRP domain and the RIP domain, and redistributing EIGRP into RIP
D. by manually changing the routing metric of EIGRP so that it matches the routing metric of OSPF

A

Answer: B

172
Q

A network engineer executes the “ipv6 flowset” command. What is the result?

A. Flow-label marking in 1280-byte or larger packets is enabled.
B. Flow-set marking in 1280-byte or larger packets is enabled.
C. IPv6 PMTU is enabled on the router.
D. IPv6 flow control is enabled on the router.

A

Answer: A

173
Q

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1?

A. ip access-list extended 200
deny tcp host 10.10.10.1 eq 80 any
permit ip any any

B. ip access-list extended 10
deny tcp host 10.10.10.1 any eq 80
permit ip any any

C. ip access-list extended NO_HTTP
deny tcp host 10.10.10.1 any eq 80

D. ip access-list extended 100
deny tcp host 10.10.10.1 any eq 80
permit ip any any

A

Answer: D

174
Q

How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry?

A. by forwarding the packet
B. by dropping the packet
C. by creating a new FIB entry for the packet
D. by looking in the routing table for an alternate FIB entry

A

Answer: B

175
Q

Which command prevents routers from sending routing updates through a router interface?

A. default –metric 0
B. distribute-list in
C. passive-interface
D. distribute-list out

A

Answer: C

176
Q

Which three IP SLA performance metrics can you use to monitor enterprise-class networks? (Choose three.)

A. PAcket loss
B. Delay
C. bandwidth
D. Connectivity
E. Reliability
F. traps

A

Answer: A,B,D

177
Q

Which type of BGP AS number is 64591?

A. a private AS number
B. a public AS number
C. a private 4-byte AS number
D. a public 4-byte AS number

A

Answer: A

178
Q

Which statement is true?

A. RTA will redistribute the RIP routers into the NSSA as type 7 LSAs. RTB will translate the type 7 LSAs into type LSAs and flood them throughout the OSPF backbone.

B. RTA will redistribute the RIP routers into the NSSA as type 7 LSAs. RTB will flood the type 7 LSAs throughout the backbone.

C. RTA will redistribute the RIP routers into the NSSA as type 5 LSAs. RTB will flood the type 5 LSAs throughout the backbone.

D. RTA will redistribute the RIP routers into the NSSA as type 5 LSAs. RTB will translate the type of 5 LSAs unto type 7 LSAs and flood them throughout the OSPF backbone.

E. RTA will not redistribute the RIP routers into the NSSA.

A

Answer: A

179
Q

Refer to the exhibit. The command is executed while configuring a point-to-multipoint
Frame Relay interface. Which type of IPv6 address is portrayed in the exhibit?

“frame-relay map ipv6 FE80: xxxxxxx”

A. link-local
B. site-local
C. global
D. multicast

A

Answer: A

180
Q

In IPv6, the interfaces running OSPF can be configured with multiple address prefixes. Which statement is true about the IPv6 addresses that can be included into the OSPF process?

A. Specific addresses cannot be selected for importation into the OSPF process.
B. Specific addresses can be selected using an ACL.
C. Specific addresses can be selected using a route map.
D. Specific addresses can be selected using a prefix list.

181
Q

Which DHCP option provides a TFTP server that Cisco phones can use to download a configuration?

A. DHCP Option 66
B. DHCP Option 68
C. DHCP Option 82
D. DHCP Option 57

A

Answer: A

182
Q

router eigrp 1
redistribute ospf 100
network 10.10.10.0 0.0.0.255
auto-summary

!
router ospf 100
network 172.16.0.0 0.0.255.255 area 100
redistribute eigrp 1

Which option describes why the EIGRP neighbors of this router are not learning routes that are received fromOSPF?

A. The subnet defined in OSPF is not part of area 0.
B. Default metrics are not configured under EIGRP.
C. There is no overlap in the subnets advertised.
D. The routing protocols do not have the same AS number.

A

Answer: B

183
Q
A
184
Q

Which configuration can you apply to a device so that it always blocks outbound web traffic on Saturdays and Sundays between the hours of 1:00 AM and 11:59 PM?

A. Option A
B. Option B
C. Option C
D. Option D

A

Answer: C

185
Q

What is the function of the snmp-server manager command?

A. to enable the device to send and receive SNMP requests and responses
B. to disable SNMP messages from getting to the SNMP engine
C. to enable the device to send SNMP traps to the SNMP server
D. to configure the SNMP server to store log data

A

Answer: A

Explanation: The SNMP manager process sends SNMP requests to agents and receives SNMP responses and notifications from agents. When the SNMP manager process is enabled, the router can query other SNMP agents and process incoming SNMP traps.

Most network security policies assume that routers will be accepting SNMP requests, sending SNMP responses, and sending SNMP notifications. With the SNMP manager functionality enabled, the router may also be sending SNMP requests, receiving SNMP responses, and receiving SNMP notifications.

The security policy implementation may need to be updated prior to enabling this functionality. SNMP requests are typically sent to UDP port 161. SNMP responses are typically sent from UDP port 161. SNMP notifications are typically sent to UDP port 162.

186
Q

A network engineer has configured a tracking object to monitor the reachability of IP SLA 1.

In order to update the next hop for the interesting traffic, which feature must be used in conjunction with the newly created tracking object to manipulate the traffic flow as required?

A. SNMP
B. PBR
C. IP SLA
D. SAA
E. ACLs
F. IGP

A

Answer: B

187
Q

An engineer is configuring a GRE tunnel interface in the default mode. The engineer has assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface.

Which option also is required on the tunnel interface before it is operational?

A. tunnel destination address
B. keepalives
C. IPv6 address
D. tunnel protection

A

Answer: A

188
Q

A company has their headquarters located in a large city with a T3 frame relay link that connects 30 remote locations that each have T1 frame relay connections.

Which technology must be configured to prevent remote sites from getting overwhelmed with traffic and prevent packet drops from the headquarters?

A. traffic shaping
B. IPsec VPN
C. GRE VPN
D. MPLS

A

Answer: A

189
Q

Refer to the following configuration command.
router(conttg)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80

Which statement about the command is true?

A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80 is translated to 172.16.10.8 8:80

B. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is redirected to port 8080 or port 80

C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8

D. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8 8080 is translated to 172.16.10.8 80

190
Q

A network engineer is troubleshooting a DMVPN setup between the hub and the spoke. The engineer executes the command show crypto isakmp sa and observes the output that is displayed. What is the problem?

A. That ISAKMP is not enabled
B. That ISAKMP is using default settings
C. An incompatible IP sec transform set
D. An incompatible ISAKMP policy

A

Answer: B

191
Q

Which two statements about AAA implementation in a Cisco router are true? (Choose two.)

A. RADIUS is more flexible than TACACS+ in router management.
B. RADIUS and TACACS+ allow accounting of commands.
C. RADIUS and TACACS+ encrypt the entire body of the packet.
D. RADIUS and TACACS+ are client/server AAA protocols.
E. Neither RADIUS nor TACACS+ allow for accounting of commands.

A

Answer: B,D

192
Q

A network engineer enables OSPF on a Frame Relay WAN connecton to various remote stes, but no OSPF adiacencies come up Which two actions are possible solutions for thisissue? (Choose Two)

A Change the network type to point-to-murpont under WAN interface
B. Enable virtual Inks
C Change the networktype to nonbroadcast mutpoint access
D Configure the neighbor command under OSPF process for each remote ste
E Ensure that the OSPF process number matches among all remote stes

A

Answer: A, D

193
Q

Which option prevents routing updates from being sent to the access layer switches?

A. DWS1(config-router)# passive-interface default DWS2(config-router)# passive-interface default

B. ALS1(config-router)# passive-interface default ALS2(config-router)# passive-interface default

C. DWS1(config-router)# passive-interface gi1/1 DWS1(config-router)# passive-interface gi1/2 DWS2(config-router)# passive-interface gi1/1 DWS2(config-router)# passive-interface gi1/2

D. ALS1(config-router)# passive-interface gi0/1 ALS1(config-router)# passive-interface gi0/2 ALS2(config-router)# passive-interface gi0/1 ALS2(config-router)# passive-interface gi0/2

A

Answer: C

194
Q

Which traffic characteristic is the reason that UDP traffic that carries voice and video is assigned to the queue only on a link that is at least 768 kbps?

A. typically is not fragmented
B. typically is fragmented
C. causes windowing
D. causes excessive delays for video traffic

A

Answer: A

195
Q

Refer to the exhibit. Which statement is true?

A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.

B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.

C. The 10.0.0.0/8 network will not be in the routing table on Router B.

D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network

E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.

A

Answer: E

196
Q

If the total bandwidth is 64 kbps and the RTT is 3 seconds, what is the bandwidth delay product?

A. 8,000 bytes
B. 16,000 bytes
C. 24,000 bytes
D. 32,000 bytes
E. 62,000 bytes

A

Answer: C

197
Q

An administrator needs to setup an NTP client to provide updates to local without synchronizing to server. What is the command?

A. Serve
B. Serve-only
C. peer

A

Answer: A

198
Q

Which mode of uRPF causes a router interface to accept a packet, if the network to which the packet’s source IP address belongs is found in the router’s FIB?

A. Strict mode
B. Loose mode
C. Auto mode
D. Desirable mode

A

Answer: B

Explanation:

A number of common types of DoS attacks take advantage of forged or rapidly changing source IP addresses, allowing attackers to thwart efforts by ISPs to locate or filter these attacks.

Unicast RPF was originally created to help mitigate such attacks by providing an automated, scalable mechanism to implement the Internet Engineering Task Force (IETF) Best Common Practices 38/Request for Comments 2827 (BCP 38/RFC 2827) anti-spoofing filtering on the customer-to-ISP network edge.

By taking advantage of the information stored in the Forwarding Information Base (FIB) that is created by the CEF switching process, Unicast RPF can determine whether IP packets are spoofed or malformed by matching the IP source address and ingress interface against the FIB entry that reaches back to this source (a so-called reverse lookup).

Packets that are received from one of the best reverse path routes back out of the same interface are forwarded as normal. If there is no reverse path route on the same interface from which the packet was received, it might mean that the source address was modified, and the packet is dropped (by default).

http: //www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/secdata-urpf-xe-3s-book/sec-unicast-rpf-loosemode.
http: //www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html#GUID-FFFA94D5- EEFB-4215-9EE1-DB37CD01C2CA

199
Q

What are three IPv6 transition mechanisms? (Choose three)

A. 6to4 tunneling
B. VPN tunneling
C. GRE tunneling
D. ISATAP tunneling
E. PPP tunneling
F. Teredo tunneling

A

Answer: A,D,F

Below is a summary of IPv6 transition technologies:

6 to 4 tunneling: This mechanism allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup. The main advantage of this technology is that it requires no end-node reconfiguration and minimal router configuration but it is not intended as a permanent solution.

ISATAP tunneling (Intra-Site Automatic Tunnel Addressing Protocol): is a mechanism for transmitting IPv6 packets over IPv4 network. The word “automatic” means that once an ISATAP server/router has been set up, only the clients must be configured to connect to it.

Teredo tunneling: This mechanism tunnels IPv6 datagrams within IPv4 UDP datagrams, allowing private IPv4 address and IPv4 NAT traversal to be used.

In fact, GRE tunneling is also a IPv6 transition mechanism but is not mentioned in BSCI so we shouldn’t choose it (there are 4 types of IPv6 transition mechanisms mentioned in BSCI; they are manual, 6-to-4, Teredo and ISATAP).

200
Q

config
interface f0/1
ip address 209.165.200.225 255.255.255.224
ip nat outside
!
interface f0/2
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
access-list 10 permit 10.10.10.0 0.0.0.255
!

Which command allows hosts that are connected to FastEthernet0/2 to access the Internet?

A. ip nat inside source list 10 interface FastEthernet0/1 overload
B. ip nat outside source static 209.165.200.225 10.10.10.0 overload
C. ip nat inside source list 10 interface FastEthernet0/2 overload
D. ip nat outside source list 10 interface FastEthernet0/2 overload

A

Answer: A

201
Q

Which two reasons for IP SLA tracking failure are likely true? (Choose Two)

A. The source-interface is configured incorrectly.
B. The destination must be 172.30.30.2 for icmp-echo.
C. A route back to the R1 LAN network is missing in R2.
D. The default route has wrong next hop IP address.
E. The threshold value is wrong.

A

Answer: B,E

202
Q

Which alerts will be seen on the console when running the command: logging console warnings.?

A. warnings only
B. warnings, notifications, error, debugging, informational
C. warnings, errors, critical, alerts, emergencies
D. notifications, warnings, errors
E. warnings, errors, critical, alerts

A

Answer: C

203
Q

Which SNMP verification command shows the encryption and authentication protocols that are used in SNMPv3?

A. show snmp view
B. show snmp
C. show snmp user
D. show snmp group

A

Answer: C

204
Q

Which technology can be employed to automatically detect a WAN primary link failure and failover to the secondary link?

A. HSRP
B. VRRP
C. IP SLA
D. multicast

A

Answer: C

205
Q

Which IP SLA operation can be used to measure round-trip delay for the full path and hopby-hop round-trip delay on the network?

A. HTTP
B. ICMP path echo
C. TCP connect
D. ICMP echo

A

Answer: B

206
Q

Which type of handshake does CHAP authentication use to establish a PPP link?

A. one-way
B. two-way
C. three-way
D. four-way

A

Answer: C

207
Q

Which functionality is required within an IP router that is situated at the boundary of an IPv4 network and an IPv6 network to allow communication between IPv6-only and IPv4-only nodes?

A. Autoconfiguration
B. Automatic 6to4 Tunnel
C. Automatic 6to4 Relay
D. Network Address Translator-Protocol Translator (NAT-PT)
E. Intrasite Automatic Tunnel Address Protocol (ISATAP)

A

Answer: D

208
Q

In a comparison of an IPv4 header with an IPv6 header, which three statements are true? (Choose three.)

A. An IPv4 header includes a checksum. However, an IPv6 header does not include one.

B. A router has to recompute the checksum of an IPv6 packet when decrementing the TTL.

C. An IPv6 header is half the size of an IPv4 header.

D. An IPv6 header has twice as many octets as an IPv4 header.

E. An IPv6 header is simpler and more efficient than an IPv4 header.

F. The 128-bit IPv6 address makes the IPv6 header more complicated than an IPv4 header.

A

Answer: A,D,E

Explanation:

The image below shows the differences between an IPv4 header and an IPv6 header:

209
Q

A network administrator notices that the BGP state drops and logs are generated for missing BGP hello keepalives. What is the potential problem?

A. Incorrect neighbor options
B. Hello timer mismatch
C. BGP path MTU enabled
D. MTU mismatch

A

Answer: D

210
Q

What is the optimal location from which to execute a debug command that produces an excessive amount of information?

A. Vty lines
B. SNMP commands
C. A console port
D. An AUX port

A

Answer: A

211
Q

Your company uses Voice over IP (VoIP). The system sends UDP datagrams containing the voice data between communicating hosts. When areas of the network become busy, some of the datagrams arrive at their destination out of order. What happens when this occurs?

A. UDP will send an ICMP Information request message to the source host.

B. UDP will pass the information in the datagrams up to the next OSI layer in the order in which they arrive.

C. UDP will drop the datagrams that arrive out of order.

D. UDP will use the sequence numbers in the datagram headers to reassemble the data into the

A

Answer: B

212
Q

Which statement is true concerning 6to4 tunneling?

A. IPv4 traffic is encapsulated with an IPv6 header.
B. The edge routers can use any locally configured IPv6 address.
C. Hosts and routers inside a 6to4 site will need a special code.
D. An edge router must use IPv6 address of 2002::/16 in its prefix.

A

Answer: D

Explanation:

6to4 tunnels use IPv6 addresses that concatenate 2002::/16 with the 32-bit IPv4 address of the edge router, creating a 48-bit prefix.

213
Q

Refer to the exhibit. What two statements are true? (Choose two.)

A. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command.

B. OSPF version 2 has been enabled to support IPv6.

C. The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808.

D. The output was generated by the show ip interface command.

E. The router was configured with the commands: router ospf 1 network 172.16.6.0 0.0.0.255 area 1

F. This is the designated router (DR) on the FastEthernet 0/0 link.

A

Answer: A,C
Explanation:

OSPFv3 supports IPv6. The configuration of OSPFv3 is not a subcommand mode of the
router ospf command as it is in OSPFv2 configuration.

For example, instead of using the network area command to identify networks that are part of the OSPFv3 network, the interfaces are directly configured to specify that IPv6 networks are part of the OSPFv3 network.

The following describes the steps to configure OSPF for IPv6:

There are several commonly used OSPFv3 show commands, including the show ipv6 ospf
[process-id] [area-id] interfacee [interface] command

214
Q

What is the IPv6 address FF02::2 used for?

A. all hosts in a local segment
B. all routers in a local segment
C. all hosts in a particular multicast group
D. all routers in an autonomous system

A

Answer: B

Explanation:

To identify all nodes for the node-local and link-local scopes, the following multicast
addresses are defined:

  • FF01::1 (node-local scope all-nodes address)
  • FF02::1 (link-local scope all-nodes address)

To identify all routers for the node-local, link-local, and site-local scopes, the following
multicast addresses are defined:

  • FF01::2 (node-local scope all-routers address)
  • FF02::2 (link-local scope all-routers address)
  • FF05::2 (site-local scope all-routers address)
215
Q

Which two different configuration can you apply to a device to block incoming SSH access?

A. Option A
B. Option B
C. Option C
D. Option D
E. Option E

(Choose two)

A

Answer: B,C

216
Q

Other than a working EIGRP configuration, which option must be the same on all routers
for EIGRP authentication key role over to work correctly?

A. SMTP
B. SNMP
C. Passwords
D. Time

A

Answer: C

217
Q

Which technology was originally developed for routers to handle fragmentation in the path
between end points?

A. PMTUD
B. MSS
C. windowing
D. TCP
E. global synchronization

A

Answer: A

218
Q

A network engineer executes the commands logging host 172.16.200.225 and logging trap 5. Which action results when these two commands are executed together?

A. Logging messages that have a debugging severity level are sent to the remote server
172.16.200.225.

B. Logged information is stored locally, showing the sources as 172.16.200.225

C. Logging messages that have any severity level are sent to the remote server
172.16.200.225

D. Logging messages that have a severity level of “notifications” and above (numerically
lower) are sent to the remote server 172.16.200.225

A

Answer: D

219
Q

Considering the IPv6 address independence requirements, which process do you avoid when you use NPTv6 for translation

A. rewriting of higher layer information
B. checksum verification
C. ipv6 duplication and conservation
D. IPSEC AH header modification

A

Answer: A

220
Q

ALWAYS block the outbound web traffic on Saturdays and Sunday between 1:00 to 23:59

A. periodic Saturday Sunday 01:00 to 23:59 and IN
B. periodic Saturday Sunday 01:00 to 23:59 and OUT
C. periodic Saturday Sunday 01:00 to 11:59 and IN
D. Absolute Saturday Sunday 01:00 to 11:59 and IN

A

Answer: B

221
Q

Which access list entry checks for an ACK within a packet header?

A. access-list 49 permit ip any any eq 21 tcp-ack
B. access-list 49 permit tcp any any eq 21 tcp-ack
C. access-list 149 permit tcp any any eq 21 established
D. access-list 49 permit tcp any any eq 21 established

A

Answer: C

222
Q

Which command do you enter to display log messages with a timestamp that includes the length of time since the device was last rebooted?

A. service timestamps log uptime
B. logging facility 20
C. service timestamps debugging localtime msec
D. logging console errors
E. logging monitor 7
F. service timestamps log datetime msec

A

Answer: A

223
Q

Which type of information is displayed when a network engineer executes the show track 1 command on the router?

A. information about the IP route track table.
B. time to next poll for track object 1
C. information about tracking list 1
D. tracking information statistics.

A

Answer: C

224
Q

Refer to the exhibit. A network engineer executes the show ipv6 ospf database command and is presented with the output that is shown. Which flooding scope is referenced in the link-state type?

A. link-local
B. area
C. As (OSPF domain)
D. reserved

A

Answer: B

225
Q

When unicast reverse path forwarding is configured on an interface, which action does the interface take first when it receives a packet?

A. it verifies that the source has a valid VEF adjacency.
B. It checks the egress access lists.
C. it verifies a reverse path via the FIB to the source.
D. It checks the ingress access lists.

A

Answer: A

226
Q

Which parameter in an SNMPv3 configuration offers authentication and encryption?

A. auth
B. noauth
C. priv
D. secret

A

Answer: C

227
Q

Company has migrated to IPv6 in their network. Which three IPv6 notations represent the same address? (Select three)

A. 2031::130F::9C0:876A:130B
B. 2031:0000:130F:0000:0000:09C0:876A:130B
C. 2031:0:130F:::9C0:876A:130B
D. 2031::130F:0::9C0:876A:130B
E. 2031:0:130F:0:0:09C0:876A:130B
F. 2031:0:130F::9C0:876A:130B

A

Answer: B,E,F

Explanation:

With IP version 6, octets containing all zero’s can be simply represented as :, while
consecutive zero fields can be represented as ::. ANSWER choices C and E are simply the
shorthand version of the fully written IPv6 address shown in choice.

228
Q

In which two ways can NetFlow data be viewed? (Choose two.)

A. CLI
B. NetFlow
C. built-in GUI
D. syslog server interface
E. web interface

A

Answer: A,B

229
Q

Which SNMP version provides both encryption and authentication?

A. SNMPv4
B. SNMPv2c
C. SNMPv3
D. SNMPv1

A

Answer: C

230
Q

Which option is the first task that a device that is configured with NAT64 performs when it receives an incoming IPv6 packet that matches the stateful NAT64 prefix?

A. It translates the IPv6 header into an IPv4 header.
B. It checks the IPv6 packet against the NAT64 stateful prefix.
C. It translates the IPv6 source address to an IPv4 header.
D. It translates the^ IPv4 destination address into a new NAT64 state.
E. It performs an IPv6 route lookup.

A

Answer: A

231
Q

Which two statements are true about using IPv4 and IPv6 simultaneously on a network segment? (Choose two.)

A. Hosts can be configured to receive both IPv4 and IPv6 addresses via DHCP.

B. Host configuration options for IPv4 can be either statically assigned or assigned via DHCP Host configuration options for IPv6 can be statically assigned only.

C. IPv6 allows a host to create its own IPv6 address that will allow it to communicate to other devices on a network configured via DHCP. IPv4 does not provide a similar capability for hosts.

D. IPv4 and IPv6 addresses can be simultaneously assigned to a host but not to a router
interface.

E. IPv6 provides for more host IP addresses but IPv4 provides for more network
addresses.

A

Answer: A,C

Explanation:

Like DHCP in IPv4, IPv6 hosts can also be configured to acquire connectivity parameters from DHCPv6 servers.

IPv4 clients use DHCP broadcasts to locate DHCP servers, and since broadcasts are extinct in IPv6, clients use specialized multicasts to locate DHCPv6 servers.

These multicasts use the reserved address FF02::1:2. One notable difference between DHCP and DHCPv6 is that while DHCP can inform clients which node to use as the default gateway, DHCPv6 does not do this.

232
Q

A network engineer wants to display the statistics of an active tunnel on a DMVPN network. Which command should the administrator execute to accomplish this task?

A. Router#show crypto ipsec sa
B. Router#show crypto isakmp peers
C. Router#show crypto isakmp sa
D. Router#show crypto ipsec transform-set
E. Router#show crypto engine connections active

A

Answer: A

233
Q

A network engineer is configuring the router for NetFlow data exporting. What is required in order for NDE to begin exporting data?

A. Source
B. Flow mask
C. Destination
D. Interface type
E. Traffic type
F. NetFlow version

A

Answer: C

234
Q

A route map uses an ACL, if the required matching is based on which criteria?

A. addressing information
B. route types
C. AS paths
D. metrics

A

Answer: A

235
Q

A. Interface authentication must be configured.
B. The routing processes must be configured with an area ID.
C. IP unicast routing must be enabled.
D. IPv4 addresses must be applied to the interfaces.

A

Answer: C

236
Q

Which two statements about PAP and CHAP authentication are true? (Choose two)

A. PAP uses a challenge string from the server to the client.
B. PAP can query a TACACS+ server to verify access credentials.
C. CHAP requires the client to supply a username and optional password.
D. PAP requires the client to supply a username and optional password.
E. CHAP uses a challenge string from the server to the client.

A

Answer: D,E

237
Q

In which scenario can asymmetric routing occur?

A. active/active firewall setup
B. single path in and out of the network.
C. active/standby firewall setup
D. redundant routers running VRRP

A

Answer: D

238
Q

Which option represents the minimal configuration that allows inbound traffic from the 172.16.1.0/24 network to successfully enter router R, while also limiting spoofed 10.0.0.0/8 hosts that could enter router R?

A. (config)#ip cef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx allow-default

B. (config)#ip cef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx

C. (config)#no ip cef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx

D. (config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via any

A

Answer: A

239
Q

A network engineer executes the show ip cache flow command. Wich two types of information are displayed in the report that is generated? (Choose 2)

A. top talkers
B. flow export statistics
C. flow sample for specific protocols
D. MLS flow traffic
E. IP packet distribution

A

Answer: C,E

240
Q

Which statement about the configuration is true?

A. This configuration is incorrect because the MTU must match the ppp-max-payload that is defined.

B. This configuration is incorrect because the dialer interface number must be the same as the dialer pool number.

C. This configuration is missing an IP address on the dialer interface.

D. This configuration represents a complete PPPoE client configuration on an Ethernet connection.

A

Answer: D

241
Q

A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same VRF. At a later time, a new loopback is added to Router 1, but it cannot ping any of the existing interfaces. Which two configurations enable the local or remote router to ping the loopback from any existing interface? (Choose two.)

A. adding a static route for the VRF that points to the global route table
B. adding the loopback to the VRF
C. adding dynamic routing between the two routers and advertising the loopback
D. adding the IP address of the loopback to the export route targets for the VRF
E. adding a static route for the VRF that points to the loopback interface
F. adding all interfaces to the global and VRF routing tables

A

Answer: A,B