ccnp_route_300-101_20141211130757 Flashcards
Based on this FIB table, which statement is correct?A. There is no default gateway.B. The IP address of the router on FastEthernet is 209.168.201.1.C. The gateway of last resort is 192.168.201.1.D. The router will listen for all multicast traffic.
Answer: CExplanation:The 0.0.0.0/0 route is the default route and is listed as the first CEF entry. Here we see the nexthop for this default route lists 192.168.201.1 as the default router (gateway of last resort).
A network administrator checks this adjacency table on a router. What is a possible cause for theincomplete marking?A. incomplete ARP informationB. incorrect ACLC. dynamic routing protocol failureD. serial link congestion
Answer: AExplanation:To display information about the Cisco Express Forwarding adjacency table or the hardware Layer3-switching adjacency table, use the show adjacency command.Reasons for Incomplete AdjacenciesThere are two known reasons for an incomplete adjacency:No ARP EntryWhen CEF cannot locate a valid adjacency for a destination prefix, it punts the packets to the CPUfor ARP resolution and, in turn, for completion of the adjacency.Reference: http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/17812-cefincomp.html#t4
A network engineer notices that transmission rates of senders of TCP traffic sharply increase anddecrease simultaneously during periods of congestion. Which condition causes this?A. global synchronizationB. tail dropC. random early detectionD. queue management algorithm
Answer: AExplanation:TCP global synchronization in computer networks can happen to TCP/IP flows during periods ofcongestion because each sender will reduce their transmission rate at the same time when packetloss occurs.Routers on the Internet normally have packet queues, to allow them to hold packets when thenetwork is busy, rather than discarding them. Because routers have limited resources, the size of these queues is also limited. The simplesttechnique to limit queue size is known as tail drop. The queue is allowed to fill to its maximumsize, and then any new packets are simply discarded, until there is space in the queue again. This causes problems when used on TCP/IP routers handling multiple TCP streams, especiallywhen bursty traffic is present. While the network is stable, the queue is constantly full, and thereare no problems except that the full queue results in high latency. However, the introduction of asudden burst of traffic may cause large numbers of established, steady streams to lose packetssimultaneously.Reference: http://en.wikipedia.org/wiki/TCP_global_synchronization
Which three problems result from application mixing of UDP and TCP streams within a networkwith no QoS? (Choose three.)A. starvationB. jitterC. latencyD. windowingE. lower throughput
Answer: A,C,EExplanation:It is a general best practice not to mix TCP-based traffic with UDP-based traffic (especiallystreaming video) within a single service provider class due to the behaviors of these protocolsduring periods of congestion. Specifically, TCP transmitters will throttle-back flows when dropshave been detected. Although some UDP applications have application-level windowing, flowcontrol, and retransmission capabilities, most UDP transmitters are completely oblivious to dropsand thus never lower transmission rates due to dropping. When TCP flows are combined withUDP flows in a single service provider class and the class experiences congestion, then TCPflows will continually lower their rates, potentially giving up their bandwidth to drop-oblivious UDPflows. This effect is called TCP-starvation/UDP-dominance. This can increase latency and lowerthe overall throughput. TCP-starvation/UDP-dominance likely occurs if (TCP-based) mission-critical data is assigned tothe same service provider class as (UDP-based) streaming video and the class experiencessustained congestion. Even if WRED is enabled on the service provider class, the same behaviorwould be observed, as WRED (for the most part) only affects TCP-based flows.Granted, it is not always possible to separate TCP-based flows from UDP-based flows, but it isbeneficial to be aware of this behavior when making such application-mixing decisions.Reference: http://www.cisco.com/warp/public/cc/so/neso/vpn/vpnsp/spqsd_wp.htm
Which method allows IPv4 and IPv6 to work together without requiring both to be used for a singleconnection during the migration process?A. dual-stack methodB. 6to4 tunnelingC. GRE tunnelingD. NAT-PT
Answer: AExplanation:Dual stack means that devices are able to run IPv4 and IPv6 in parallel. It allows hosts tosimultaneously reach IPv4 and IPv6 content, so it offers a very flexible coexistence strategy. Forsessions that support IPv6, IPv6 is used on a dual stack endpoint. If both endpoints support IPv4only, then IPv4 is used.Benefits:• Native dual stack does not require any tunneling mechanisms on internal networks• Both IPv4 and IPv6 run independent of each other• Dual stack supports gradual migration of endpoints, networks, and applications.Reference: http://www.cisco.com/web/strategy/docs/gov/IPV6at_a_glance_c45-625859.pdf
Which statement about the use of tunneling to migrate to IPv6 is true?A. Tunneling is less secure than dual stack or translation.B. Tunneling is more difficult to configure than dual stack or translation.C. Tunneling does not enable users of the new protocol to communicate with users of the oldprotocol without dual-stack hosts.D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits ofIPv4-compatible IPv6 addresses.
Answer: CExplanation:Using the tunneling option, organizations build an overlay network that tunnels one protocol overthe other by encapsulating IPv6 packets within IPv4 packets and IPv4 packets within IPv6packets. The advantage of this approach is that the new protocol can work without disturbing theold protocol, thus providing connectivity between users of the new protocol.Tunneling has two disadvantages, as discussed in RFC 6144:• Users of the new architecture cannot use the services of the underlying infrastructure.• Tunneling does not enable users of the new protocol to communicate with users of theold protocol without dual-stack hosts, which negates interoperability.Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html
A network administrator executes the command clear ip route. Which two tables does thiscommand clear and rebuild? (Choose two.)A. IP routingB. FIBC. ARP cacheD. MAC address tableE. Cisco Express Forwarding tableF. topology table
Answer: A,BExplanation:To clear one or more entries in the IP routing table, use the following commands in any mode:Command:clear ip route {* | {route |prefix/length} [next-hop interface]}[vrf vrf-name]Example:switch(config)# clear ip route10.2.2.2Purpose:Clears one or more routes from both the unicast RIB and all the module FIBs. The routeoptions are as follows:•* — All routes.•route — An individual IP route.•prefix/length — Any IP prefix.•next-hop — The next-hop address•interface — The interface to reach the next-hop address.The vrf-name can be any case-sensitive, alphanumeric string up to 32 characters.Reference:http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/unicast/5_0_3_N1_1/Cisco_n5k_layer3_ucast_cfg_rel_503_N1_1/l3_manage-routes.html
Which switching method is used when entries are present in the output of the command show ipcache?A. fast switchingB. process switchingC. Cisco Express Forwarding switchingD. cut-through packet switching
Answer: AExplanation:Fast switching allows higher throughput by switching a packet using a cache created by the initialpacket sent to a particular destination. Destination addresses are stored in the high-speed cacheto expedite forwarding. Routers offer better packet-transfer performance when fast switching isenabled. Fast switching is enabled by default on all interfaces that support fast switching.To display the routing table cache used to fast switch IP traffic, use the “show ip cache” EXECcommand.
Which two actions must you perform to enable and use window scaling on a router?(Choose two.)A. Execute the command ip tcp window-size 65536.B. Set window scaling to be used on the remote host.C. Execute the command ip tcp queuemax.D. Set TCP options to “enabled” on the remote host.E. Execute the command ip tcp adjust-mss.
Answer: A,BExplanation:The TCP Window Scaling feature adds support for the Window Scaling option in RFC 1323, TCPExtensions for High Performance . A larger window size is recommended to improve TCPperformance in network paths with large bandwidth-delay product characteristics that are calledLong Fat Networks (LFNs). The TCP Window Scaling enhancement provides that support.The window scaling extension in Cisco IOS software expands the definition of the TCP window to32 bits and then uses a scale factor to carry this 32-bit value in the 16-bit window field of the TCPheader. The window size can increase to a scale factor of 14. Typical applications use a scalefactor of 3 when deployed in LFNs.The TCP Window Scaling feature complies with RFC 1323. The larger scalable window size willallow TCP to perform better over LFNs. Use the ip tcp window-size command in globalconfiguration mode to configure the TCP window size. In order for this to work, the remote hostmust also support this feature and its window size must be increased.Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-12-4tbook/iap-tcp.html#GUID-BD998AC6-F128-47DD-B5F7-B226546D4B08
WhichthreeTCPenhancementscanbeusedwithTCPselectiveacknowledgment?(Choosethree.)A. header compressionB. explicit congestion notificationC. keepaliveD. time stampsE. TCP path discoveryF. MTU window
Answer: B,C,DExplanation:TCP Selective AcknowledgmentThe TCP Selective Acknowledgment feature improves performance if multiple packets are lostfrom one TCP window of data. Prior to this feature, because of limited information available from cumulative acknowledgments, aTCP sender could learn about only one lost packet per-round-trip time. An aggressive sendercould choose to resend packets early, but such re-sent segments might have already beensuccessfully received. The TCP selective acknowledgment mechanism helps improve performance. The receiving TCPhost returns selective acknowledgment packets to the sender, informing the sender of data thathas been received. In other words, the receiver can acknowledge packets received out of order. The sender can then resend only missing data segments (instead of everything since the firstmissing packet). Prior to selective acknowledgment, if TCP lost packets 4 and 7 out of an 8-packet window, TCPwould receiveacknowledgment of only packets 1, 2, and 3. Packets 4 through 8 would need to bere-sent. With selective acknowledgment, TCP receives acknowledgment of packets 1, 2, 3, 5, 6,and 8. Only packets 4 and 7 must be re-sent. TCP selective acknowledgment is used only when multiple packets are dropped within one TCPwindow. There is no performance impact when the feature is enabled but not used. Use the ip tcpselective-ack command in global configuration mode to enable TCP selective acknowledgment. Refer to RFC 2018 for more details about TCP selective acknowledgment. TCP Time StampThe TCP time-stamp option provides improved TCP round-trip time measurements. Because thetime stamps are always sent and echoed in both directions and the time-stamp value in the headeris always changing, TCP header compression will not compress the outgoing packet. To allowTCP header compression over a serial link, the TCP time-stamp option is disabled. Use the ip tcptimestamp command to enable the TCP time-stamp option. TCP Explicit Congestion NotificationThe TCP Explicit Congestion Notification (ECN) feature allows an intermediate router to notify endhosts of impending network congestion. It also provides enhanced support for TCP sessionsassociated with applications, such as Telnet, web browsing, and transfer of audio and video datathat are sensitive to delay or packet loss. The benefit of this feature is the reduction of delay andpacket loss in data transmissions. Use the ip tcp ecn command in global configuration mode toenable TCP ECN.TCP Keepalive TimerThe TCP Keepalive Timer feature provides a mechanism to identify dead connections. When a TCP connection on a routing device is idle for too long, the device sends a TCP keepalivepacket to the peer with only the Acknowledgment (ACK) flag turned on. If a response packet (aTCP ACK packet) is not received after the device sends a specific number of probes, theconnection is considered dead and the device initiating the probes frees resources used by theTCP connection.Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/xe-3s/asr1000/iap-xe-3s-asr1000-book/iap-tcp.html#GUID-22A82C5F-631F-4390-9838-F2E48FFEEA01
A network administrator uses IP SLA to measure UDP performance and notices that packets onone router have a higher one-way delay compared to the opposite direction.Which UDPcharacteristic does this scenario describe?A. latencyB. starvationC. connectionless communicationD. nonsequencing unordered packetsE. jitter
Answer: AExplanation:Cisco IOS IP SLAs provides a proactive notification feature with an SNMP trap. Eachmeasurement operation can monitor against a pre-set performance threshold. Cisco IOS IP SLAsgenerates an SNMP trap to alert management applications if this threshold is crossed. SeveralSNMP traps are available: round trip time, average jitter, one-way latency, jitter, packet loss,MOS, and connectivity tests.Here is a partial sample output from the IP SLA statistics that can be seen:router#show ip sla statistics 1Round Trip Time (RTT) for Index 55Latest RTT: 1 msLatest operation start time: *23:43:31.845 UTC Thu Feb 3 2005Latest operation return code: OKRTT Values:Number Of RTT: 10 RTT Min/Avg/Max: 1/1/1 millisecondsLatency one-way time:Number of Latency one-way Samples: 0Source to Destination Latency one way Min/Avg/Max: 0/0/0 millisecondsDestination to Source Latency one way Min/Avg/Max: 0/0/0 millisecondsReference:http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper09186a00802d5efe.html
Under which condition does UDP dominance occur?A. when TCP traffic is in the same class as UDPB. when UDP flows are assigned a lower priority queueC. when WRED is enabledD. when ACLs are in place to block TCP traffic
Answer: AExplanation:Mixing TCP with UDP It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especiallyStreaming-Video) within a single service-provider class because of the behaviors of theseprotocols during periods of congestion. Specifically, TCP transmitters throttle back flows whendrops are detected. Although some UDP applications have application-level windowing, flowcontrol, and retransmission capabilities, most UDP transmitters are completely oblivious to dropsand, thus, never lower transmission rates because of dropping.When TCP flows are combined with UDP flows within a single service-provider class and the classexperiences congestion, TCP flows continually lower their transmission rates, potentially giving uptheir bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDPdominance.TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data isassigned to the same service-provider class as (UDP-based) Streaming-Video and the classexperiences sustained congestion. Even if WRED is enabled on the service-provider class, thesame behavior would be observed because WRED (for the most part) manages congestion onlyon TCP-based flows.Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSSRND-Book/VPNQoS.html
Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed?A. Disable CDP on the interface.B. Execute the vpdn enable command.C. Execute the no switchport command.D. Enable QoS FIFO for PPPoE support.
Answer: BExplanation:Enabling PPPoE in a VPDN GroupPerform this task to enable PPPoE in a virtual private dial-up network (VPDN)group.RestrictionsThis task applies only to releases prior to Cisco IOS Release 12.2(13)T.SUMMARY STEPS1.enable2.configure terminal3.vpdn enable4.vpdn-group name5.request-dialin6.protocol pppoeDETAILED STEPSCommand or ActionPurposeStep 1enableExample:Router> enableEnables privileged EXEC mode.Enter your password if prompted.Step 2configure terminalExample:Router# configure terminalEnters global configuration mode.Step 3Step 4vpdn-group nameExample:Router(config)# vpdn-group group1Associates a VPDN group with a customer or VPDN profile.Step 5request-dialinExample:Router(config-vpdn)# request-dialinCreates a request-dialin VPDN subgroup.Step 6protocol pppoeExample:Router(config-vpdn-req-in)# protocol pppoeEnables the VPDN subgroup to establish PPPoEReference:http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftpppoec_support_TSD_Island_of_Content_Chapter.html
A network engineer has been asked to ensure that the PPPoE connection is established andauthenticated using an encrypted password. Which technology, in combination with PPPoE, canbe used for authentication in this manner?A. PAPB. dot1xC. IPsecD. CHAPE. ESP
Answer: DExplanation:With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on aninterface and a remote device attempts to connect to it, the access server sends a CHAP packetto the remote device. The CHAP packet requests or “challenges” the remote device to respond. The challenge packet consists of an ID, a random number, and the host name of the local router. When the remote device receives the challenge packet, it concatenates the ID, the remotedevice’s password, and the random number, and then encrypts all of it using the remote device’spassword. The remote device sends the results back to the access server, along with the nameassociated with the password used in the encryption process.When the access server receives the response, it uses the name it received to retrieve apassword stored in its user database. The retrieved password should be the same password theremote device used in its encryption process. The access server then encrypts the concatenatedinformation with the newly retrieved password—if the result matches the result sent in theresponse packet, authentication succeeds.The benefit of using CHAP authentication is that the remote device’s password is nevertransmitted in clear text (encrypted). This prevents other devices from stealing it and gainingillegal access to the ISP’s network.Reference:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathen.html
A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, evenif no interesting traffic exists. Which feature can be used to accomplish this task?A. TCP AdjustB. Dialer PersistentC. PPPoE GroupsD. half-bridgingE. Peer Neighbor Route
Answer: BExplanation:A new interface configuration command, dialer persistent, allows a dial-on-demand routing(DDR) dialer profile connection to be brought up without being triggered by interesting traffic. When configured, the dialer persistent command starts a timer when the dialer interface starts upand starts the connection when the timer expires. If interesting traffic arrives before the timerexpires, the connection is still brought up and set as persistent. The command provides a defaulttimer interval, or you can set a custom timer interval. To configure a dialer interface as persistent, use the following commands beginning in globalconfiguration mode:CommandPurposeStep 1Router(config)# interface dialer numberCreates a dialer interface and enters interface configuration mode.Step 2Router(config-if)# ip address address maskSpecifies the IP address and mask of the dialer interface as a node in thedestination network tobe called.Step 3Router(config-if)# encapsulation typeSpecifies the encapsulation type.Step 4Router(config-if)# dialer string dial-string class class-nameSpecifies the remote destination to call and the map class that defines characteristics for calls tothis destination.Step 5Router(config-if)# dialer pool numberSpecifies the dialing pool to use for calls to this destination.Step 6Router(config-if)# dialer-group group-numberAssigns the dialer interface to a dialer group.Step 7Router(config-if)# dialer-list dialer-group protocol protocol-name {permit | deny | list access-listnumber}Specifies an access list by list number or by protocol and list number to define the interestingpackets that can trigger a call.Step 8Router(config-if)# dialer remote-name user-name(Optional) Specifies the authentication name of the remote router on the destination subnetworkfor a dialer interface.Step 9Router(config-if)# dialer persistent [delay [initial] seconds | max-attempts number]Forces a dialer interface to be connected at all times, even in the absence of interestingtraffic.Reference:http://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_4t/dia_12_4t_book/dia_dialer_persist.html
Which PPP authentication method sends authentication information in cleartext?A. MS CHAPB. CDPCPC. CHAPD. PAP
Answer: DExplanation:PAP authentication involves a two-way handshake where the username and password are sentacross the link in clear text; hence, PAP authentication does not provide any protection againstplayback and line sniffing.CHAP authentication, on the other hand, periodically verifies the identity of the remote node usinga three-way handshake. After the PPP link is established, the host sends a “challenge” messageto the remote node. The remote node responds with a value calculated using a one-way hashfunction. The host checks the response against its own calculation of the expected hash value. Ifthe values match, the authentication is acknowledged; otherwise, the connection is terminated.Reference: http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10241-pppcallin-hostname.html
Which protocol uses dynamic address mapping to request the next-hop protocol address for aspecific connection?A. Frame Relay inverse ARPB. static DLCI mappingC. Frame Relay broadcast queueD. dynamic DLCI mapping
Answer: AExplanation:Dynamic address mapping uses Frame Relay Inverse ARP to request the next-hop protocoladdress for a specific connection, given its known DLCI. Responses to Inverse ARP requests areentered in an address-to-DLCI mapping table on the router or access server; the table is thenused to supply the next-hop protocol address or the DLCI for outgoing traffic.Reference:http://www.cisco.com/c/en/us/td/docs/ios/12_2/wan/configuration/guide/fwan_c/wcffrely.html
What is the default OSPF hello interval on a Frame Relay point-to-point network?A. 10B. 20C. 30D. 40
Answer: AExplanation:Before you troubleshoot any OSPF neighbor-related issues on an NBMA network, it is important toremember that an NBMA network can be configured in these modes of operation with the ip ospfnetwork command:The Hello and Dead Intervals of each mode are described in this table:Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13693-22.html
PPPoE is composed of which two phases?A. Active Authentication Phase and PPP Session PhaseB. Passive Discovery Phase and PPP Session PhaseC. Active Authorization Phase and PPP Session PhaseD. Active Discovery Phase and PPP Session Phase
Answer: DExplanation:PPPoE is composed of two main phases:Reference:http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpncli/vpn-pppoe.html
Which statement is true about the PPP Session Phase of PPPoE?A. PPP options are negotiated and authentication is not performed. Once the link setup is completed, PPPoE functions as a Layer 3 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.B. PPP options are not negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.C. PPP options are automatically enabled and authorization is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be encrypted over the PPP link within PPPoE headers.D. PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
Answer: DExplanation:PPPoE is composed of two main phases:Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpncli/vpn-pppoe.html
Which one statement is true?A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.C. The 10.0.0.0/8 network will not be in the routing table on Router B.D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network.E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Answer: EExplanation:You can filter what individual routes are sent (out) or received (in) to any interface within your EIGRP configuration. One example is noted above. If you filter outbound, the next neighbor(s) will not know about anything except the 172.16.0.0/16 route and therefore won’t send it to anyone else downstream. If you filter inbound, YOU won’t know about the route and therefore won’t send it to anyone else downstream.
A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?A. DHCPv6 requestB. router-advertisementC. neighbor-solicitationD. redirect
Answer: BExplanation:Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin the process by generating a link-local address for the interface. It is formed by appending the interface identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of the link-local prefix.Before the link-local address can be assigned to the interface, the node performs the Duplicate Address Detection mechanism to see if any other node is using the same link-local address on the link. It does this by sending a Neighbor Solicitation message with target address as the “tentative” address and destination address as the solicitednode multicast address corresponding to this tentative address. If a node responds with a Neighbor Advertisement message with tentative address as the target address, the address is a duplicate address and must not be used. Hence, manual configuration is required.Once the node verifies that its tentative address is unique on the link, it assigns that link-local address to the interface. At this stage, it has IP-connectivity to other neighbors on this link.The autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.The next phase involves obtaining Router Advertisements from routers if any routers are present on the link. If no routers are present, a stateful configuration is required. If routers are present, the Router Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global unicast IPv6 address. Reference: https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/ipv6-statelessautoconfiguration
An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:mac address C601.420F.0007subnet 2001:DB8:0:1::/64Which IPv6 addresses should the engineer add to the documentation?A. 2001:DB8:0:1:C601:42FF:FE0F:7B. 2001:DB8:0:1:FFFF:C601:420F:7C. 2001:DB8:0:1:FE80:C601:420F:7D. 2001:DB8:0:1:C601:42FE:800F:7
Answer: AExplanation:Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the EUI-48 MAC address.Here is an example showing how the Mac Address is used to generate EUI.Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.Reference: https://supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bitaddress
For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost.What caused this issue?A. The traffic filter is blocking all ICMPv6 traffic.B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.D. IPv6 traffic filtering can be implemented only on SVIs.
Answer: CExplanation:OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features, so if any IPv6 traffic filters are implemented be sure to include the link local address so that it is permitted in the filter list.Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nxos/unicast/configuration/guide/l3_cli_nxos/l3_ospfv3.html
What is the purpose of the autonomous-system {autonomous-system-number} command?A. It sets the EIGRP autonomous system number in a VRF.B. It sets the BGP autonomous system number in a VRF.C. It sets the global EIGRP autonomous system number.D. It sets the global BGP autonomous system number.
Answer: AExplanation:To configure the autonomous-system number for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process to run within a VPN routing and forwarding (VRF) instance, use the autonomous-system command in address-family configuration mode.To remove the autonomous-system for an EIGRP routing process from within a VPN VRF instance, use the no form of this command.autonomous-system autonomous-system-numberno autonomous-system autonomous-system-numberReference: http://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_a1.html#wp1062796
Which type of traffic does DHCP snooping drop?A. discover messagesB. DHCP messages where the source MAC and client MAC do not matchC. traffic from a trusted DHCP server to clientD. DHCP messages where the destination MAC and client MAC do not match
Answer: BExplanation:The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):• The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.• The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.• The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.• The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.To support trusted edge switches that are connected to untrusted aggregation-switch ports, you can enable the DHCP option-82 on untrusted port feature, which enables untrusted aggregationswitch ports to accept DHCP packets that include option-82 information. Configure the port on the edge switch that connects to the aggregation switch as a trusted port.Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html
Refer to the exhibit.Which command only announces the 1.2.3.0/24 network out of FastEthernet 0/0?A. distribute list 1 outB. distribute list 1 out FastEthernet0/0C. distribute list 2 outD. distribute list 2 out FastEthernet0/0
Answer: DExplanation:Access list 2 is more specific, allowing only 1.2.3.0/24, whereas access list 1 permits all 1.0.0.0/8 networks. This question also asks us to apply this distribute list only to the outbound direction of the fast Ethernet 0/0 interface, so the correct command is “distribute list 2 out FastEthernet0/0.”
