Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ENCOR > Multi_Easy > Flashcards

Multi_Easy Flashcards

1
Q

Question 1
Which two statements about AAA authentication are true? (Choose two)

A. RADIUS authentication queries the router’s local username database

B. TACACS+ authentication uses an RSA server to authenticate users

C. Local user names are case-insensitive

D. Local authentication is maintained on the router

E. KRB5 authentication disables user access when an incorrect password is entered

A

Answer:C D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 2
A network administrator applies the following configuration to an IOS device.

aaa new-model
aaa authentication login default local group tacacs+

What is the process of password checks when a login attempt is made to the device?

A. A TACACS+ server is checked first. If that check fail, a database is checked

B. A TACACS+ server is checked first. If that check fail, a RADIUS server is checked. If that check fail, a local database is checked

C. A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADIUS server is checked

D. A local database is checked first. If that check fails, a TACACS+server is checked

A

Answer:D

Explanation

The “aaa authentication login default local group tacacs+” command is broken down as follows:
+ The ‘aaa authentication’ part is simply saying we want to configure authentication settings.
+ The ‘login’ is stating that we want to prompt for a username/password when a connection is made to the device.
+ The ‘default’ means we want to apply for all login connections (such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then we have to specify which line(s) we want to apply the authentication feature.
+ The ‘local group tacacs+” means all users are authenticated using router’s local database (the first method). If the credentials are not found on the local database, then the TACACS+ server is used (the second method).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 3
Refer to the exhibit.

aaa new-model
aaa authentication login authorizationlist tacacs+
tacacs-server host 192.168.0.202
tacacs-server key ciscotestkey
line vty 0 4
login authentication authorizationlist

What is the effect of the configuration?

A. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey

B. The device will allow only users at 192 168.0.202 to connect to vty lines 0 through 4

C. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails

D. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+

A

Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 4
Refer to the exhibit.

aaa new-model
aaa authentication login default local-case enable
aaa authentication login ADMIN local-case
username CCNP secret Str0ngP@ssw0rd!
line 0 4
login authentication ADMIN

An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required?

A. Add the autocommand keyword to the aaa authentication command

B. Add the access-class keyword to the aaa authentication command

C. Add the access-class keyword to the username command

D. Add the autocommand keyword to the username command

A

Answer:D

Explanation

The “autocommand” causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and can contain embedded spaces, commands using the autocommand keyword must be the last option on the line. In this specific question, we have to enter this line “username CCNP autocommand show running-config”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 5
Which standard access control entry permits from odd-numbered hosts in the 10.0.0.0/24 subnet?

A. Permit 10.0.0.0 0.0.0.1

B. Permit 10.0.0.1 0.0.0.0

C. Permit 10.0.0.1 0.0.0.254

D. Permit 10.0.0.0 255.255.255.254

A

Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 6
In a traditional 3 tier topology, an engineer must explicitly configure a switch as the root bridge and exclude it from any further election process for the spanning-tree domain. Which action accomplishes this task?

A. Configure the spanning-tree priority to 32768

B. Configure root guard and portfast on all access switch ports

C. Configure BPDU guard in all switch-to-switch connections

D. Configure the spanning-tree priority equal to 0

A

Answer:B

Explanation
Root guard does not allow the port to become a STP root port, so the port is always STP-designated. If a better BPDU arrives on this port, root guard does not take the BPDU into account and elect a new STP root. Instead, root guard puts the port into the root-inconsistent STP state which is equal to a listening state. No traffic is forwarded across this port.
Below is an example of where to configure Root Guard on the ports. Notice that Root Guard is always configure on designated ports.

To configure Root Guard use this command:
Switch(config-if)#spanning-tree guard root
Reference:http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 7
A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web server. Which statement allows this traffic?

A. permit tcp host 209.165.201.25 eq 80 host 209.165.200.225

B. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80

C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25

D. permit tcp host 209.165.200.225 host 209.165.201.25 eq 80

A

Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 8
Which access controls list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

A. Deny tcp any any eq 80
Permit tcp any any gt 21 lt 444

B. Permit tcp any any neq 80

C. Permit tcp any any range 22 443
Deny tcp any any eq 80

D. Deny tcp any any neq 80
Permit tcp any any range 22 443

A

Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9
What is the result of applying this access control list?

ip access-list extended STATEFUL
10 permit tcp any any established
20 deny ip any any

A. TCP traffic with the DF bit set is allowed
B. TCP traffic with the SYN bit set is allowed
C. TCP traffic with the ACK bit set is allowed
D. TCP traffic with the URG bit set is allowed

A

Answer:C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 10
Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1?

A. ip access-list extended 200
deny tcp host 10.10.10.1 eq 80 any
permit ip any any

B. ip access-list extended 10
deny tcp host 10.10.10.1 any eq 80
permit ip any any

C. ip access-list extended NO_HTTP
deny tcp host 10.10.10.1 any eq 80

D. ip access-list extended 100
deny tcp host 10.10.10.1 any eq 80
permit ip any any

A

Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Question 11
An engineer must configure a ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL?

A. access-list 110 permit tcp any any eq 21 tcp-ack

B. access-list 10 permit ip any any eq 21 tcp-ack

C. access-list 10 permit tcp any any eq 21 established

D. access-list 110 permit tcp any any eq 21 established

A

Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question 12
Which OSPF network types are compatible and allow communication through the two peering devices?

A. broadcast to nonbroadcast

B. point-to-multipoint to nonbroadcast

C. broadcast to point-to-point

D. point-to-multipoint to broadcast

A

Answer:A

Explanation
The following different OSPF types are compatible with each other:
+ Broadcast and Non-Broadcast (adjust hello/dead timers)
+ Point-to-Point and Point-to-Multipoint (adjust hello/dead timers)
Broadcast and Non-Broadcast networks elect DR/BDR so they are compatible. Point-to-point/multipoint do not elect DR/BDR so they are compatible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Question 14
Refer to the exhibit. Which statement about the OPSF debug output is true?

R1#debug ip ospf hello
R1#debug condition interface fa0/1
Condition 1 set

A. The output displays all OSPF messages which router R1 has sent or received on interface Fa0/1

B. The output displays all OSPF messages which router R1 has sent or received on all interfaces

C. The output displays OSPF hello messages which router R1 has sent or received on interface Fa0/1

D. The output displays OSPF hello and LSACK messages which router R1 has sent or received

A

Answer:C

Explanation
This combination of commands is known as “Conditional debug” and will filter the debug output based on your conditions. Each condition added, will behave like an ‘And’ operator in Boolean logic. Some examples of the “debug ip ospf hello” are shown below:
*Oct 12 14:03:32.595: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet1/0 from 192.168.12.2
*Oct 12 14:03:33.227: OSPF: Rcv hello from 1.1.1.1 area 0 on FastEthernet1/0 from 192.168.12.1
*Oct 12 14:03:33.227: OSPF: Mismatched hello parameters from 192.168.12.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question 15
Which EIGRP feature allows the use of leak maps?

A. offset-list

B. neighbor

C. address-family

D. stub

A

Answer:D

Explanation
If we configured an EIGRP stub router so that it only advertises connected and summary routes. But we also want to have an exception to this rule then we can configure a leak-map. For example:
R4(config-if)#router eigrp 1
R4(config-router)#eigrp stub
R4(config)#ip access-list standard R4_L0opback0
R4(config-std-nacl)#permit host 4.4.4.4
R4(config)#route-map R4_L0opback0_LEAKMAP
R4(config-route-map)#match ip address R4_L0opback0
R4(config)#router eigrp 1
R4(config-router)#eigrp stub leak-mapR4_L0opback0_LEAKMAP
As we can see the leak-map feature goes long with ‘eigrp stub’ command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Question 16
Which two statements about EIGRP load balancing are true? (Choose two)

A. EIGRP supports 6 unequal-cost paths

B. A path can be used for load balancing only if it is a feasible successor

C. EIGRP supports unequal-cost paths by default

D. Any path in the EIGRP topology table can be used for unequal-cost load balancing

E. Cisco Express Forwarding is required to load-balance across interfaces

A

Answer:A B

Explanation
EIGRP provides a mechanism to load balance over unequal cost paths (or called unequal cost load balancing) through the “variance” command. In other words, EIGRP will install all paths withmetric < variance * best_metricinto the local routing table, provided that it meets the feasibility condition to prevent routing loop. The path that meets this requirement is called a feasible successor. If a path is not a feasible successor, it is not used in load balancing.
Note: The feasibility condition states that, the Advertised Distance (AD) of a route must be lower than the feasible distance of the current successor route.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Question 16
Which statement about LISP encapsulation in an EIGRP OTP implementation is true?

A. OTP uses LISP encapsulation for dynamic multipoint tunneling

B. OTP maintains the LISP control plane

C. OTP uses LISP encapsulation to obtain routes from neighbors

D. LISP learns the next hop

A

Answer:A

Explanation
OTP leverages existing LISP encapsulation which:
+ Allows dynamic multi-point tunneling (-> Answer A is correct)
+ Provides instance ID field to optionally support virtualization across WAN (see EVN WAN Extension section)
OTP does NOT use LISP control plane(map server/resolver, etc.) (-> Therefore answer B is not correct)instead it uses EIGRP to exchange routes and provide the next-hop(-> answer C and answer D are not correct), which LISP encapsulation uses to reach remote prefixes.
Reference:https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Question 17
Which reason could cause an OSPF neighborship to be in the EXSTART/EXCHANGE state?

A. Mismatched OSPF network type

B. Mismatched areas

C. Mismatched MTU size

D. Mismatched OSPF link costs

A

Answer:C

Explanation
When OSPF adjacency is formed, a router goes through several state changes before it becomes fully adjacent with its neighbor. The states are Down -> Attempt (optional) -> Init -> 2-Way -> Exstart -> Exchange -> Loading -> Full. Short descriptions about these states are listed below:
Down: no information (hellos) has been received from this neighbor.
Attempt: only valid for manually configured neighbors in an NBMA environment. In Attempt state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos have not been received within the dead interval.
Init: specifies that the router has received a hello packet from its neighbor, but the receiving router’s ID was not included in the hello packet
2-Way: indicates bi-directional communication has been established between two routers.
Exstart: Once the DR and BDR are elected, the actual process of exchanging link state information can start between the routers and their DR and BDR.
Exchange: OSPF routers exchange database descriptor (DBD) packets
Loading: In this state, the actual exchange of link state information occurs
Full: routers are fully adjacent with each other
(Reference:http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f0e.shtml)
Neighbors Stuck in Exstart/Exchange State
The problem occurs most frequently when attempting to run OSPF between a Cisco router and another vendor’s router. The problem occurs when the maximum transmission unit (MTU) settings for neighboring router interfaces don’t match. If the router with the higher MTU sends a packet larger that the MTU set on the neighboring router, the neighboring router ignores the packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Question 18
Which feature is supported by EIGRP but is not supported by OSPF?

A. route summarization

B. equal-cost load balancing

C. unequal-cost load balancing

D. route filtering

A

Answer:C

Explanation
EIGRP support unequal-cost load balancing via the “variance …” while OSPF only supports equal-cost load balancing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Question 19
In OSPF, which LSA type is responsible for pointing to the ASBR router?

A. type 1

B. type 2

C. type 3

D. type 4

A

Answer:D

Explanation
Summary ASBR LSA (Type 4)– Generated by the ABR to describe an ASBR to routers in other areas so that routers in other areas know how to get to external routes through that ASBR. For example, suppose R8 is redistributing external route (EIGRP, RIP…) to R3. This makes R3 an Autonomous System Boundary Router (ASBR). When R2 (which is an ABR) receives this LSA Type 1 update, R2 will create LSA Type 4 and flood into Area 0 to inform them how to reach R3. When R5 receives this LSA it also floods into Area 2.
In the above example, the only ASBR belongs to area 1 so the two ABRs (R2 & R5) send LSA Type 4 to area 0 & area 2 (not vice versa). This is an indication of the existence of the ASBR in area 1.

Note:
+ Type 4 LSAs contain the router ID of the ASBR.
+ There are no LSA Type 4 injected into Area 1 because every router inside area 1 knows how to reach R3. R3 only uses LSA Type 1 to inform R2 about R8 and inform R2 that R3 is an ASBR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Question 20
How does the EIGRP metric differ from the OSPF metric?

A. The EIGRP metric is calculated based on bandwidth only. The OSPF metric is calculated on delay only.

B. The EIGRP metric is calculated based on delay only. The OSPF metric is calculated on bandwidth and delay.

C. The EIGRP metric is calculated based on hop count and bandwidth. The OSPF metric is calculated on bandwidth and delay.

D. The EIGRP metric is calculated based on bandwidth and delay. The OSPF metric is calculated on bandwidth only.

A

Answer:D

Explanation
By default, EIGRP metric is calculated:
metric = bandwidth + delay
While OSPF is calculated by:
OSPF metric = Reference bandwidth / Interface bandwidth in bps
(Or Cisco uses 100Mbps (108) bandwidth as reference bandwidth. With this bandwidth, our equation would be:
Cost = 108/interface bandwidth in bps)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Question 21
A local router shows an EBGP neighbor in the Active state. Which statement is true about the local router?

A. The local router has active prefix in the forwarding table firom the neighboring router

B. The local router has BGP passive mode configured for the neighboring router

C. The local router is attempting to open a TCP session with the neighboring router.

D. The local router is receiving prefixes from the neighboring router and adding them in RIB-IN

A

Answer:C

Explanation
The BGP session may report in the following states
1 – Idle:the initial state of a BGP connection. In this state, the BGP speaker is waiting for a BGP start event, generally either the establishment of a TCP connection or the re-establishment of a previous connection. Once the connection is established, BGP moves to the next state.
2 – Connect:In this state, BGP is waiting for the TCP connection to be formed. If the TCP connection completes, BGP will move to the OpenSent stage; if the connection cannot complete, BGP goes to Active
3 – Active:In the Active state, the BGP speaker is attempting to initiate a TCP session with the BGP speaker it wants to peer with. If this can be done, the BGP state goes to OpenSent state.
4 – OpenSent:the BGP speaker is waiting to receive an OPEN message from the remote BGP speaker
5 – OpenConfirm:Once the BGP speaker receives the OPEN message and no error is detected, the BGP speaker sends a KEEPALIVE message to the remote BGP speaker
6 –Established:All of the neighbor negotiations are complete. You will see a number, which tells us the number of prefixes the router has received from a neighbor or peer group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Question 22
What is the correct EBGP path attribute list, ordered from most preferred to the least preferred, that the BGP best-path algorithm uses?

A. weight, AS path, local preference, MED

B. weight, local preference, AS path, MED

C. local preference, weight, AS path, MED

D. local preference, weight, MED, AS path

A

Answer:B

Explanation
Path Selection Attributes:Weight > Local Preference > Originate > AS Path > Origin > MED > External > IGP Cost > eBGP Peering > Router ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Question 23
Which PAgP mode combination prevents an Etherchannel from forming?

A. auto/auto

B. desirable/desirable

C. auto/desirable

D. desirable

A

Answer:A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Question 24
Which two GRE features are configured to prevent fragmentation? (Choose two)

A. TCP window size

B. TCP MSS

C. IP MTU

D. DF bit Clear

E. MTU ignore

F. PMTUD

A

Answer:B F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Question 25
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?

A. MTU

B. Window size

C. MRU

D. MSS

A

Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Question 26
Which statement about dynamic GRE between a headend router and a remote router is true?

A. The headend router learns the IP address of the remote end router statically

B. A GRE tunnel without an IP address has a status of administratively down

C. GRE tunnels can be established when the remote router has a dynamic IP address

D. The remote router initiates the tunnel connection

A

Answer:D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Question 27
A GRE tunnel is down with the error message %TUN-5-RECUR DOWN:

Tunnel0 temporarily disabled due to recursive routing error.
Which two options describe possible causes of the error? (Choose two)

A. Incorrect destination IP addresses are configured on the tunnel

B. There is link flapping on the tunnel

C. There is instability in the network due to route flapping

D. The tunnel mode and tunnel IP address are misconfigured

E. The tunnel destination is being routed out of the tunnel interface

A

Answer:C E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Question 28
Which IPv6 migration method relies on dynamic tunnels that use the 2002::/16 reserved address space?

A. 6RD

B. 6to4

C. ISATAP

D. GRE

A

Answer:B

Explanation
6to4 tunnelis a technique which relies on reserved address space 2002::/16 (you must remember this range). These tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router’s IPv4 address, beginning with the 2002::/16 prefix, in this format:
2002:border-router-IPv4-address::/48
For example, if the border-router-IPv4-address is 64.101.64.1, the tunnel interface will have an IPv6 prefix of 2002:4065:4001:1::/64, where 4065:4001 is the hexadecimal equivalent of 64.101.64.1. This technique allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup but we have to implement it on all routers on the path.

29
Q

Question 29
Which two statements about HSRP are true? (Choose two)

A. Its virtual MAC is 0000.0C07.ACxx

B. Its multicast virtual MAC is 0000.5E00.01xx

C. Its default configuration allows for pre-emption

D. It supports tracking

E. It supports unique virtual MAC addresses

A

Answer:A D

Explanation
When you change the HSRP version, Cisco NX-OS reinitializes the group because it now has a new virtual MAC address. HSRP version 1 uses the MAC address range 0000.0C07.ACxx while HSRP version 2 uses the MAC address range 0000.0C9F.F0xx.
HSRP supports interface tracking which allows to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group.

30
Q

Question 30
Which behavior can be expected when the HSRP versions is changed from 1 to 2?

A. Each HSRP group reinitializes because the virtual MAC address has changed

B. No changes occur because version 1 and 2 use the same virtual MAC OUI

C. Each HSRP group reinitializes because the multicast address has changed

D. No changes occur because the standby router is upgraded before the active router

A

Answer:A

Explanation
If you change the version for existing groups, Cisco NX-OS reinitializes HSRP for those groups because the virtual MAC address changes.
Reference:https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3548/sw/unicast/503_A1_1/l3_nx-os/l3_hsrp.html

31
Q

Question 31
If a VRRP master router fails, which router is selected as the new master router?

A. router with the highest priority

B. router with the highest loopback address

C. router with the lowest loopback address

D. router with the lowest priority

A

Answer:A

32
Q

Question 32
Which First Hop Redundancy Protocol maximizes uplink utilization and minimizes the amount of configuration that is necessary?

A. GLBP

B. HSRP v2

C. VRRP

D. HSRP v1

A

Answer:A

Explanation
The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.
Note: Although GLBP is not a topic for this exam but not sure why we still have this question!

33
Q

Question 33
What are three valid HSRP states? (Choose three)

A. listen

B. learning

C. full

D. established

E. speak

F. INIT

A

Answer:A B E

Explanation
HSRP consists of 6 states:
State
Description
Initial
This is the beginning state. It indicates HSRP is not running. It happens when the configuration changes or the interface is first turned on
Learn
The router has not determined the virtual IP address and has not yet seen an authenticated hello message from the active router. In this state, the router still waits to hear from the active router.
Listen
The router knows both IP and MAC address of the virtual router but it is not the active or standby router. For example, if there are 3 routers in HSRP group, the router which is not in active or standby state will remain in listen state.
Speak
The router sends periodic HSRP hellos and participates in the election of the active or standby router.
Standby
In this state, the router monitors hellos from the active router and it will take the active state when the current active router fails (no packets heard from active router)
Active
The router forwards packets that are sent to the HSRP group. The router also sends periodic hello messages
Please notice that not all routers in a HSRP group go through all states above. In a HSRP group, only one router reaches active state and one router reaches standby state. Other routers will stop at listen state.

34
Q

Question 34
Which two statements about VRRP are true? (Choose two)

A. It is assigned multicast address 224.0.0.8.

B. The TTL for VRRP packets must be 255.

C. It is assigned multicast address 224.0.0.9.

D. Its IP address number is 115.

E. Three versions of the VRRP protocol have been defined.

F. It supports both MD5 and SHA1 authentication.

A

Answer:B E

Explanation
A VRRP router receiving a packet with the TTL not equal to 255 must discard the packet (only one possible hop) -> Answer B is correct.
Currently there are three VRRP versions which are versions 1, 2 and 3 -> Answer E is correct.
VRRP uses multicast address 224.0.0.18 and supports plaintext or MD5 authentication.

35
Q

Question 35
Which First Hop Redundancy Protocol should be used to meet a design requirements for more efficient default bandwidth usage across multiple devices?

A. GLBP

B. LCAP

C. HSRP

D. VRRP

A

Answer:A

Explanation
The main disadvantage of HSRP and VRRP is that only one gateway is elected to be the active gateway and used to forward traffic whilst the rest are unused until the active one fails. Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol and performs the similar function to HSRP and VRRP but it supports load balancing among members in a GLBP group.

36
Q

Question 36
How does SSO work with HSRP to minimize network disruptions?

A. It enables HSRP to elect another switch in the group as the active HSRP switch

B. It ensures fast failover in the case of link failure

C. It enables data forwarding along known routes following a switchover, while the routing protocol reconverges

D. It enables HSRP to failover to the standby RP on the same device

A

Answer:D

Explanation
SSO HSRP alters the behavior of HSRP when a device with redundant Route Processors (RPs) is configured for stateful switchover (SSO) redundancy mode. When an RP is active and the other RP is standby, SSO enables the standby RP to take over if the active RP fails.
The SSO HSRP feature enables the Cisco IOS HSRP subsystem software to detect that a standby RP is installed and the system is configured in SSO redundancy mode. Further, if the active RP fails, no change occurs to the HSRP group itself and traffic continues to be forwarded through the current active gateway device.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-s/fhp-15-s-book/fhp-hsrp-sso.html

37
Q

Question 36
How does SSO work with HSRP to minimize network disruptions?

A. It enables HSRP to elect another switch in the group as the active HSRP switch

B. It ensures fast failover in the case of link failure

C. It enables data forwarding along known routes following a switchover, while the routing protocol reconverges

D. It enables HSRP to failover to the standby RP on the same device

A

Answer:D

Explanation
SSO HSRP alters the behavior of HSRP when a device with redundant Route Processors (RPs) is configured for stateful switchover (SSO) redundancy mode. When an RP is active and the other RP is standby, SSO enables the standby RP to take over if the active RP fails.
The SSO HSRP feature enables the Cisco IOS HSRP subsystem software to detect that a standby RP is installed and the system is configured in SSO redundancy mode. Further, if the active RP fails, no change occurs to the HSRP group itself and traffic continues to be forwarded through the current active gateway device.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-s/fhp-15-s-book/fhp-hsrp-sso.html

38
Q

Question 37
An engineer must configure HSRP group 300 on a Cisco IOS router. When the router is functional, it must be the active HSRP router. The peer router has been configured using the default priority value. Which three commands are required? (Choose three)

A. standby 300 timers 1 110

B. standby 300 priority 90

C. standby 300 priority 110

D. standby version 2

E. standby version 1

F. standby 300 preempt

A

Answer:C D F

Explanation
In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> We must configure HSRP group 300 so we must change to HSRP version 2.

39
Q

Question 38
Which two statements about IP SLA are true? (Choose two)

A. SNMP access is not supported
B. It uses active traffic monitoring
C. It is Layer 2 transport-independent
D. The IP SLA responder is a component in the source Cisco device
E. It can measure MOS
F. It uses NetFlow for passive traffic monitoring

A

Answer:B C

Explanation
IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs, and to reduce the frequency of network outages.IP SLAs uses active traffic monitoring–the generation of traffic in a continuous, reliable, and predictable manner–for measuring network performance.
BeingLayer-2 transport independent, IP SLAs can be configured end-to-end over disparate networks to best reflect the metrics that an end-user is likely to experience.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_overview.html

40
Q

Question 39
What would be the preferred way to implement a loopless switch network where there are 1500 defined VLANs and it is necessary to load the shared traffic through two main aggregation points based on the VLAN identifier?

A. 802.1D

B. 802.1s

C. 802.1W

D. 802.1AE

A

Answer:B

Explanation
Where to Use MST
This diagram shows a common design that features access Switch A with 1000 VLANs redundantly connected to two distribution Switches, D1 and D2. In this setup, users connect to Switch A, and the network administrator typically seeks to achieve load balancing on the access switch Uplinks based on even or odd VLANs, or any other scheme deemed appropriate.
Reference:https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24248-147.html

41
Q

Question 40
Which IP SLA operation requires the IP SLA responder to be configured on the remote end?

A. ICMP echo

B. UDP jitter

C. ICMP jitter

D. TCP connect

A

Answer:B

Explanation
Cisco IOS IP SLA Responder is a Cisco IOS Software component whose functionality is to respond to Cisco IOS IP SLA request packets. The IP SLA source sends control packets before the operation starts to establish a connection to the responder. Once the control packet is acknowledged, test packets are sent to the responder.The responder inserts a time-stamp when it receives a packetand factors out the destination processing timeand adds time-stamps to the sent packets. This feature allows the calculation of unidirectional packet loss, latency, and jitter measurements with the kind of accuracy that is not possible with ping or other dedicated probe testing.
Reference:https://www.cisco.com/en/US/technologies/tk869/tk769/technologies_white_paper0900aecd806bfb52.html
The IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. The responder provides accurate measurements without the need for dedicated probes.
Reference:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/46sg/configuration/guide/Wrapper-46SG/swipsla.html
UDP Jitter measures the delay, delay variation(jitter), corruption, misorderingand packet lossby generating periodic UDP traffic. This operation always requires IP SLA responder.
Reference:https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2017/pdf/BRKNMS-3043.pdf

42
Q

Question 41
Which LISP device is responsible for publishing EID-to-RLOC mappings for a site?

A. ETR

B. MS

C. ITR

D. MR

A

Answer:A

Explanation
An Egress Tunnel Router (ETR) connects a site to the LISP-capable part of a core network (such as the Internet), publishes EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers LISP-encapsulated user data to end systems at the site.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

43
Q

Question 42
Which LISP infrastructure device provides connectivity between non-LISP sites and LISP sites by receiving non-LISP traffic with a LISP site destination?

A. PETR

B. PITR

C. map resolver

D. map server

A

Answer:B

Explanation
Proxy ingress tunnel router (PITR): A PITR is an infrastructure LISP network entity that receives packets from non-LISP sites and encapsulates the packets to LISP sites or natively forwards them to non-LISP sites.
Reference:https://www.ciscopress.com/articles/article.asp?p=2992605
Note: The proxy egress tunnel router (PETR) allows the communication from the LISP sites to the non-LISP sites. The PETR receives LISP encapsulated traffic from ITR.

44
Q

Question 43
Into which two pieces of information does the LISP protocol split the device identity? (Choose two)

A. Routing Locator

B. Endpoint Identifier

C. Resource Location

D. Enterprise Identifier

E. LISP ID

F. Device ID

A

Answer:A B

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

45
Q

Question 44
Which statement about VXLAN is true?

A. VXLAN uses TCP 35 the transport protocol over the physical data center network

B. VXLAN extends the Layer 2 Segment ID field to 24-bits, which allows up to 4094 unique Layer 2 segments over the same network

C. VXLAN encapsulates a Layer 2 frame in an IP-UDP header, which allows Layer 2 adjacency across router boundaries

D. VXLAN uses the Spanning Tree Protocol for loop prevention

A

Answer:C

Explanation

802.1Q VLAN identifier space is only 12 bits. The VXLAN identifier space is 24 bits. This doubling in size allows the VXLAN ID space to support 16 million Layer 2 segments -> Answer B is not correct.
VXLAN is a MAC-in-UDP encapsulation method that is used in order to extend a Layer 2 or Layer 3 overlay network over a Layer 3 infrastructure that already exists.
Reference:https://www.cisco.com/c/en/us/support/docs/lan-switching/vlan/212682-virtual-extensible-lan-and-ethernet-virt.html

46
Q

Question 45
Which two namespaces does the LISP network architecture and protocol use? (Choose two)

A. TLOC

B. RLOC

C. DNS

D. VTEP

E. EID

A

Answer:B E

Explanation

Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of two namespaces instead of a single IP address:
+ Endpoint identifiers (EIDs)—assigned to end hosts.
+ Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing system.
Reference:https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-overview.html

47
Q

Question 46
Which action is a function of VTEP in VXLAN?

A. tunneling traffic from IPv6 to IPv4 VXLANs

B. allowing encrypted communication on the local VXLAN Ethernet segment

C. encapsulating and de-encapsulating VXLAN Ethernet frames

D. tunneling traffic from IPv4 to IPv6 VXLANs

A

Answer:C

Explanation

VTEPs connect between Overlay and Underlay network and they are responsible for encapsulating frame into VXLAN packets to send across IP network (Underlay) then decapsulating when the packets leaves the VXLAN tunnel.

48
Q

Question 47
What function does VXLAN perform in an SD-Access deployment?

A. policy plane forwarding

B. control plane forwarding

C. data plane forwarding

D. systems management and orchestration

A

Answer:C

49
Q

Question 48
Which two LISP infrastructure elements are needed to support LISP to non -LISP internetworking? (Choose two)

A. PETR

B. PITR

C. MR

D. MS

E. ALT

A

Answer:A C

Explanation

In this question we suppose that we only need to send packets from LISP site to non-LISP site successfully. We don’t care about the way back (if we care about the way back then all PETR, PITR, MS & MR are needed).
Proxy Egress Tunnel Router(PETR): A LISP device that de-encapsulates packets from LISP sites to deliver them to non-LISP sites.

When the xTR in LISP Site 1 want to sends traffic to Non-LISP site, the ITR (not PETR) needs a Map Resolver (MR) to send Map Request to. When the ITR (the xTR in LISP Site 1 in the figure above) receives negative MAP-Reply packet from MR, it caches that prefix and map it to the PETR.
Good reference:https://netmindblog.com/2019/12/04/lisp-locator-id-separation-protocol-part-ii-pxtr/

50
Q

Question 49
What is the purpose of the LISP routing and addressing architecture?

A. It creates head-end replication used to deliver broadcast and multicast frames to the entire network.

B. It allows LISP to be applied as a network visualization overlay though encapsulation.

C. It allows multiple instances of a routing table to co-exist within the same router.

D. It creates two entries for each network node, one for its identity and another for its location on the network.

A

Answer:D

Explanation

Locator ID Separation Protocol (LISP) solves this issue by separating the location and identity of a device through the Routing locator (RLOC) and Endpoint identifier (EID):
+Endpoint identifiers(EIDs) – assigned to end hosts.
+Routing locators(RLOCs) – assigned to devices (primarily routers) that make up the global routing system.

51
Q

Question 50
Which entity is responsible for maintaining Layer 2 isolation between segments in a VXLAN environment?

A. switch fabric

B. host switch

C. VTEP

D. VNID

A

Answer:D

Explanation

VXLAN uses an 8-byte VXLAN header that consists of a 24-bit VNID and a few reserved bits. The VXLAN header together with the original Ethernet frame goes in the UDP payload. The 24-bit VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.
Reference:https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/vxlan/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_7x_chapter_010.html
Let’s see the structure of a VXLAN packet to understand how (note: VNI = VNID)

The key fields for the VXLAN packet in each of the protocol headers are:
+Outer MAC header(14 bytes with 4 bytes optional) – Contains the MAC address of the source VTEP and the MAC address of the next-hop router. Each router along the packet’s path rewrites this header so that the source address is the router’s MAC address and the destination address is the next-hop router’s MAC address.
+Outer IP header(20 bytes)- Contains the IP addresses of the source and destination VTEPs.
+(Outer) UDP header(8 bytes)- Contains source and destination UDP ports:
– Source UDP port: The VXLAN protocol repurposes this standard field in a UDP packet header. Instead of using this field for the source UDP port, the protocol uses it as a numeric identifier for the particular flow between VTEPs. The VXLAN standard does not define how this number is derived, but the source VTEP usually calculates it from a hash of some combination of fields from the inner Layer 2 packet and the Layer 3 or Layer 4 headers of the original frame.
– Destination UDP port: The VXLAN UDP port. The Internet Assigned Numbers Authority (IANA) allocates port 4789 to VXLAN.
+VXLAN header(8 bytes)- Contains the 24-bit VNI (or VNID)
+Original Ethernet/L2 Frame– Contains the original Layer 2 Ethernet frame.

52
Q

Question 51
Refer to the exhibit.

access-list 1 permit 172.16.1.0 0.0.0.255
ip nat inside source list 1 interface gigabitethernet0/0 overload

The inside and outside interfaces in the NAT configuration of this device have been correctly identified. What is the effect of this configuration?

A. dynamic NAT

B. static NAT

C. PAT

D. NAT64

A

Answer:C

Explanation

The command “ip nat inside source list 1 interface gigabitethernet0/0 overload” translates all source addresses that pass access list 1, which means 172.16.1.0/24 subnet, into an address assigned to gigabitethernet0/0 interface.Overloadkeyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports so it is called Port Address Translation (PAT).

53
Q

Question 52
Refer to the exhibit. What are two effect of this configuration? (Choose two)

access-list 1 permit 10.1.1.0 0.0.0.31
ip nat pool CISCO 209.165.201.1 209.165.201.30 netmask 255.255.255.224
ip nat inside source list 1 pool CISCO

A. Inside source addresses are translated to the 209.165.201.0/27 subnet

B. It establishes a one-to-one NAT translation

C. The 10.1.1.0/27 subnet is assigned as the inside global address range

D. The 209.165.201.0/27 subnet is assigned as the outside local address range

E. The 10.1.1.0/27 subnet is assigned as the inside local addresses

A

Answer:A E

Explanation

In this question, the inside local addresses of the 10.1.1.0/27 subnet are translated into 209.165.201.0/27 subnet. This is one-to-one NAT translation as the keyword “overload” is missing so in fact answer B is also correct.

54
Q

Question 53
Refer to the exhibit.

interface FastEthernet0/1
ip address 209.165.200.225 255.255.255.224
ip nat outside
!
interface FastEthernet0/2
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
access-list 10 permit 10.10.10.0 0.0.0.255
!

Which command allows hosts that are connected to FastEthernet0/2 to access the Internet?

A. ip nat inside source list 10 interface FastEthernet0/1 overload

B. ip nat outside source static 209.165.200.225 10.10.10.0 overload

C. ip nat inside source list 10 interface FastEthernet0/2 overload

D. ip nat outside source list 10 interface FastEthernet0/2 overload

A

Answer:A

Explanation

The command “ip nat inside source list 10 interface FastEthernet0/1 overload” configures NAT to overload on the address that is assigned to the Fa0/1 interface.

55
Q

Question 54
A network engineer is configuring Flexible NetFlow and enters these commands:

Sampler Netflow1
mode random one-out-of 100
interface fastethernet 1/0
flow-sampler netflow1

Which are two results of implementing this feature instead of traditional NetFlow? (Choose two)

A. Only the flows of top 100 talkers are exported

B. CPU and memory utilization are reduced

C. The data export flow is more secure

D. The accuracy of the data to be analyzed is improved

E. The number of packets to be analyzed are reduced

A

Answer:B E

Explanation

The “mode random one-out of 100” specifies that sampling uses the random mode and only take one sample out of every 100 packets.

56
Q

Question 54
Refer to the exhibit. How can you configure a second export destination for IP address 192.168.10.1?

configure terminal
ip flow-export destination 192.168.10.1 9991
ip flow-export version 9

A. Specify a different TCP port

B. Specify a different UDP port

C. Specify a VRF

D. Configure a version 5 flow-export to the same destination

E. Specify a different flow ID

A

Answer:B

Explanation

To configure multiple NetFlow export destinations to a router, use the following commands in global configuration mode:
Step 1: Router(config)#ip flow-export destinationip-address udp-port
Step 2: Router(config)#ip flow-export destinationip-address udp-port
The following example enables the exporting of information in NetFlow cache entries:
ip flow-export destination 10.42.42.1 9991
ip flow-export destination 10.0.101.254 1999
Reference:https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html

57
Q

Question 55
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled. In a dual-stack network with two dual-stack NetFlow collections, how many flow exporters are needed per network device in the flexible NetFlow configuration?

A. 1

B. 2

C. 4

D. 8

A

Answer:B

58
Q

Question 56
What NTP stratum level is a server that is connected directly to an authoritative time source?

A. Stratum 0

B. Stratum 1

C. Stratum 14

D. Stratum 15

A

Answer:B

59
Q

Question 57
Which two security features are available when implementing NTP? (Choose two)

A. encrypted authentication mechanism

B. clock offset authentication

C. broadcast association mode

D. access list based restriction scheme

E. symmetric server passwords

A

Answer:A D

Explanation

The time kept on a machine is a critical resource and it is strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time.The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.
Reference:https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html

60
Q

Question 58
Which two mechanisms are available to secure NTP? (Choose two)

A. IP prefix list-based

B. IPsec

C. TACACS-based authentication

D. IP access list-based

E. Encrypted authentication

A

Answer:D E

Explanation

The time kept on a machine is a critical resource and it is strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time.The two security features available are an access list-based restriction scheme and an encrypted authentication mechanism.
Reference:https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html

61
Q

Question 59
Why would a log file contain a * next to the date?

A. The network device is not configured to use NTP time stamps for logging.

B. The network device was unable to reach the NTP server when the log messages were recorded.

C. The network device is not configured to use NTP

D. The network device was receiving NTP time when the log messages were recorded

A

Answer:C

Explanation

If the system clock has not been set, the date and time are preceded by an asterisk (*) to indicate that the date and time are probably not correct.
Reference:https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
Moreover, when we use “show clock” on a brand-new router (which has not been configured anything), we see the clock is set to the default value with an asterisk mask.

Therefore we can deduce this device is not configured NTP.

62
Q

Question 60
A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing commands incorrectly? (Choose two)

A. Configure the logging synchronous global configuration command

B. Configure the logging delimiter feature

C. Configure the logging synchronous command under the vty

D. Press the TAB key to reprint the command in a new line

E. Increase the number of lines on the screen using the terminal length command

A

Answer:C D

Explanation

Although some Cisco webpages (likethis one) mentioned about “logging synchronous” command in global configuration mode, which means “Router(config)#logging synchronous”, but in fact we cannot use it under global configuration mode. We can only use this command in line mode. Therefore answer C is better than answer A.
Let’s see how the “logging synchronous” command affect the typing command:
Without this command, a message may pop up and you may not know what you typed if that message is too long. When trying to erase (backspace) your command, you realize you are erasing the message instead.

With this command enabled, when a message pops up you will be put to a new line with your typing command which is very nice:

63
Q

Question 61
Which action is performed by Link Management Protocol in a Cisco stackwise virtual domain?

A. It discovers the stackwise domain and brings up SVL interfaces

B. It rejects any unidirectional link traffic forwarding

C. It determines if the hardware is compatible to form the stackwise virtual domain

D. It determines which switch becomes active or standby

A

Answer:B

Explanation
The Link Management Protocol (LMP) performs the following functions:
+ Verifies link integrity by establishing bidirectional traffic forwarding, and rejects any unidirectional links
+ Exchanges periodic hellos to monitor and maintain the health of the links
+ Negotiates the version of StackWise Virtual header between the switches StackWise Virtual link role resolution
Reference:https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-9000/nb-06-cat-9k-stack-wp-cte-en.html

64
Q

Question 62
An engineer reviews a router’s logs and discovers the following entry. What is the event’s logging severity level?

Router# *Feb 03 11:13:44 334: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

A. error

B. notification

C. informational

D. warning

A

Answer:A

Explanation

Syslog levels are listed below:
Level
Keyword
Description
0
emergencies
System is unusable
1
alerts
Immediate action is needed
2
critical
Critical conditions exist
3
errors
Error conditions exist
4
warnings
Warning conditions exist
5
notification
Normal, but significant, conditions exist
6
informational
Informational messages
7
debugging
Debugging messages
Number “3” in “%LINK-3-UPDOWN” is the severity level of this message so in this case it is “errors”.

65
Q

Question 63
What does Call Admission Control require the client to send in order to reserve the bandwidth?

A. SIP flow information

B. Wi-Fi multimedia

C. traffic specification

D. VoIP media session awareness

A

Answer:C

Explanation

The application residing on Device 1 originates an RSVP message called Path, which is sent to the same destination IP address as the data flow for which a reservation is requested (that is, 10.60.60.60) and is sent with the “router alert” option turned on in the IP header.The Path message contains, among other things, the following objects:

–The “sender T-Spec” (traffic specification) object, which characterizes the data flow for which a reservation will be requested. The T-Spec basically defines the maximum IP bandwidth required for a call flow using a specific codec. The T-Spec is typically defined using values for the data flow’s average bit rate, peak rate, and burst size.
Reference:https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/9x/uc9x/cac.html

66
Q

Question 64
Refer to the exhibit.

monitor session 1 source vlan 10 -12 rx
monitor session 1 destination interface gigabitethernet0/1

An engineer must configure a SPAN session. What is the effect of the configuration?

A. Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1.

B. Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1.

C. Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1.

D. Traffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1.

A

Answer:D

67
Q

Question 65
Which feature must be configured to allow packet capture over Layer 3 infrastructure?

A. VSPAN

B. IPSPAN

C. RSPAN

D. ERSPAN

A

Answer:D

Explanation
Encapsulated remote SPAN (ERSPAN): encapsulated Remote SPAN (ERSPAN), as the name says, brings generic routing encapsulation (GRE) for all captured traffic and allows it to be extended across Layer 3 domains.

68
Q

Question 66
Which statement about an RSPAN session configuration is true?

A. A fitter must be configured for RSPAN Regions

B. Only one session can be configured at a time

C. A special VLAN type must be used as the RSPAN destination.

D. Only incoming traffic can be monitored

A

Answer:C

Explanation
The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches -> This VLAN can be considered a special VLAN type -> Answer C is correct.
Reference:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swspan.html
We can configure multiple RSPAN sessions on a switch at a time, then continue configuring multiple RSPAN sessions on the other switch without any problem -> Answer B is not correct.
This is how to configure Remote SPAN (RSPAN) feature on two switches. Traffic on FastEthernet0/1 of Switch 1 will be sent to Fa0/10 of Switch2 via VLAN 40.
+ Configure on both switches
Switch1,2(config)#vlan 40
Switch1,2(config-vlan)#remote-span
+ Configure on Switch1
Switch1(config)# monitor session 1 source interface FastEthernet 0/1
Switch1(config)# monitor session 1 destination remote vlan 40
+ Configure on Switch2
Switch2(config)#monitor session 5 source remote vlan 40
Switch2(config)# monitor session 5 destination interface FastEthernet 0/10

69
Q

Question 67
What is the primary effect of the spanning-tree portfast command?

A. It enables BPDU messages

B. It minimizes spanning-tree convergence time

C. It immediately puts the port into the forwarding state when the switch is reloaded

D. It immediately enables the port in the listening state

A

Answer:B

Explanation
The purpose of Port Fast is to minimize the time interfaces must wait for spanning-tree to converge, it is effective only when used on interfaces connected to end stations.
Reference:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html

ENCOR (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions