Study Guide Flashcards
Refer to the exhibit. A router receiving BGP routing updates from multiple neighbors for routers in AS 690. What is the reason that the router still sends traffic that is destined to AS 690 to a neighbor other than 10.222.10.1?
A. The local preference value in another neighbor statement is higher than 250.
B. The local preference value should be set to the same value as the weight in the route map.
C. The route map is applied in the wrong direction.
D. The weight value in another statement is higher than 200.
B. The local preference value should be set to the same value as the weight in the route map.
Look for “Same Value”
Which list defines the contents of an MPLS label?
A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 6 bit TTL
B. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
C. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
D. 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL.
Look for “20-bit label” and “traffic class”
A network engineer is investigating a flapping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output does not show the time of the flap.
Which command allows on the switch the time of the flap according to the clock on the device?
A. clock calendar-valid
B. service timestamps log datetime localtime show-timezone
C. service timestamps log uptime
D. clock summer-time mst recurring 2 Sunday mar 2:00 1 sunday rlov 2:00
B. service timestamps log datetime localtime show-timezone
Look for “service timestamps” and “localtime”
Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface.
The route has changed to flow through route R2.
Which debug command is used to troubleshoot this issue?
A. debug ip flow
B. debug ip sla error
C. debug ip routing
D. debug ip packet
C. debug ip routing
“ip routing” provides visibility of the route changes.
Refer to the exhibit. What is the result if applying this configuration?
R1# show policy-map control-plane
…
A. The router can form BGP neighborships with any other device.
B. The router can form BGP neighborships with any device that matched by the access list name “BGP”
C. The router cannot form BGP neighborships with any other device.
D. The router cannot form BGP neighborships with any device that is matched by the access list named “BGP”
A. The router can form BGP neighborships with any other device.
BGP is a indiscriminately promiscuous neighbor.
Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?
access-list 100 deny tcp any any eq 465
…
A. permit tcp port 465
B. permit tcp port 443
C. permit udp port 465
D. permit tcp port 22
B. permit tcp port 443
Secure web browser = HTTPS = SSL/TLS = port 443
Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total non-concurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?
R1# show running-config | section dhcp
…
A. Configure the DHCP lease time to a bigger value
B. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool.
C. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool.
D. Configure the DHCP lease time to a smaller value.
D. Configure the DHCP lease time to a smaller value.
There are only 200 available addresses for 300 users. Reduce the lease time to increase the chance of re-use in clients.
Look for “smaller”
Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?
All answers start with:
ipv6 access-list Deny_Telnet sequence deny tcp host 198A:0:200C::1/64 host 201:0:205C::1/64
A. eq telnet
int Gi0/0
ipv6 traffic-filter Deny_Telnet in
B. eq telnet
int Gi0/0
ipv6 access-map Deny_Telnet in
C. int Gi0/0
ipv6 access-map Deny_Telnet in
D. int Gi0/0
ipv6 traffic-filter Deny_Telnet in
A. ipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 eq telnet
int Gi0/0
ipv6 traffic-filter Deny_Telnet in
Look for “eq” and “traffic-filter”
What statement about route distinguishers in an MPLS network is true?
A. Route distinguishers make a unique VPNv4 address across the MPLS network.
B. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
C. Route distinguishers are used for label bindings.
D. Route distinguishers define which prefixes are imported and exported on the edge router.
A. Route distinguishers make a unique VPNv4 address across the MPLS network.
The “unique” answer
Refer to the exhibit. Which control plan policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is higher rate?
Cat8850-Stack-2# show policy-map
…
A. policy-map SHAPE_BGP
B. policy-map LIMIT_BGP
C. policy-map POLICE_BGP
D. policy-map COPP
D. policy-map COPP
COPPs enforce the speed limit (1 Mbps)
Refer to the exhibit. What does the imp-null tag represent in the MPLS vpn cloud?
Router# show tag-switching tdp bindings
…
A. include the EXP bit
B. exclude the EXP bit
C. impose the label
D. pop the label
D. Pop the label
Pop means “remove the top MPLS label.” Pop the label!
When provisioning a device in Cisco DNA Center, the engineer sees the error message “Cannot select the device. Not compatible with template.” What is the reason for the error?
A. The software version of the template is different from the software version of the device.
B. The changes to the template were not committed.
C. The template has an incorrect configuration.
D. The tag that was used to filter the templates does not match the device tag.
D. The tag that was used to filter the templates does not match the device tag.
Look for “device tag”
Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing.
Which two actions resolve the issue? (Choose two)
A. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
B. Remove the crypto isakmp key cisco address 10.01.1.1 on R2 and R3.
C. Change the mode from mode transport to mode tunnel on R2.
D. Configure the mode from mode tunnel to mode transport on R3.
E. Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.
A and D.
A. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
D. Configure the mode from mode tunnel to mode transport on R3.
Look for “0.0.0.0” and “mode transport”
Which configuration enables the VRF that is labeled “inet” on FastEthernet0/0?
A. R1(config)# ip vrf inet
R1(config-vrf)# ip vrf FastEthernet0/0
B. R1(config)# ip vrf inet FastEthernet0/0
C. R1(config)# ip vrf inet
R1(config-vrf)# interface FastEthernet0/0
R1(config-if)# ip vrf forwarding inet
D. R1(config)# router ospf 1 vrf inet
R1(config-router)# ip vrf forwarding FastEthernet0/0
C. R1(config)# ip vrf inet
R1(config-vrf)# interface FastEthernet0/0
R1(config-if)# ip vrf forwarding inet
It is the longest answer, at three lines.
Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber? A. Interface-dispoint B. Shared risk link group-disjoint C. Linecard-disjoint D. Lowest-repair-path-metric
B. Shared risk link group-disjoint.
Longest answer.
While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading?
A. The device has lost connectivity to Cisco DNA Center.
B. The software image for the device is in bundle mode.
C. The software image for the device is in install mode.
D. The devie must be resynced to Cisco DNA Center.
C. The software image for the device is in install mode.
When a device is in Install Mode, Cisco DNA Center is unable to upload its software image.
Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?
A. Multi-paths eibgp 2
B. Maximum-paths ibgp 2
C. Multi-paths 2
D. Maximum-paths 2
B. Maximum-paths ibgp 2
Look for “ibgp”
Categorize the MPLS VPN concepts with the descriptions:
Concept:
- route distinguisher
- route target
- Resource Reservation Protocol
- multiprotocol BGP
Description:
- propagates VPN reachability information
- distributes labels for traffic engineering
- uniquely identifies a customer prefix
- controls the import/export of customer prefixes
Propagates VPN reachability information = multiprotocol BGP.
Distributes labels for traffic engineering = Resource Reservation Protocol.
Uniquely identifies a customer prefix = Route distinguisher.
Controls the import/export of customer prefixes = Route target.
Categorize the address to the correct IPv6 filter purpose:
Address:
permit ip 2001:D8B:800:200c::/117
2001:0DBB:800:2010::/64 eq 443
permit ip 2001:D88:800:200C::e/126
2001:0DBB:700:2010::/64 eq 514
permit ip 2001:D8B:800:200C::c/126
2001:0DBB:800:2010::/64 eq 123
IPv6 filter purpose:
Permit NTP from the source
2001:0D8B:0800:200C::1F
Permit syslog from the source
2001:0D88:0800:200C::1C
Permit HTTP from this source
2001:0D8B:0800:200C:0FFF
Permit HTTPS from this source
2001:0D8B:0800:200C:07FF
Permit NTP = eq 123
Permit syslog = eq 514
Permit HTTP = eq 80
Permit HTTPS = eq 443
This question is testing knowledge of port numbers. All the IPv6 is a distraction.
Which security feature can protect DMVPN tunnels? A. IPsec B. TACACS+ C. RTBH D. RADIUS
A. IPSec
The only tunnel OSS uses, IPSec.
Which command displays the IP routing table information that is associated with VRF-Lite?
A. Show ip vrf
B. Show ip route vrf
C. Show run vrf
D. Show ip protocols vrf
B. Show ip route vrf
Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in.
Which action ensures that debug messages are displayed for remote logins?
R1(config)# do show running-config | section line|username
A. Enter the transport input ssh configuration command.
B. Enter the terminal monitor exec command.
C. Enter the logging console debugging configuration command.
D. Enter the aaa new-model configuration command.
C. Enter the logging console debugging configuration command.
Longest answer.
Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table by using the configuration that is shown.
The route is till present in the routing table as an OSPF route. Which action blocks the route?
Router# show access-lists
…
A. Add this statement to the route map route-map RM-OSPF-DL deny 20.
B. Use a prefix list instead of an access list in the route map.
C. Change sequence 10 in the route-map command from permit to deny.
D. Use an extended access list instead of a standard access list.
C. Change sequence 10 in the route-map command from permit to deny.
Deny 192.168.2.2 instead of permitting it.
Refer to the xhibit. Which interface configuration must be configured on the spoke A router to enable a dynamic DMVPN tunnel with the spoke B router?
All answers start with:
interface tunnel0
ip address 10.0.0.11 255.255.255.0
A. tunnel source 10.0.0.1
B. tunnel source FastEthernet 0/0
C. tunnel source 1.1.1.10
D. tunnel source 10.0.0.1
B. tunnel source FastEthernet0/0
The only answer with an interface as a tunnel source. The rest have IP addresses.