Study Guide Flashcards
Refer to the exhibit. A router receiving BGP routing updates from multiple neighbors for routers in AS 690. What is the reason that the router still sends traffic that is destined to AS 690 to a neighbor other than 10.222.10.1?
A. The local preference value in another neighbor statement is higher than 250.
B. The local preference value should be set to the same value as the weight in the route map.
C. The route map is applied in the wrong direction.
D. The weight value in another statement is higher than 200.
B. The local preference value should be set to the same value as the weight in the route map.
Look for “Same Value”
Which list defines the contents of an MPLS label?
A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 6 bit TTL
B. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
C. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
D. 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL.
Look for “20-bit label” and “traffic class”
A network engineer is investigating a flapping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output does not show the time of the flap.
Which command allows on the switch the time of the flap according to the clock on the device?
A. clock calendar-valid
B. service timestamps log datetime localtime show-timezone
C. service timestamps log uptime
D. clock summer-time mst recurring 2 Sunday mar 2:00 1 sunday rlov 2:00
B. service timestamps log datetime localtime show-timezone
Look for “service timestamps” and “localtime”
Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface.
The route has changed to flow through route R2.
Which debug command is used to troubleshoot this issue?
A. debug ip flow
B. debug ip sla error
C. debug ip routing
D. debug ip packet
C. debug ip routing
“ip routing” provides visibility of the route changes.
Refer to the exhibit. What is the result if applying this configuration?
R1# show policy-map control-plane
…
A. The router can form BGP neighborships with any other device.
B. The router can form BGP neighborships with any device that matched by the access list name “BGP”
C. The router cannot form BGP neighborships with any other device.
D. The router cannot form BGP neighborships with any device that is matched by the access list named “BGP”
A. The router can form BGP neighborships with any other device.
BGP is a indiscriminately promiscuous neighbor.
Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem?
access-list 100 deny tcp any any eq 465
…
A. permit tcp port 465
B. permit tcp port 443
C. permit udp port 465
D. permit tcp port 22
B. permit tcp port 443
Secure web browser = HTTPS = SSL/TLS = port 443
Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total non-concurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action fixes the issue within the current resources?
R1# show running-config | section dhcp
…
A. Configure the DHCP lease time to a bigger value
B. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool.
C. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool.
D. Configure the DHCP lease time to a smaller value.
D. Configure the DHCP lease time to a smaller value.
There are only 200 available addresses for 300 users. Reduce the lease time to increase the chance of re-use in clients.
Look for “smaller”
Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?
All answers start with:
ipv6 access-list Deny_Telnet sequence deny tcp host 198A:0:200C::1/64 host 201:0:205C::1/64
A. eq telnet
int Gi0/0
ipv6 traffic-filter Deny_Telnet in
B. eq telnet
int Gi0/0
ipv6 access-map Deny_Telnet in
C. int Gi0/0
ipv6 access-map Deny_Telnet in
D. int Gi0/0
ipv6 traffic-filter Deny_Telnet in
A. ipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 eq telnet
int Gi0/0
ipv6 traffic-filter Deny_Telnet in
Look for “eq” and “traffic-filter”
What statement about route distinguishers in an MPLS network is true?
A. Route distinguishers make a unique VPNv4 address across the MPLS network.
B. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
C. Route distinguishers are used for label bindings.
D. Route distinguishers define which prefixes are imported and exported on the edge router.
A. Route distinguishers make a unique VPNv4 address across the MPLS network.
The “unique” answer
Refer to the exhibit. Which control plan policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is higher rate?
Cat8850-Stack-2# show policy-map
…
A. policy-map SHAPE_BGP
B. policy-map LIMIT_BGP
C. policy-map POLICE_BGP
D. policy-map COPP
D. policy-map COPP
COPPs enforce the speed limit (1 Mbps)
Refer to the exhibit. What does the imp-null tag represent in the MPLS vpn cloud?
Router# show tag-switching tdp bindings
…
A. include the EXP bit
B. exclude the EXP bit
C. impose the label
D. pop the label
D. Pop the label
Pop means “remove the top MPLS label.” Pop the label!
When provisioning a device in Cisco DNA Center, the engineer sees the error message “Cannot select the device. Not compatible with template.” What is the reason for the error?
A. The software version of the template is different from the software version of the device.
B. The changes to the template were not committed.
C. The template has an incorrect configuration.
D. The tag that was used to filter the templates does not match the device tag.
D. The tag that was used to filter the templates does not match the device tag.
Look for “device tag”
Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing.
Which two actions resolve the issue? (Choose two)
A. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
B. Remove the crypto isakmp key cisco address 10.01.1.1 on R2 and R3.
C. Change the mode from mode transport to mode tunnel on R2.
D. Configure the mode from mode tunnel to mode transport on R3.
E. Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.
A and D.
A. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
D. Configure the mode from mode tunnel to mode transport on R3.
Look for “0.0.0.0” and “mode transport”
Which configuration enables the VRF that is labeled “inet” on FastEthernet0/0?
A. R1(config)# ip vrf inet
R1(config-vrf)# ip vrf FastEthernet0/0
B. R1(config)# ip vrf inet FastEthernet0/0
C. R1(config)# ip vrf inet
R1(config-vrf)# interface FastEthernet0/0
R1(config-if)# ip vrf forwarding inet
D. R1(config)# router ospf 1 vrf inet
R1(config-router)# ip vrf forwarding FastEthernet0/0
C. R1(config)# ip vrf inet
R1(config-vrf)# interface FastEthernet0/0
R1(config-if)# ip vrf forwarding inet
It is the longest answer, at three lines.
Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber? A. Interface-dispoint B. Shared risk link group-disjoint C. Linecard-disjoint D. Lowest-repair-path-metric
B. Shared risk link group-disjoint.
Longest answer.
While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading?
A. The device has lost connectivity to Cisco DNA Center.
B. The software image for the device is in bundle mode.
C. The software image for the device is in install mode.
D. The devie must be resynced to Cisco DNA Center.
C. The software image for the device is in install mode.
When a device is in Install Mode, Cisco DNA Center is unable to upload its software image.
Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?
A. Multi-paths eibgp 2
B. Maximum-paths ibgp 2
C. Multi-paths 2
D. Maximum-paths 2
B. Maximum-paths ibgp 2
Look for “ibgp”
Categorize the MPLS VPN concepts with the descriptions:
Concept:
- route distinguisher
- route target
- Resource Reservation Protocol
- multiprotocol BGP
Description:
- propagates VPN reachability information
- distributes labels for traffic engineering
- uniquely identifies a customer prefix
- controls the import/export of customer prefixes
Propagates VPN reachability information = multiprotocol BGP.
Distributes labels for traffic engineering = Resource Reservation Protocol.
Uniquely identifies a customer prefix = Route distinguisher.
Controls the import/export of customer prefixes = Route target.
Categorize the address to the correct IPv6 filter purpose:
Address:
permit ip 2001:D8B:800:200c::/117
2001:0DBB:800:2010::/64 eq 443
permit ip 2001:D88:800:200C::e/126
2001:0DBB:700:2010::/64 eq 514
permit ip 2001:D8B:800:200C::c/126
2001:0DBB:800:2010::/64 eq 123
IPv6 filter purpose:
Permit NTP from the source
2001:0D8B:0800:200C::1F
Permit syslog from the source
2001:0D88:0800:200C::1C
Permit HTTP from this source
2001:0D8B:0800:200C:0FFF
Permit HTTPS from this source
2001:0D8B:0800:200C:07FF
Permit NTP = eq 123
Permit syslog = eq 514
Permit HTTP = eq 80
Permit HTTPS = eq 443
This question is testing knowledge of port numbers. All the IPv6 is a distraction.
Which security feature can protect DMVPN tunnels? A. IPsec B. TACACS+ C. RTBH D. RADIUS
A. IPSec
The only tunnel OSS uses, IPSec.
Which command displays the IP routing table information that is associated with VRF-Lite?
A. Show ip vrf
B. Show ip route vrf
C. Show run vrf
D. Show ip protocols vrf
B. Show ip route vrf
Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in.
Which action ensures that debug messages are displayed for remote logins?
R1(config)# do show running-config | section line|username
A. Enter the transport input ssh configuration command.
B. Enter the terminal monitor exec command.
C. Enter the logging console debugging configuration command.
D. Enter the aaa new-model configuration command.
C. Enter the logging console debugging configuration command.
Longest answer.
Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table by using the configuration that is shown.
The route is till present in the routing table as an OSPF route. Which action blocks the route?
Router# show access-lists
…
A. Add this statement to the route map route-map RM-OSPF-DL deny 20.
B. Use a prefix list instead of an access list in the route map.
C. Change sequence 10 in the route-map command from permit to deny.
D. Use an extended access list instead of a standard access list.
C. Change sequence 10 in the route-map command from permit to deny.
Deny 192.168.2.2 instead of permitting it.
Refer to the xhibit. Which interface configuration must be configured on the spoke A router to enable a dynamic DMVPN tunnel with the spoke B router?
All answers start with:
interface tunnel0
ip address 10.0.0.11 255.255.255.0
A. tunnel source 10.0.0.1
B. tunnel source FastEthernet 0/0
C. tunnel source 1.1.1.10
D. tunnel source 10.0.0.1
B. tunnel source FastEthernet0/0
The only answer with an interface as a tunnel source. The rest have IP addresses.
Which statement about MPLS LDP router ID is true?
A. The force keyword changes the router ID to the specific address causing any impact.
B. The loopback with the highest IP address is selected as the router ID.
C. If not configured, the operational physical interface is chosen as the router ID even if a loopback is configured.
D. If MPLS LDP router ID must match the IGP router ID.
B. The loopback with the highest IP address is selected as the router ID.
Which statement about IPv6 RA Guard is true?
A. It does not offer protection in environments where IPv6 traffic is tunneled.
B. It cannot be configured on a switch port interface in the ingress direction.
C. Packets that are dropped by IPv6 RA Guard cannot be spanned.
D. It is not supported in hardware when TCAM is programmed.
A. It does not offer protection in environments where IPv6 traffic is tunneled.
An engineer is trying to copy an IOS file from one router to another router by using TFTP. Which two actions are needed to allow the file to copy? (Choose two).
A. Configure the TFTP authentication on the source router with tftp-server authentication local command.
B. Configure a user on the source router with the username tftp password tftp command.
C. Enable the TFTP server on the source router with the tftp-server flash: command.
D. TFTP is not supported in recent IOS versions, so an alternative method must be used.
E. Copy the file to the destination router with the copy trftp: flash: command.
C and E.
C. Enable the TFTP server on the source router with the tftp-server flash: command.
E. Copy the file to the destination router with the copy tftp: flash: command.
Pick both the answers with “flash:” in it.
Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters office? (Choose two)
A. DMVPN B. MPLS VPN C. Virtual Tunnel Interface (VTI) D. SSL VPN E. PPPoE
A and C.
A. DMVPN
C. Virtual Tunnel Interface (VTI)
Which protocol is used in a DMVPN network to map logical IP address to physical IP address?
A. BGP
B. LLDP
C. EIGRP
D. NHRP
D. NHRP
Next Hop Resolution Protocol.
Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel interface on the hub, to support multiple connections from multiple spoke devices?
A. DMVPN
B. GETVPN
C. Cisco Easy VPN
D. FlexVPN
A. DMVPN
Dynamic Multipoint VPN supports multipoint tunnels.
Which option is the best for protecting CPU utilization on a device?
A. fragmentation
B. COPP
C. ICMP redirects
D. ICMP unreachable message
B. COPP
CoPP = Control Plane Policing
Which transport layer protocol is used to form LDP sessions?
A. UDP
B. SCTP
C. TCP
D. RDP
C. TCP
LDP requires reliable transport, hence TCP over UDP.
R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:
ip prefix-list test seq 5 permit 192.168.130.0/24
route-map OUT permit 10
match ip address prefix-list test
set as-path prepend 6500
What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1) by using the neighbor 1.1.1.1 route-map OUR out command?
A. R1 sees 192.168.130.0/24 as two hops away instead of one AS hop away.
B. R1 does not forward traffic that is destined for 192.168.130.0/24.
C. Network 192.168.130.0/24 is not allowed in the R1 table.
D. R1 does not accept any route other than 192.168.130.0/24.
A. R1 sees 192.168.130.0/24 as two hops away instead of one AS hop away.
Look for “two hops”
Refer to the exhibit. Network operations cannot read or write a configuration on the device with this configuration from the operation subnet. Which two configuration fix the issue? (Choose two).
snmp-server community ciscotest 1
snmp-server host 192.168.1.128 ciscotest
snmp-server enable traps bgp
A. Configure SNMP rw permission in addition to the community ciscotest.
B. Modify access list 1 and allow operations subnet in the access list.
C. Modify SNMP rw permissions in addition to version 1.
D. Configure SNMP rw permission in addition to version 1.
E. Configure SNMP rw permissions in addition to community ciscotest 1.
A and B.
A. Configure SNMP rw permission in addition to community ciscotest.
B. Modify access list 1 and allow operations subnet in the access list.
Choose the answers not ending in “1”
Refer to the exhibit. The output of the trace route from R5 shows a loop in the network. Which configuration prevents this loop?
A. R3 - route-map SET-TAG permit 10
R4 - route-map FILTER-TAG deny 10
R4 - route-map FILTER-TAG permit 20
B. R3 - route-map SET-TAG permit 10
C. R3 - route-map SET_TAG permit 10
R4 - route-map FILTER-TAG deny 10
D. R3 - route-map SET-TAG deny 10
R4 - route-map FILTER-TAG deny 10
A. R3 - route-map SET-TAG permit 10
R4 - route-map FILTER-TAG deny 10
R4 - route-map FILTER-TAG permit 20
Pick the only answer with three route-maps.
Match the packet with the description:
Packet:
- data plane packets
- control plane packets
- management plane packets
- services plane packets
Description:
- User-generated packets that are always forwarded by network devices to other end-station devices.
- Network device generated or received packets that are used for the creation of the network itself.
- Network device generated or received packets that are used to operate the network.
- User-generated packets that are forwarded by network devices to other end-station devices, but that require higher priority than the normal traffic by the network devices.
User-generated packets that are always forwarded by network devices to other end-station devices = data plane packets.
Network device generated or received packets that are used for the creation of the network itself = control plane packets.
Network device generated or received packets that are used to operate the network = management plane packets.
User-generated packets that are forwarded by network devices to other end-station devices, but that require higher priority than the normal traffic by the network devices = services plane packets.
Categorize the SNMP attribute as SNMPv2c or SNMPv3:
- community string
- username and password
- authentication
- no encryption
- privileged
- read-only
SNMPv2c
- community string
- no encryption
- read-only
SNMPv3
- username and password
- authentication
- privileged
Which SNMP verification command shows the encryption and authentication protocols that are used in SNMPv3?
A. show snmp group
B. show snmp user
C. show snmp
D. show snmp view
B. show snmp user
For SNMPv3, show snmp user displays the encryption.
What is the role of a route distinguisher via a VRF-Lite setup implementation?
A. It extends the IP address to identify which VFP instance it belongs to.
B. It manages the import and export of routes between two or more VRF instances.
C. It enables multicast distribution for VRF-Lite setups to enhance EGP routing protocol capabilities.
D. It enables multicast distribution for VRF-Lite setups to enhance IGP routing protocol capabilities.
A. It extends the IP address to identify which VFP instance it belongs to.
Route Distinguishers prefix an IP address to make it unique.
Refer to the following output:
Router# show ip nhrp detail
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
TypE. dynamic, Flags: authoritative unique nat registered used
NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server.
B. Data packets are process switches for this mapping entry.
C. NHRP mapping is for networks that are local to this router.
D. The mapping entry was created in response to an NHRP registration request.
E. The NHRP mapping entry cannot be overwritten.
A. It was obtained directly from the next-hop server.
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route reflector learns the route to 182.16.25.0/24 from R1, but it does not advertise to R3. What is the reason the route is not advertised?
A. Route reflector setup requires full BGP mesh between the routers.
B. In route reflector setup, only classification prefixes are advertised from one client to another.
C. In route reflector setup, only classful prefixes are advertised to other clients.
D. R2 does not have a route to the next hop, so R2 does not advertise the prefix to the clients.
D. R2 does not have a route to the next hop, so R2 does not advertise the prefix to the clients.
Look for the only answer identifying a node (R2).
Which method changes the forwarding decision that a router makes first changing the routing table or influencing the IP data plane?
A. Policy-based routing
B. Nonbroadcast multi-access
C. Packet switching
D. Forwarding information base
A. Policy-based routing
Pick the only answer with “routing” for this routing table question.
Refer to the exhibit. Which subnet is redistributed from EIGRP to OSPF routing protocols?
A. 10.2.2.0/24
B. 10.1.4.0/24
C. 10.1.2.0/24
D. 10.2.3.0/26
A. 10.2.2.0/24
Refer to the exhibit. An engineer is trying to redistribute OSPF to BGP, but not all of the routes are redistributed. What is the reason for this issue?
sh ip route ospf
…
A. By default, only internal OSPF routes are redistributed into BGP.
B. By default, only internal routers and external type 1 routes are redistributed into BGP.
C. BGP convergence is slow, so the route will eventually be present in the BGP table.
D. Only classful networks are redistributed from OSPF to BGP.
A. By default, only internal OSPF routes are redistributed into BGP.
Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in DMWN. Which two commands are missing? (Choose two).
A. The ip ngrp redirect command is missing on the spoke routers.
B. The ip nhrp shortcut command is missing on the spoke routers.
C. The ip nhrp redirect command is missing on the hub router.
D. The ip nhrp shortcut commands is missing on the hub router.
E. The ip nhrp command is missing on the hub router.
B and C.
B. The ip nhrp shortcut command is missing on the spoke routers.
C. The ip nhrp redirect command is missing on the hub router.
“Shortcut” + “Spoke” (SS)
leaving
“Redirect” + “Hub”
Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that is sourced from the 192.168.130.0/24 network to R2?
All answers start with:
access-list 1 permit 192.168.130.0 0.0.0.255
A. interface Gi0/2
set ip next-hop 170.20.20.2
B. interface Gi0/1
set ip next-hop 172.20.40.2
C. Gi0/2
set ip next-hop 172.20.20.1
D. Gi0/1
set ip next-hop 172.20.40.1
D. Gi0/1
set ip next-hop 172.20.40.1
Select the only answer with “40.1”
Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used?
A. NHRP
B. IPsec
C. MP-BGP
D. OSPF
A. NHRP
Next Hop Resolution Protocol maps tunnel addresses to physical.
Which two protocols can cause TCP starvation? (Choose two).
A. TFTP B. SNMP C. SMTP D. HTTPS E. FTP
A and B.
A. TFTP
B. SNMP
UDP protocols (SNMP and TFTP) will “starve” out TCP ones.
Which two statements about VRF-Lite configurations are true? (Choose two).
A. They support he exchange of MPLS labels.
B. Different customers can have overlapping IP addresses on different VPNs.
C. They support a maximum of 512,000 routes.
D. Each customer has its own dedicated TCAM resources.
E. Each customer has its own private routing table.
F. They support IS-IS.
B and E.
B. Different customers can have overlapping IP addresses on different VPNs.
E. Each customer has its own private routing table.
A network engineer needs to verify IP SLA operations on an interface that shows an indication of excessive traffic. Which command should the engineer use to complete this action?
A. show frequency
B. show track
C. show reachability
D. show threshold
B. show track
Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network 10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary route missing?
Router# show ip route
…
A. The summary route is not visible on this router, but it is visible on other OSPF routers in the same area.
B. The summary-address command is used only for summary prefixes between areas.
C. The summary route is visible only in the OSPF database not in the routing table.
D. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated.
D. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated.
Refer to the exhibit. Why is user authentication being rejected?
TAC+: TCP/IP open to 171.68.118.101/49 failed
…
A. The TACACS+ server expects “user” but the NT client sends “domain\user”
B. The TACASC+ server refuses the user because the user is set up for CHAP.
C. The TACACS+ server is down and the user is in the local database.
D. The TACACS+ server is down and the user is not in the local database.
D. The TACACS+ server is down and the user is not in the local database.
Which statement about IPv6 inspection is true?
A. It learns and secures binding for stateless autoconfiguration addresses in Layer 3 neighbor tables.
B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
D. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.
B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
Look for “stateless” and “Layer 2”
Refer to the xhibit. After redistribution is enabled between the routing protocols; PC2, PC3, and PC4 cannot reach PC1.
Which action can the engineer take to solve the issue so that all the PCs are reachable?
A. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.
B. Set the administrative distance 100 under the process on R2.
C. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP.
D. Redistribute the directly connected interfaces on R2.
A. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.
Look for “OSPF”
An engineer configured the wrong default gateway for the Cisco DNA center enterprise interface during the install.
Which command must the engineer run to correct the configuration?
A. Sudo update config install
B. Sudo maglev reinstall
C. Sudo maglev-config update
D. Sudo maglev install config update
C. Sudo maglev-config update
Look for the hyphen.
Refer to the exhibit. An engineer configures a static route on a router, but when the engineer checks the route to the destination, a different next hop is chosen. What is the reason for this?
Router# show running-config | include ip route
…
A. The configured AD for the static route is higher than the AD of OSPF.
B. The metric of the OSPF route is lower than the metric of the static route.
C. Dynamic routing protocol always have priority over static routes.
D. The syntax of the staic route is not valid so the route is not considered.
A. The configured AD for the static route is higher than the AD of OSPF.
Look for “AD”
Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the clock on the device does not correspond to the time stamp of the log entries.
Which action ensures consistency between the two times?
Jun 28 14:41:57: %BGP-5-ADJCHANGE: neighbor 192.168.2.2 Down User reset
…
A. Configure the logging clock synchronize command in global configuration mode
B. Configure the service timestamps log uptime command in global configuration mode
C. Configure the service timestamps log datetime localtime command in global configuration mode
D. Make sure that the clock on the device is synchronized with an NTP server.
C. Configure the service timestamps log datetime localtime command in global configuration mode.
Select the longest answer.
Refer to the exhibit. ISP 1 and ISP 2 directly connect to the internet.
A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IP SLA tracking output on the router console.
Which command is missing from the IP SLA configuration.
A. Start-time now
B. Start-time 00:00
C. Start-time 0
D. Start-time immediately
A. Start-time now
Required to actually begin IP SLA traffic. Golan was great at not doing that and wondering why he has no IP SLA stats.
Refer to the exhibit. Users in the branch network of 2001:DB8:0:4::/64 report that they cannot access the Internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this issue?
A. Issue the eigrp stub command on R1.
B. Issue the no neighbor stub command on R2.
C. Issue the eigrp command on R2.
D. Issue the no eigrp stub command on R2.
B. Issue the no neighbor stub command on R2.
Which protocol does VRF-Lite support?
A. IS-IS
B. ODR
C. EIGRP
D. IGRP
C. EIGRP
The only relevant routing protocol on the list.
Refer to the exhibit. Which statement about redistribution from BGP into OSPF process 10 is true?
A. Network 172.16.1.0/24 is not redistributed into OSPF.
B. Network 10.10.10.0/24 is not redistributed into OSPF.
C. Network 172.16.1.0/24 is redistributed with administrative distance of 1.
D. Network 10.10.10.0/24 is redistributed with administrative distance of 20.
A. Network 172.16.1.0/24 is not redistributed into OSPF.
Look for “172” and “OSPF”
Which two statements about redistributing EIGRP into OSPF are true? (Choose two)
A. The redistributed EIGRP routes appear as type 3 LSAs in the OSPF database.
B. The redistributed EIGRP routes appear as type 5 LSAs in the OSPF database.
C. The administrative distance of the redistributed routes is 170.
D. The redistributed EIGRP routes appear as OSPF external type 1.
E. The redistributed EIGRP routes are placed into an OSPF area whose area ID matches the EIGRP autonomous system number.
F. The redistributed EIGRP routes appear as OSPF external type 2 routes in the routing table.
B and F.
B. The redistributed EIGRP routes appear as type 5 LSAs in the OSPF database.
F. The redistributed EIGRP routes appear as OSPF external type 2 routes in the routing table.
Look for types “2” and “5”
Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and find the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device?
R1# show ip ssh
%Please create RSA keys to enable SSH
A. crypto key generate rsa
B. ip ssh enable
C. no ip ssh disable
D. ip ssh version 2
A. crypto key generate rsa
What is a prerequisite for configuring BFD?
A. All routers in the path between two BFD endpoints must have BFD enabled.
B. Jumbo frame support must be configured on the router that is using BFD.
C. Cisco Express Forwarding must be enabled on all participating BFD endpoints.
D. To use BFD with BGP, the timers 3 9 command must first be configured in the BGP routing process.
C. Cisco Express Forwarding must be enabled on all participating BFD endpoints.
Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+
Which action products the desired configuration?
A. Add the aaa authentication login default group tacacs+ local-case command to the global configuration.
B. Add the login authentication Console command to the line configuration.
C. Replace the capital “C” with a lowercase “c” in the aaa authentication login Console local command.
D. Add the aaa authentication login default none command to the global configuration.
B. Add the login authentication Console command to the line configuration.
Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock.
What is the reason for this error?
A. The keyword localtime is defined on the timestamp service command.
B The NTP server is in a different time zone.
C. An authentication error with the NTP server results in an incorrect timestamp.
D. The system clock is est incorrectly to summer-time hours.
A. The keyword localtime is definted on the timestamp service command.
Look for “localtime”
Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family configuration?
A. Router# ospf3 1 address-family ipv4
B. Router(config-router)# ospfv3 1 ipv4 area 0
C. Router(config-router)# ospfv3 3 1
D. Router# ospfv3 1 address-family ipv4 unicast
B. Router(config-router)# ospfv3 1 ipv3 area 0
Look for “area 0”
While troubleshooting connectivity issues to a router, these details are noticed:
- Standard pings to all router interfaces, including loopbacks, are successful.
- Data traffic is unaffected.
- SNMP connectivity is intermittent.
- SSH disconnects frequently.
Which command must be configured first to troubleshoot this issue?
A. Show policy-map control-plane
B. Show policy-map
C. Show interface inc drop
D. Show ip route
A. Show policy-map control-plane
Longest answer.
Refer to the exhibit. Which statement about R1 is true?
R1(config)# route-map ADD permit 20
R1(config-route-map)# set tag 1
…
A. OSPF redistributes RIP routes only if they have a tag of one
B. RIP learned routes are distributed to OSPF with a tag value of one.
C. R1 adds one to the metric for RIP learned routes before redistributing to OSPF.
D. RIP routes are redistributed to OSPF without any changes.
B. RIP learned routes are distributed to OSPF with a tag value of one.
Only answer using “distributed” rather than “redistributed”
Refer to the exhibit. Which routes from OSPF process 5 are redistributed into EIGRP?
router eigrp 1
redistribute ospf 5 match external route-map OSPF-TO-EIGRP
A. E1 and E2 subnets matching access list TO-OSPF.
B. E1 and E2 subnets matching prefix list TO-OSPF.
C. Only E2 subnets matching access list TO-OSPF
D. Only E1 subnets matching prefix list TO-OSPF
A. E1 and E2 subnets matching access list TO-OSPF.
Look for “E1 and E2” and “Access List”
Users were moved from the local DHCP server to the remote corporate DHCP server. After the move, none of the users were able to use the network.
Which two issues will prevent this setup from working properly? (Choose two)
A. Auto-QoS is blocking DHCP traffic.
B. The DHCP server IP address configuration is missing locally.
C. 802.1X is blocking DHCP traffic.
D. The broadcast domain is too large for proper DHCP propagation.
E. The route to the new DHCP server is missing.
B and E.
B. The DHCP server IP address configuration is missing locally.
E. The route to the new DHCP server is missing.
Look for “IP address” and “Route.”
Pair the MPLS term with the definition:
MPLS Term:
- PE
- P
- CE
- LSP
Description:
- Device that forwards traffic based on labels
- Path that the labeled packet takes
- Device that is unaware of MPLS labeling
- Device that removes and adds the MPLS labeling
Device that forwards traffic based on labels = P.
Path that the labeled packet takes = LSP.
Device that is unaware of MPLS labeling = CE.
Device that removes and adds the MPLS labeling = PE.
Pair the OSPF adjacency states to the description:
OSPF Adjacency:
- Init
- 2-way
- Down
- Exchange
- ExStart
- Loading
Description
- Each router compares the DBD packets that were received from the other router.
- Routers exchange information with other routers in the multiaccess network.
- The neighboring router requests the other routers to send missing entries.
- The network has already elected a DR and a backup BDR.
- The OSPF router ID of the receiving router was not contained in the hello message.
- No hellos have been received from a neighbor router.
Each router compares the DBD packets that were received from the other router = Exchange.
Routers exchange information with other routers in the multiaccess network = 2-way.
The neighboring router requests the other routers to send missing entries = Loading.
The network has already elected a DR and a backup BDR = ExStart.
The OSPF router ID of the receiving router was not contained in the hello message = Init.
No hellos have been received from aneighbor router = Down.
Pair the DHCP messages with the correct uses:
DHCP message:
- DHCPACK
- DHCPINFORM
- DHCPNAK
- DHCPDECLINE
Use:
- Server-to-client communication, refusing the request for configuration parameters.
- Client-to-server communication, indicating that he network address is already in use.
- Server-to-client communication with configuration parameters, including committed network address.
- Client-to-server communication, asking for only local configuration parameters that he client has already externally configured as an address.
Server-to-client communication, refusing the request for configuration parameters = DHCPACK.
Client-to-server communication, indicating that the network address is already in use = DHCPDECLINE.
Server-to-client communication with configuration parameters, including committed network address = DHCPNAK.
Client-to-server communication, asking for only local configuration parameters that he client has already externally configured as an address = DHCPINFORM.
Server-to-Clients are ACK and NAK.
What is the output of the following command:
show ip vrf
A. Shows default RD values.
B. Displays IP routing table information associated with a VRF.
C. Shows routing protocol information associated with aVRF.
D. Displays the ARP table (static and dynamic entries) in the specified VRF.
A. Shows the default RD values.
Look for “RD”
Which command is used to check IP SLA when an interface is suspected to receive lots of traffic with options?
A. show track
B. show threshold
C. show timer
D. show delay
A. show track
Refer to the xhibit. In which circumstance does the BGP neighbor remain in the idle condition?
R200# show ip bgp summary
…
A. If prefixes are not received from the BGP peer.
B. If prefixes reach the maximum limit.
C. If a prefix list is applied on the inbound direction.
D. If prefixes exceed the maximum limit.
D. If prefixes exceed the maximum limit
Look for “exceed”
Refer to the xhibit. Why is the remote NetFlow server failing to receive the NetFlow data?
config t
flow record v4_r1
…
A. The flow exporter is configured but is not used.
B. The flow monitor is applied in the wrong direction.
C. The flow monitor is applied to the wrong interface.
D. The destination of the flow exporter is not reachable.
A. The flow exporter is configured but is not used.
Look for “not used.”
Refer to the exhibit. An engineer is trying to get 192.168.32.100 forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action forwards the packets through 10.1.1.1?
router# show ip route
…
A. Configure EIGRP to receive 192.168.32.0 route with lower admin distance.
B. Configure EIGRP to receive 192.168.32.0 route with longer prefix than /19.
C. Configure EIGRP to receive 192.168.32.0 route with lower metric.
D. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24.
D. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24.
Look for “/24,” my favorite subnet mask.
What is a limitaion of IPv6 RA Guard?
A. It is not supported in hardware when TCAM is programmed.
B. It does not offer protection in environments where IPv6 traffic is tunneled.
C. It cannot be configured on a switch port interface in the ingress direction.
D. Packets that are dropped by IPv6 RA Guard cannot be spanned.
B. It does not offer protection in environments where IPv6 traffic is tunneled.
One of two questions stressing that RA Guard can’t guard anything in a tunnel.
Refer to the xhibit. An IP SLA is configured to use the backup default route when the primary is down, but it is not working as desired. Which command fixes the issue?
R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1
A. ip route 0.0.0.0 0.0.0.0 2.2.2.2 10 track 1
B. ip route 0.0.0.0 0.0.0.0 2.2.2.2
C. ip sla track 1
D. ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1
D. ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1
Look for “1.1.1.1”
Which label operations are performed by a label edge router?
A. SWAP and POP
B. SWAP and PUSH
C. PUSH and PHP
D. PUSH and POP
D. PUSH and POP
Push-pops!
Refer to the xhibit. A junior engineer updated a branch router configuration. Immediately after the change, the engineer receives calls from the help desk that branch personnel cannot reach any network destinations. Which configuration restores service and continues to block 10.1.1.100/32?
BRANCH-RTR#
…
A. route-map FILTER-IN deny 5
B. ip prefix-list 102 seq 15 permit 0.0.0.0/32 le 32
C. ip prefix-list 102 seq 5 permit 0.0.0.0/32 le 32
D. route-map FILTER-IN permit 20
`C. ip prefix-list 102 seq permit 0.0.0.0/32 le 32
Look for “seq 5”
An engineer configured a leak-map command to summarize EIGRP routes and advertise specifically loopback 0 with an IP of 10.1.1.1 255.255.255.252 along with the summary route.
After finishing onfiguration, the customer complained not receiving summary route with specific loopback address.
Which two configurations will fix it? (Choose two)
router eigrp 1
…
A. Configure access-list 1 permit 10.1.1.0 0.0.0.3
B. Configure access-list 1 permit 10.1.1.1 0.0.0.252
C. Configure access-list 1 and match under route-map Leak-Route.
D. Configure route-map LEak-Route permit 10 and match access-list 1.
E. Configure route-map Leak-Route permit 20.
B and D.
B. Configure access-list 1 permit 10.1.1.1 0.0.0.252.
D. Configure route-map Leak-Route permit 10 and match access list 1.
Refer to the xhibit. An engineer is monitoring reachability of the configured default routes to ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved?
ip sla 100
…
A. Use the icmp-echo command to track both default routes.
B. Use the same AD for both default routes.
C. Start IP SLA by matching numbers for track and ip sla commands.
D. Start IP SLA by defining frequency and scheduling it.
D. Start IP SLA by defining frequency and scheduling it.
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used as a transit AS router for several service providers. Which configuration ensures that the branch router in AS 45123 advertises only the local networks to all SP neighbors?
A. ip as-path access list 1 permit ^45123
B. ip as-path access-list 1 permit.*
C. ip as-path access-list 1 permit ^45123$
D. ip as-path access-list permit ^$
B. ip as-path access-list 1 permit .*
Look for the wildcard *
Refer to the exhibit. Redistribution is enabled between the routing protocols, and now PC2, PC3, and PC4 cannot reach PC1. What are the two solutions to fix the problem? (Choose two).
A. Filter RIP routes back into RIP when redistributing into RIP in R2.
B. Filter OSPF routes into RIP from EIGRP when redistributing RIP in R2.
C. Filter all routes and except RIP routes when redistributing into EIGRP in R2.
D. Filter RIP and OSPF routes back into OSPF from EIGRP when redistributing into OSPF in R2.
E. Filter all routes except EIGRP routes when redistributing into OSPF in R3.
A and B.
A. Filter RIP routes back into RIP wen redistributing into RIP in R2.
B. Filter OSPF routes into RIP from EIGRP when redistributing into RIP in R2.
Do not select any answer with “all” or “and”
Refer to the exhibit. A company is evaluating multiple network managemnt system tools. Trending graphs generated by SNMP data are returned by the NMS and appear to have multiple gaps. While troubleshooting the issue, and engineer noticed the relevant output. What solves the gaps in the graphs?
R1# show policy-map control-plane
A. Remove the exceed-rate command in the class map. B. Remove the clapp map NMS from being part of control plan policing. C. Configure the CIT rate to a lower value that accommodates all the NMS tools. D. Separate the NMS class map in multiple class maps based on the specific protocols with appropriate CoPP actions.
D. Separtae the NMS class map in multiple class maps based on the specific protocols with appropriate CoPP actions.
Longest answer.
What is the role of route distinguishers in an MPLS network?
A. Route distinguishers define which prefixes are imported and exported on the edge router.
B. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
C. Route distinguishers are used for label bindings.
D. Route distinguishers make a unique VPNv4 address across the MPLS network.
D. Route distinguishers make a unique VPNv4 address across the MPLS network.
Select the only answer with “MPLS” for this MPLS network question.
Refer to the exhibit. AA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server. Which action resolves this issue?
Global RADIUS shared secred: *****
authentication: 1814
accounting: 1813
A. Match the authentication port.
B. Match the accounting port.
C. Correct the timeout value.
D. Correct the shared secret.
A. Match the authentication port.
Authentication should be port 1812, not 1814. Overture of 1812.
Refer to the exhibit. The network administrator configured VRF lite for customer A. The technician at the remote site misconfigured VRF on the router. Which configuration will resolve connectivity for both sites of customer a?
ip vrf customer_a
rd 1:1
…
A. rd 1:1
route-target export 1:2
route-target import 1:2
B. rd 1:1
route-target import 1:1
route-target export 1:2
C. rd 1:2
route-target both 1:2
D. rd 1:2
route-target both 1:1
B. rd 1:1
route-target import 1:1
route-target export 1:2
What is a function of IPv6 ND inspection?
A. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.
D. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbord tables.
B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
Look for “Stateless” and “Layer 2”
Categorize the operation with being perfomed on either the Label Switch Router or the the Label Edge Router:
- Assigns labels to unlabeled packets.
- Handles traffic between multiple VPNs
- Reads the labels and forwards the packet based on the labels.
- Performs penultimate hop popping.
Label Switch Router:
- Reads the labels and forwards the packet based on the labels.
- Performs penultimate hop popping.
Label Edge Router
- Assigns labels to unlabeled packets.
- Handles traffic between multiple VPNs
Refer to the exhibit.
aaa new-model
aaa authentication login default none
aaa authentication login telnet local
…
Categorize the credentials to the vty:
Credential:
- no password
- ocsic
- no username
- LetMeIn
- cisco
- LetMeIn
VTY:
- VTY 0 username
- VTY 0 password
- VTY 1 username
- VTY 1 password
VTY 0 username - no username.
VTY 0 password - LetMeIn.
VTY 1 username - cisco.
VTY 1 password - ocsic.
