Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFv3. The networks that are advertised from Router A do not show up in Router B's routing table. After debugging IPv6 packets, the message "not a router" is found in the output. Why is the routing information not being learned by Router B?
A. OSPFv3 timers were adjusted for fast convergence.
B. The networks were not advertised properly under the OSPFv3 process.
C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A.
D. IPv6 unicast routing is not enabled on Router A or Router B.
Answer: D
Explanation:
show ipv6 traffic Field Descriptions
Field Description
source- Number of source-routed packets.
routed
truncated Number of truncated packets.
format Errors that can result from checks performed on header fields, errors the version number, and
packet length.
not a Message sent when IPv6 unicast routing is not enabled.
router
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_16.html
Q2. A network engineer is investigating the cause of a service disruption on a network segment and executes the debug condition interface fastethernet f0/0 command. In which situation is the debugging output generated?
A. when packets on the interface are received and the interface is operational
B. when packets on the interface are received and logging buffered is enabled
C. when packets on the interface are received and forwarded to a configured syslog server
D. when packets on the interface are received and the interface is shut down
Answer: A
Explanation:
Q3. A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?
A. router(config-if)#ip helper-address 172.20.14.225
B. router(config-if)#udp helper-address 172.20.14.225
C. router(config-if)#ip udp helper-address 172.20.14.225
D. router(config-if)#ip helper-address 172.20.14.225 69 53 49
Answer: A
Explanation:
To let a router forward broadcast packet the command ip helper-address can be used. The broadcasts will
be forwarded to the unicast address which is specified with the ip helper command.
ip helper-address {ip address}
When configuring the ip helper-address command, the following broadcast packets will be forwarded by
the router by default:
TFTP - UDP port 69
Domain Name System (DNS) UDP port 53
Time service - port 37
NetBIOS Name Server - port 137
NetBIOS Datagram Server - port 138
Bootstrap Protocol (BOOTP) - port 67
TACACS UDP port 49 Reference: http://www.cisco-faq.com/163/forward_udp_broadcas.html
Topic 6, Infrastructure Services
61. A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario?
A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO
B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO
Q4. Refer to the exhibit.
Which command only announces the 1.2.3.0/24 network out of FastEthernet 0/0?
A. distribute list 1 out
B. distribute list 1 out FastEthernet0/0
C. distribute list 2 out
D. distribute list 2 out FastEthernet0/0
Answer: D
Explanation:
Access list 2 is more specific, allowing only 1.2.3.0/24, whereas access list 1 permits all 1.0.0.0/8
networks. This question also asks us to apply this distribute list only to the outbound direction of the fast Ethernet 0/0 interface, so the correct command is "distribute list 2
out FastEthernet0/0."
Q5. You have been asked to evaluate how EIGRP is functioning in a customer network.
What type of route filtering is occurring on R6
A. Distribute-list using an ACL
B. Distribute-list using a prefix-list
C. Distribute-list using a route-map
D. An ACL using a distance of 255
Answer: A
Explanation:
Q6. A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?
A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP
Answer: D
Explanation:
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on
an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the
remote device. The CHAP packet requests or "challenges" the remote device to respond. The challenge
packet consists of an ID, a random number, and the host name of the local router. When the remote device
receives the challenge packet, it concatenates the ID, the remote device's password, and the random
number, and then encrypts all of it using the remote device's password. The remote device sends the
results back to the access server, along with the name associated with the password used in the
encryption process. When the access server receives the response, it uses the name it received to retrieve
a password stored in its user database. The retrieved password should be the same password the remote
device used in its encryption process. The access server then encrypts the concatenated information with
the newly retrieved password--if the result matches the result sent in the response packet, authentication
succeeds. The benefit of using CHAP authentication is that the remote device's password is never
transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access
to the ISP's network. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/
guide/fsecur_c/scfathen.ht ml
Q7. A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. router-advertisement
C. neighbor-solicitation
D. redirect
Answer: B
Explanation:
Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled
interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin
the process by generating a link-local address for the interface. It is formed by appending the interface
identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of
the link-local prefix. Before the link-local address can be assigned to the interface, the node performs the
Duplicate Address Detection mechanism to see if any other node is using the same link-local address on
the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative"
address and destination address as the solicited-node multicast address corresponding to this tentative
address. If a node responds with a Neighbor Advertisement message with tentative address as the target
address, the address is a duplicate address and must not be used. Hence, manual configuration is
required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local
address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The
autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The
routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.
The next phase involves obtaining Router Advertisements from routers if any routers are present on the
link. If no routers are present, a stateful configuration is required. If routers are present, the Router
Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global
unicast IPv6 address. Reference: https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/
ipv6-stateless- autoconfiguration
Q8. A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection?
A. secure copy protocol
B. core dumps
C. warm reloads
D. SNMP
E. NetFlow
Answer: B
Explanation:
When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a core
dump) to identify the cause of the crash. Core dumps are generally very useful to your technical support representative.
Four basic ways exist for setting up the router to generate a core dump:
Using Trivial File Transfer Protocol (TFTP)
Using File Transfer Protocol (FTP)
Using remote copy protocol (rcp)
Using a Flash disk Reference: http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/
tr19aa.html
Q9. Which NetFlow component is applied to an interface and collects information about flows?
A. flow monitor
B. flow exporter
C. flow sampler
D. flow collector
Answer: A
Explanation:
Flow monitors are the NetFlow component that is applied to interfaces to perform network
traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor
after you create the flow monitor. The flow monitor cache is automatically created at the time the flow
monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring
process based on the key and nonkey fields in the record, which is configured for the flow monitor and
stored in the flow monitor cache. Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/
reference/fnf_book/fnf_01.html#w p1314030
Q10. What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish?
router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
router (config)#access-list 101 permit ip any any
router (config)#interface fastEthernet 1/0
router (config-if)#ip access-group 101 in
A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.
B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.
D. It prevents private internal addresses to be accessed directly from outside.
Answer: C
Explanation:
The private IP address ranges defined in RFC 1918 are as follows:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
These IP addresses should never be allowed from external networks into a
corporate network as they would only be able to reach the network from the outside via routing problems or
if the IP addresses were spoofed. This ACL is used to prevent all packets with a spoofed reserved private
source IP address to enter the network. The log keyword also enables logging of this intrusion attempt.
Q11. Which statement is true about the PPP Session Phase of PPPoE?
A. PPP options are negotiated and authentication is not performed. Once the link setup is completed, PPPoE functions as a Layer 3 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
B. PPP options are not negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
C. PPP options are automatically enabled and authorization is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be encrypted over the PPP link within PPPoE headers.
D. PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
Answer: D
Explanation:
PPPoE is composed of two main phases:
Active Discovery Phase--In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
PPP Session Phase--In this phase, PPP options are negotiated and authentication is performed. Once the
link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn- cli/vpnpppoe.html
Q12. You have been asked to evaluate how EIGRP is functioning in a customer network.
Which key chain is being used for authentication of EIGRP adjacency between R4 and R2?
A. CISCO
B. EIGRP
C. key
D. MD5
Answer: A
Explanation: R4 and R2 configs are as shown below:
Clearly we see the actual key chain is named CISCO.
Q13. How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry?
A. by forwarding the packet
B. by dropping the packet
C. by creating a new FIB entry for the packet
D. by looking in the routing table for an alternate FIB entry
Answer: B
Explanation:
Q14. A company's corporate policy has been updated to require that stateless, 1-to-1, and IPv6 to IPv6 translations at the Internet edge are performed. What is the best solution to ensure compliance with this new policy?
A. NAT64
B. NAT44
C. NATv6
D. NPTv4
E. NPTv6
Answer: E
Explanation:
NPTv6 provides a mechanism to translate the private internal organization prefixes to public globally
reachable addresses. The translation mechanism is stateless and provides a 1:1 relationship between the internal addresses and external addresses. The use cases for NPTv6 outlined in the RFC include peering with partner networks, multi homing, and redundancy and load sharing.
Reference:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/August2012/Cisco_SBA_BN_IPv6AddressingGuide-Aug2012.pdf
Q15. A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?
A. Track the up/down state of a loopback interface and shut down this interface during maintenance.
B. Adjust the HSRP priority without the use of preemption.
C. Disable and enable all active interfaces on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.
Answer: A
Explanation:
The standby track command allows you to specify another interface on the router for the
HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the
specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with
higher priority can become the active router if that router has standby preempt enabled. Loopback
interfaces can be tracked, so when this interface is shut down the HSRP priority for that router will be
lowered and the other HSRP router will then become the active one. Reference: http://www.cisco.com/c/
en/us/support/docs/ip/hot-standby-router-protocol- hsrp/13780-6.html
Q16. CORRECT TEXT
JS Industries has expanded their business with the addition of their first remote office. The remote office router (R3) was previously configured and all corporate subnets were reachable from R3. JS Industries is interested in using route summarization along with the EIGRP Stub Routing feature to increase network stability while reducing the memory usage and bandwidth utilization to R3. Another network professional was tasked with implementing this solution. However, in the process of configuring EIGRP stub routing connectivity with the remote network devices off of R3 has been lost.
Currently EIGRP is configured on all routers R2, R3, and R4 in the network. Your task is to identify and resolve the cause of connectivity failure with the remote office router R3. Once the issue has been resolved you should complete the task by configuring route summarization only to the remote office router R3.
You have corrected the fault when pings from R2 to the R3 LAN interface are successful, and the R3 IP routing table only contains 2 10.0.0.0 subnets.
Answer: Here are the solution as below:
Explanation:
First we have to figure out why R3 and R4 can not communicate with each other. Use the show running-config command on router R3.
Notice that R3 is configured as a stub receive-only router. The receive-only keyword will restrict the router from sharing any of its routes with any other router in that EIGRP autonomous system. This keyword will also prevent any type of route from being sent. Therefore we will remove this command and replace it with the eigrp stub command:
R3# configure terminal
R3(config)# router eigrp 123
R3(config-router)# no eigrp stub receive-only
R3(config-router)# eigrp stub
R3(config-router)# end
Now R3 will send updates containing its connected and summary routes to other routers. Notice that the eigrp stub command equals to the eigrp stub connected summary because the connected and summary options are enabled by default. Next we will configure router R3 so that it has only 2 subnets of 10.0.0.0 network. Use the show ip route command on R3 to view its routing table:
Because we want the routing table of R3 only have 2 subnets so we have to summary sub-networks at the interface which is connected with R3, the s0/0 interface of R4.
There is one interesting thing about the output of the show ip route shown above: the 10.2.3.0/24, which is a directly connected network of R3. We can’t get rid of it in the routing table no matter what technique we use to summary the networks. Therefore, to make the routing table of R3 has only 2 subnets we have to summary other subnets into one subnet.
In the output if we don’t see the summary line (like 10.0.0.0/8 is a summary…) then we should use the command ip summary-address eigrp 123 10.2.0.0 255.255.0.0 so that all the ping can work well.
In conclusion, we will use the ip summary-address eigrp 123 10.2.0.0 255.255.0.0 at the interface s0/0 of R4 to summary.
R4> enable
R4# conf t
R4(config)# interface s0/0
R4(config-if)# ip summary-address eigrp 123 10.2.0.0 255.255.0.0
Now we jump back to R3 and use the show ip route command to verify the effect, the output is shown below:
Note: Please notice that the IP addresses and the subnet masks in your real exam might be different so you might use different ones to solve this question. Just for your information, notice that if you use another network than 10.0.0.0/8 to summary, for example, if you use the command ip summary-address eigrp 123 10.2.0.0 255.255.0.0 you will leave a /16 network in the output of the show ip route command.
But in your real exam, if you don’t see the line "10.0.0.0/8 is a summary, Null0" then you can summarize using the network 10.2.0.0/16. This summarization is better because all the pings can work well. Finally don’t forget to use the copy run start command on routers R3 and R4 to save the configurations. R3(config-if)# end R3# copy run start R4(config-if)# end R4# copy run start
If the “copy run start” command doesn’t work then use “write memory.”