Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A network engineer is trying to modify an existing active NAT configuration on an IOS router by using the following command:
(config)# no ip nat pool dynamic-nat-pool 192.1.1.20 192.1.1.254 netmask 255.255.255.0
Upon entering the command on the IOS router, the following message is seen on the console:
%Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy
What is the least impactful method that the engineer can use to modify the existing IP NAT configuration?
A. Clear the IP NAT translations using the clear ip nat traffic * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
B. Clear the IP NAT translations using the clear ip nat translation * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
C. Clear the IP NAT translations using the reload command on the router, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
D. Clear the IP NAT translations using the clear ip nat table * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
Answer: B
Explanation:
Q2. A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?
A. It enables receiving NTP broadcasts on the interface where the command was executed.
B. It enables receiving NTP broadcasts on all interfaces globally.
C. It enables a device to be an NTP peer to another device.
D. It enables a device to receive NTP broadcast and unicast packets.
Answer: A
Explanation:
The NTP service can be activated by entering any ntp command. When you use the ntp broadcast client
command, the NTP service is activated (if it has not already been activated) and the device is configured to receive NTP broadcast packets on a specified interface simultaneously.
Command Description
ntp broadcast Allows the system to receive NTP broadcast packets on an client interface.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850- cr-book/
bsm-xe-3se-3850-cr-book_chapter_00.html
Q3. Which switching method is used when entries are present in the output of the command show ip cache?
A. fast switching
B. process switching
C. Cisco Express Forwarding switching
D. cut-through packet switching
Answer: A
Explanation:
Fast switching allows higher throughput by switching a packet using a cache created by the initial packet
sent to a particular destination. Destination addresses are stored in the high-speed cache to expedite forwarding. Routers offer better packet-transfer performance when fast switching is enabled. Fast switching is enabled by default on all interfaces that support fast switching.
To display the routing table cache used to fast switch IP traffic, use the "show ip cache" EXEC command.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd5.ht
ml#wp1038133
Q4. Which type of BGP AS number is 64591?
A. a private AS number
B. a public AS number
C. a private 4-byte AS number
D. a public 4-byte AS number
Answer: A
Explanation:
Q5. An engineer executes the ip flow ingress command in interface configuration mode. What is the result of this action?
A. It enables the collection of IP flow samples arriving to the interface.
B. It enables the collection of IP flow samples leaving the interface.
C. It enables IP flow while disabling IP CEF on the interface.
D. It enables IP flow collection on the physical interface and its subinterfaces.
Answer: A
Explanation:
Q6. Refer to the following output:
Router#show ip nhrp detail
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
TypE. dynamic, Flags: authoritative unique nat registered used
NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server.
B. Data packets are process switches for this mapping entry.
C. NHRP mapping is for networks that are local to this router.
D. The mapping entry was created in response to an NHRP registration request.
E. The NHRP mapping entry cannot be overwritten.
Answer: A
Explanation:
Show NHRP: Examples
The following is sample output from the show ip nhrp command:
Router# show ip nhrp
10.0.0.2 255.255.255.255, tunnel 100 created 0:00:43 expire 1:59:16 Type: dynamic Flags: authoritative
NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11 10.0.0.1 255.255.255.255,
Tunnel0 created 0:10:03 expire 1:49:56 Type: static Flags: authoritative NBMA address: 10.1.1.2 The
fields in the sample display are as follows:
The IP address and its network mask in the IP-to-NBMA address cache. The mask is always
255.255.255.255 because Cisco does not support aggregation of NBMA information through NHRP.
The interface type and number and how long ago it was created (hours:minutes:seconds).
The time in which the positive and negative authoritative NBMA address will expire
(hours:minutes:seconds). This value is based on the ip nhrp holdtime
command.
Type of interface:
dynamic--NBMA address was obtained from the NHRP Request packet.
static--NBMA address was statically configured.
Flags:
authoritative--Indicates that the NHRP information was obtained from the Next Hop Server or router that
maintains the NBMA-to-IP address mapping for a particular destination. Reference: http://www.cisco.com/
c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
Q7. You have been asked to evaluate how EIGRP is functioning in a customer network.
Which key chain is being used for authentication of EIGRP adjacency between R4 and R2?
A. CISCO
B. EIGRP
C. key
D. MD5
Answer: A
Explanation: R4 and R2 configs are as shown below:
Clearly we see the actual key chain is named CISCO.
Q8. A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?
A. connectionless-oriented
B. service-oriented
C. connection-oriented
D. application-oriented
Answer: C
Explanation:
Configuration Examples for IP SLAs TCP Connect Operations The following example shows
how to configure a TCP Connection-oriented operation from Device B to the Telnet port (TCP port 23) of IP
Host 1 (IP address 10.0.0.1), as shown in the "TCP Connect Operation" figure in the "Information About
the IP SLAs TCP Connect Operation" section. The operation is scheduled to start immediately. In this
example, the control protocol is disabled on the source (Device B). IP SLAs uses the control protocol to
notify the IP SLAs responder to enable the target port temporarily. This action allows the responder to reply
to the TCP Connect operation. In this example, because the target is not a Cisco device and a well- known
TCP port is used, there is no need to send the control message. Device A (target device) Configuration
configure terminal ip sla responder tcp-connect ipaddress 10.0.0.1 port 23
Reference: http://
www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15- mt-book/ sla_tcp_conn.html
Q9. A router receives a routing advertisement for the same prefix and subnet from four different routing protocols. Which advertisement is installed in the routing table?
A. RIP
B. OSPF
C. iBGP
D. EIGRP
Answer: D
Explanation:
Q10. Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.)
A. IP address
B. routing table
C. forwarding table
D. access control lists
E. NetFlow configuration
Answer: A,B,C
Explanation:
A trunk interface can carry traffic for multiple EVNs. To simplify the configuration process, all
the subinterfaces and associated EVNs have the same IP address assigned. In other words, the trunk
interface is identified by the same IP address in different EVN contexts. This is accomplished as a result of
each EVN having a unique routing and forwarding table, thereby enabling support for overlapping IP
addresses across multiple EVNs. Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/evn/
configuration/xe-3sg/evn- overview.pdf
Q11. A network engineer is investigating the cause of a service disruption on a network segment and executes the debug condition interface fastethernet f0/0 command. In which situation is the debugging output generated?
A. when packets on the interface are received and the interface is operational
B. when packets on the interface are received and logging buffered is enabled
C. when packets on the interface are received and forwarded to a configured syslog server
D. when packets on the interface are received and the interface is shut down
Answer: A
Explanation:
Q12. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
Areas of Router 5 and 6 are not normal areas, inspect their routing tables and determine which statement is true?
A. R5's Loopback and R6's Loopback are both present in R5's Routing table
B. R5's Loopback and R6's Loopback are both present in R6's Routing table
C. Only R5's loopback is present in R5's Routing table
D. Only R6's loopback is present in R5's Routing table
E. Only R5's loopback is present in R6's Routing table
Answer: A
Explanation:
Topic 4, VPN Technologies
45. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Q13. PPPoE is composed of which two phases?
A. Active Authentication Phase and PPP Session Phase
B. Passive Discovery Phase and PPP Session Phase
C. Active Authorization Phase and PPP Session Phase
D. Active Discovery Phase and PPP Session Phase
Answer: D
Explanation:
PPPoE is composed of two main phases:
Active Discovery Phase--In this phase, the PPPoE client locates a PPPoE server, called an access
concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
PPP Session Phase--In this phase, PPP options are negotiated and authentication is performed. Once the
link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn- cli/vpn-pppoe.html
Topic 3, Layer 3 Technologies
20. Refer to the exhibit.
Which one statement is true?
A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.
B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.
C. The 10.0.0.0/8 network will not be in the routing table on Router B.
D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network.
E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Q14. How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry?
A. by forwarding the packet
B. by dropping the packet
C. by creating a new FIB entry for the packet
D. by looking in the routing table for an alternate FIB entry
Answer: B
Explanation:
Q15. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?
A. username
B. password
C. community-string
D. encryption-key
Answer: A
Explanation:
The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security
levels exits: "noAuthNoPriv" (no authentiation and no encryption noauth keyword in CLI),
"AuthNoPriv" (messages are authenticated but not encrypted auth keyword in CLI), "AuthPriv" (messages
are authenticated and encrypted priv keyword in CLI). SNMPv1 and SNMPv2 models only support the
"noAuthNoPriv" model since they use plain community string to match the incoming packets. The SNMPv3
implementations could be configured to use either of the models on per-group basis (in case if
"noAuthNoPriv" is configured, username serves as a replacement for community string). Reference: http://
blog.ine.com/2008/07/19/snmpv3-tutorial/
Q16. CORRECT TEXT
You are a network engineer with ROUTE.com, a small IT company. They have recently merged two organizations and now need to merge their networks as shown in the topology exhibit. One network is using OSPF as its IGP and the other is using EIGRP as its IGP. R4 has been added to the existing OSPF network to provide the interconnect between the OSPF and EIGRP networks. Two links have been added that will provide redundancy.
The network requirements state that you must be able to ping and telnet from loopback 101 on R1 to the OPSF domain test address of 172.16.1.100. All traffic must use the shortest path that provides the greatest bandwidth. The redundant paths from the OSPF network to the EIGRP network must be available in case of a link failure. No static or default routing is allowed in either network.
A previous network engineer has started the merger implementation and has successfully assigned and verified all IP addressing and basic IGP routing. You have been tasked with completing the implementation and ensuring that the network requirements are met. You may not remove or change any of the configuration commands currently on any of the routers. You may add new commands or change default values.
Answer: First we need to find out 5 parameters (Bandwidth, Delay, Reliability, Load, MTU) of the s0/0/0 interface (the interface of R2 connected to R4) for redistribution:
R2#show interface s0/0/0
Write down these 5 parameters, notice that we have to divide the Delay by 10 because the metric unit is in tens of microsecond. For example, we get Bandwidth=1544 Kbit, Delay=20000 us, Reliability=255, Load=1, MTU=1500 bytes then we would redistribute as follows:
R2#config terminal
R2(config)# router ospf 1
R2(config-router)# redistribute eigrp 100 metric-type 1 subnets
R2(config-router)#exit
R2(config-router)#router eigrp 100
R2(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500
Note: In fact, these parameters are just used for reference and we can use other parameters with
no problem.
If the delay is 20000us then we need to divide it by 10, that is 20000 / 10 = 2000)
For R3 we use the show interface fa0/0 to get 5 parameters too
R3#show interface fa0/0
For example we get Bandwidth=10000 Kbit, Delay=1000 us, Reliability=255, Load=1, MTU=1500 bytes
R3#config terminal
R3(config)#router ospf 1
R3(config-router)#redistribute eigrp 100 metric-type 1 subnets
R3(config)#exit
R3(config-router)#router eigrp 100
R3(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500
Finally you should try to “show ip route” to see the 172.16.100.1 network (the network behind R4)
in the routing table of R1 and make a ping from R1 to this network.
Note: If the link between R2 and R3 is FastEthernet link, we must put the command below under
EIGRP process to make traffic from R1 to go through R3 (R1 -> R2 -> R3 -> R4), which is better
than R1 -> R2 -> R4.
R2(config-router)# distance eigrp 90 105
This command sets the Administrative Distance of all EIGRP internal routes to 90 and all EIGRP external routes to 105, which is smaller than the Administrative Distance of OSPF (110) -> the link between R2 & R3 will be preferred to the serial link between R2 & R4. Note: The actual OPSF and EIGRP process numbers may change in the actual exam so be sure to use the actual correct values, but the overall solution is the same.