Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A network engineer is notified that several employees are experiencing network performance related issues, and bandwidth-intensive applications are identified as the root cause. In order to identify which specific type of traffic is causing this slowness, information such as the source/destination IP and Layer 4 port numbers is required. Which feature should the engineer use to gather the required information?
A. SNMP
B. Cisco IOS EEM
C. NetFlow
D. Syslog
E. WCCP
Answer: C
Explanation:
NetFlow Flows Key Fields
A network flow is identified as a unidirectional stream of packets between a given source and destination--
both are defined by a network-layer IP address and
transport-layer source and destination port numbers. Specifically, a flow is identified as the combination of
the following key fields:
Source IP address
Destination IP address
Source Layer 4 port number
Destination Layer 4 port number
Layer 3 protocol type
Type of service (ToS)
Input logical interface Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-4t/
cfg-nflow- data-expt.html
Q2. Which NetFlow component is applied to an interface and collects information about flows?
A. flow monitor
B. flow exporter
C. flow sampler
D. flow collector
Answer: A
Explanation:
Flow monitors are the NetFlow component that is applied to interfaces to perform network
traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor
after you create the flow monitor. The flow monitor cache is automatically created at the time the flow
monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring
process based on the key and nonkey fields in the record, which is configured for the flow monitor and
stored in the flow monitor cache. Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/
reference/fnf_book/fnf_01.html#w p1314030
Q3. A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?
A. connectionless-oriented
B. service-oriented
C. connection-oriented
D. application-oriented
Answer: C
Explanation:
Configuration Examples for IP SLAs TCP Connect Operations The following example shows
how to configure a TCP Connection-oriented operation from Device B to the Telnet port (TCP port 23) of IP
Host 1 (IP address 10.0.0.1), as shown in the "TCP Connect Operation" figure in the "Information About
the IP SLAs TCP Connect Operation" section. The operation is scheduled to start immediately. In this
example, the control protocol is disabled on the source (Device B). IP SLAs uses the control protocol to
notify the IP SLAs responder to enable the target port temporarily. This action allows the responder to reply
to the TCP Connect operation. In this example, because the target is not a Cisco device and a well- known
TCP port is used, there is no need to send the control message. Device A (target device) Configuration
configure terminal ip sla responder tcp-connect ipaddress 10.0.0.1 port 23
Reference: http://
www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15- mt-book/ sla_tcp_conn.html
Q4. A network engineer executes the “ipv6 flowset” command. What is the result?
A. Flow-label marking in 1280-byte or larger packets is enabled.
B. Flow-set marking in 1280-byte or larger packets is enabled.
C. IPv6 PMTU is enabled on the router.
D. IPv6 flow control is enabled on the router.
Answer: A
Explanation:
Enabling Flow-Label Marking in Packets that Originate from the Device This feature allows the device to
track destinations to which the device has sent packets that
are 1280 bytes or larger.
SUMMARY STEPS
1.enable
2.configure terminal
3.ipv6 flowset
4.exit
5.clear ipv6 mtu
DETAILED STEPS
Command or Action Purpose
Step 1 enable Enables privileged EXEC mode.
Enter your password if prompted.
Example:
Device> enable
Step 2 configure terminal Enters global configuration mode.
Example:
Device# configure
terminal
Step 3 ipv6 flowset Configures flow-label marking in 1280-byte or larger packets sent by the device.
Example:
Device# configure
terminal
Step 3 ipv6 flowset Configures flow-label marking in 1280-byte or larger packets sent by the device.
Example:
Device(config)# ipv6
flowset
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/15- mt/ip6b-15-mtbook/ip6-mtu-path-disc.html
Q5. After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this information, what do you conclude about these IPv6 addresses?
A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device.
B. The addresses were misconfigured and will not function as intended.
C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast.
D. The IPv6 universal/local flag (bit 7) was flipped.
E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled.
Answer: A
Explanation:
Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-
Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the
need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained
through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI
(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted
between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which
can only appear in EUI-64 generated from the an EUI-48 MAC address. Here is an example showing how
a the Mac Address is used to generate EUI.
Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally
administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally
unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses
has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address
is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.
Once the above is done, we have a fully functional EUI-64 format address.
Reference: https://
supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address
Q6. What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish?
router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
router (config)#access-list 101 permit ip any any
router (config)#interface fastEthernet 1/0
router (config-if)#ip access-group 101 in
A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.
B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.
D. It prevents private internal addresses to be accessed directly from outside.
Answer: C
Explanation:
The private IP address ranges defined in RFC 1918 are as follows:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
These IP addresses should never be allowed from external networks into a
corporate network as they would only be able to reach the network from the outside via routing problems or
if the IP addresses were spoofed. This ACL is used to prevent all packets with a spoofed reserved private
source IP address to enter the network. The log keyword also enables logging of this intrusion attempt.
Q7. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
How many times was SPF algorithm executed on R4 for Area 1?
A. 1
B. 5
C. 9
D. 20
E. 54
F. 224
Answer: C
Explanation:
Q8. Refer to the exhibit.
Based on this FIB table, which statement is correct?
A. There is no default gateway.
B. The IP address of the router on FastEthernet is 209.168.201.1.
C. The gateway of last resort is 192.168.201.1.
D. The router will listen for all multicast traffic.
Answer: C
Explanation:
The 0.0.0.0/0 route is the default route and is listed as the first CEF entry. Here we see the next hop for this default route lists 192.168.201.1 as the default router (gateway of last resort).
Q9. A network engineer is trying to modify an existing active NAT configuration on an IOS router by using the following command:
(config)# no ip nat pool dynamic-nat-pool 192.1.1.20 192.1.1.254 netmask 255.255.255.0
Upon entering the command on the IOS router, the following message is seen on the console:
%Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy
What is the least impactful method that the engineer can use to modify the existing IP NAT configuration?
A. Clear the IP NAT translations using the clear ip nat traffic * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
B. Clear the IP NAT translations using the clear ip nat translation * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
C. Clear the IP NAT translations using the reload command on the router, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
D. Clear the IP NAT translations using the clear ip nat table * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.
Answer: B
Explanation:
Q10. Refer to the following configuration command.
router (config-line)# ntp master 10
Which statement about this command is true?
A. The router acts as an authoritative NTP clock and allows only 10 NTP client connections.
B. The router acts as an authoritative NTP clock at stratum 10.
C. The router acts as an authoritative NTP clock with a priority number of 10.
D. The router acts as an authoritative NTP clock for 10 minutes only.
Answer: B
Explanation:
Q11. Refer to the exhibit. The command is executed while configuring a point-to-multipoint Frame Relay interface. Which type of IPv6 address is portrayed in the exhibit?
A. link-local
B. site-local
C. global
D. multicast
Answer: A
Explanation:
Q12. A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?
A. router(config-if)#ip helper-address 172.20.14.225
B. router(config-if)#udp helper-address 172.20.14.225
C. router(config-if)#ip udp helper-address 172.20.14.225
D. router(config-if)#ip helper-address 172.20.14.225 69 53 49
Answer: A
Explanation:
To let a router forward broadcast packet the command ip helper-address can be used. The broadcasts will
be forwarded to the unicast address which is specified with the ip helper command.
ip helper-address {ip address}
When configuring the ip helper-address command, the following broadcast packets will be forwarded by
the router by default:
TFTP - UDP port 69
Domain Name System (DNS) UDP port 53
Time service - port 37
NetBIOS Name Server - port 137
NetBIOS Datagram Server - port 138
Bootstrap Protocol (BOOTP) - port 67
TACACS UDP port 49 Reference: http://www.cisco-faq.com/163/forward_udp_broadcas.html
Topic 6, Infrastructure Services
61. A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario?
A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO
B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO
Q13. A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection?
A. secure copy protocol
B. core dumps
C. warm reloads
D. SNMP
E. NetFlow
Answer: B
Explanation:
When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a core
dump) to identify the cause of the crash. Core dumps are generally very useful to your technical support representative.
Four basic ways exist for setting up the router to generate a core dump:
Using Trivial File Transfer Protocol (TFTP)
Using File Transfer Protocol (FTP)
Using remote copy protocol (rcp)
Using a Flash disk Reference: http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/
tr19aa.html
Q14. A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output? (Choose three.)
A. inbound crypto map
B. remaining key lifetime
C. path MTU
D. tagged packets
E. untagged packets
F. invalid identity packets
Answer: A,B,C
Explanation:
show crypto ipsec sa This command shows IPsec SAs built between peers. The encrypted
tunnel is built between 12.1.1.1 and 12.1.1.2 for traffic that goes between networks 20.1.1.0 and 10.1.1.0.
You can see the two Encapsulating Security Payload (ESP) SAs built inbound and outbound.
Authentication Header (AH) is not used since there are
no AH SAs.
This output shows an example of the show crypto ipsec sa command (bolded ones found in answers for
this question).
interface: FastEthernet0
Crypto map tag: test, local addr. 12.1.1.1
local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port):
(10.1.1.0/255.255.255.0/0/0) current_peer: 12.1.1.2
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918 #pkts decaps: 7760382, #pkts
decrypt: 7760382, #pkts verify 7760382 #pkts compressed:
0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0,
#pkts decompress failed: 0, #send errors 1, #recv errors 0 local crypto endpt.: 12.1.1.1, remote crypto
endpt.: 12.1.1.2 path mtu 1500, media mtu 1500
current outbound spi: 3D3
inbound esp sas:
spi: 0x136A010F(325714191)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3442, flow_id: 1443, crypto map: test sa timing: remaining key lifetime (k/sec):
(4608000/52) IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
inbound pcp sas:
outbound esp sas:
spi: 0x3D3(979)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3443, flow_id: 1444, crypto map: test sa timing: remaining key lifetime (k/sec):
(4608000/52) IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/5409-
ipsec-debug-00.html
Q15. CORRECT TEXT
ROUTE.com is a small IT corporation that has an existing enterprise network that is running IPv6 0SPFv3. Currently OSPF is configured on all routers. However, R4's loopback address (FEC0:4:4) cannot be seen in R1's IPv6 routing table. You are tasked with identifying the cause of this fault and implementing the needed corrective actions that uses OPSF features and does not change the current area assignments. You will know that you have corrected the fault when R4's loopback address (FEC0:4:4) can be seen in RTs IPv6 routing table.
Special Note: To gain the maximum number of points you must remove all incorrect or unneeded configuration statements related to this issue.
Answer: Here is the solution below:
Explanation:
To troubleshoot the problem, first issue the show running-config on all of 4 routers. Pay more attention to the outputs of routers R2 and R3 The output of the "show running-config" command of R2:
The output of the "show running-config" command of R3:
We knew that all areas in an Open Shortest Path First (OSPF) autonomous system must be physically connected to the backbone area (Area 0). In some cases, where this is not possible, we can use a virtual link to connect to the backbone through a non-backbone area. The area through which you configure the virtual link is known as a transit area. In this case, the area 11 will become the transit area. Therefore, routers R2 and R3 must be configured with the area <area id> virtual-link <neighbor router-id>command. + Configure virtual link on R2 (from the first output above, we learned that the OSPF process ID of R2 is 1):
R2>enable
R2#configure terminal
R2(config)#ipv6 router ospf 1
R2(config-rtr)#area 11 virtual-link 3.3.3.3
Save the configuration:
R2(config-rtr)#end
R2#copy running-config startup-config
(Notice that we have to use neighbor router-id 3.3.3.3, not R2's router-id 2.2.2.2) + Configure virtual link on R3 (from the second output above, we learned that the OSPF process ID of R3 is 1 and we have to disable the wrong configuration of "area 54 virtual-link 4.4.4.4"):
R3>enable
R3#configure terminal
R3(config)#ipv6 router ospf 1
R3(config-rtr)#no area 54 virtual-link 4.4.4.4
R3(config-rtr)#area 11 virtual-link 2.2.2.2
Save the configuration:
R3(config-rtr)#end
R3#copy running-config startup-config
You should check the configuration of R4, too. Make sure to remove the incorrect configuration statements to get the full points.
R4(config)#ipv6 router ospf 1
R4(config-router)#no area 54 virtual-link 3.3.3.3
R4(config-router)#end
After finishing the configuration doesn’t forget to ping between R1 and R4 to make sure they work.
Note. If you want to check the routing information, use the show ipv6 route command, not "show ip route".
Q16. An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?
A. Cisco Express Forwarding has not been configured globally.
B. NetFlow output has been filtered by default.
C. Flow Export version 9 is in use.
D. The command ip flow-capture fragment-offset has been enabled.
Answer: A
Explanation:
We came across a recent issue where a user setup a router for NetFlow export but was unable to see the
OUT traffic for the interfaces in NetFlow Analyzer. Every NetFlow configuration aspect was checked and
nothing incorrect was found. That is when we noticed the `no ip cef' command on the router. CEF was
enabled at the global level and within seconds, NetFlow Analyzer started showing OUT traffic for the
interfaces. This is why this topic is about Cisco Express Forwarding.
What is switching?
A Router must make decisions about where to forward the packets passing through. This decision-making
process is called "switching". Switching is what a router does when it makes the following decisions:
1.Whether to forward or not forward the packets after checking that the destination for the packet is
reachable.
2.If the destination is reachable, what is the next hop of the router and which interface will the router use to
get to that destination.
What is CEF?
CEF is one of the available switching options for Cisco routers. Based on the routing table, CEF creates its
own table, called the Forwarding Information Base (FIB). The FIB is organized differently than the routing
table and CEF uses the FIB to decide which interface to send traffic from. CEF offers the following
benefits:
1.Better performance than fast-switching (the default) and takes less CPU to perform the same task.
2.When enabled, allows for advanced features like NBAR
3.Overall, CEF can switch traffic faster than route-caching using fast-switching
How to enable CEF?
CEF is disabled by default on all routers except the 7xxx series routers. Enabling and Disabling CEF is
easy. To enable CEF, go into global configuration mode and
enter the CEF command.
Router# config t
Router(config)# ip cef
Router(config)#
To disable CEF, simply use the `no' form of the command, ie. `no ip cef`.
Why CEF Needed when enabling NetFlow ?
CEF is a prerequisite to enable NetFlow on the router interfaces. CEF decides through which interface
traffic is exiting the router. Any NetFlow analyzer product will calculate the OUT traffic for an interface
based on the Destination Interface value present in the NetFlow packets exported from the router. If the
CEF is disabled on the router, the NetFlow packets exported from the router will have "Destination
interface" as "null" and this leads NetFlow Analyzer to show no OUT traffic for the interfaces. Without
enabling the CEF on the router, the NetFlow packets did not mark the destination interfaces and so
NetFlow Analyzer was not able to show the OUT traffic for the interfaces. Reference: https://
blogs.manageengine.com/network-2/netflowanalyzer/2010/05/19/need-for-cef- in-netflow-data-export.html