Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which statement about dual stack is true?
A. Dual stack translates IPv6 addresses to IPv4 addresses.
B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel.
C. Dual stack translates IPv4 addresses to IPv6 addresses.
D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically.
Answer: B
Explanation:
Q2. A network engineer notices that transmission rates of senders of TCP traffic sharply increase and decrease simultaneously during periods of congestion. Which condition causes this?
A. global synchronization
B. tail drop
C. random early detection
D. queue management algorithm
Answer: A
Explanation:
TCP global synchronization in computer networks can happen to TCP/IP flows during periods of
congestion because each sender will reduce their transmission rate at the same time when packet loss
occurs. Routers on the Internet normally have packet queues, to allow them to hold packets when the
network is busy, rather than discarding them. Because routers have limited resources, the size of these
queues is also limited. The simplest technique to limit queue size is known as tail drop. The queue is
allowed to fill to its maximum size, and then any new packets are simply discarded, until there is space in
the queue again. This causes problems when used on TCP/IP routers handling multiple TCP streams,
especially when bursty traffic is present. While the network is stable, the queue is constantly full, and there
are no problems except that the full queue results in high latency. However, the introduction of a sudden
burst of traffic may cause large numbers of established, steady streams to lose packets simultaneously.
Reference: http://en.wikipedia.org/wiki/TCP_global_synchronization
Q3. Which three problems result from application mixing of UDP and TCP streams within a network with no QoS? (Choose three.)
A. starvation
B. jitter
C. latency
D. windowing
E. lower throughput
Answer: A,C,E
Explanation:
It is a general best practice not to mix TCP-based traffic with UDP-based traffic (especially
streaming video) within a single service provider class due to the behaviors of these protocols during
periods of congestion. Specifically, TCP transmitters will throttle-back flows when drops have been
detected. Although some UDP applications have application-level windowing, flow control, and
retransmission capabilities, most UDP transmitters are completely oblivious to drops and thus never lower
transmission rates due to dropping. When TCP flows are combined with UDP flows in a single service
provider class and the class experiences congestion, then TCP flows will continually lower their rates,
potentially giving up their bandwidth to drop-oblivious UDP flows. This effect is called TCP-starvation/
UDP-dominance. This can increase latency and lower the overall throughput. TCP-starvation/UDPdominance
likely occurs if (TCP-based) mission-critical data is assigned to the same service provider class
as (UDP-based) streaming video and the class experiences sustained congestion. Even if WRED is
enabled on the service provider class, the same behavior would be observed, as WRED (for the most part)
only affects TCP-based flows. Granted, it is not always possible to separate TCP-based flows from UDPbased
flows, but it is beneficial to be aware of this behavior when making such application-mixing
decisions. Reference: http://www.cisco.com/warp/public/cc/so/neso/vpn/vpnsp/spqsd_wp.htm
Q4. Refer to the exhibit. The network setup is running the RIP routing protocol. Which two events will occur following link failure between R2 and R3? (Choose two.)
A. R2 will advertise network 192.168.2.0/27 with a hop count of 16 to R1.
B. R2 will not send any advertisements and will remove route 192.168.2.0/27 from its routing table.
C. R1 will reply to R2 with the advertisement for network 192.168.2.0/27 with a hop count of 16.
D. After communication fails and after the hold-down timer expires, R1 will remove the 192.168.2.0/27 route from its routing table.
E. R3 will not accept any further updates from R2, due to the split-horizon loop prevention mechanism.
Answer: A,C
Explanation:
Q5. Which method allows IPv4 and IPv6 to work together without requiring both to be used for a single connection during the migration process?
A. dual-stack method
B. 6to4 tunneling
C. GRE tunneling
D. NAT-PT
Answer: A
Explanation:
Dual stack means that devices are able to run IPv4 and IPv6 in parallel. It allows hosts to simultaneously
reach IPv4 and IPv6 content, so it offers a very flexible coexistence strategy. For sessions that support IPv6, IPv6 is used on a dual stack endpoint. If both
endpoints support IPv4 only, then IPv4 is used.
Benefits:
Native dual stack does not require any tunneling mechanisms on internal networks
Both IPv4 and IPv6 run independent of each other
Dual stack supports gradual migration of endpoints, networks, and applications. Reference: http://
www.cisco.com/web/strategy/docs/gov/IPV6at_a_glance_c45-625859.pdf
Q6. A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage?
A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host.
B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery.
C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment.
D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator.
Answer: B
Explanation:
Router Advertisements (RA) are sent in response to router solicitation messages. Router
solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by
hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next
scheduled RA message. Given that router solicitation messages are usually sent by hosts at system
startup (the host does not have a configured unicast address), the source address in router solicitation
messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast
address, the unicast address of the interface sending the router solicitation message is used as the source
address in the message. The destination address in router solicitation messages is the all-routers multicast
address with a scope of the link. When an RA is sent in response to a router solicitation, the destination
address in the RA message is the unicast address of the source of the router solicitation message. RA
messages typically include the following information:
One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6
addresses
Lifetime information for each prefix included in the advertisement
Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed
Default router information (whether the router sending the advertisement should be used as a default
router and, if so, the amount of time (in seconds) the router should be used as a default router)
Additional information for hosts, such as the hop limit and MTU a host should use in packets that it
originates Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/
ipv6_12_4t_book/ip6- addrg_bsc_con.html
Q7. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q8. A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. router-advertisement
C. neighbor-solicitation
D. redirect
Answer: B
Explanation:
Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled
interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin
the process by generating a link-local address for the interface. It is formed by appending the interface
identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of
the link-local prefix. Before the link-local address can be assigned to the interface, the node performs the
Duplicate Address Detection mechanism to see if any other node is using the same link-local address on
the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative"
address and destination address as the solicited-node multicast address corresponding to this tentative
address. If a node responds with a Neighbor Advertisement message with tentative address as the target
address, the address is a duplicate address and must not be used. Hence, manual configuration is
required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local
address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The
autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The
routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.
The next phase involves obtaining Router Advertisements from routers if any routers are present on the
link. If no routers are present, a stateful configuration is required. If routers are present, the Router
Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global
unicast IPv6 address. Reference: https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/
ipv6-stateless- autoconfiguration
Q9. Refer to the following command: router(config)# ip http secure-port 4433
Which statement is true?
A. The router will listen on port 4433 for HTTPS traffic.
B. The router will listen on port 4433 for HTTP traffic.
C. The router will never accept any HTTP and HTTPS traffic.
D. The router will listen to HTTP and HTTP traffic on port 4433.
Answer: A
Explanation:
To set the secure HTTP (HTTPS) server port number for listening, use the ip http secure-port
command in global configuration mode. To return the HTTPS server port number to the default, use the no
form of this command. ip http secure-port port-number no ip http secure-port Syntax Description port-
Integer in the range of 0 to 65535 is accepted, but the port number must be number higher than 1024
unless the default is used. The default is 443. Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/
https/command/nm-https-cr-cl- sh.html#wp3612805529
Q10. You have been asked to evaluate how EIGRP is functioning in a customer network.
What type of route filtering is occurring on R6
A. Distribute-list using an ACL
B. Distribute-list using a prefix-list
C. Distribute-list using a route-map
D. An ACL using a distance of 255
Answer: A
Explanation:
Q11. An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:
mac address C601.420F.0007
subnet 2001:DB8:0:1::/64
Which IPv6 addresses should the engineer add to the documentation?
A. 2001:DB8:0:1:C601:42FF:FE0F:7
B. 2001:DB8:0:1:FFFF:C601:420F:7
C. 2001:DB8:0:1:FE80:C601:420F:7
D. 2001:DB8:0:1:C601:42FE:800F:7
Answer: A
Explanation:
Explanation: Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-
Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the
need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained
through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI
(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted
between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which
can only appear in EUI-64 generated from the EUI-48 MAC address. Here is an example showing how the
Mac Address is used to generate EUI.
Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies
whether this interface identifier is universally or locally administered. If 0, the address is locally
administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally
unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses
has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address
is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.
Reference: https:// supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address
Q12. Which traffic characteristic is the reason that UDP traffic that carries voice and video is assigned to the queue only on a link that is at least 768 kbps?
A. typically is not fragmented
B. typically is fragmented
C. causes windowing
D. causes excessive delays for video traffic
Answer: A
Explanation:
Q13. A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?
A. It enables receiving NTP broadcasts on the interface where the command was executed.
B. It enables receiving NTP broadcasts on all interfaces globally.
C. It enables a device to be an NTP peer to another device.
D. It enables a device to receive NTP broadcast and unicast packets.
Answer: A
Explanation:
The NTP service can be activated by entering any ntp command. When you use the ntp broadcast client
command, the NTP service is activated (if it has not already been activated) and the device is configured to receive NTP broadcast packets on a specified interface simultaneously.
Command Description
ntp broadcast Allows the system to receive NTP broadcast packets on an client interface.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850- cr-book/
bsm-xe-3se-3850-cr-book_chapter_00.html
Q14. Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this?
A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched.
B. A packet that matches access-list with the "log" keyword is fast switched.
C. A packet that matches access-list with the "log" keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.
Answer: C
Explanation:
Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the
network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can
negatively affect other functions of the network device. There are two primary factors that contribute to the
CPU load increase from ACL logging: process switching of packets that match log-enabled access control
entries (ACEs) and the generation and transmission of log messages. Reference: http://www.cisco.com/
web/about/security/intelligence/acl-logging.html#4
Q15. CORRECT TEXT
You are a network engineer with ROUTE.com, a small IT company. They have recently merged two organizations and now need to merge their networks as shown in the topology exhibit. One network is using OSPF as its IGP and the other is using EIGRP as its IGP. R4 has been added to the existing OSPF network to provide the interconnect between the OSPF and EIGRP networks. Two links have been added that will provide redundancy.
The network requirements state that you must be able to ping and telnet from loopback 101 on R1 to the OPSF domain test address of 172.16.1.100. All traffic must use the shortest path that provides the greatest bandwidth. The redundant paths from the OSPF network to the EIGRP network must be available in case of a link failure. No static or default routing is allowed in either network.
A previous network engineer has started the merger implementation and has successfully assigned and verified all IP addressing and basic IGP routing. You have been tasked with completing the implementation and ensuring that the network requirements are met. You may not remove or change any of the configuration commands currently on any of the routers. You may add new commands or change default values.
Answer: First we need to find out 5 parameters (Bandwidth, Delay, Reliability, Load, MTU) of the s0/0/0 interface (the interface of R2 connected to R4) for redistribution:
R2#show interface s0/0/0
Write down these 5 parameters, notice that we have to divide the Delay by 10 because the metric unit is in tens of microsecond. For example, we get Bandwidth=1544 Kbit, Delay=20000 us, Reliability=255, Load=1, MTU=1500 bytes then we would redistribute as follows:
R2#config terminal
R2(config)# router ospf 1
R2(config-router)# redistribute eigrp 100 metric-type 1 subnets
R2(config-router)#exit
R2(config-router)#router eigrp 100
R2(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500
Note: In fact, these parameters are just used for reference and we can use other parameters with
no problem.
If the delay is 20000us then we need to divide it by 10, that is 20000 / 10 = 2000)
For R3 we use the show interface fa0/0 to get 5 parameters too
R3#show interface fa0/0
For example we get Bandwidth=10000 Kbit, Delay=1000 us, Reliability=255, Load=1, MTU=1500 bytes
R3#config terminal
R3(config)#router ospf 1
R3(config-router)#redistribute eigrp 100 metric-type 1 subnets
R3(config)#exit
R3(config-router)#router eigrp 100
R3(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500
Finally you should try to “show ip route” to see the 172.16.100.1 network (the network behind R4)
in the routing table of R1 and make a ping from R1 to this network.
Note: If the link between R2 and R3 is FastEthernet link, we must put the command below under
EIGRP process to make traffic from R1 to go through R3 (R1 -> R2 -> R3 -> R4), which is better
than R1 -> R2 -> R4.
R2(config-router)# distance eigrp 90 105
This command sets the Administrative Distance of all EIGRP internal routes to 90 and all EIGRP external routes to 105, which is smaller than the Administrative Distance of OSPF (110) -> the link between R2 & R3 will be preferred to the serial link between R2 & R4. Note: The actual OPSF and EIGRP process numbers may change in the actual exam so be sure to use the actual correct values, but the overall solution is the same.
Q16. Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?
A. 10.9.1.0/24
B. 10.8.0.0/24
C. 10.8.0.0/16
D. 10.8.0.0/23
Answer: B
Explanation:
With prefix lists, the ge 24 term means greater than or equal to a /24 and the le 24 means less than or
equal to /24, so only a /24 is both greater than or equal to 24 and less than or equal to 24. This translate to any prefix in the 10.8.x.0/24 network, where X is any value in the 0-255 range.
Only the choice of 10.8.0.0.24 matches this.