Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What is the result of the command ip flow-export destination 10.10.10.1 5858?
A. It configures the router to export cache flow information to IP 10.10.10.1 on port UDP/5858.
B. It configures the router to export cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.
C. It configures the router to receive cache flow information from IP 10.10.10.1 on port UDP/5858.
D. It configures the router to receive cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.
Answer: A
Explanation:
To enable the exporting of information in NetFlow cache entries, use the ip flow-export destination
command in global configuration mode.
Syntax Description
ip- IP address of the workstation to which you want to send the address NetFlow information.
udp-port UDP protocol-specific port number.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html#wp1023091
Q2. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q3. Which NetFlow component is applied to an interface and collects information about flows?
A. flow monitor
B. flow exporter
C. flow sampler
D. flow collector
Answer: A
Explanation:
Flow monitors are the NetFlow component that is applied to interfaces to perform network
traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor
after you create the flow monitor. The flow monitor cache is automatically created at the time the flow
monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring
process based on the key and nonkey fields in the record, which is configured for the flow monitor and
stored in the flow monitor cache. Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/
reference/fnf_book/fnf_01.html#w p1314030
Q4. A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?
A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
Answer: D
Explanation:
Configuring NAT to Allow Internal Users to Access the Internet Using Overloading NAT Router
interface ethernet 0
ip address 10.10.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface ethernet 1
ip address 10.10.20.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.
interface serial 0
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24 !
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!
!
!
!
!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has the source
address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP
address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0
through 10.10.20.31.
Note in the previous second configuration, the NAT pool "ovrld"only has a range of one address. The
keyword overload used in the ip nat inside source list 7 pool
ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.
Reference:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
Q5. Which three items can you track when you use two time stamps with IP SLAs? (Choose three.)
A. delay
B. jitter
C. packet loss
D. load
E. throughput
F. path
Answer: A,B,C
Q6. Refer to the exhibit. The network setup is running the RIP routing protocol. Which two events will occur following link failure between R2 and R3? (Choose two.)
A. R2 will advertise network 192.168.2.0/27 with a hop count of 16 to R1.
B. R2 will not send any advertisements and will remove route 192.168.2.0/27 from its routing table.
C. R1 will reply to R2 with the advertisement for network 192.168.2.0/27 with a hop count of 16.
D. After communication fails and after the hold-down timer expires, R1 will remove the 192.168.2.0/27 route from its routing table.
E. R3 will not accept any further updates from R2, due to the split-horizon loop prevention mechanism.
Answer: A,C
Explanation:
Q7. Under which condition does UDP dominance occur?
A. when TCP traffic is in the same class as UDP
B. when UDP flows are assigned a lower priority queue
C. when WRED is enabled
D. when ACLs are in place to block TCP traffic
Answer: A
Explanation:
Explanation: Mixing TCP with UDP It is a general best practice to not mix TCP-based traffic with UDPbased
traffic (especially Streaming-Video) within a single service-provider class because of the behaviors
of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when
drops are detected. Although some UDP applications have application-level windowing, flow control, and
retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower
transmission rates because of dropping. When TCP flows are combined with UDP flows within a single
service-provider class and the class experiences congestion, TCP flows continually lower their
transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This
effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-
Video and the class experiences sustained congestion. Even if WRED is enabled on the service-provider
class, the same behavior would be observed because WRED (for the most part) manages congestion only
on TCP-based flows. Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/
WAN_and_MAN/QoS_SRND/QoS- SRND-Book/VPNQoS.html
Topic 2, Layer 2 Technologies
13. Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed?
A. Disable CDP on the interface.
B. Execute the vpdn enable command.
C. Execute the no switchport command.
D. Enable QoS FIFO for PPPoE support.
Q8. Which parameter in an SNMPv3 configuration offers authentication and encryption?
A. auth
B. noauth
C. priv
D. secret
Answer: C
Explanation:
Q9. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
Areas of Router 5 and 6 are not normal areas, inspect their routing tables and determine which statement is true?
A. R5's Loopback and R6's Loopback are both present in R5's Routing table
B. R5's Loopback and R6's Loopback are both present in R6's Routing table
C. Only R5's loopback is present in R5's Routing table
D. Only R6's loopback is present in R5's Routing table
E. Only R5's loopback is present in R6's Routing table
Answer: A
Explanation:
Topic 4, VPN Technologies
45. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Q10. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
How many times was SPF algorithm executed on R4 for Area 1?
A. 1
B. 5
C. 9
D. 20
E. 54
F. 224
Answer: C
Explanation:
Q11. Refer to the exhibit. Which statement about the command output is true?
A. The router exports flow information to 10.10.10.1 on UDP port 5127.
B. The router receives flow information from 10.10.10.2 on UDP port 5127.
C. The router exports flow information to 10.10.10.1 on TCP port 5127.
D. The router receives flow information from 10.10.10.2 on TCP port 5127.
Answer: A
Explanation:
Q12. CORRECT TEXT
JS Industries has expanded their business with the addition of their first remote office. The remote office router (R3) was previously configured and all corporate subnets were reachable from R3. JS Industries is interested in using route summarization along with the EIGRP Stub Routing feature to increase network stability while reducing the memory usage and bandwidth utilization to R3. Another network professional was tasked with implementing this solution. However, in the process of configuring EIGRP stub routing connectivity with the remote network devices off of R3 has been lost.
Currently EIGRP is configured on all routers R2, R3, and R4 in the network. Your task is to identify and resolve the cause of connectivity failure with the remote office router R3. Once the issue has been resolved you should complete the task by configuring route summarization only to the remote office router R3.
You have corrected the fault when pings from R2 to the R3 LAN interface are successful, and the R3 IP routing table only contains 2 10.0.0.0 subnets.
Answer: Here are the solution as below:
Explanation:
First we have to figure out why R3 and R4 can not communicate with each other. Use the show running-config command on router R3.
Notice that R3 is configured as a stub receive-only router. The receive-only keyword will restrict the router from sharing any of its routes with any other router in that EIGRP autonomous system. This keyword will also prevent any type of route from being sent. Therefore we will remove this command and replace it with the eigrp stub command:
R3# configure terminal
R3(config)# router eigrp 123
R3(config-router)# no eigrp stub receive-only
R3(config-router)# eigrp stub
R3(config-router)# end
Now R3 will send updates containing its connected and summary routes to other routers. Notice that the eigrp stub command equals to the eigrp stub connected summary because the connected and summary options are enabled by default. Next we will configure router R3 so that it has only 2 subnets of 10.0.0.0 network. Use the show ip route command on R3 to view its routing table:
Because we want the routing table of R3 only have 2 subnets so we have to summary sub-networks at the interface which is connected with R3, the s0/0 interface of R4.
There is one interesting thing about the output of the show ip route shown above: the 10.2.3.0/24, which is a directly connected network of R3. We can’t get rid of it in the routing table no matter what technique we use to summary the networks. Therefore, to make the routing table of R3 has only 2 subnets we have to summary other subnets into one subnet.
In the output if we don’t see the summary line (like 10.0.0.0/8 is a summary…) then we should use the command ip summary-address eigrp 123 10.2.0.0 255.255.0.0 so that all the ping can work well.
In conclusion, we will use the ip summary-address eigrp 123 10.2.0.0 255.255.0.0 at the interface s0/0 of R4 to summary.
R4> enable
R4# conf t
R4(config)# interface s0/0
R4(config-if)# ip summary-address eigrp 123 10.2.0.0 255.255.0.0
Now we jump back to R3 and use the show ip route command to verify the effect, the output is shown below:
Note: Please notice that the IP addresses and the subnet masks in your real exam might be different so you might use different ones to solve this question. Just for your information, notice that if you use another network than 10.0.0.0/8 to summary, for example, if you use the command ip summary-address eigrp 123 10.2.0.0 255.255.0.0 you will leave a /16 network in the output of the show ip route command.
But in your real exam, if you don’t see the line "10.0.0.0/8 is a summary, Null0" then you can summarize using the network 10.2.0.0/16. This summarization is better because all the pings can work well. Finally don’t forget to use the copy run start command on routers R3 and R4 to save the configurations. R3(config-if)# end R3# copy run start R4(config-if)# end R4# copy run start
If the “copy run start” command doesn’t work then use “write memory.”
Q13. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?
A. username
B. password
C. community-string
D. encryption-key
Answer: A
Explanation:
The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security
levels exits: "noAuthNoPriv" (no authentiation and no encryption noauth keyword in CLI),
"AuthNoPriv" (messages are authenticated but not encrypted auth keyword in CLI), "AuthPriv" (messages
are authenticated and encrypted priv keyword in CLI). SNMPv1 and SNMPv2 models only support the
"noAuthNoPriv" model since they use plain community string to match the incoming packets. The SNMPv3
implementations could be configured to use either of the models on per-group basis (in case if
"noAuthNoPriv" is configured, username serves as a replacement for community string). Reference: http://
blog.ine.com/2008/07/19/snmpv3-tutorial/
Q14. The following configuration is applied to a router at a branch site:
ipv6 dhcp pool dhcp-pool
dns-server 2001:DB8:1:B::1
dns-server 2001:DB8:3:307C::42
domain-name example.com
!
If IPv6 is configured with default settings on all interfaces on the router, which two dynamic IPv6 addressing mechanisms could you use on end hosts to provide end-to-end connectivity? (Choose two.)
A. EUI-64
B. SLAAC
C. DHCPv6
D. BOOTP
Answer: A,B
Explanation:
Q15. Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFv3. The networks that are advertised from Router A do not show up in Router B's routing table. After debugging IPv6 packets, the message "not a router" is found in the output. Why is the routing information not being learned by Router B?
A. OSPFv3 timers were adjusted for fast convergence.
B. The networks were not advertised properly under the OSPFv3 process.
C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A.
D. IPv6 unicast routing is not enabled on Router A or Router B.
Answer: D
Explanation:
show ipv6 traffic Field Descriptions
Field Description
source- Number of source-routed packets.
routed
truncated Number of truncated packets.
format Errors that can result from checks performed on header fields, errors the version number, and
packet length.
not a Message sent when IPv6 unicast routing is not enabled.
router
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_16.html
Q16. Which common issue causes intermittent DMVPN tunnel flaps?
A. a routing neighbor reachability issue
B. a suboptimal routing table
C. interface bandwidth congestion
D. that the GRE tunnel to hub router is not encrypted
Answer: A
Explanation:
DMVPN Tunnel Flaps Intermittently Problem DMVPN tunnel flaps intermittently. Solution
When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship
formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make
sure the neighborship between the routers is always up. Reference: http://www.cisco.com/c/en/us/support/
docs/security-vpn/ipsec-negotiation-ike- protocols/29240-dcmvpn.html#Prblm1