Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP
Drag and drop each GET VPN feature on the left to the corresponding function it performs on the right.
Answer:
Q2. Which two conditions must be met by default to implement the BGP multipath feature? (Choose two.)
A. The next-hop routers must be the same.
B. Route reflectors must be enabled.
C. All attributes must have the same values.
D. MPLS must be enabled.
E. The next-hop routers must be different.
Answer: C,E
Q3. When deploying redundant route reflectors in BGP, which attribute can you configure on the route reflector to allow routes to be identified as belonging to the same group?
A. ROUTER_ID
B. CLUSTER_ID
C. ORIGINATOR_ID
D. PEER_GROUP
Answer: B
Explanation:
Together, a route reflector and its clients form a cluster. When a single route reflector is deployed in a cluster, the cluster is identified by the router ID of the route reflector. The bgp cluster-id command is used to assign a cluster ID to a route reflector when the cluster has one or more route reflectors. Multiple route reflectors are deployed in a cluster to increase redundancy and avoid a single point of failure. When multiple route reflectors are configured in a cluster, the same cluster ID is assigned to all route reflectors. This allows all route reflectors in the cluster to recognize updates from peers in the same cluster and reduces the number of updates that need to be stored in BGP routing tables.
Reference: http://ieoc.com/forums/t/5326.aspx
Q4. Which option describes the purpose of the leak-map keyword in the command eigrp stub connected leak-map EigrpLeak?
A. It allows the specified static routes to be advertised.
B. It allows exceptions to the route summarization that is configured.
C. It allows specified EIGRP-learned routes to be advertised.
D. It restricts specified connected routes from being advertised.
Answer: C
Explanation:
ExamplE. eigrp stub leak-map Command
In the following example, the eigrp stub command is issued with the leak-map name keyword-argument pair to configure the device to reference a leak map that identifies routes to be advertised that would have been suppressed otherwisE.
Device(config)# router eigrp 1
Device(config-router)# network 10.0.0.0
Device(config-router)# eigrp stub leak-map map1
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-eigrp-stub-rtg.html#GUID-FB899CA9-E9DE-48D8-8048-C971179E4E24
Q5. Which two statements about IOS and IOS XE are true? (Choose two.)
A. IOS XE can upgrade and restart applications independently of IOS.
B. Only IOS uses the FFM to provide separation between the control plane and the data plane.
C. IOS XE provides improved functionality and an enhanced UI.
D. Only IOS runs as a single daemon within the Linux OS.
E. IOS XE provides additional system functions that run as multiple separate processes in the OS.
Answer: A,E
Q6. Which statement about OTV is true?
A. The overlay interface becomes active only when configuration is complete and it is manually enabled.
B. OTV data groups can operate only in PIM sparse-mode.
C. The overlay interface becomes active immediately when it is configured.
D. The interface facing the OTV groups must be configured with the highest MTU possible.
Answer: A
Explanation:
OTV has the following configuration guidelines and limitations:
. If the same device serves as the default gateway in a VLAN interface and the OTV edge device for the VLANs being extended, configure OTV on a device (VDC or switch) that is separate from the VLAN interfaces (SVIs).
. When possible, we recommend that you use a separate nondefault VDC for OTV to allow for better manageability and maintenance.
. An overlay interface will only be in an up state if the overlay interface configuration is complete and enabled (no shutdown). The join interface has to be in an up state.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/OTV/config_guide/b_Cisco_Nexus_7000_Series_NX-OS_OTV_Configuration_Guide/basic-otv.html
Q7. Which three statements about DMVPN are true? (Choose three.)
A. It facilitates zero-touch configuration for addition of new spokes.
B. It supports dynamically addressed spokes using DHCP.
C. It features automatic IPsec triggering for building an IPsec tunnel.
D. It requires uses of IPsec to build the DMVPN cloud.
E. Spokes can build tunnels to other spokes and exchange traffic directly.
F. It supports server load balancing on the spokes.
Answer: A,C,E
Q8. Which two options are causes of out-of-order packets? (Choose two.)
A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network
E. some packets in a flow being process-switched and others being interrupt-switched on a transit router
Answer: D,E
Explanation:
In traditional packet forwarding systems, using different paths have varying latencies that cause out of order packets, eventually resulting in far lower performance for the network application. Also, if some packets are process switched quickly by the routing engine of the router while others are interrupt switched (which takes more time) then it could result in out of order packets. The other options would cause packet drops or latency, but not out of order packets.
Q9. Which two statements are true about unicast RPF? (Choose two.)
A. Unicast RPF requires CEF to be enabled.
B. Unicast RPF strict mode works better with multihomed networks.
C. Unicast RPF strict mode supports symmetric paths.
D. Unicast RPF strict mode supports asymmetric paths.
E. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance.
Answer: A,C
Explanation:
Unicast RPF requires Cisco express forwarding (CEF) to function properly on the router.
Strict Versus Loose Checking Mode
The Unicast RPF in Strict Mode feature filters ingress IPv4 traffic in strict checking mode and forwards packets only if the following conditions are satisfied.
. An IPv4 packet must be received at an interface with the best return path (route) to the packet source (a process called symmetric routing). There must be a route in the Forwarding Information Base (FIB) that matches the route to the receiving interface. Adding a route in the FIB can be done via static route, network statement, or dynamic routing.
. IPv4 source addresses at the receiving interface must match the routing entry for the interface.
References:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf. html
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html
Q10. Which option describes how a router responds if LSA throttling is configured and it receives the identical LSA before the interval is set?
A. The LSA is added to the OSPF database and a notification is sent to the sending router to slow down its LSA packet updates.
B. The LSA is added to the OSPF database.
C. The LSA is ignored.
D. The LSA is ignored and a notification is sent to the sending router to slow down its LSA packet updates.
Answer: C
Explanation:
How OSPF LSA Throttling Works
The timers throttle lsa all command controls the generation (sending) of LSAs. The first LSA is always generated immediately upon an OSPF topology change, and the next LSA generated is controlled by the minimum start interval. The subsequent LSAs generated for the same LSA are rate-limited until the maximum interval is reached. The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID.
The timers LSA arrival command controls the minimum interval for accepting the same LSA. If an instance of the same LSA arrives sooner than the interval that is set, the LSA is dropped. It is recommended that the arrival interval be less than or equal to the hold-time interval of the timers throttle lsa all command.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsolsath.html
Q11. Refer to the exhibit.
What kind of load balancing is done on this router?
A. per-packet load balancing
B. per-flow load balancing
C. per-label load balancing
D. star round-robin load balancing
Answer: A
Explanation:
Here we can see that for the same traffic source/destination pair of 10.0.0.1 to 14.0.0.2 there were a total of 100 packets (shown by second entry without the *) and that the packets were distributed evenly across the three different outgoing interfaces (34, 33, 33 packets, respectively.
Q12. DRAG DROP
Drag and drop the IPv6 multicast feature on the left to its corresponding function on the right.
Answer:
Q13. Which three statements about implementing an application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
Answer: A,B,C
Explanation:
An ALG may offer the following functions:
. allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall — rendering the network vulnerable to attacks on those ports.
. converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. This aspect introduces the term 'gateway' for an ALG.
. recognizing application-specific commands and offering granular security controls over them
. synchronizing between multiple streams/sessions of data between two hosts exchanging data. For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server. During large file transfers, the control connection may remain idle. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes.
Reference: http://en.wikipedia.org/wiki/Application-level_gateway
Q14. Refer to the exhibit.
Why is the router not accessible via Telnet on the GigabitEthernet0 management interface?
A. The wrong port is being used in the telnet-acl access list.
B. The subnet mask is incorrect in the telnet-acl access list.
C. The log keyword needs to be removed from the telnet-acl access list.
D. The access class needs to have the vrf-also keyword added.
Answer: D
Explanation:
The correct command should be “access-class telnet-acl in vrf-also”. If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part of a VRF are rejected.
Q15. Refer to the exhibit.
You discover that only 1.5 Mb/s of web traffic can pass during times of congestion on the given network.
Which two options are possible reasons for this limitation? (Choose two.)
A. The web traffic class has too little bandwidth reservation.
B. Video traffic is using too much bandwidth.
C. The service-policy is on the wrong interface.
D. The service-policy is going in the wrong direction.
E. The NAT policy is adding too much overhead.
Answer: A,B
Explanation:
In this example, the web traffic will fall into the default class, which is only 15 percent of the 10Mbps Internet connection (1.5Mbps). Meanwhile, video traffic is allowed 50% of the 10 Mbps.