Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What are the minimal configuration steps that are required to configure EIGRP HMAC-SHA2 authentication?
A. classic router mode, interface XX, authentication mode hmac-sha-256 <password>
B. named router mode, address-family statement, authentication mode hmac-sha-256 <password>
C. named router mode, address-family statement, af-interface default, authentication mode hmac-sha-256 <password>
D. named router mode, address-family statement, authentication mode hmac-sha-256 <password>
Answer: C
Explanation:
The example below shows how to configure EIGRP HMAC-SHA2 on Cisco router:
Device(config)# router eigrp name1
Device(config-router)# address-family ipv4 autonomous-system 45000
Device(config-router-af)# af-interface ethernet 0/0
Device(config-router-af-interface)# authentication mode hmac-sha-256 0 password1
Device(config-router-af-interface)# end
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-sy/ire-15-sy-book/ire-sha-256.html
Q2. Refer to the exhibit.
Which two statements are true? (Choose two.)
A. This is the output of the show ip ospf command.
B. This is the output of the show ip protocols command.
C. This router is an ABR.
D. This router is an ASBR.
E. Authentication is not configured for the area.
Answer: A,E
Explanation:
The following is sample output from the show ip ospf command when entered without a specific OSPF process ID with no authentication.
Router# show ip ospf
Routing Process "ospf 201" with ID 10.0.0.1 and Domain ID 10.20.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
LSA group pacing timer 100 secs
Interface flood pacing timer 55 msecs
Retransmission pacing timer 100 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 2
Area has no authentication
SPF algorithm executed 4 times
Area ranges are
Number of LSA 4. Checksum Sum 0x29BEB
Number of opaque link LSA 0. Checksum Sum 0x0
Number of DCbitless LSA 3 Number of indication LSA 0
Number of DoNotAge LSA 0 Flood list length 0
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-s1.html#wp8749965360
Q3. Refer to the exhibit.
Which technology does the use of bi-directional BPDUs on all ports in the topology support?
A. RSTP
B. MST
C. Bridge Assurance
D. Loop Guard
E. Root Guard
F. UDLD
Answer: C
Explanation:
Spanning Tree Bridge Assurance
. Turns STP into a bidirectional protocol
. Ensures spanning tree fails “closed” rather than “open”
. If port type is “network” send BPDU regardless of state
. If network port stops receiving BPDU it’s put in BA-inconsistent state
Bridge Assurance (BA) can help protect against bridging loops where a port becomes designated because it has stopped receiving BPDUs. This is similar to the function of loop guard.
Reference: http://lostintransit.se/tag/convergence/
Q4. Which two statements about GLBP are true? (Choose two.)
A. Packets are forwarded by multiple routers that share one virtual IP address.
B. The active router forwards packets received on one virtual IP and MAC address.
C. The standby router forwards packets when the active router fails.
D. Hosts on the network are configured with multiple gateways for load balancing.
E. Routers in a GLBP group can share multiple virtual MAC addresses.
Answer: A,E
Q5. Which option is an incorrect design consideration when deploying OSPF areas?
A. area 1 - area 0 - MPLS VPN backbone - area 0 - area 2
B. area 1 - MPLS VPN backbone - area 2
C. area 1 - MPLS VPN backbone - area 1
D. area 2 - area 0 - MPLS VPN backbone - area 1
E. area 0 - area 2 - MPLS VPN superbackbone - area 1
Answer: E
Explanation:
In the case of MPLS-VPN Backbone as The OSPF superbackbone behaves exactly like Area 0 in regular OSPF, so we cannot have two different area 0’s that are not directly connected to each other. When area 0 connects to the superbackbone, it simply becomes an extension of area 0.
Q6. Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two.)
A. NetFlow version 9 adds support for IPv6 headers.
B. NetFlow version 9 adds support for MPLS labels.
C. NetFlow version 9 adds support for the Type of Service field.
D. NetFlow version 9 adds support for ICMP types and codes.
Answer: A,B
Explanation:
NetFlow version 9 includes support for all of these fields that version 5 supports and can optionally include additional information such as Multiprotocol Label Switching (MPLS) labels and IPv6 addresses and ports.
Q7. What are the three variants of NTPv4? (Choose three.)
A. client/server
B. broadcast
C. symmetric
D. multicast
E. asymmetric
F. unicast
Answer: A,B,C
Q8. DRAG DROP
Drag and drop Layer 2 QoS Commands on the left to the corresponding functions on the right.
Answer:
Q9. Under Cisco IOS Software, which two features are supported in RADIUS Change of Authorization requests? (Choose two.)
A. session identification
B. session reauthentication
C. session termination
D. host termination
Answer: A,C
Explanation:
CoA requests, as described in RFC 5176, are used in a pushed model to allow for session identification, host reauthentication, and session termination. The model comprises one request (CoA-Request) and two possible response codes.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
Q10. Which statement about BGP and diverse path advertisement is true?
A. The BGP best-path selection must be disabled.
B. The BGP best-path selection algorithm has been changed to always ignore the IGP metric.
C. The BGP best-path selection algorithm has been changed so that two BGP paths can be flagged as best in the BGP table.
D. The BGP best-path selection algorithm has not been changed.
E. The BGP best-path selection is disabled for BGP routes for which the feature is enabled.
Answer: D
Explanation:
The BGP Diverse Path Using a Diverse-Path Route Reflector feature allows BGP to distribute an alternative path other than the best path between BGP speakers when route reflectors are deployed. This additional path is added to the best-path, and the best path algorithm still remains unchanged.
Q11. Refer to the exhibit.
Which statement is true?
A. There is no issue with forwarding IPv6 traffic from this router.
B. IPv6 traffic can be forwarded from this router, but only on Ethernet1/0.
C. IPv6 unicast routing is not enabled on this router.
D. Some IPv6 traffic will be blackholed from this router.
Answer: D
Explanation:
Here we see that the IPV6 default route shows two different paths to take, one via Ethernet 1/0 and one via Ethernet 0/0. However, only Eth 1/0 shows a next hop IPV6 address (the link local IPV6 address). There is no link local next hop addressed known on Eth 0/0. Therefore, traffic to all destinations will be load balanced over the two paths, but only half of the IPv6 traffic will be sent to the correct upstream router.
Q12. You are configuring Wireshark on a Cisco Catalyst 4500E Switch with a Supervisor 8. Which three actions can you take to prevent the capture from overloading the CPU? (Choose three.)
A. Attach the specific ports that are part of the data path.
B. Use an in-line filter.
C. Use an appropriate ACL.
D. Add memory to the Supervisor.
E. Reconfigure the buffers to accommodate the additional traffic.
F. Configure a policy map, class map, and an access list to express the match conditions.
Answer: A,B,C
Explanation:
Because packet forwarding typically occurs in hardware, packets are not copied to the CPU for software processing. For Wireshark packet capture, packets are copied and delivered to the CPU, which causes an increase in CPU usage. To avoid high CPU, do the following:
. Attach only relevant ports.
. Use a class map, and secondarily, an access list to express match conditions. If neither is viable, use an explicit, in-line filter.
. Adhere closely to the filter rules. Restrict the traffic type (such as, IPv4 only) with a restrictive, rather than relaxed ACL, which elicits unwanted traffic.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/wireshrk.pdf
Q13. Refer to the exhibit.
Which VLANs are permitted to send frames out port FastEthernet0/1?
A. 100 - 200
B. 4 - 100
C. 1 and 4 - 100
D. 3 and 4 - 100
Answer: D
Explanation:
Traffic on the native vlan does not get tagged as it crosses a trunk, so there is no dot1q tag in the first place to be filtered. And you don’t need to allow the native vlan. But if we force to tag the native vlan (with the “switchport trunk native vlan tag” command) then if the native vlan is not in the “allowed vlan” list it will be dropped.
Q14. Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.)
A. the tunneling protocol
B. the transport protocol
C. the ISAKMP profile
D. the transform-set
E. the tunnel peer
Answer: A,B
Explanation:
The Tunnel Mode Auto Selection feature eases the configuration and spares you about knowing the responder’s details. This feature automatically applies the tunneling protocol (GRE or IPsec) and transport protocol (IPv4 or IPv6) on the virtual template as soon as the IKE profile creates the virtual access interface. This feature is useful on dual stack hubs aggregating multivendor remote access, such as Cisco AnyConnect VPN Client, Microsoft Windows7 Client, and so on.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html
Q15. DRAG DROP
Drag each MPLS term on the left to the matching statement on the right.
Answer: