Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer to the exhibit.
Which command can you enter to resolve this error message on a peer router?
A. username <username> password <password>
B. ppp chap <hostname>
C. aaa authorization exec if-authenticated
D. aaa authorization network if-authenticated
Answer: A
Q2. Which three statements describe the characteristics of a VPLS architecture? (Choose three.)
A. It forwards Ethernet frames.
B. It maps MAC address destinations to IP next hops.
C. It supports MAC address aging.
D. It replicates broadcast and multicast frames to multiple ports.
E. It conveys MAC address reachability information in a separate control protocol.
F. It can suppress the flooding of traffic.
Answer: A,C,D
Explanation:
As a VPLS forwards Ethernet frames at Layer 2, the operation of VPLS is exactly the same as that found within IEEE 802.1 bridges in that VPLS will self learn source MAC address to port associations, and frames are forwarded based upon the destination MAC address. Like other 802.1 bridges, MAC address aging is supported.
Reference: http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a0080 1f6084.shtml
Q3. Which two Cisco IOS AAA features are available with the local database? (Choose two.)
A. command authorization
B. network access authorization
C. network accounting
D. network access authentication
Answer: A,D
Explanation:
Configuring the Local Database
This section describes how to manage users in the local database. You can use the local database for CLI access authentication, privileged mode authentication, command authorization, network access authentication, and VPN authentication and authorization. You cannot use the local database for network access authorization. The local database does not support accounting.
Reference: http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/aaa.h tml
Q4. Which two statements are true about a 6to4 tunnel connecting two IPv6 islands over the IPv4 Internet? (Choose two.)
A. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 51.
B. It works by appending the private IPv4 address (converted into hexadecimal format) to the 2002::/16 prefix.
C. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 41.
D. It works by appending the public IPv4 address (converted into hexadecimal format) to the 2002::/16 prefix.
Answer: C,D
Explanation:
6to4 embeds an IPv6 packet in the payload portion of an IPv4 packet with protocol type 41. To send an IPv6 packet over an IPv4 network to a 6to4 destination address, an IPv4
header with protocol type 41 is prepended to the IPv6 packet. The IPv4 destination address for the prepended packet header is derived from the IPv6 destination address of the inner packet (which is in the format of a 6to4 address), by extracting the 32 bits immediately following the IPv6 destination address's 2002::/16 prefix. The IPv4 source address in the prepended packet header is the IPv4 address of the host or router which is sending the packet over IPv4. The resulting IPv4 packet is then routed to its IPv4 destination address just like any other IPv4 packet.
Reference: http://en.wikipedia.org/wiki/6to4
Q5. DRAG DROP
Drag each AF class on the left to its matching DSCP binary value on the right.
Answer:
Q6. DRAG DROP
Drag and drop each PHB on the left to the functionality it performs on the right.
Answer:
Q7. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.)
A. Received packets are authenticated by the key with the smallest key ID.
B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.
C. Received packets are authenticated by any valid key that is chosen.
D. Sent packets are authenticated by the key with the smallest key ID.
Answer: C,D
Explanation:
Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work:
Router1(config)#key chain KeyChainR1
Router1(config-keychain)#key 1
Router1(config-keychain-key)#key-string FirstKey
Router1(config-keychain-key)#key 2
Router1(config-keychain-key)#key-string SecondKey
Router2(config)#key chain KeyChainR2
Router2(config-keychain)#key 1
Router2(config-keychain-key)#key-string FirstKey
Router2(config-keychain-key)#key 2
Router2(config-keychain-key)#key-string SecondKey
Apply these key chains to R1 & R2:
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip authentication mode eigrp 1 md5
Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip authentication mode eigrp 1 md5
Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2
There are some rules to configure MD5 authentication with EIGRP:
+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match)
+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP
+ When sending EIGRP messages the lowest valid key number is used -> D is correct.
+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why
answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used.
Q8. Which two statements about MLD are true? (Choose two.)
A. MLD is a subprotocol of ICMPv6.
B. When a single link supports multiple interfaces, only one interface is required to send MLD messages.
C. MLD is a subprotocol of PIMv6.
D. When a single link supports multiple interfaces, all supported interfaces are required to send MLD messages.
E. There are three subtypes of MLD query messages.
F. The code section in the MLD message is set to 1 by the sender and ignored by receivers.
Answer: A,B
Q9. Which two statements about OSPFv3 are true? (Choose two.)
A. It supports unicast address families for IPv4 and IPv6.
B. It supports unicast address families for IPv6 only.
C. It supports only one address family per instance.
D. It supports the use of a cluster ID for loop prevention.
E. It supports multicast address families for IPv4 and IPv6.
F. It supports multicast address families for IPv6 only.
Answer: A,C
Q10. Which three improvements does Cisco IOS XE Software offer over traditional IOS Software? (Choose three.)
A. It can run applications as separate processes on multicore CPUs.
B. It supports drivers for data plane ASICs outside of the operating system.
C. It allows platform-dependent code to be compiled into a single image.
D. It supports multiple IOS instances simultaneously, sharing resources and internal infrastructure for scalability.
E. It allows platform-independent code to be abstracted into a single microkernel for portability across platforms.
F. It uses a QNX Neutrino-based environment underneath the IOS Software.
Answer: A,B,C
Q11. Which three statements about the default behaviour of eBGP sessions are true? (Choose three.)
A. eBGP sessions between sub-ASs in different confederations transmit the next hop unchanged.
B. The next hop in an eBGP peering is the IP address of the neighbor that announced the route.
C. When a route reflector reflects a route to a client, it transmits the next hop unchanged.
D. The next hop in an eBGP peering is the loopback address of the interface that originated the route.
E. The next hop in an eBGP peering is the loopback address of the neighbor that announced the route.
F. When a route reflector reflects a route to a client, it changes the next hop to its own address.
Answer: A,B,C
Q12. You are configuring a DMVPN hub to perform CBWFQ on a per-spoke basis. Which information is used to identify the spoke?
A. the NHRP network ID
B. the spoke tunnel source IP
C. the spoke tunnel interface IP address
D. the NHRP group
Answer: D
Q13. DRAG DROP
Drag and drop the argument of the mls ip cef load-sharing command on the left to the function it performs on the right.
Answer:
Q14. When the BGP additional-paths feature is used, what allows a BGP speaker to differentiate between the different available paths?
A. The remote BGP peer prepends its own next-hop address to the prefix.
B. A unique path identifier is encoded into a dedicated field to the NLRI.
C. A route distinguisher is appended to the prefix by the receiving BGP speaker.
D. The additional path information is encoded in an extended community.
Answer: B
Q15. DRAG DROP
Drag and drop the OSPF network type on the left to the correct category of timers on the right.
Answer: