Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two statements are true about AAA? (Choose two.)
A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users.
B. If RADIUS is the only method configured in AAA, and the server becomes unreachable,
the user will be able to log in to the router using a local username and password.
C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
D. AAA can be used to authenticate the enable password with a AAA server.
Answer: C,D
Explanation:
AAA can be used to authenticate user login and the enable passwords.
Example 1: Same Exec Authentication Methods for All Users
Once authenticated with:
aaa authentication login default group radius local
All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method).
We configure:
aaa authorization exec default group radius local
Note. On the AAA server, Service-Type=1 (login) must be selected.
Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
Q2. Which two operating modes does VPLS support? (Choose two.)
A. transport mode
B. strict mode
C. port mode
D. loose mode
E. VLAN mode
F. dynamic mode
Answer: C,E
Q3. Which two statements about IPv4 and IPv6 networks are true? (Choose two.)
A. In IPv6, hosts perform fragmentation.
B. IPv6 uses a UDP checksum to verify packet integrity.
C. In IPv6, routers perform fragmentation.
D. In IPv4, fragmentation is performed by the source of the packet.
E. IPv4 uses an optional checksum at the transport layer.
F. IPv6 uses a required checksum at the network layer.
Answer: A,B
Q4. Refer to the exhibit.
Which statement is true?
A. R2 is directly connected to the receiver for this group and is the winner of an assert mechanism.
B. R2 is directly connected to the receiver for this group, and it forwards the traffic onto Ethernet3/0, but it is forwarding duplicate traffic onto Ethernet3/0.
C. R2 has the A flag (Accept flag) set on Ethernet 3/0. This is fine, since the group is in BIDIR-PIM mode.
D. R2 is directly connected to the receiver for this group and is the loser of an assert mechanism.
E. The A flag is set until the SPT threshold is reached for this multicast group.
Answer: A
Explanation:
show ip mroute Field Descriptions
Field
Description
RPF neighbor or RPF nbr
IP address of the upstream router to the source. Tunneling indicates that this router is sending data to the RP encapsulated in register packets. The hexadecimal number in parentheses indicates to which RP it is registering. Each bit indicates a different RP if multiple RPs per group are used. If an asterisk (*) appears after the IP address in this field, the RPF neighbor has been learned through an assert.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ipmulti/command/reference/fiprmc_r/1rfmult 3.html
Q5. Refer to the exhibit.
Which two statements about the EEM applet configuration are true? (Choose two.)
A. The EEM applet runs before the CLI command is executed.
B. The EEM applet runs after the CLI command is executed.
C. The EEM applet requires a case-insensitive response.
D. The running configuration is displayed only if the letter Y is entered at the CLI.
Answer: A,D
Explanation:
sync Indicates whether the policy should be executed synchronously before the CLI command executes.
. If the yes keyword is specified, the policy will run synchronously with the CLI command.
. If the no keyword is specified, the policy will run asynchronously with the CLI command.
nocase
(Optional) Specifies case insensitive comparison.
Here we see that the sync knob was enabled so A is correct. However, C is not correct as the nocase argument was not used, so the applet is configured to display the config only if a capital Y is issued.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book/eem-cr-a2.html
Q6. Which three protocols support SSM? (Choose three.)
A. IGMPv2
B. IGMPv3
C. IGMP v3lite
D. URD
E. CGMP
F. IGMPv1
Answer: B,C,D
Q7. DRAG DROP
Drag and drop the argument of the mpls ip cef load-sharing command on the left to the function it performs on the right.
Answer:
Q8. Refer to the exhibit.
Which technology can be used on the switch to enable host A to receive multicast packets for 239.2.2.2 but prevent host B from receiving them?
A. IGMP filtering
B. MLD snooping
C. IGMP snooping
D. MLD filtering
Answer: C
Explanation:
IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.
Q9. Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud?
A. spoke-spoke
B. nowhere, because multicast does not work over DMVPN
C. spoke-spoke and spoke-hub
D. spoke-hub
Answer: D
Explanation:
Spokes map multicasts to the static NBMA IP address of the hub, but hub maps multicast packets to the “dynamic” mappings – that is, the hub replicates multicast packets to all spokes registered via NHRP, so multicast traffic is sent to the hub from a spoke instead of to the other spokes directly.
Q10. The no ip unreachables command is configured on interfaces to protect the control plane of a router.
Which mechanism is impacted by using this command?
A. ICMP redirects
B. path MTU discovery
C. source routing
D. ICMP router discovery protocol
Answer: B
Q11. Refer to the exhibit.
Which two route types are advertised by a router with this configuration? (Choose two.)
A. connected
B. external
C. summary
D. static
E. redistributed
Answer: A,C
Q12. Which three statements about RIPng are true? (Choose three.)
A. It supports route tags.
B. It sends updates on FF02::9.
C. Its RTE last byte is 0XFF.
D. It supports authentication.
E. It sends updates on UDP port 520.
F. It can be used on networks of greater than 15 hops.
Answer: A,B,C
Q13. Which attribute is not part of the BGP extended community when a PE creates a VPN-IPv4 route while running OSPF between PE-CE?
A. OSPF domain identifier
B. OSPF route type
C. OSPF router ID
D. MED
E. OSPF network type
Answer: E
Explanation:
By process of elimination, from RFC 4577:
For every address prefix that was installed in the VRF by one of its associated OSPF instances, the PE must create a VPN-IPv4 route in BGP. Each such route will have some of the following Extended Communities attributes:
– The OSPF Domain Identifier Extended Communities attribute. If the OSPF instance that installed the route has a non-NULL primary Domain Identifier, this MUST be present; if that OSPF instance has only a NULL Domain Identifier, it MAY be omitted.
– OSPF Route Type Extended Communities Attribute. This attribute MUST be present. It is encoded with a two-byte type field, and its type is 0306.
– OSPF Router ID Extended Communities Attribute. This OPTIONAL attribute specifies the OSPF Router ID of the system that is identified in the BGP Next Hop attribute. More precisely, it specifies the OSPF Router Id of the PE in the OSPF instance that installed the route into the VRF from which this route was exported.
– MED (Multi_EXIT_DISC attribute). By default, this SHOULD be set to the value of the OSPF distance associated with the route, plus 1.
Reference: https://tools.ietf.org/html/rfc4577
Q14. What is the function of an EIGRP sequence TLV packet?
A. to acknowledge a set of sequence numbers during the startup update process
B. to list the peers that should listen to the next multicast packet during the reliable multicast process
C. to list the peers that should not listen to the next multicast packet during the reliable multicast process
D. to define the initial sequence number when bringing up a new peer
Answer: C
Explanation:
EIGRP sends updates and other information between routers using multicast packets to 224.0.0.10. For example in the topology below, R1 made a change in the topology and it needs to send updates to R2 & R3. It sends multicast packets to EIGRP multicast address 224.0.0.10. Both R2 & R3 can receive the updates and acknowledge back to R1 using unicast. Simple, right? But what if R1 sends out updates, only R2 replies but R3 never does? In the case a router sends out a multicast packet that must be reliable delivered (like in this case), an EIGRP process will wait until the RTO (retransmission timeout) period has passed before beginning a recovery action. This period is calculated from the SRTT (smooth round-trip time). After R1 sends out updates it will wait for this period to expire. Then it makes a list of all the neighbors from which it did not receive an Acknowledgement (ACK). Next it sends out a packet telling these routers stop listening to multicast until they are been notified that it is safe again. Finally the router will begin sending unicast packets with the information to the routers that didn’t answer, continuing until they are caught up. In our example the process will be like this:
1. R1 sends out updates to 224.0.0.10
2. R2 responds but R3 does not
3. R1 waits for the RTO period to expire
4. R1 then sends out an unreliable-multicast packet, called a sequence TLV (Type-Length-Value) packet, which tells R3 not to listen to multicast packets any more
5. R1 continues sending any other muticast traffic it has and delivering all traffic, using unicast to R3, until it acknowledges all the packets
6. Once R3 has caught up, R1 will send another sequence TLV, telling R3 to begin listening to multicast again. The sequence TLV packet contains a list of the nodes that should not listen to multicast packets while the recovery takes place. But notice that the TLV packet in step 6 does not contain any nodes in the list.
Note. In the case R3 still does not reply in step 4, R1 will attempt to retransmit the unicast 16 times or continue to retransmit until the hold time for the neighbor in question expires. After this time, R1 will declare a retransmission limit exceeded error and will reset the neighbor.
(Reference: EIGRP for IP: Basic Operation and Configuration)
Q15. Refer to the exhibit.
Which two statements about this configuration are true? (Choose two.)
A. It allows 172.16.0.0/16 to be distributed into EIGRP.
B. It allows a default route to be distributed into EIGRP.
C. It allows 172.16.0.0/16 and larger subnets to be distributed into EIGRP.
D. It prevents 172.16.0.0/16 from being distributed into EIGRP.
E. It prevents a default route from being distributed into EIGRP.
F. It creates summary routes and injects them into EIGRP.
Answer: A,B
Explanation:
In this example, the prefix list is configured to only allow the two specific routes of 172.16.0.0/16 and the default route. Any other routes will be filtered.