Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which three statements about GET VPN are true? (Choose three.)
A. It encrypts WAN traffic to increase data security and provide transport authentication.
B. It provides direct communication between sites, which reduces latency and jitter.
C. It can secure IP multicast, unicast, and broadcast group traffic.
D. It uses a centralized key server for membership control.
E. It enables the router to configure tunnels.
F. It maintains full-mesh connectivity for IP networks.
Answer: A,B,D
Explanation:
Cisco GET VPN Features and Benefits
Feature
Description and Benefit
Key Services
Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include:
. Key Servers can be located centrally, granting easy control over membership.
. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure.
. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic.
. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible.
Scalability and Throughput
. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter.
. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further
Security
Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic
Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/product_data_sheet0900aecd80582067.html
Q2. DRAG DROP
Drag and drop the EIGRP query condition on the left to the corresponding action taken by the router on the right.
Answer:
Q3. Refer to the exhibit.
Which two benefits result from using this command on a switch? (Choose two.)
A. The port cannot forward unknown unicast packets.
B. Network security is increased on the configured port.
C. The port cannot forward unknown multicast packets.
D. The port cannot forward unknown broadcast packets.
E. Network security is increased on all ports of the switch.
F. Unknown packets of all types, except unicast, are blocked.
Answer: A,B
Q4. Which statement describes the purpose of the Payload Type field in the RTP header?
A. It identifies the signaling protocol.
B. It identifies the codec.
C. It identifies the port numbers for RTP.
D. It identifies the port numbers for RTCP.
Answer: B
Explanation:
PT, Payload Type. 7 bits: Identifies the format of the RTP payload and determines its interpretation by the application. A profile specifies a default static mapping of payload type codes to payload formats. Additional payload type codes may be defined dynamically through non-RTP means. An RTP sender emits a single RTP payload type at any given time; this field is not intended for multiplexing separate media streams. A full list of codecs and their payload type values can be found at the link below:
Reference: http://www.networksorcery.com/enp/protocol/rtp.htm
Q5. Which two options are reasons for TCP starvation? (Choose two.)
A. The use of tail drop
B. The use of WRED
C. Mixing TCP and UDP traffic in the same traffic class
D. The use of TCP congestion control
Answer: C,D
Explanation:
It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially Streaming-Video) within a single service-provider class because of the behaviors of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are detected. Although some UDP applications have application-level windowing, flow control, and retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower transmission rates because of dropping. When TCP flows are combined with UDP flows within a single service-provider class and the class experiences congestion, TCP flows continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-Video and the class experiences sustained congestion. Even if WRED or other TCP congestion control mechanisms are enabled on the service-provider class, the same behavior would be observed because WRED (for the most part) manages congestion only on TCP-based flows.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Qo S-SRND-Book/VPNQoS.html
Q6. Which two statements are true about OTV? (Choose two.)
A. It relies on flooding to propagate MAC address reachability information.
B. It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic.
C. It can work over any transport that can forward IP packets.
D. It supports automatic detection of multihoming.
Answer: C,D
Explanation:
The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic. As part of the OTV control protocol, automatic detection of multihoming is included. This feature enables the multihoming of sites without requiring additional configuration or protocols
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-574984.html
Q7. External EIGRP route exchange on routers R1 and R2 was failing because the routers had duplicate router IDs. You changed the eigrp router-id command on R1, but the problem persists. Which additional action must you take to enable the routers to exchange routes?
A. Change the corresponding loopback address.
B. Change the router ID on R2.
C. Reset the EIGRP neighbor relationship.
D. Clear the EIGRP process.
Answer: D
Q8. Which two fields reside in the initial CHAP challenge packet? (Choose two.)
A. the authentication name of the challenger
B. a random hash value generated by the device
C. the hashed packet type ID
D. the packet type ID in clear text
Answer: A,D
Explanation:
When a caller A dials in to an access server B, The Access server sends across the link an initial Type 1 authentication packet called a Challenge. This Challenge packet contains a randomly generated number, an ID sequence number to identify the challenge (sent in clear text) and the authentication name of the challenger.
Reference: http://www.rhyshaden.com/ppp.htm
Q9. Which technology can MSDP SA filters use to filter traffic?
A. route maps
B. community lists
C. prefix lists
D. class maps
Answer: A
Q10. Which two tasks are required for configuring SNMP to send traps on a Cisco IOS device? (Choose two.)
A. Create access controls for an SNMP community.
B. Configure SNMP notifications.
C. Configure the SNMP agent.
D. Configure SNMP status monitoring and troubleshooting.
E. Configure SNMP server group names.
F. Configure the SNMP server engine ID.
Answer: A,B
Explanation:
The best current practices recommend applying Access Control Lists (ACLs) to community strings and ensuring that the requests community strings are not identical to notifications community strings. Access lists provide further protection when used in combination with other protective measures. This example sets up ACL to community string:
access-list 1 permit 1.1.1.1 snmp-server community string1 ro 1
. SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Unsolicited (asynchronous) notifications can be generated as traps or inform requests. Traps are messages alerting the SNMP manager to a condition on the network. Inform requests (informs) are traps that include a request for confirmation of receipt from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml#wp1007320
Q11. DRAG DROP
Drag and drop the fragmentation characteristics on the left to the corresponding protocol on the right.
Answer:
Q12. Which statement about shaped round robin queuing is true?
A. Queues with higher configured weights are serviced first.
B. The device waits a period of time, set by the configured weight, before servicing the next queue.
C. The device services a single queue completely before moving on to the next queue.
D. Shaped mode is available on both the ingress and egress queues.
Answer: A
Explanation:
SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only available on the egress queues SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of time, and so forth.
The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues.
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-e-series-switches/prod_qas0900aecd805bacc7.html
Q13. DRAG DROP
Drag and drop the SNMP element on the left to the corresponding definition on the right.
Answer:
Q14. Refer to the exhibit.
R2 is mutually redistributing between EIGRP and BGP.
Which configuration is necessary to enable R1 to see routes from R3?
A. The R3 configuration must include ebgp-multihop to the neighbor statement for R2.
B. The R2 BGP configuration must include bgp redistribute-internal.
C. R1 must be configured with next-hop-self for the neighbor going to R2.
D. The AS numbers configured on R1 and R2 must match.
Answer: B
Explanation:
Whenever you redistribute from BGP to something else, BGP will only advertise externally learned routes. To allow the redistribution of iBGP routes into an interior gateway protocol such as EIGRP or OSPF, use the bgp redistribute-internal command in router configuration mode.
Q15. Refer to the exhibit.
Why is the router out of memory?
A. The router is experiencing a BGP memory leak software defect.
B. The BGP peers have been up for too long.
C. The amount of BGP update traffic in the network is too high.
D. The router has insufficient memory due to the size of the BGP database.
Answer: D
Explanation:
Here we can see that this router is running out of memory due to the large size of the BGP routing database. In this case, this router is receiving over 200,000 routes from each of the 4 peers.