Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP
Drag and drop each STP port role on the left to the matching statement on the right.
Answer:
Q2. Which two statements about the ipv6 ospf authentication command are true? (Choose two.)
A. The command is required if you implement the IPsec AH header.
B. The command configures an SPI.
C. The command is required if you implement the IPsec TLV.
D. The command can be used in conjunction with the SPI authentication algorithm.
E. The command must be configured under the OSPFv3 process.
Answer: A,B
Explanation:
OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html
Q3. Now that we’ve generated the key, our next step would be to configure our vty lines for SSH access and specify which database we are going to use to provide authentication to the device. The local database on the router will do just fine for this example.
LabRouter(config)#line vty 0 4
LabRouter(config-line)#login local
LabRouter(config-line)#transport input ssh
5. You will need to create an account on the local router’s database to be used for authenticating to the device. This can be accomplished with these commands. LabRouter(config)#username XXXX privilege 15 secret XXXX
Reference: http://blog.pluralsight.com/configure-secure-shell-ssh-on-cisco-router
Answer:
Q4. Which two statements about the command distance bgp 90 60 120 are true? (Choose two.)
A. Implementing the command is a Cisco best practice.
B. The external distance it sets is preferred over the internal distance.
C. The internal distance it sets is preferred over the external distance.
D. The local distance it sets may conflict with the EIGRP administrative distance.
E. The internal distance it sets may conflict with the EIGRP administrative distance.
F. The local distance it sets may conflict with the RIP administrative distance.
Answer: C,F
Explanation:
To allow the use of external, internal, and local administrative distances that could be a better route than other external, internal, or local routes to a node, use the distance bgp command in address family or router configuration mode. To return to the default values, use the no form of this command. distance bgp external-distance internal-distance local-distance no distance bgp
. Syntax Description
external-distance
Administrative distance for BGP external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system. Accept table values are from 1 to 255. The default is 20. Routes with a distance of 255 are not installed in the routing table.
internal-distance
Administrative distance for BGP internal routes. Internal routes are those routes that are learned from another BGP entity within the same autonomous system. Accept table values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.
local-distance
Administrative distance for BGP local routes. Local routes are those networks listed with a network router configuration command, often as back doors, for that router or for networks that are being redistributed from another process. Accept table values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.
Defaults
external-distance: 20
internal-distance: 200
local-distance: 200
In this case, the internal distance is 60 and the external is 90, and the local distance is 120 (same as RIP).
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfbgp1. html#wp1113874
Q5. Which three modes are valid PfR monitoring modes of operation? (Choose three.)
A. route monitor mode (based on BGP route changes)
B. RMON mode (based on RMONv1 and RMONv2 data)
C. passive mode (based on NetFlow data)
D. active mode (based on Cisco IP SLA probes)
E. fast mode (based on Cisco IP SLA probes)
F. passive mode (based on Cisco IP SLA probes)
Answer: C,D,E
Explanation:
Modes are:
Mode monitor passive
Passive monitoring is the act of PfR gathering information on user packets assembled into flows by Netflow. Passive monitoring is typically only recommended in Internet edge deployments because active probing is ineffective because of security policies that block probing. PfR, when enabled, automatically enables Netflow on the managed interfaces on the Border Routers. By aggregating this information on the Border Routers and periodically reporting the collected data to the Master Controller, the network prefixes and applications in use can automatically be learned.
Mode monitor active
Active monitoring is the act of generating Cisco IOS IP Service Level Agreements (SLAs) probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. PfR can either implicitly generates active probes when passive monitoring has identified destination hosts, or the network manager can explicitly configured probes in the PfR configuration. When jitter probes are used (common use case), Target Discovery is used to learn the respond address and to automatically generate the probes.
Mode monitor Fast
This mode generates active probes through all exists continuously at the configured probe frequency. This differs from either active or both modes in that these modes only generate probes through alternate paths (exits) in the event the current path is out-of-policy.
Reference: http://docwiki.cisco.com/wiki/PfR:Technology_Overview#Mode_monitor_passive
Q6. Which technology facilitates neighbor IP address resolution in DMVPN?
A. CEF
B. mGRE
C. a dynamic routing protocol
D. NHRP
Answer: D
Explanation:
NHRP Used with a DMVPN
NHRP is used to facilitate building a VPN and provides address resolution in DMVPN. In this context, a VPN consists of a virtual Layer 3 network that is built on top of an actual Layer 3 network. The topology you use over the VPN is largely independent of the underlying network, and the protocols you run over it are completely independent of it. The VPN network (DMVPN) is based on GRE IP logical tunnels that can be protected by adding in IPsec to encrypt the GRE IP tunnels.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#w p1057255
Q7. DRAG DROP
Drag and drop the method for refreshing BGP prefixes on the left to the corresponding description on the right.
Answer:
Q8. Refer to the exhibit.
Which option is the result of this configuration?
A. All SNMP traffic coming into the router is redirected to interface GigabitEthernet1/0.
B. All SNMP traffic generated from the router is redirected to interface GigabitEthernet1/0.
C. All SMTP traffic generated from the router is redirected to interface GigabitEthernet1/0.
D. All POP3 traffic coming into the router is redirected to interface GigabitEthernet1/0.
E. All SMTP traffic coming into the router is redirected to interface GigabitEthernet1/0.
Answer: C
Explanation:
This is an example of policy based routing, where traffic sourced from this router that matches the access list (all traffic with port 25 which is SMTP) will be forced out the Gig 0/1 interface.
Q9. Which technology can be used to prevent flooding of IPv6 multicast traffic on a switch?
A. IGMP snooping
B. IGMP filtering
C. MLD snooping
D. MLD filtering
Answer: C
Explanation:
MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content. You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constrains IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoopmld.html
Q10. Which three options are three benefits of an MPLS VPN? (Choose three.)
A. It allows IP address space overlap by maintaining customer routes in a private routing table.
B. It offers additional security by preventing intrusions directly into the customer routing table.
C. It offers a transparent virtual network in which all customer sites appear on one LAN.
D. It offers additional security by allowing only dynamic routing protocols between CE and PE routers.
E. It allows IP address space overlap by maintaining customer routes in the global routing table with unique BGP communities.
F. Providers can send only a default route for Internet access into the customer VPN.
Answer: A,B,C
Q11. Refer to the exhibit.
Which statement about authentication on Router A is true?
A. The router will attempt to authenticate users against TACACS+ only.
B. The router will attempt to authenticate users against the local database only.
C. The router will attempt to authenticate users against the local database first, and fall back to TACACS+ if the local database authentication fails.
D. The router will authenticate users against the default database only.
E. The router will attempt to authenticate users against TACACS+ first, and fall back to the local database if the TACACS+ authentication fails.
Answer: E
Q12. As a best practice, when a router is configured as an EIGRP Stub, which routes should be received from its distribution neighbor?
A. the default route
B. static routes
C. internal routes only
D. internal and external routes
Answer: A
Explanation:
Stub routing is commonly used in a hub and spoke network topology. In a hub and spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies where the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router will be connected to 100 or more remote routers. In a hub and spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router need not send anything more than a default route to the remote router.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/eigrpstb.html
Q13. Which two statements about NetFlow are true? (Choose two.)
A. It must be configured on each router in a network.
B. It supports ATM LAN emulation.
C. The existing network is unaware that NetFlow is running.
D. It uses SIP to establish sessions between neighbors.
E. It provides resource utilization accounting.
Answer: C,E
Explanation:
NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol, either between routers or to any other networking device or end station. NetFlow does not require any change externally--either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices like LAN switches. Also, NetFlow capture and export are performed independently on each internetworking device; NetFlow need not be operational on each router in the network. NetFlow data provides fine-grained metering for highly flexible and detailed resource utilization accounting. For example, flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service, and application ports. Service providers might utilize the information for billing based on time-of-day, bandwidth usage, application usage, or quality of service. Enterprise customers might utilize the information for departmental chargeback or cost allocation for resource utilization.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/12-4t/nf-12-4t-book/ios-netflow-ov.html
Q14. Which two statements about the C-bit and PW type are true? (Choose two.)
A. The C-bit is 1 byte and the PW type is 15 bytes.
B. The PW type indicates the type of pseudowire.
C. The C-bit is 3 bits and the PW type is 10 bits.
D. The C-bit set to 1 indicates a control word is present.
E. The PW type indicates the encryption type.
Answer: B,D
Explanation:
The control word carries generic and Layer 2 payload-specific information. If the C-bit is set to 1, the advertising PE expects the control word to be present in every pseudowire packet on the pseudowire that is being signaled. If the C-bit is set to 0, no control word is expected to be present. Pseudowire Type—PW Type is a 15-bit field that represents the type of pseudowire.
Reference: http://www.ciscopress.com/articles/article.asp?p=386788&seqNum=2
Q15. What happens when an interface is configured as passive in OSPF?
A. No OSPF neighbor ship is formed on the interface.
B. An OSPF neighbor ship is formed with the DR, but not with the BDR.
C. The subnet configured on the interface is not advertised to any other neighbor.
D. OSPF hello messages are sent as unicast instead of multicast.
Answer: A