Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer to the exhibit.
Which three statements about the R1 configuration are true? (Choose three.)
A. The virtual circuit identifier is 1611 and the virtual circuit is down.
B. The local label for the circuit is 4006.
C. The targeted LDP session to the remote peer is up.
D. The local label for the circuit is 1611.
E. The virtual circuit identifier is 4006 and the virtual circuit is down.
F. The circuit is using MPLS VC type 4.
Answer: A,B,C
Explanation:
The number after the vc is the identifier, which is 1611 in this case. Here, the VC status is shown as down.
As shown, the MPLS VC labels: local 4006, remote unassigned shows the local label used is 4006.
The targeted LDP session is up as verified by the “Signalling protocol: LDP, peer 172.16.12.70 up” statement in the output.
Q2. Which EIGRP configuration results in subsecond failover outside of the basic routing
protocol convergence?
A. bfd all-interfaces
B. timers active-time disabled
C. timers active-time 1
D. timers nsf route-hold 20
Answer: A
Q3. Which type of EIGRP routes are summarized by the auto-summary command?
A. internal routes that are learned from a peer that is outside the range of local network statements
B. external routes that are learned from a peer that is inside the range of local network statements
C. locally created routes that are outside the range of local network statements
D. external routes that are learned from a peer that is outside the range of local network statements
Answer: B
Explanation:
Auto-Summarization of External Routes
EIGRP will not auto-summarize external routes unless there is a component of the same major network that is an internal route. To illustrate, let us look at Figure 15.
Router Three is injecting external routes to 192.1.2.0/26 and 192.1.2.64/26 into EIGRP using the redistribute connected command, as shown in the configurations below.
Router Three
interface Ethernet0
ip address 192.1.2.1 255.255.255.192
!
interface Ethernet1
ip address 192.1.2.65 255.255.255.192
!
interface Ethernet2
ip address 10.1.2.1 255.255.255.0
!router eigrp 2000
redistribute connected
network 10.0.0.0
default-metric 10000 1 255 1 1500
With this configuration on Router Three, the routing table on Router One shows:
one# show ip route
10.0.0.0/8 is subnetted, 2 subnets
D 10.1.2.0 [90/11023872] via 10.1.50.2, 00:02:03, Serial0
C 10.1.50.0 is directly connected, Serial0
192.1.2.0/26 is subnetted, 1 subnets
D EX 192.1.2.0 [170/11049472] via 10.1.50.2, 00:00:53, Serial0
D EX 192.1.2.64 [170/11049472] via 10.1.50.2, 00:00:53, Serial0
Although auto-summary normally causes Router Three to summarize the 192.1.2.0/26 and 192.1.2.64/26 routes into one major net destination (192.1.2.0/24), it does not do this because both routes are external. However, if you reconfigure the link between Routers Two and Three to 192.1.2.128/26, and add network statements for this network on Routers Two and Three, the 192.1.2.0/24 auto-summary is then generated on Router Two.
Router Three
interface Ethernet0
ip address 192.1.2.1 255.255.255.192
!
interface Ethernet1
ip address 192.1.2.65 255.255.255.192
!
interface Serial0
ip address 192.1.2.130 255.255.255.192
!
router eigrp 2000 network 192.1.2.0
Now Router Two generates the summary for 192.1.2.0/24:
two# show ip route
D 192.1.2.0/24 is a summary, 00:06:48, Null0
And Router One shows only the summary routE.
one# show ip route
10.0.0.0/8 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial0
D 192.1.2.0/24 [90/11023872] via 10.1.50.2, 00:00:36, Serial0
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html
Q4. Which two statements about private VLANs are true? (Choose two.)
A. Only one isolated VLAN can be mapped to a primary VLAN.
B. Only one community VLAN can be mapped to a primary VLAN.
C. Multiple isolated VLANs can be mapped to a primary VLAN.
D. Multiple community VLANs can be mapped to a primary VLAN.
Answer: A,D
Explanation:
An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports. You can configure only one isolated VLAN in a PVLAN domain. An isolated VLAN can have several isolated ports. The traffic from each isolated port also remains completely separate. Only one isolated VLAN can be mapped under a given primary VLAN. A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a PVLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus6000/sw/layer2/6x/b_6k_L ayer2_Config_6x/b_6k_Layer2_Config_602N12_chapter_011.html
Q5. Which two statements about Cisco Express Forwarding are true? (Choose two.)
A. Cisco Express Forwarding tables contain reachability information and adjacency tables contain forwarding information.
B. Cisco Express Forwarding tables contain forwarding information and adjacency tables contain reachability information.
C. Changing MAC header rewrite strings requires cache validation.
D. Adjacency tables and Cisco Express Forwarding tables can be built separately.
E. Adjacency tables and Cisco Express Forwarding tables require packet process-switching.
Answer: A,D
Explanation:
Main Components of CEF
Information conventionally stored in a route cache is stored in several data structures for Cisco Express Forwarding switching. The data structures provide optimized lookup for efficient packet forwarding. The two main components of Cisco Express Forwarding operation are the forwarding information base (FIB) and the adjacency tables. The FIB is conceptually similar to a routing table or information base. A router uses this lookup table to make destination-based switching decisions during Cisco Express Forwarding operation. The FIB is updated when changes occur in the network and contains all routes known at the time. Adjacency tables maintain Layer 2 next-hop addresses for all FIB entries. This separation of the reachability information (in the Cisco Express Forwarding table) and the forwarding information (in the adjacency table), provides a number of benefits:
. The adjacency table can be built separately from the Cisco Express Forwarding table, allowing both to be built without any packets being process-switched.
. The MAC header rewrite used to forward a packet is not stored in cache entries, so changes in a MAC header rewrite string do not require validation of cache entries.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipswitch_cef/configuration/15-mt/isw-cef-15-mt-book/isw-cef-overview.html
Q6. DRAG DROP
Drag and drop the OSPFv3 LSA type on the left to the functionality it provides on the right.
Answer:
Q7. Refer to the exhibit.
Which BGP feature allows R1 to send R2 a list of prefixes that R2 is prevented from advertising to R1?
A. route refresh
B. Prefix-Based Outbound Route Filtering
C. distribute lists
D. prefix lists
Answer: B
Q8. Which statement about the OSPF Loop-Free Alternate feature is true?
A. It is supported on routers that are configured with virtual links.
B. It is supported in VRF OSPF instances.
C. It is supported when a traffic engineering tunnel interface is protected.
D. It is supported when traffic can be redirected to a primary neighbor.
Answer: B
Explanation:
Restrictions for OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
. The OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute feature is not supported on devices that are virtual links headends.
. The feature is supported only in global VPN routing and forwarding (VRF) OSPF
Instances.
. The only supported tunneling method is MPLS.
. You cannot configure a traffic engineering (TE) tunnel interface as a protected interface. Use the MPLS Traffic Engineering—Fast Reroute Link and Node Protection feature to protect these tunnels. For more information, see the “MPLS Traffic Engineering—Fast Reroute Link and Node Protection” section in the Multiprotocol Label Switching Configuration Guide.
. You can configure a TE tunnel interface in a repair path, but OSPF will not verify the tunnel’s placement; you must ensure that it is not crossing the physical interface that it is intended to protect.
. Not all routes can have repair paths. Multipath primary routes might have repair paths for all, some, or no primary paths, depending on the network topology, the connectivity of the computing router, and the attributes required of repair paths.
. Devices that can be selected as tunnel termination points must have a /32 address advertised in the area in which remote LFA is enabled. This address will be used as a tunnel termination IP. If the device does not advertise a /32 address, it may not be used for remote LFA tunnel termination.
. All devices in the network that can be selected as tunnel termination points must be configured to accept targeted LDP sessions using the mpls ldp discovery targeted-hello accept command.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/iro-ipfrr-lfa.html
Q9. Which attribute is transported over an MPLS VPN as a BGP extended community?
A. route target
B. route distinguisher
C. NLRI
D. origin
E. local preference
Answer: A
Q10. Which data plane protocol does EIGRP Over the Top use?
A. MPLS
B. GRE
C. LISP
D. IP-in-IP
Answer: C
Explanation:
The EIGRP Over the Top solution can be used to ensure connectivity between disparate Enhanced Interior Gateway Routing Protocol (EIGRP) sites. This feature uses EIGRP on the control plane and Locator ID Separation Protocol (LISP) encapsulation on the data plane to route traffic across the underlying WAN architecture. EIGRP is used to distribute routes between customer edge (CE) devices within the network, and the traffic forwarded across the WAN architecture is LISP encapsulated. Therefore, to connect disparate EIGRP sites, you must configure the neighbor command with LISP encapsulation on every CE in the network.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/ire-eigrp-over-the-top.html
Q11. Which two statements about the client-identifier in a DHCP pool are true? (Choose two.)
A. It specifies a unique identifier that is used only for DHCP requests.
B. It is specified by appending 01 to the MAC address of a DHCP client.
C. It specifies a hardware address for the client.
D. It specifies a unique identifier that is used only for BOOTP requests.
E. It requires that you specify the hardware protocol.
Answer: A,B
Reference:
client-identifier unique-identifier
Example:
Device(dhcp-config)# client-identifier 01b7.0813.8811.66
Specifies the unique identifier for DHCP clients.
This command is used for DHCP requests.
DHCP clients require client identifiers. You can specify the unique identifier for the client in either of the following ways:
A 7-byte dotted hexadecimal notation. For example, 01b7.0813.8811.66, where 01 represents the Ethernet media type and the remaining bytes represent the MAC address of the DHCP client.
A 27-byte dotted hexadecimal notation. For example, 7665.6e64.6f72.2d30.3032.342e.3937.6230.2e33.3734.312d.4661.302f.31. The equivalent ASCII string for this hexadecimal value is vendor-0024.97b0.3741-fa0/1, where vendor represents the vendor, 0024.97b0.3741 represents the MAC address of the source interface, and fa0/1 represents the source interface of the DHCP client.
See the Troubleshooting Tips section for information about how to determine the client identifier of the DHCP client.
Note
The identifier specified here is considered for a DHCP client that sends a client identifier in the packet.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-mt/dhcp-15-mt-book/config-dhcp-server.html
Q12. Which two statements about port ACLs are true? (Choose two.)
A. Port ACLs are supported on physical interfaces and are configured on a Layer 2 interface on a switch.
B. Port ACLs support both outbound and inbound traffic filtering.
C. When it is applied to trunk ports, the port ACL filters only native VLAN traffic.
D. When it is applied to a port with voice VLAN, the port ACL filters both voice and data VLAN traffic.
Answer: A,D
Explanation:
PACLs filter incoming traffic on Layer 2 interfaces, using Layer 3 information, Layer 4 header information, or non-IP Layer 2 information The port ACL (PACL) feature provides the ability to perform access control on specific Layer 2 ports. A Layer 2 port is a physical LAN or trunk port that belongs to a VLAN. Port ACLs perform access control on all traffic entering the specified Layer 2 port, including voice and data VLANs that may be configured on the port. Port ACLs are applied only on the ingress traffic.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/port_acls.html
Q13. The session status for an IPsec tunnel with IPv6-in-IPv4 is down with the error message IKE message from 10.10.1.1 failed its sanity check or is malformed.
Which statement describes a possible cause of this error?
A. There is a verification failure on the IPsec packet.
B. The SA has expired or has been cleared.
C. The pre-shared keys on the peers are mismatched.
D. There is a failure due to a transform set mismatch.
E. An incorrect packet was sent by an IPsec peer.
Answer: C
Explanation:
IKE Message from X.X.X.X Failed its Sanity Check or is Malformed This debug error appears if the pre-shared keys on the peers do not match. In order to fix this issue, check the pre-shared keys on both sides. 1d00H:%CRPTO-4-IKMP_BAD_MESSAGE. IKE message from 150.150.150.1 failed its sanity check or is malformed.
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/5409-ipsec-debug-00.html#ike
Q14. Refer to the exhibit.
At which location will the benefit of this configuration be observed?
A. on Router A and its upstream routers B. on Router A and its downstream routers
C. on Router A only
D. on Router A and all of its ARP neighbors
Answer: B
Explanation:
The following example shows how to configure the router (and downstream routers) to drop all options packets that enter the network: Router(config)# ip options drop
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/sel_drop.html
Q15. Which three responses can a remote RADIUS server return to a client? (Choose three.)
A. Reject-Challenge
B. Access-Reject
C. Accept-Confirmed
D. Access-Accept
E. Access-Challenge
F. Reject-Access
Answer: B,D,E