Q1. Which two statements about the passive-interface command are true? (Choose two.)
A. A RIP router listens to multicast updates from its neighbor but stops sending multicast updates on the passive interface.
B. In OSPF, configuring passive-interface at the interface level suppresses hello packets for the interface and all sub interfaces.
C. An EIGRP router can form neighbor relationship on the passive interface, but incoming and outgoing multicast updates are disabled on the interface.
D. A RIP router disables all incoming and outgoing multicast updates in the passive interface.
E. In EIGRP, the passive interface stops sending hello packets.
F. In OSPF, the passive interface can receive incoming routing updates and update the device routing table.
Answer: A,E
Q2. Which three statements are true about an EtherChannel? (Choose three.)
A. PAGP and LACP can be configured on the same switch if the switch is not in the same EtherChannel.
B. EtherChannel ports in suspended state can receive BPDUs but cannot send them.
C. An EtherChannel forms between trunks that are using different native VLANs.
D. LACP can operate in both half duplex and full duplex, if the duplex setting is the same on both ends.
E. Ports with different spanning-tree path costs can form an EtherChannel.
Answer: A,B,E
Explanation:
Answer A. EtherChannel groups running PAgP and LACP can coexist on the same switch or on different switches in the stack. Individual EtherChannel groups can run either PAgP or LACP, but they cannot interoperate.
Answer B:
EtherChannel Member Port States
Port States
Description
bundled
The port is part of an EtherChannel and can send and receive BPDUs and data traffic.
suspended
The port is not part of an EtherChannel. The port can receive BPDUs but cannot send them. Data traffic is blocked.
standalone
The port is not bundled in an EtherChannel. The port functions as a standalone data port. The port can send and receive BPDUs and data traffic.
Answer E. Ports with different spanning-tree path costs can form an EtherChannel if they are otherwise compatibly configured. Setting different spanning-tree path costs does not, by itself, make ports incompatible for the formation of an EtherChannel.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/layer2/configuration_guide/b_lay2_152ex_2960-x_cg/b_lay2_152ex_2960-x_cg_chapter_010.html
Q3. Which two statements about DHCP snooping are true? (Choose two.)
A. It is implemented on a per-VLAN basis.
B. It filters invalid DHCP messages.
C. The binding database logs trusted and untrusted hosts with leased IP addresses.
D. Interfaces are trusted by default.
E. It uses the LFIB to validate requests from untrusted hosts.
Answer: A,B
Q4. Refer to the exhibit.
Why is R2 unable to ping the loopback interface of R4?
A. The local preference is too high.
B. The weight is too low.
C. The next hop is not reachable from R2.
D. The route originated from within the same AS.
Answer: C
Explanation:
Before a BGP speaker installs a route to a network in the main IP routing table, the router must know how to reach the next hop that is used to get to that network. Route reachability is verified by searching for a route to the next hop in the main IP routing table. Unlike IGP routing protocols, such as EIGRP and OSPF, which assume that a route is reachable if they learned it through a valid adjacency, BGP does not install routes that it cannot verify as reachable. If a route to the next hop for a BGP network is found in the main IP routing table, BGP assumes that the network is reachable, and that the particular BGP route might be stored in the main IP routing table. If the router receives a route to a network that is not reachable, that route continues to be stored in the incoming BGP table, adj-RIB-In, and might be seen using the show ip bgp command, but is not placed in the main IP routing table.
Reference: https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=75
Q5. Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.)
A. IP address
B. routing table
C. forwarding table
D. access control lists
E. NetFlow configuration
Answer: A,B,C
Q6. Which statement is true regarding UDLD and STP timers?
A. The UDLD message timer should be two times the STP forward delay to prevent loops.
B. UDLD and STP are unrelated features, and there is no relation between the timers.
C. The timers need to be synced by using the spanning-tree udld-sync command.
D. The timers should be set in such a way that UDLD is detected before the STP forward delay expires.
Answer: D
Explanation:
UDLD is designed to be a helper for STP. Therefore, UDLD should be able to detect an unidirectional link before STP would unblock the port due to missed BPDUs. Thus, when you configure UDLD timers, make sure your values are set so that unidirectional link is detected before “STP MaxAge + 2xForwardDelay” expires.
Reference: http://blog.ine.com/tag/stp/
Q7. Refer to the exhibit.
Which command is configured on this router?
A. bgp update-delay 60
B. neighbor 10.100.1.1 maximum-prefix 200
C. neighbor 10.100.1.1 maximum-path 2
D. neighbor 10.100.1.1 ebgp-multihop 2
Answer: B
Explanation:
The BGP Maximum-Prefix feature allows you to control how many prefixes can be received from a neighbor. By default, this feature allows a router to bring down a peer when the number of received prefixes from that peer exceeds the configured Maximum-Prefix limit. This feature is commonly used for external BGP peers, but can be applied to internal BGP peers also. When the maximum number of prefixes has been received, the BGP sessions closes into the IDLE state.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html
Q8. Refer to the exhibit.
R3 prefers the path through R1 to reach host 10.1.1.1.
Which option describes the reason for this behavior?
A. The OSPF reference bandwidth is too small to account for the higher speed links through R2.
B. The default OSPF cost through R1 is less than the cost through R2.
C. The default OSPF cost through R1 is more than the cost through R2.
D. The link between R2 and R1 is congested.
Answer: A
Explanation:
The default formula to calculate OSPF bandwidth is BW = Bandwidth Reference / interface
bandwidth [bps] = 10^8 / / interface bandwidth [bps]
BW of the R1-R3 link = 10^8 / 100Mbps = 10^8 / 10^8 = 1
BW of the R2-R3 link = 10^8 / 1Gbps = 10^8 / 10^9 = 1 (round up)
Therefore OSPF considers the two above links have the same Bandwidth -> R3 will go to 10.1.1.1 via the R1-R3 link. The solution here is to increase the Bandwidth Reference to a higher value using the “auto-cost reference-bandwidth” command under OSPF router mode. For example: Router(config)#router ospf 1 Router(config-router)#auto-cost reference-bandwidth 10000 This will increase the reference bandwidth to 10000 Mbps which increases the BW of the R2-R3 link to 10^10 / 10^8 = 100.
Q9. Which EIGRP packet types are sent as unicast packets?
A. hello, update, query
B. query, SIA query, reply
C. SIA query, reply, ACK
D. query, SIA query, SIA reply
Answer: C
Q10. Which two statements are true about AAA? (Choose two.)
A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users.
B. If RADIUS is the only method configured in AAA, and the server becomes unreachable,
the user will be able to log in to the router using a local username and password.
C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
D. AAA can be used to authenticate the enable password with a AAA server.
Answer: C,D
Explanation:
AAA can be used to authenticate user login and the enable passwords.
Example 1: Same Exec Authentication Methods for All Users
Once authenticated with:
aaa authentication login default group radius local
All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method).
We configure:
aaa authorization exec default group radius local
Note. On the AAA server, Service-Type=1 (login) must be selected.
Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
Q11. In an STP domain, which two statements are true for a nonroot switch, when it receives a configuration BPDU from the root bridge with the TC bit set? (Choose two.)
A. It sets the MAC table aging time to max_age + forward_delay time.
B. It sets the MAC table aging time to forward_delay time.
C. It recalculates the STP topology upon receiving topology change notification from the root switch.
D. It receives the topology change BPDU on both forwarding and blocking ports.
Answer: B,D
Explanation:
When the TC bit is received, every bridge is then notified and reduces the aging time to forward_delay (15 seconds by default) for a certain period of time (max_age + forward_delay). It is more beneficial to reduce the aging time instead of clearing the table because currently active hosts, that effectively transmit traffic, are not cleared from the table. Once the root is aware that there has been a topology change event in the network, it starts to send out its configuration BPDUs with the topology change (TC) bit set. These BPDUs are relayed by every bridge in the network with this bit set. As a result all bridges become aware of the topology change situation and it can reduce its aging time to forward_delay. Bridges receive topology change BPDUs on both forwarding and blocking ports. An important point to consider here is that a TCN does not start a STP recalculation. This fear comes from the fact that TCNs are often associated with unstable STP environments; TCNs are a consequence of this, not a cause. The TCN only has an impact on the aging time. It does not change the topology nor create a loop.
Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/12013-17.html#topic1
Q12. Which three fields are part of a TCN BPDU? (Choose three.)
A. protocol ID
B. version
C. type
D. max-age
E. flags
F. message age
Answer: A,B,C
Q13. DRAG DROP
Drag and drop the BGP attribute on the left to the correct category on the right.
Answer:
Q14. Which two methods can you use to limit the range for EIGRP queries? (Choose two.)
A. Use an access list to deny the multicast address 224.0.0.1 outbound from select EIGRP neighbor and permit everything else.
B. Configure route tagging for all EIGRP routes.
C. Summarize routes at the boundary routers of the EIGRP domain.
D. Configure unicast EIGRP on all routers in the EIGRP domain.
E. Configure stub routers in the EIGRP domain.
F. Use an access list to deny the multicast address 224.0.0.10 outbound from select EIGRP neighbors and permit everything else.
Answer: C,E
Q15. You are implementing new addressing with EIGRP routing and must use secondary addresses, which are missing from the routing table. Which action is the most efficient solution to the problem?
A. Disable split-horizon on the interfaces with secondary addresses.
B. Disable split-horizon inside the EIGRP process on the router with the secondary interface addresses.
C. Add additional router interfaces and move the secondary addresses to the new interfaces.
D. Use a different routing protocol and redistribute the routes between EIGRP and the new protocol.
Answer: A
Explanation:
Normally, routers that are connected to broadcast-type IP networks and that use distance-vector routing protocols employ the split horizon mechanism to reduce the possibility of routing loops. Split horizon blocks information about routes from being advertised by a router out of any interface from which that information originated. This behavior usually optimizes communications among multiple routers, particularly when links are broken. However, with nonbroadcast networks, situations can arise for which this behavior is less than ideal. For these situations, you might want to disable split horizon with EIGRP and RIP. If an interface is configured with secondary IP addresses and split horizon is enabled, updates might not be sourced by every secondary address. One routing update is sourced per network number unless split horizon is disabled.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfrip.html