Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which three address family types does EIGRP support? (Choose three.)
A. IPv4 unicast
B. IPv4 multicast
C. IPv6 unicast
D. IPv6 multicast
E. IPv4 anycast
F. IPv6 anycast
Answer: A,B,C
Q2. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and
Cisco Express Forwarding?
A. FlexVPN
B. DMVPN
C. GETVPN
D. Cisco Easy VPN
Answer: B
Q3. Which statement about Cisco Discovery Protocol is true?
A. The multicast address 0100.0cdd.dddd is used as the destination address for periodic advertisements.
B. An inactive VLAN that is configured on an access port passes periodic Cisco Discovery Protocol advertisements.
C. The multicast address 0100.0ccc.ccd is used as the destination address for periodic advertisements.
D. A VLAN must be active on an access port before periodic Cisco Discovery Protocol advertisements are passed.
Answer: D
Explanation:
All CDP packets include a VLAN ID. If you configure CDP on a Layer 2 access port, the CDP packets sent from that access port include the access port VLAN ID. If you configure CDP on a Layer 2 trunk port, the CDP packets sent from that trunk port include the lowest configured VLAN ID allowed on that trunk port. CDP messages on the active physical interfaces (Ethernet NIC) to a well-known multicast address (0100.0CCC.CCCC.
Q4. Which statement about WAN Ethernet Services is true?
A. Rate-limiting can be configured per EVC.
B. Point-to-point processing and encapsulation are performed on the customer network.
C. Ethernet multipoint services function as a multipoint-to-multipoint VLAN-based connection.
D. UNIs can perform service multiplexing and all-in-one bundling.
Answer: A
Explanation:
The MEF has defined a set of bandwidth profiles that can be applied at the UNI or to an EVC. A bandwidth profile is a limit on the rate at which Ethernet frames can traverse the UNI or the EVC.
Reference: http://www.ciscopress.com/articles/article.asp?p=101367&seqNum=2
Q5. Which two hashing algorithms can be used when configuring SNMPv3? (Choose two.)
A. MD5
B. SHA-1
C. Blowfish
D. DES
E. AES
F. SSL
Answer: A,B
Explanation:
Note that SNMPv3 does not send passwords in clear-text and uses hash-based authentication with either MD5 or SHA1 functions (HMAC authentication – the packet conted is hashed along with authentication key to produce the authentication string).
Reference: http://blog.ine.com/2008/07/19/snmpv3-tutorial/
Q6. Which two advantages does CoPP have over receive path ACLs? (Choose two.)
A. Only CoPP applies to IP packets and non-IP packets.
B. Only CoPP applies to receive destination IP packets.
C. A single instance of CoPP can be applied to all packets to the router, while rACLs require multiple instances.
D. Only CoPP can rate-limit packets.
Answer: A,D
Explanation:
Control Plane Policing – CoPP is the Cisco IOS-wide route processor protection mechanism. As illustrated in Figure 2, and similar to rACLs, CoPP is deployed once to the punt path of the router. However, unlike rACLs that only apply to receive destination IP packets, CoPP applies to all packets that punt to the route processor for handling. CoPP therefore covers not only receive destination IP packets, it also exceptions IP packets and non-IP packets. In addition, CoPP is implemented using the Modular QoS CLI (MQC) framework for policy construction. In this way, in addition to simply permit and deny functions, specific packets may be permitted but rate-limited. This behavior substantially improves the ability to define an effective CoPP policy. (Note: that “Control Plane Policing” is something of a misnomer because CoPP generally protects the punt path to the route processor and not solely the control plane.)
Reference: http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
Q7. Which three options are sources from which a SPAN session can copy traffic? (Choose three.)
A. ports
B. EtherChannels
C. VLANs
D. subnets
E. primary IP addresses
F. secondary IP addresses
Answer: A,B,C
Explanation:
. SPAN Sources
The interfaces from which traffic can be monitored are called SPAN sources. Sources designate the traffic to monitor and whether to copy ingress, egress, or both directions of traffic. SPAN sources include the following:
. Ethernet ports
. Port channels
. The inband interface to the control plane CPU — You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored.
. VLANs — When a VLAN is specified as a SPAN source, all supported interfaces in the VLAN are SPAN sources.
. Remote SPAN (RSPAN) VLANs
. Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender .
Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender
— These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#wp1239492
Q8. Refer to the exhibit.
R3 is failing to join the multicast group 224.1.1.1 that is sourcing from R1. Which two actions can you take to allow multicast traffic to flow correctly? (Choose two.)
A. Remove the static multicast route on R1.
B. Configure OSPF on R1 and R3 to include the tunnel interfaces.
C. Add an additional static multicast route on R2 for multicast group 224.1.1.1 toward R3.
D. Replace the static multicast route on R1 to send traffic toward R2.
E. Remove the static unicast route on R1.
F. Add an additional static unicast route on R2 toward the loopback interface of R3.
Answer: A,B
Explanation:
Since the tunnel interfaces are not part of OSPF, the best path to the multicast source of R1 from R3 would be over the Gi0/0 path via OSPF. However, the static mroute is configured to use the tunnel, so this causes an RPF failure used in Sparse Mode. Best fix is to add the tunnel interfaces into OSPF and remove the static mroute so that that the RPF check no longer fails.
Q9. Which option is the Cisco recommended method to secure access to the console port?
A. Configure the activation-character command.
B. Configure a very short timeout (less than 100 milliseconds) for the port.
C. Set the privilege level to a value less than 15.
D. Configure an ACL.
Answer: A
Explanation:
The activation-character command defines a session activation character. Entering this character at a vacant terminal begins a terminal session. The default activation character is the Return key
To secure the console port, you should change this character to a different one as most people simply hit the enter key when trying to access the console.
Q10. DRAG DROP
Drag and drop the Cisco IOX XE subpackage on the left to the function it performs on the right.
Answer:
Q11. Which standard feature can be exploited by an attacker to perform network reconnaissance?
A. IP-directed broadcast
B. maintenance operations protocol
C. ICMP redirects
D. source quench
Answer: C
Q12. Which two statements about IBGP multipath are true? (Choose two.)
A. The IGP metric of the BGP next hop can be different from the best-path IGP metric if you configure the router for unequal-cost IBGP multipath.
B. The IGP metric of the BGP next hop must be the same as the best-path IGP metric.
C. The equivalent next-hop-self is performed on the best path from among the IBGP multipaths before it is forwarded to external peers.
D. The path should be learned from an external neighbor.
E. The router BGP process must learn the path from a confederation-external or external neighbor.
F. The router BGP process must learn the path from an internal neighbor.
Answer: A,F
Q13. Which term describes an EIGRP route that has feasible successors?
A. active
B. passive
C. redistributed
D. invalid
Answer: B
Explanation:
A topology table entry for a destination can have one of two states. A route is considered in the Passive state when a router is not performing a route recomputation. The route is in Active state when a router is undergoing a route recomputation. If there are always feasible successors, a route never has to go into Active state and avoids a route recomputation.
When there are no feasible successors, a route goes into Active state and a route recomputation occurs. A route recomputation commences with a router sending a query packet to all neighbors. Neighboring routers can either reply if they have feasible successors for the destination or optionally return a query indicating that they are performing a route recomputation. While in Active state, a router cannot change the next-hop neighbor it is using to forward packets. Once all replies are received for a given query, the destination can transition to Passive state and a new successor can be selected.
Reference: http://docwiki.cisco.com/wiki/Enhanced_Interior_Gateway_Routing_Protocol
Q14. Which type of port would have root guard enabled on it?
A. A root port
B. An alternate port
C. A blocked port
D. A designated port
Answer: D
Explanation:
The root guard feature provides a way to enforce the root bridge placement in the network. The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.
Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html
Q15. DRAG DROP
Drag and drop the argument of the ip cef load-sharing algorithm command on the left to the function it performs on the right.
Answer: