Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which statement is true regarding the UDP checksum?
A. It is used for congestion control.
B. It cannot be all zeros.
C. It is used by some Internet worms to hide their propagation.
D. It is computed based on the IP pseudo-header.
Answer: D
Explanation:
The method used to compute the checksum is defined in RFC 768: “Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the UDP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets.” In other words, all 16-bit words are summed using one's complement arithmetic. Add the 16-bit values up. Each time a carry-out (17th bit) is produced, swing that bit around and add it back into the least significant bit. The sum is then one's complemented to yield the value of the UDP checksum field. If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the one's complement (all 1s).
Reference: http://en.wikipedia.org/wiki/User_Datagram_Protocol
Q2. Which statement about the bgp soft-reconfig-backup command is true?
A. It requires BGP to store all inbound and outbound updates.
B. It overrides soft reconfiguration for devices that support inbound soft reconfiguration.
C. When the peer is unable to store updates, the updates are implemented immediately.
D. It provides soft reconfiguration capabilities for peers that are unable to support route refresh.
E. It provides outbound soft reconfiguration for peers.
Answer: D
Q3. Refer to the exhibit.
Routers R1 and R2 are configured as shown, and traffic from R1 fails to reach host 209.165.201.254.
Which action can you take to correct the problem?
A. Ensure that R2 has a default route in its routing table.
B. Change the OSPF area type on R1 and R2.
C. Edit the router configurations so that address 209.165.201.254 is a routable address.
D. Remove the default-information originate command from the OSPF configuration of R2.
Answer: A
Explanation:
Not sure that any of these answers are correct, it appears that this configuration is valid for reaching that one specific host IP. Answer A does have a route to that host so it would not need a default route to get to it. Choice B is incorrect as the area types have nothing to do with this. C is incorrect as that IP address is routable, and D is needed so that R1 will have a default route advertised to it from R2 so that it can reach this destination.
Q4. Which statement about shaped round robin queuing is true?
A. Queues with higher configured weights are serviced first.
B. The device waits a period of time, set by the configured weight, before servicing the next queue.
C. The device services a single queue completely before moving on to the next queue.
D. Shaped mode is available on both the ingress and egress queues.
Answer: A
Explanation:
SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only available on the egress queues SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of time, and so forth.
The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues.
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-e-series-switches/prod_qas0900aecd805bacc7.html
Q5. Which option describes the effect of the OSPF default-information originate always command?
A. It creates a stub area.
B. It configures the device to advertise a default route regardless of whether it exists in the routing table.
C. It configures the device to automatically redistribute a default route.
D. It adds a static default route to the device configuration.
Answer: B
Explanation:
default-information originate
To generate a default external route into an Open Shortest Path First (OSPF) routing domain, use the default-information originate command in router configuration mode. To disable this feature, use the no form of this command.
default-information originate [always] metric metric-value [ metric-type type-value ] [ route-map map-name ]
Syntax Description
always (Optional) Always advertises the default route regardless of whether the software has a default route.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-d2.html
Q6. Which three statements are true about unicast RPF? (Choose three.)
A. Unicast RPF requires CEF to be enabled.
B. Unicast RPF strict mode works better with multihomed networks.
C. Unicast RPF strict mode supports symmetric paths.
D. Unicast RPF strict mode supports asymmetric paths.
E. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance.
F. Unicast RPF loose mode is typically used with ISP networks.
Answer: A,C,F
Q7. Refer to the exhibit.
Which statement describes what the authoritative flag indicates?
A. Authentication was used for the mapping.
B. R1 learned about the NHRP mapping from a registration request.
C. Duplicate mapping in the NHRP cache is prevented.
D. The registration request had the same flag set.
Answer: B
Explanation:
Show NHRP: Examples
The following is sample output from the show ip nhrp command:
Router# show ip nhrp
10.0.0.2 255.255.255.255, tunnel 100 created 0:00:43 expire 1:59:16
TypE. dynamic Flags: authoritative
NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11
10.0.0.1 255.255.255.255, Tunnel0 created 0:10:03 expire 1:49:56
TypE. static Flags: authoritative
The fields in the sample display are as follows:
Flags:
authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html
Q8. DRAG DROP
Drag and drop the NHRP flag on the left to the corresponding meaning on the right.
Answer:
Q9. Which two statements about MAC Authentication Bypass are true? (Choose two.)
A. Traffic from an endpoint is authorized to pass after MAB authenticates the MAC address of the endpoint.
B. During the learning stage, the switch examines multiple packets from the endpoint to determine the MAC address of the endpoint.
C. After the switch learns the MAC address of the endpoint, it uses TACACS+ to authenticate it.
D. After learning a source MAC address, it sends the host a RADIUS Account-Request message to validate the address.
E. The MAC address of a device serves as its user name and password to authenticate with a RADIUS server.
Answer: A,E
Q10. Which statement about NAT64 is true?
A. NAT64 provides address family translation and translates IPv4 to IPv6 and IPv6 to IPv4.
B. NAT64 provides address family translation and can translate only IPv6 to IPv4.
C. NAT64 should be considered as a permanent solution.
D. NAT64 requires the use of DNS64.
Answer: A
Q11. Which three features are considered part of the IPv6 first-hop security suite? (Choose three.)
A. DNS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard
F. DoS guard
Answer: B,C,E
Explanation:
Cisco IOS has (at least) these IPv6 first-hop security features: IPv6 RA Guard rejects fake RA messages coming from host (non-router) ports (not sure whether it handles all possible IPv6 header fragmentation attacks). Interestingly, it can also validate the contents of RA messages (configuration flags, list of prefixes) received through router-facing ports, potentially giving you a safeguard against an attack of fat fingers. DHCPv6 Guard blocks DHCPv6 messages coming from unauthorized DHCPv6 servers and relays. Like IPv6 RA Guard it also validates the DHCPv6 replies coming from authorized DHCPv6 servers, potentially providing protection against DHCPv6 server misconfiguration. IPv6 Snooping and device tracking builds a IPv6 First-Hop Security Binding Table (nicer name for ND table) by monitoring DHCPv6 and ND messages as well as regular IPv6 traffic. The binding table can be used to stop ND spoofing (in IPv4 world we’d call this feature DHCP Snooping and Dynamic ARP Inspection). IPv6 Source Guard uses the IPv6 First-Hop Security Binding Table to drop traffic from unknown sources or bogus IPv6 addresses not in the binding table. The switch also tries to recover from lost address information, querying DHCPv6 server or using IPv6 neighbor discovery to verify the source IPv6 address after dropping the offending packet(s). IPv6 Prefix Guard is denies illegal off-subnet traffic. It uses information gleaned from RA messages and IA_PD option of DHCPv6 replies (delegated prefixes) to build the table of valid prefixes. IPv6 Destination Guard drops IPv6 traffic sent to directly connected destination addresses not in IPv6 First-Hop Security Binding Table, effectively stopping ND exhaustion attacks.
Reference: http://blog.ipspace.net/2013/07/first-hop-ipv6-security-features-in.html
Q12. Which option describes what the default RT filter indicates when you implement the BGP RT constrained route distribution feature?
A. A peer receives only a default route for each VRF.
B. A peer receives all routes, regardless of the RT value.
C. A peer receives routes only for RTs that are used on that router.
D. A peer receives no routes, regardless of the RT value.
Answer: B
Q13. Refer to the exhibit.
Which two possible network conditions can you infer from this configuration? (Choose two.)
A. The authentication parameters on R1 and R2 are mismatched.
B. R1 is using the default NTP source configuration.
C. R1 and R2 have established an NTP session.
D. R2 is configured as the NTP master with a stratum of 7.
Answer: A,B
Explanation:
Answer A. The NTP associations are not synced, it is only listed as a candidate because it was configured. Routing is not the issue, so it must be mismatched authentication parameters.
Answer B. NTP sets the source IP address for all NTP packets based on the address of the interface through which the NTP packets are sent. You can configure NTP to use a specific source IP address.
Q14. Which technology is not necessary to set up a basic MPLS domain?
A. IP addressing
B. an IGP
C. LDP or TDP
D. CEF
E. a VRF
Answer: E
Explanation:
The simplest form of VRF implementation is VRF Lite. In this implementation, each router within the network participates in the virtual routing environment in a peer-based fashion. While simple to deploy and appropriate for small to medium enterprises and shared data centres, VRF Lite does not scale to the size required by global enterprises or large carriers, as there is the need to implement each VRF instance on every router, including intermediate routers. VRFs were initially introduced in combination with MPLS, but VRF proved to be so useful that it eventually evolved to live independent of MPLS. This is the historical explanation of the term VRF Lite. Usage of VRFs without MPLS.
Reference: http://en.wikipedia.org/wiki/Virtual_routing_and_forwarding
Q15. Refer to the exhibit.
Which statement about this GET VPN configuration is true?
A. Router 1 acts as the primary key server because it has a higher priority.
B. An RSA key has been imported into the configuration.
C. The GDOI group configuration generated a key.
D. DPD is disabled.
Answer: A