Q1. Which two statements about EIGRP load balancing are true? (Choose two.)
A. EIGRP supports 6 unequal-cost paths.
B. A path can be used for load balancing only if it is a feasible successor.
C. EIGRP supports unequal-cost paths by default.
D. Any path in the EIGRP topology table can be used for unequal-cost load balancing.
E. Cisco Express Forwarding is required to load-balance across interfaces.
Answer: A,B
Q2. Refer to the exhibit.
Router A and router B are physically connected over an Ethernet interface, and IS-IS is configured as shown. Which option explains why the IS-IS neighborship is not getting formed between router A and router B?
A. same area ID
B. same N selector
C. same domain ID
D. same system ID
Answer: D
Explanation:
With IS-IS, the LSP identifier is derived from the system ID (along with the pseudonode ID and LSP number). Each IS is usually configured with one NET and in one area; each system ID within an area must be unique. The big difference between NSAP style addressing and IP style addressing is that, in general, there will be a single NSAP address for the entire router, whereas with IP there will be one IP address per interface. All ISs and ESs in a routing domain must have system IDs of the same length. All routers in an area must have the same area address. All Level 2 routers must have a unique system ID domain-wide, and all Level 1 routers must have a unique system ID area-wide.
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.sh tml
Q3. For which three routing protocols can Cisco PfR provide direct route control? (Choose three.)
A. OSPF
B. IS-IS
C. BGP
D. EIGRP
E. static routing
F. ODR
Answer: C,D,E
Explanation:
Q. Can you elaborate more on the Parent Route and why it's so important to PfR?
A. Yes. For any route that PfR modifies or controls (BGP, Static, PIRO, EIGRP, PBR), having a Parent prefix in the routing table eliminates the possibility of a routing loop occurring. This is naturally a good thing to prevent in routed networks.
Reference: http://docwiki.cisco.com/wiki/Performance_Routing_FAQs#Route_Control
Q4. Refer to the exhibit.
ICMP Echo requests from host A are not reaching the intended destination on host B. What is the problem?
A. The ICMP payload is malformed.
B. The ICMP Identifier (BE) is invalid.
C. The negotiation of the connection failed.
D. The packet is dropped at the next hop.
E. The link is congested.
Answer: D
Explanation:
Here we see that the Time to Live (TTL) value of the packet is one, so it will be forwarded to the next hop router, but then dropped because the TTL value will be 0 at the next hop.
Q5. Refer to the exhibit.
Which statement is true?
A. R1 routes this pseudowire over MPLS TE tunnel 1 with transport label 20.
B. The default route 0.0.0.0/0 is available in the IPv4 routing table.
C. R1 is using an MPLS TE tunnel for this pseudowire, because the IP path is not available.
D. R1 has preferred-path configured for the pseudowire.
Answer: D
Explanation:
Verifying the Configuration: Example In the following example, the show mpls l2transport vc command shows the following information (in bold) about the VCs:
. VC 101 has been assigned a preferred path called Tunnel1. The default path is disabled because the preferred path specified that the default path should not be used if the preferred path fails.
. VC 150 has been assigned an IP address of a loopback address on PE2. The default path can be used if the preferred path fails.
Router# show mpls l2transport vc detail
Local interface. Gi0/0/0.1 up, line protocol up, Eth VLAN 222 up
Destination address: 10.16.16.16, VC ID. 101, VC status: up
Preferred path: Tunnel1, active
Default path: disabled
Tunnel label: 3, next hop point2point
Output interfacE. Tu1, imposed label stack {17 16}
Create timE. 00:27:31, last status change timE. 00:27:31
Signaling protocol: LDP, peer 10.16.16.16:0 up
MPLS VC labels: local 25, remote 16
Group ID. local 0, remote 6
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 10, send 10
byte totals: receive 1260, send 1300
packet drops: receive 0, send 0
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srtunsel.html#wp10 57815
Q6. In IPv6 Path MTU Discovery, which ICMP message is sent by an intermediary router that requires a smaller MTU?
A. Time Exceeded, with code 1 (fragment reassembly time exceeded)
B. Packet Too Big
C. Destination Unreachable, with code 4 (the datagram is too big)
D. Multicast Termination Router
Answer: B
Q7. Which two statements about 802.1Q tunneling are true? (Choose two.)
A. It requires a system MTU of at least 1504 bytes.
B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information.
C. Traffic that traverses the tunnel is encrypted.
D. It is supported on private VLAN ports.
E. MAC-based QoS and UDLD are supported on tunnel ports.
F. Its maximum allowable system MTU is 1546 bytes.
Answer: A,E
Q8. What is the main component of Unified MPLS?
A. Multiple IGPs in the network are used, where the loopback IP addresses of the PE routers are aggregated on the area border routers.
B. Confederations are used to provide scalability.
C. The loopback prefixes from one IGP area are redistributed into BGP without changing the next hop.
D. The ABR is a BGP route reflector and sets next-hop to self for all reflected routes.
Answer: D
Explanation:
Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as "Seamless MPLS." New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed.
Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html
Q9. Which configuration sets a minimum quality of service on a Layer 2 access switch?
A. mls qos cos override
mls qos cos 2
B. mls qos cos 2
C. mls qos trust cos
mls qos cos 2
D. mls qos trust cos
E. mls qos trust dscp
Answer: A
Explanation:
The mls qos cos override interface command must be used to ensure that untrusted CoS values are explicitly set 0 (default).
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Qo S-SRND-Book/QoSDesign.html
Q10. What is a key advantage of Cisco GET VPN over DMVPN?
A. Cisco GET VPN provides zero-touch deployment of IPSEC VPNs.
B. Cisco GET VPN supports certificate authentication for tunnel establishment.
C. Cisco GET VPN has a better anti-replay mechanism.
D. Cisco GET VPN does not require a secondary overlay routing infrastructure.
Answer: D
Explanation:
DMVPN requires overlaying a secondary routing infrastructure through the tunnels, which results in suboptimal routing while the dynamic tunnels are built. The overlay routing topology also reduces the inherent scalability of the underlying IP VPN network topology. Traditional point-to-point IPsec tunneling solutions suffer from multicast replication issues because multicast replication must be performed before tunnel encapsulation and encryption at the IPsec CE (customer edge) router closest to the multicast source. Multicast replication cannot be performed in the provider network because encapsulated multicasts appear to the core network as unicast data. Cisco’s Group Encrypted Transport VPN (GET VPN) introduces the concept of a trusted group to eliminate point-to-point tunnels and their associated overlay routing. All group members (GMs) share a common security association (SA), also known as a group SA. This enables GMs to decrypt traffic that was encrypted by any other GM. (Note that IPsec CE acts as a GM.) In GET VPN networks, there is no need to negotiate point-to- point IPsec tunnels between the members of a group, because GET VPN is “tunnel-less.”
Reference: Group Encrypted Transport VPN (Get VPN) Design and Implementation Guide PDF
Q11. Which three statements are true about an EtherChannel? (Choose three.)
A. PAGP and LACP can be configured on the same switch if the switch is not in the same EtherChannel.
B. EtherChannel ports in suspended state can receive BPDUs but cannot send them.
C. An EtherChannel forms between trunks that are using different native VLANs.
D. LACP can operate in both half duplex and full duplex, if the duplex setting is the same on both ends.
E. Ports with different spanning-tree path costs can form an EtherChannel.
Answer: A,B,E
Explanation:
Answer A. EtherChannel groups running PAgP and LACP can coexist on the same switch or on different switches in the stack. Individual EtherChannel groups can run either PAgP or LACP, but they cannot interoperate.
Answer B:
EtherChannel Member Port States
Port States
Description
bundled
The port is part of an EtherChannel and can send and receive BPDUs and data traffic.
suspended
The port is not part of an EtherChannel. The port can receive BPDUs but cannot send them. Data traffic is blocked.
standalone
The port is not bundled in an EtherChannel. The port functions as a standalone data port. The port can send and receive BPDUs and data traffic.
Answer E. Ports with different spanning-tree path costs can form an EtherChannel if they are otherwise compatibly configured. Setting different spanning-tree path costs does not, by itself, make ports incompatible for the formation of an EtherChannel.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/layer2/configuration_guide/b_lay2_152ex_2960-x_cg/b_lay2_152ex_2960-x_cg_chapter_010.html
Q12. Which technology can be used to secure the core of an STP domain?
A. UplinkFast
B. BPDU guard
C. BPDU filter
D. root guard
Answer: D
Explanation:
Since STP does not implement any authentication or encryption to protect the exchange of BPDUs, it is vulnerable to unauthorized participation and attacks. Cisco IOS offers the STP Root Guard feature to enforce the placement of the root bridge and secure the core of the STP domain.
STP root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. If a port configured for root guard receives a superior BPDU, the port it is received on is blocked. In this way, STP root guard blocks other devices from trying to become the root bridge.
STP root guard should be enabled on all ports that will never connect to a root bridge, for example, all end user ports. This ensures that a root bridge will never be negotiated on those ports.
Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/secur ebasebook/sec_chap7.html
Q13. DRAG DROP
Drag and drop the IS-IS component on the left to the function that it performs on the right.
Answer:
Q14. Which type of port would have root guard enabled on it?
A. A root port
B. An alternate port
C. A blocked port
D. A designated port
Answer: D
Explanation:
The root guard feature provides a way to enforce the root bridge placement in the network. The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.
Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10588-74.html
Q15. Which timer expiration can lead to an EIGRP route becoming stuck in active?
A. hello
B. active
C. query
D. hold
Answer: B
Explanation:
As noted above, when a route goes into the active state, the router queries its neighbors to find a path to the pertinent network. At this point, the router starts a three minute active timer by which time it must receive replies from all queried neighbors. If a neighbor has feasible successors for the route, it will recalculate its own local distance to the network and report this back. However, if a neighbor does not have a feasible successor, it also goes into active state. In some cases, multiple routers along multiple query paths will go into active state as routers continue to query for the desired route. In most cases, this process will yield responses from all queried routers and the sought after route will transition back into the passive state within the three minute SIA query timer. In the case that none of the queried routers can provide a feasible successor, the route is cleared. In some cases, a response is not received between two neighbor routers because of link failures, congestion or some other adverse condition in either the network or on the queried router, and the three minute active timer expires on the router originating the query. When this happens, the querying router that did not receive a response logs a “DUAL-3-SIA” or “stuck-in-active” error for the route and then drops and restarts its adjacency with the non-responding router
Reference: http://www.packetdesign.com/resources/technical-briefs/diagnosing-eigrp-stuck-active