Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which three types of traffic are protected when you implement IPsec within an IPv6-in-IPv4 tunnel? (Choose three.)
A. IPv6 link-local traffic
B. IPv6 multicast traffic
C. IPv6 unicast traffic
D. IPv4 tunnel control traffic
E. IPv4 broadcast traffic
F. IPv6 broadcast traffic
Answer: A,B,C
Q2. Which statement describes the purpose of the Payload Type field in the RTP header?
A. It identifies the signaling protocol.
B. It identifies the codec.
C. It identifies the port numbers for RTP.
D. It identifies the port numbers for RTCP.
Answer: B
Explanation:
PT, Payload Type. 7 bits: Identifies the format of the RTP payload and determines its interpretation by the application. A profile specifies a default static mapping of payload type codes to payload formats. Additional payload type codes may be defined dynamically through non-RTP means. An RTP sender emits a single RTP payload type at any given time; this field is not intended for multiplexing separate media streams. A full list of codecs and their payload type values can be found at the link below:
Reference: http://www.networksorcery.com/enp/protocol/rtp.htm
Q3. If two OSPF type 3 prefixes have the same metric, and are within the same process, which prefix(es) are installed into the routing table?
A. The route whose originator has the lower router ID.
B. Both routes are installed.
C. The route whose originator has the higher router ID.
D. The first route that is learned.
Answer: B
Explanation:
OSPF allows multiple equal-cost paths to the same destination. Since all link-state information is flooded and used in the SPF calculation, multiple equal cost paths can be computed and used for routing, and each route will be installed in the routing table.
Q4. When VRF-Lite is configured without BGP support,.which statement about the configuration of the route target and route distinguisher is true?
A. The configuration of the route target and route distinguisher is required.
B. The configuration of the route target and route distinguisher is not required.
C. The configuration of the route target is required and the configuration of the route distinguisher is not required.
D. The configuration of the route target is not required and the configuration of the route distinguisher is required.
Answer: D
Q5. Refer to the exhibit.
Which statement is true?
A. The output shows an IPv6 multicast address with link-local scope.
B. The output shows an IPv6 multicast address that is used for unique local sources only.
C. The output shows an IPv6 multicast address that can be used for BIDIR-PIM only.
D. The output shows an IPv6 multicast address with embedded RP.
Answer: D
Q6. Which two statements about port ACLs are true? (Choose two.)
A. Port ACLs are supported on physical interfaces and are configured on a Layer 2 interface on a switch.
B. Port ACLs support both outbound and inbound traffic filtering.
C. When it is applied to trunk ports, the port ACL filters only native VLAN traffic.
D. When it is applied to a port with voice VLAN, the port ACL filters both voice and data VLAN traffic.
Answer: A,D
Explanation:
PACLs filter incoming traffic on Layer 2 interfaces, using Layer 3 information, Layer 4 header information, or non-IP Layer 2 information The port ACL (PACL) feature provides the ability to perform access control on specific Layer 2 ports. A Layer 2 port is a physical LAN or trunk port that belongs to a VLAN. Port ACLs perform access control on all traffic entering the specified Layer 2 port, including voice and data VLANs that may be configured on the port. Port ACLs are applied only on the ingress traffic.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/port_acls.html
Q7. Refer to the exhibit.
This network is configured with PIM, and the RPF check has failed toward the multicast source. Which two configuration changes must you make to router R3 to enable the RPF check to pass? (Choose two.)
A. Configure a static multicast route to the multicast source through the tunnel interface.
B. Configure a static multicast route to the multicast source LAN through the tunnel interface.
C. Configure a static multicast route to the multicast source LAN through the Ethernet interface.
D. Remove the command ip prim bidir-enable from the R3 configuration.
Answer: A,B
Q8. How are the Cisco Express Forwarding table and the FIB related to each other?
A. The FIB is used to populate the Cisco Express Forwarding table.
B. The Cisco Express Forwarding table allows route lookups to be forwarded to the route processor for processing before they are
C. There can be only one FIB but multiple Cisco Express Forwarding tables on IOS devices.
D. Cisco Express Forwarding uses a FIB to make IP destination prefix-based switching decisions.
Answer: D
Q9. Refer to the exhibit.
This is the configuration of the ASBR of area 110.Which option explains why the remote ABR should not translate the type 7 LSA for the prefix 192.168.0.0/16 into a type 5 LSA?
A. The remote ABR translates all type 7 LSA into type 5 LSA, regardless of any option configured in the ASBR.
B. The ASBR sets the forwarding address to 0.0.0.0 which instructs the ABR not to translate the LSA into a type 5 LSA.
C. The ASBR originates a type 7 LSA with age equal to MAXAGE 3600.
D. The ABR clears the P bit in the header of the type 7 LSA for 192.168.0.0/16.
Answer: D
Explanation:
When external routing information is imported into an NSSA, LSA Type 7 is generated by the ASBR and it is flooded within that area only. To further distribute the external information, type 7 LSA is translated into type 5 LSA at the NSSA border. The P-bit in LSA Type 7 field indicates whether the type 7 LSA should be translated. This P-bit is automatically set by the NSSA ABR (also the Forwarding Address (FA) is copied from Type 7 LSA). The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area. If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5.
The nssa-only keyword instructs the device to instigate Type-7 LSA with cleared P-bit, thereby, preventing LSA translation to Type 5 on NSSA ABR device.
Note. If a router is attached to another AS and is also an NSSA ABR, it may originate a both a type-5 and a type-7 LSA for the same network. The type-5 LSA will be flooded to the backbone and the type-7 will be flooded into the NSSA. If this is the case, the P-bit must be reset (P=0) in the type-7 LSA so the type-7 LSA isn’t again translated into a type-5 LSA by another NSSA ABR.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-15-e-book/iro-ospfv3-nssa-cfg.html
Q10. Refer to the exhibit.
Which additional information must you specify in this configuration to capture NetFlow traffic?
A. ingress or egress traffic
B. the number of cache entries
C. the flow cache active timeout
D. the flow cache inactive timeout
Answer: A
Explanation:
Configuring NetFlow
Perform the following task to enable NetFlow on an interface. SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip flow {ingress | egress}
5. exit
6. Repeat Steps 3 through 5 to enable NetFlow on other interfaces.
7. end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable Enables privileged EXEC mode. .
Enter your password if prompted.
Step 2
configure terminal Example:
........
Example:
Router(config)# interface ethernet 0/0
Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.
Step 4
ip flow {ingress | egress}
Example:
Router(config-if)# ip flow ingress
Enables NetFlow on the interface.
. ingress—Captures traffic that is being received by the interface
. egress—Captures traffic that is being transmitted by the interface
Step 5
exit
Example:
Router(config-if)# exit
(Optional) Exits interface configuration mode and enters global configuration mode.
Note
You need to use this command only if you want to enable NetFlow on another interface.
Step 6
Repeat Steps 3 through 5 to enable NetFlow on other interfaces.
This step is optional.
Step 7
end
Example:
Router(config-if)# end Exits the current configuration mode and returns to privileged EXEC mod
Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_boo k/cfg_nflow_data_expt.html
Q11. Which two statements are true about AAA? (Choose two.)
A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users.
B. If RADIUS is the only method configured in AAA, and the server becomes unreachable,
the user will be able to log in to the router using a local username and password.
C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
D. AAA can be used to authenticate the enable password with a AAA server.
Answer: C,D
Explanation:
AAA can be used to authenticate user login and the enable passwords.
Example 1: Same Exec Authentication Methods for All Users
Once authenticated with:
aaa authentication login default group radius local
All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method).
We configure:
aaa authorization exec default group radius local
Note. On the AAA server, Service-Type=1 (login) must be selected.
Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
Q12. Which three options are components of an EEM CLI policy? (Choose three.)
A. Safe-Tcl
B. applet name
C. Fast Tcl
D. event
E. action
F. Tcl bytecode
Answer: B,D,E
Explanation:
The Embedded Event Manager (EEM) monitors events that occur on your device and takes action to recover or troubleshoot these events, based on your configuration.
EEM consists of three major components:
Event statements — Events to monitor from another Cisco NX-OS component that might require some action, workaround, or notification.
Action statements — An action that EEM can take, such as sending an e-mail, or disabling an interface, to recover from an event.
Policies — An applet name paired with one or more actions to troubleshoot or recover from the event.
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/system_manage ment/6x/b_5500_System_Mgmt_Config_6x/b_5500_System_Mgmt_Config_6x_chapter_01 0011.html
Q13. Refer to the exhibit.
Which two statements are true regarding prefix 10.1.0.0/24? (Choose two.)
A. The prefix is in policy, and Cisco PfR rerouted the traffic via 10.4.5.3 Et0/1 because of an OOP event.
B. Cisco PfR is monitoring the prefix via passive NetFlow mode only.
C. Cisco PfR is monitoring the prefix via active, fast, or active throughput IP SLA probe mode only.
D. The prefix is in policy, and Cisco PfR did not reroute the traffic via 10.4.5.3 Et0/1 because the traffic was previously in policy.
E. Cisco PfR is monitoring the prefix via mode monitor, which provides both NetFlow and IP SLA measurements.
Answer: D,E
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr-s1.html#wp2707728086
Q14. Which two statements about the metric-style wide statement as it applies to route redistribution are true? (Choose two.)
A. It is used in IS-IS.
B. It is used in OSPF.
C. It is used in EIGRP.
D. It is used for accepting TLV.
E. It is used in PIM for accepting mroutes.
F. It is used for accepting external routes.
Answer: A,D
Explanation:
To configure a router running IS-IS to generate and accept only new-style TLVs (TLV stands for type, length, and value object), use the metric-style wide command.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/TE_1208S.html#wp49409
Q15. Refer to the exhibit.
Which AS paths are matched by this access list?
A. the origin AS 64496 only
B. the origin AS 64496 and any ASs after AS 64496
C. the directly attached AS 64496 and any ASs directly attached to AS 64496
D. the directly attached AS 64496 and any longer AS paths
Answer: C
Explanation:
If you want AS 1 to get networks originated from AS 4 and all directly attached ASs of AS 4, apply the following inbound filter on Router 1. ip as-path access-list 1 permit ^4_[0-9]*$ router bgp 1 neighbor 4.4.4.4 remote-as 4 neighbor 4.4.4.4 route-map foo in route-map foo permit 10 match as-path 1 In the ip as-path access-list command, the carat (^) starts the input string and designates "AS". The underscore (_) means there is a a null string in the string that follows "AS 4". The [0-9]* specifies that any connected AS with a valid AS number can pass the filter. The advantage of using the [0-9]* syntax is that it gives you the flexibility to add any number of ASs without modifying this command string.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13754-26.html