Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)
A. mismatch of subnet masks
B. mismatch of network types
C. mismatch of authentication types
D. mismatch of instance IDs
E. mismatch of area types
Answer: D,E
Explanation:
An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria:
. Hello interval
. Dead interval
. Area ID
. Optional capabilities
The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_ospfv3.html
Q2. Refer to the exhibit.
A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue?
A. There is a router doing PAT at site B.
B. There is a router doing PAT at site A.
C. NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.
D. There is a routing issue, as NHRP registration is working.
Answer: B
Explanation:
If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of NAT used on both NAT devices, then a session initiated between the two spokes cannot be established.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/gui de/convert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html
Q3. Refer to the exhibit.
You have just created a new VRF on PE3. You have enabled debug ip bgp vpnv4 unicast updates on PE1, and you can see the route in the debug, but not in the BGP VPNv4 table.
Which two statements are true? (Choose two.)
A. VPNv4 is not configured between PE1 and PE3.
B. address-family ipv4 vrf is not configured on PE3.
C. After you configure route-target import 999:999 for a VRF on PE3, the route will be accepted.
D. PE1 will reject the route due to automatic route filtering.
E. After you configure route-target import 999:999 for a VRF on PE1, the route will be accepted.
Answer: D,E
Explanation:
The route target extended community for VPLS auto-discovery defines the import and export policies that a VPLS instance uses. The export route target sets an extended community attribute number that is appended to all routes that are exported from the VPLS instance. The import route target value sets a filter that determines the routes that are accepted into the VPLS instance. Any route with a value in its import route target contained in its extended attributes field matching the value in the VPLS instance’s import route target are accepted. Otherwise the route is rejected.
Q4. Which three actions are required when configuring NAT-PT? (Choose three.)
A. Enable NAT-PT globally.
B. Specify an IPv4-to-IPv6 translation.
C. Specify an IPv6-to-IPv4 translation.
D. Specify a ::/96 prefix that will map to an IPv4 address.
E. Specify a ::/48 prefix that will map to a MAC address.
F. Specify a ::/32 prefix that will map to an IPv6 address.
Answer: B,C,D
Explanation:
The detailed steps on configuring NAY-PT is found at the reference link below:
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-nat_trnsln.html
Q5. Which two statements about packet fragmentation on an IPv6 network are true? (Choose two.)
A. The fragment header is 64 bits long.
B. The identification field is 32 bits long.
C. The fragment header is 32 bits long.
D. The identification field is 64 bits long.
E. The MTU must be a minimum of 1280 bytes.
F. The fragment header is 48 bits long.
Answer: A,B
Explanation:
The fragment header is shown below, being 64 bits total with a 32 bit identification field:
Reference: http://www.openwall.com/presentations/IPv6/img24.html
Q6. Refer to the exhibit.
Which two statements about the VPN solution are true? (Choose two.)
A. Customer A and customer B will exchange routes with each other.
B. R3 will advertise routes received from R1 to R2.
C. Customer C will communicate with customer A and B.
D. Communication between sites in VPN1 and VPN2 will be blocked.
E. R1 and R2 will receive VPN routes advertised by R3.
Answer: C,E
Explanation:
+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.
+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3.
-> Customer A can communicate with Customer C
+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.
+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3.
-> Customer B can communicate with Customer C
Therefore answer C is correct.
Also answer E is correct because R1 & R2 import R3 routes.
Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.
Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.
Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.
Q7. DRAG DROP
Drag and drop the IPv6 multicast feature or protocol on the left to the correct address space on the right.
Answer:
Q8. What are two benefits of Per-Tunnel QoS for DMVPN? (Choose two.)
A. The administrator can configure criteria that, when matched, can automatically set up QoS for each spoke as it comes online.
B. Traffic from each spoke to the hub can be regulated individually.
C. When traffic exceeds a configurable threshold, the spokes can automatically set up QoS with the hub.
D. The hub can send large packets to a spoke during allotted timeframes.
E. The hub can be regulated to prevent overloading small spokes.
Answer: A,E
Q9. Which two protocols are not protected in an edge router by using control plane policing? (Choose two.)
A. SMTP
B. RPC
C. SSH
D. Telnet
Answer: A,B
Explanation:
A CoPP policy can limit a number of different packet types that are forwarded to the control plane. Traffic destined for the switch CPU includes:
. Address Resolution Protocol (ARP)
. First-hop redundancy protocol packets
. Layer 2 control packets
. Management packets (telnet, Secure Shell [SSH] Protocol, Simple Network Management Protocol [SNMP]) <--- C and D are not correct.
. Multicast control packets
. Routing protocol packets
. Packets with IP options
. Packets with time to live (TTL) set to 1
. Packets that require ACL logging
. Packets that require an initial lookup (first packet in a flow: FIB miss)
. Packets that have don't support hardware switching/routing
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_553261.html
Q10. DRAG DROP
Drag and drop the StackWise stack master election rule on the left into the correct priority order on the right.
Answer:
Q11. DRAG DROP
Drag each IS-IS command on the left to its effect on the right.
Answer:
Q12. In which two modes do IPv6-in-IPv4 tunnels operate? (Choose two.)
A. tunnel mode
B. transport mode
C. 6to4 mode
D. 4to6 mode
E. ISATAP mode
Answer: C,E
Explanation:
*There are 5 tunneling solution in IPv6:*
*1. Using the “Tunnel mode ipv6ip”, in this case the tunnel source and destination are configured with IPv4 addressing and the tunnel interface is configured with IPv6. This will use protocol 41. This is used for IPv6/IPv4.
*
R1(config)#int tunnel 1
R1(config-if)#ipv6 address 12:1:12::1/64
R1(config-if)#tunnel source 10.1.12.1
R1(config-if)#tunnel destination 10.1.12.2
R1(config-if)#*tunnel mode ipv6ip*
*
2. Using the “Tunnel mode gre ipv6, in this case the tunnel source and destination are all configured with IPv6 addressing. This is used for IPv6/IPv6.
*
BB1(config)#int tunnel 1
BB1(config-if)#ipv6 address 121:1:121::111/64
BB1(config-if)#tunnel source 10:1:111::111
BB1(config-if)#tunnel destination 10:1:112::112
BB1(config-if)#*tunnel mode gre ipv6*
*3.
In this case, the third type, the tunnel mode is NOT used at all, note that the tunnel interface is configured with IPv6 and the tunnel source and destination is configured with IPv4 but no mention of tunnel mode. This configuration will use protocol 47. This is used for IPv6/IPv4.
*
R1(config)#int tunnel 13
R1(config-if)#ipv6 address 13:1:13::1/64
R1(config-if)#tunnel source 10.1.13.1
R1(config-if)#tunnel destination 10.1.13.3
*4. Note in this case a special addressing is assigned to the tunnel interface which is a concatenation of a reserved IPv6 address of 2002followed by the translated IPv4 address of a given interface on the router. In this configuration ONLY the tunnel source address is used and since the tunnel is automatic, the destination address is NOT configured. The tunnel mode is set to “Tunnel mode ipv6ip 6to4. Note the IPv4 address of 10.1.1.1 is translated to 0A.01.01.01 and once concatenated, it will be “2002:0A01:0101: or 2002:A01:101. This is used for IPv6/IPv4.
*
R1(config)#interface Tunnel14
R1(config-if)#ipv6 address 2002:A01:101::/128
R1(config-if)#tunnel source 10.1.1.1
R1(config-if)#*tunnel mode ipv6ip 6to4*
*5. ISATAP, ISATAP works like 6to4 tunnels, with one major difference, it uses a special IPv6 address which is formed as follows: *
*In this tunnel mode, the network portion can be any IPv6 address, whereas in 6to4 it had to start with 2002.*
*Note when the IPv6 address is assigned to the tunnel interface, the “eui-64 is used, in this case the host portion of the IPv6 address starts with “0000.5EFE” and then the rest of the host portion is the translated IPv4 address of the tunnel’s source IPv4 address. This translation is performed automatically unlike 6to4. This is used for IPv6/IPv4.*
R4(config)#int tunnel 46
R4(config-if)#ipv6 address 46:1:46::/64 eui-64
R4(config-if)#tunnel source 10.44.44.44
R4(config-if)#*tunnel mode ipv6ip ISATAP*
Q13. Which option describes the purpose of the leak-map keyword in the command eigrp stub connected leak-map EigrpLeak?
A. It allows the specified static routes to be advertised.
B. It allows exceptions to the route summarization that is configured.
C. It allows specified EIGRP-learned routes to be advertised.
D. It restricts specified connected routes from being advertised.
Answer: C
Explanation:
ExamplE. eigrp stub leak-map Command
In the following example, the eigrp stub command is issued with the leak-map name keyword-argument pair to configure the device to reference a leak map that identifies routes to be advertised that would have been suppressed otherwisE.
Device(config)# router eigrp 1
Device(config-router)# network 10.0.0.0
Device(config-router)# eigrp stub leak-map map1
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-eigrp-stub-rtg.html#GUID-FB899CA9-E9DE-48D8-8048-C971179E4E24
Q14. Which three statements about GET VPN are true? (Choose three.)
A. It encrypts WAN traffic to increase data security and provide transport authentication.
B. It provides direct communication between sites, which reduces latency and jitter.
C. It can secure IP multicast, unicast, and broadcast group traffic.
D. It uses a centralized key server for membership control.
E. It enables the router to configure tunnels.
F. It maintains full-mesh connectivity for IP networks.
Answer: A,B,D
Explanation:
Cisco GET VPN Features and Benefits
Feature
Description and Benefit
Key Services
Key Servers are responsible for ensuring that keys are granted to authenticated and authorized devices only. They maintain the freshness of the key material, pushing re-key messages as well as security policies on a regular basis. The chief characteristics include:
. Key Servers can be located centrally, granting easy control over membership.
. Key Servers are not in the "line of fire" - encrypted application traffic flows directly between VPN end points without a bottleneck or an additional point of failure.
. Supports both local and global policies, applicable to all members in a group - such as "Permit any any", a policy to encrypt all traffic.
. Supports IP Multicast to distribute and manage keys, for improved efficiency; Unicast is also supported where IP Multicast is not possible.
Scalability and Throughput
. The full mesh nature of the solution allows devices to communicate directly with each other, without requiring transport through a central hub; this minimizes extra encrypts and decrypts at the hub router; it also helps minimize latency and jitter.
. Efficient handling of IP Multicast traffic by using the core network for replication can boost effective throughput further
Security
Provides data security and transport authentication, helping to meet security compliance and internal regulation by encrypting all WAN traffic
Reference: http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/product_data_sheet0900aecd80582067.html
Q15. Refer to the exhibit.
Which two statements about how the configuration processes Telnet traffic are true? (Choose two.)
A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.
B. All Telnet traffic is dropped.
C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.
D. Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted.
E. Telnet traffic is permitted to all IP addresses.
Answer: A,C
Explanation:
The ACL applied to the COPP policy matches only telnet traffic from 10.1.1.9 to 10.10.10.1, all other telnet traffic is not matched and therefore not used in the COPP policy, which means this traffic will be handled normally (accepted). For telnet traffic from 10.1.1.9 to 10.10.10.1, the COPP policy has defined this traffic as an exceed, and dropped.