Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two tunneling techniques determine the IPv4 destination address on a per-packet basis? (Choose two.)
A. 6to4 tunneling
B. ISATAP tunneling
C. manual tunneling
D. GRE tunneling
Answer: A,B
Explanation: Tunnel Configuration Parameters by Tunneling Type
Tunneling Type
Tunnel Configuration Parameter
Tunnel Mode
Tunnel Source
Tunnel Destination
Interface Prefix or Address
Manual
ipv6ip
An IPv4 address, or a reference to an interface on which IPv4 is configured.
An IPv4 address.
An IPv6 address.
GRE/IPv4
gre ip
An IPv4 address.
An IPv6 address.
IPv4-compatible
ipv6ip auto-tunnel
Not required. These are all point-to-multipoint tunneling types. The IPv4 destination address is calculated, on a per-packet basis, from the IPv6 destination.
Not required. The interface address is generated as ::tunnel-source/96.
6to4
ipv6ip 6to4
An IPv6 address. The prefix must embed the tunnel source IPv4 address
ISATAP
ipv6ip isatap
An IPv6 prefix in modified eui-64 format. The IPv6 address is generated from the prefix and the tunnel source IPv4 address.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-tunnel.html
Q2. Which two statements about proxy ARP are true? (Choose two.)
A. It is supported on networks without ARP.
B. It allows machines to spoof packets.
C. It must be used on a network with the host on a different subnet.
D. It requires larger ARP tables.
E. It reduces the amount of ARP traffic.
Answer: B,D
Explanation:
Disadvantages of Proxy ARP
Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages:
It increases the amount of ARP traffic on your segment.
Hosts need larger ARP tables in order to handle IP-to-MAC address mappings.
Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing."
It does not work for networks that do not use ARP for address resolution.
It does not generalize to all network topologies. For example, more than one router that connects two physical networks.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html
Q3. Which two statements about IOS and IOS XE are true? (Choose two.)
A. IOS XE can upgrade and restart applications independently of IOS.
B. Only IOS uses the FFM to provide separation between the control plane and the data plane.
C. IOS XE provides improved functionality and an enhanced UI.
D. Only IOS runs as a single daemon within the Linux OS.
E. IOS XE provides additional system functions that run as multiple separate processes in the OS.
Answer: A,E
Q4. Refer to the exhibit.
When the link between RtrB and RtrC goes down, multicast receivers stop receiving traffic from the source for multicast group 229.1.1.1.Which solution will resolve this?
A. adding a static mroute on RtrB and RtrF
B. adding a static unicast route on RtrB and RtrF
C. creating a GRE tunnel between RtrB and RtrD
D. enabling PIM sparse mode on both ends of the link between RtrB and RtrF
Answer: D
Explanation:
For multicast traffic to flow, PIM must be enabled on all routers in the path of the multicast stream.
Q5. Which statement about the BGP scope of the cost community is true?
A. It is shared with IBGP neighbors only.
B. It is shared with IBGP neighbors and route reflectors.
C. It is shared with EBGP neighbors only.
D. It is shared with IBGP and EBGP neighbors.
E. It is shared with IBGP and confederation peers.
Answer: E
Explanation:
The BGP Cost Community feature introduces the cost extended community attribute. The cost community is a non-transitive extended community attribute that is passed to internal BGP (iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows you to customize the local route preference and influence the best path selection process by assigning cost values to specific routes.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/s_bgpcc.html
Q6. Refer to the exhibit.
Which statement is true?
A. It is impossible for the destination interface to equal the source interface.
B. NAT on a stick is performed on interface Et0/0.
C. There is a potential routing loop.
D. This output represents a UDP flow or a TCP flow.
Answer: C
Explanation:
In this example we see that the source interface and destination interface are the same (Et0/0). Typically this is seen when there is a routing loop for the destination IP address.
Q7. Which IPv6 prefix is used for 6to4 tunnel addresses?
A. 2001::/23
B. 2002::/16
C. 3ffe::/16
D. 5f00::/8
E. 2001::/32
Answer: B
Explanation:
6to4 works by taking advantage of a reserved IPv6 prefix, 2002::/16. A 6to4 tunnel interface automatically converts the 32 bits in its IPv6 address following this prefix to a global unicast IPv4 address for transport across an IPv4 network such as the public Internet.
Reference: http://packetlife.net/blog/2010/mar/15/6to4-ipv6-tunneling/
Q8. Refer to the exhibit.
Which two corrective actions could you take if EIGRP routes from R2 fail to reach R1? (Choose two.)
A. Configure R2 to use a VRF to send routes to R1.
B. Configure the autonomous system in the EIGRP configuration of R1.
C. Correct the network statement on R2.
D. Add the interface on R1 that is connected to R2 into a VRF.
Answer: B,D
Explanation:
In this question we are running VRF Lite on R1. VRF Lite is also knows as “VRF without
running MPLS”. This is an example of how to configure VRF Lite with EIGRP:
ip vrf FIRST
rd 1:1
!
ip vrf SECOND
rd 1:2
!
router eigrp 1
no auto-summary
!
address-family ipv4 vrf FIRST
network 10.1.1.1 0.0.0.0
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf SECOND
network 10.1.2.1 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
interface FastEthernet0/0
ip vrf forwarding FIRST
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/1
ip vrf forwarding SECOND
ip address 10.1.2.1 255.255.255.0
The above example creates two VRFs (named “FIRST” and “SECOND”). VRF “FIRST” runs on EIGRP AS 200 while VRF “SECOND” runs on EIGRP AS 100. After that we have to add interfaces to the appropriate VRFs. From this example, back to our question we can see that R1 is missing the “autonomous-system …” command under “address-family ipv4 vrf R2. And R1 needs an interface configured under that VRF.
Note. R2 does not run VRF at all! Usually R2 resides on customer side.
Q9. Refer to the exhibit.
What is wrong with the configuration of the tunnel interface of this DMVPN Phase II spoke router?
A. The interface MTU is too high.
B. The tunnel destination is missing.
C. The NHRP NHS IP address is wrong.
D. The tunnel mode is wrong.
Answer: D
Explanation:
By default, tunnel interfaces use GRE as the tunnel mode, but a DMVPN router needs to be configured for GRE multipoint by using the “tunnel mode gre multipoint” interface command.
Q10. Refer to the exhibit.
Which BGP feature allows R1 to send R2 a list of prefixes that R2 is prevented from advertising to R1?
A. route refresh
B. Prefix-Based Outbound Route Filtering
C. distribute lists
D. prefix lists
Answer: B
Q11. Which three statements about implementing an application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
Answer: A,B,C
Explanation:
An ALG may offer the following functions:
. allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall — rendering the network vulnerable to attacks on those ports.
. converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. This aspect introduces the term 'gateway' for an ALG.
. recognizing application-specific commands and offering granular security controls over them
. synchronizing between multiple streams/sessions of data between two hosts exchanging data. For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server. During large file transfers, the control connection may remain idle. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes.
Reference: http://en.wikipedia.org/wiki/Application-level_gateway
Q12. Which two statements about NetFlow are true? (Choose two.)
A. It must be configured on each router in a network.
B. It supports ATM LAN emulation.
C. The existing network is unaware that NetFlow is running.
D. It uses SIP to establish sessions between neighbors.
E. It provides resource utilization accounting.
Answer: C,E
Explanation:
NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol, either between routers or to any other networking device or end station. NetFlow does not require any change externally--either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices like LAN switches. Also, NetFlow capture and export are performed independently on each internetworking device; NetFlow need not be operational on each router in the network. NetFlow data provides fine-grained metering for highly flexible and detailed resource utilization accounting. For example, flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service, and application ports. Service providers might utilize the information for billing based on time-of-day, bandwidth usage, application usage, or quality of service. Enterprise customers might utilize the information for departmental chargeback or cost allocation for resource utilization.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/12-4t/nf-12-4t-book/ios-netflow-ov.html
Q13. Refer to the exhibit.
R1 and R2 both advertise 10.50.1.0/24 to R3 and R4 as shown. R1 is the primary path. Which path does traffic take from the R4 data center to the file server?
A. All traffic travels from R4 to R2 to the file server.
B. All traffic travels from R4 to R3 to R1 to the file server.
C. Traffic is load-balanced from R4 to R2 and R3. Traffic that is directed to R3 then continues to R1 to the file server. Traffic that is directed to R2 continues to the file server.
D. All traffic travels from R4 to R2 to R1 to the file server.
Answer: A
Q14. Which statement about UDLD is true?
A. The udld reset command resets ports that have been error-disabled by both UDLD and Fast UDLD.
B. Fast UDLD is configured in aggressive mode.
C. Only bidirectional link failures can be detected in normal mode.
D. Each switch in a UDLD topology can send and receive packets to and from its neighbors.
Answer: A
Q15. DRAG DROP
Drag and drop the IGMPv2 timer on the left to its default value on the right.
Answer: