Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What is the destination MAC address of a BPDU frame?
A. 01-80-C2-00-00-00
B. 01-00-5E-00-00-00
C. FF-FF-FF-FF-FF-FF
D. 01-80-C6-00-00-01
Answer: A
Explanation:
The root-bridge election process begins by having every switch in the domain believe it is the root and claiming it throughout the network by means of Bridge Protocol Data Units (BPDU). BPDUs are Layer 2 frames multicast to a well-known MAC address in case of IEEE STP (01-80-C2-00-00-00) or vendor-assigned addresses, in other cases.
Reference: http://www.ciscopress.com/articles/article.asp?p=1016582
Q2. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and
Cisco Express Forwarding?
A. FlexVPN
B. DMVPN
C. GETVPN
D. Cisco Easy VPN
Answer: B
Q3. Which technology can MSDP SA filters use to filter traffic?
A. route maps
B. community lists
C. prefix lists
D. class maps
Answer: A
Q4. Which trunking configuration between two Cisco switches can cause a security risk?
A. configuring different native VLANs on the switches
B. configuring different trunk modes on the switches
C. configuring mismatched VLANs on the trunk
D. disabling DTP on the trunk ports
E. configuring incorrect channel-groups on the switches
Answer: A
Q5. Which two statements about 6VPE are true? (Choose two.)
A. It allows a service provider to use an existing MPLS network to provide VPN services to IPv6 customers.
B. It uses MP-BGP as the carrier protocol to transport IPv6 connectivity.
C. It provides IPv6 connectivity to MPLS-VPN customers when IPv6 overlay tunneling is also configured.
D. It allows a service provider to use an existing MPLS network to provide global addressing to their IPv6 customers.
E. It requires the configuration of a GRE tunnel tagged with a VLAN ID.
F. It allows a service provider to use an existing L2TPv3 network to provide VPN services to IPv6 customers.
Answer: A,B
Explanation:
The IPv6 MPLS VPN service model is similar to that of IPv4 MPLS VPNs. Service providers who have already deployed MPLS IPv4 VPN services over an IPv4 backbone can deploy IPv6 MPLS VPN services over the same IPv4 backbone by upgrading the PE router IOS version and dual-stack configuration, without any change on the core routers. IPv4 services can be provided in parallel with IPv6 services. IPv6 VPN service is exactly the same as MPLS VPN for IPv4. 6VPE offers the same architectural features as MPLS VPN for IPv4. It offers IPv6 VPN and uses the same components, such as: .
Multiprotocol BGP (MP-BGP) VPN address family .
Route distinguishers .
VPN Routing and Forwarding (VRF) instances .
Site of Origin (SOO) .
Extended community .
MP-BGP
Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/5-2/mpls_vpn/user/guide/mpls52book/ipv6.html
Q6. While troubleshooting an issue for a remote user, you must capture the communication between the user's computer and a server at your location. The traffic passes through a Cisco IOS-XE capable switch. Which statement about obtaining the capture is true?
A. The Embedded Packet Capture application in the IOS-XE Software can capture the packets, but there is a performance impact.
B. The Embedded Packet Capture application in the IOS-XE Software can capture the packets without impacting performance.
C. The Mini Protocol Analyzer embedded in the IOS-XE Software can capture the packets without impacting performance.
D. The Mini Protocol Analyzer embedded in the IOS-XE Software can be used to capture the packets, but there is a performance impact.
E. Wireshark can capture packets through a SPAN port, but there is a performance impact.
Answer: A
Q7. Where is multicast traffic sent, when it is originated from a spoke site in a DMVPN phase 2 cloud?
A. spoke-spoke
B. nowhere, because multicast does not work over DMVPN
C. spoke-spoke and spoke-hub
D. spoke-hub
Answer: D
Explanation:
Spokes map multicasts to the static NBMA IP address of the hub, but hub maps multicast packets to the “dynamic” mappings – that is, the hub replicates multicast packets to all spokes registered via NHRP, so multicast traffic is sent to the hub from a spoke instead of to the other spokes directly.
Q8. Refer to the exhibit.
You have configured two routing protocols across this point-to-point link. How many BFD sessions will be established across this link?
A. three per interface
B. one per multicast address
C. one per routing protocol
D. one per interface
Answer: D
Explanation:
Cisco devices will use one Bidirectional Forwarding Detection (BFD) session for multiple client protocols in the Cisco implementation of BFD for Cisco IOS Releases 12.2(18)SXE, 12.0(31)S, and 12.4(4)T. For example, if a network is running OSPF and EIGRP across the same link to the same peer, only one BFD session will be established, and BFD will share session information with both routing protocols.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053749
Q9. Refer to the exhibit.
Assuming that the peer is configured correctly and the interface is up, how many neighbors will be seen in the EIGRPv6 neighbor table on this IPv6-only router?
A. one neighbor, which will use a local router-id of 6010. AB8. . /64
B. one neighbor, which will use a local router-id of 6020. AB8. . /64
C. none, because EIGRPv6 only supports authenticated peers
D. none, because of the mismatch of timers
E. none, because there is no EIGRP router ID configured
Answer: E
Explanation:
Configuring EIGRP for IPv6 has some restrictions; they are listed below:
. The interfaces can be directly configured with EIGRP for IPv6, without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
. The router ID needs to be configured for an EIGRPv6 protocol instance before it can run.
. EIGRP for IPv6 has a shutdown feature. Ensure that the routing process is in "no shut" mode to start running the protocol.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/113267-eigrp-ipv6-00.html
Q10. Which object tracking function tracks the combined states of multiple objects?
A. application
B. interface
C. stub-object
D. list
Answer: D
Q11. Which two options are two characteristics of the HSRPv6 protocol? (Choose two.)
A. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.0fff.
B. It uses UDP port number 2029.
C. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.ffff.
D. It uses UDP port number 2920.
E. If a link local IPv6 address is used, it must have a prefix.
Answer: A,B
Explanation:
HSRP IPv6 Virtual MAC Address Range
HSRP IPv6 uses a different virtual MAC address block than does HSRP for IP: 0005.73A0.0000 through 0005.73A0.0FFF (4096 addresses)
HSRP IPv6 UDP Port Number
Port number 2029 has been assigned to HSRP IPv6.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-book/HSRP-for-IPv6.html
Q12. Which two issues is TCP Sequence Number Randomization designed to prevent? (Choose two.)
A. DDOS attacks
B. OS fingerprinting
C. man-in-the-middle attacks
D. ARP poisoning
E. Smurf attack
Answer: B,C
Q13. Which two options are valid for the number of bytes in a BGP AS number? (Choose two.)
A. 2 bytes
B. 4 bytes
C. 6 bytes
D. 8 bytes
E. 16 bytes
Answer: A,B
Explanation:
During the early time of BGP development and standardization, it was assumed that availability of a 16 bit binary number to identify the Autonomous System (AS) within BGP would have been more than sufficient. The 16 bit AS number, also known as the 2-byte AS number, provides a pool of 65536 unique Autonomous System numbers. The IANA manages the available BGP Autonomous System Numbers (ASN) pool, with the assignments being carried out by the Regional Registries. The current consumption rate of the publicly available AS numbers suggests that the entire public 2-byte ASN pool will be fully depleted. A solution to this depletion is the expansion of the existing 2-byte AS number to a 4-byte AS number, which provides a theoretical 4,294,967,296 unique AS numbers. ARIN has made the following policy changes in conjunction with the adoption of the solution. The Cisco IOS BGP "4-byte ASN" feature allows BGP to carry a Autonomous System Number (ASN) encoded as a 4-byte entity. The addition of this feature allows an operator to use an expanded 4-byte AS number granted by IANA.
Q14. A configuration includes the line ip nbar port-map SSH tcp 22 23 443 8080. Which option describes the effect of this configuration line?
A. It configures NBAR to search for SSH using ports 22, 23, 443, and 8080.
B. It configures NBAR to allow SSH connections only on ports 22, 23, 443, and 8080.
C. It enables NBAR to inspect for SSH connections.
D. It creates a custom NBAR port-map named SSH and associates TCP ports 22, 23, 443, and 8080 to itself.
Answer: A
Explanation:
The ip nbar-port-map command configures NBAR to search for a protocol or protocol name using a port number other than the well-known port.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/command/reference/fqos_r/qrfcmd10.pd f
Q15. Which attribute is transported over an MPLS VPN as a BGP extended community?
A. route target
B. route distinguisher
C. NLRI
D. origin
E. local preference
Answer: A