Documente Academic
Documente Profesional
Documente Cultură
Exam : 400-101
Vendor : Cisco
Version : V29.75
1
IT Certification Guaranteed, The Easy Way!
NO.1 A floating static route appears in the routing table of an interface even when the interface is
unusable.
Which action can you take to correct the problem?
A. Remove the permanent option from the static route.
B. Correct the administrative distance.
C. Configure the floating static route to point to another route
in the routing table.
D. Correct the DHCP-provided route on the DHCP server.
Answer: A
NO.3 You are implementing new addressing with EIGRP routing and must secondary address.
Which are from the routing tablE.Which action is the most efficient solution to the problem?
A. Disable split-horizon inside the EIGRP process on the router with the secondary addresses
B. Use a different routing protocol and redistribute the routes between EIGRP and the new protocol.
C. Disable split-horizon on the interface with secondary address.
D. Add additional router interface and move the secondary addresses to the new interface.
Answer: C
NO.4 Which three fields are part of a TCN BPDU? (Choose three.)
A. protocol ID
B. version
C. type
D. max-age
E. flags
F. message age
Answer: A,B,C
NO.5 Which three protocols are permitted by IEE802.1x port-based authentication before the client
is successfully authenticatedby the RADIUSserver?
A. BOOTP
B. CDP
C. EAPOL
D. TCP
E. STP
F. IP
Answer: B,C,E
2
IT Certification Guaranteed, The Easy Way!
Answer:
Answer:
3
IT Certification Guaranteed, The Easy Way!
NO.8 Which three security controls would you take into consideration when implementing IoT
capabilities? (Choose three)
A. Implementing Intrusion Detection Systems on IoT devices
B. Change passwords every 90 days
C. Privacy Impact Assessment
D. Define lifecycle controls for IoT devices
E. Layered Security Approach
F. Place security above functionality
Answer: C,D,E
Answer:
4
IT Certification Guaranteed, The Easy Way!
NO.10 hosts------------------------R1-----------R2------------------R3------------Internet R1
int f0/0
ip add 192.168.12.1 255.255.255.0
router ospf1
nwtwork 192,168.0.0 0.0.255.255
R2
int f0/0
ip add 192.168.12.2 255.255.255.0
router ospf1
nwtwork 192,168.0.0 0.0.255.255
default-information originate
ip route 0.0.0.0 0.0.0.0 F0/1
Refer to the above. You notice that router R2 is experiencing high CPU usage. which action can you
take to correct the problem?
A. Configure the next-hop address for the R2 default route
B. Configure OSPF on the connection between R2 and the ISP
C. Configure R2 to advertise an area summary route between R2 and R1
D. Remove the default-information originate command from the R2 configuration
Answer: A
NO.11 which BGP feature allows a router to maintain its current BGP configuration while it
advertises a different AS number to new connections?
A. locall-AS
B. soft reset
C. allow-AS in
D. next-hop-self
Answer: A
NO.12 Exhibit:
5
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. If a console port is configured as shown, which response is displayed when you
connect to the console port?
A. the message "Authorized users only"
B. the username prompt
C. a blinking cursor.
D. three username name prompts followed by a timeout message.
E. the message "Connection refused."
Answer: C
Which two conclusions can you draw from this putput?(Choose two)
A. The packet was source-routed.
B. The device that produced the output uses the same interface to send and receive traffic to and
C. from the device at 10.9.132.254
D. The device at 192.168.5.119 is on the same subnet as the next hop for the device at
E. 10.9.132.254
F. The device that produced the output uses different interfaces to send and receive traffic to and
G. from the device at 10.9.132.254
H. The device at the 192.168.5.119 routing table has an ARP entry for the device at 10.9.132.254.
Answer: B,C
NO.14 Which two items must be defined to capture packet data with the embedded packet capture
feature? (Choose two)
A. the buffer memory size.
B. the capture file export location
C. the capture point
D. the capture filter
6
IT Certification Guaranteed, The Easy Way!
NO.16 Which two options about PIM-DM are true? (Choose two)
A. In a PIM-DM network, routers that have no upstream neighbors prune back unwanted traffic
B. PIM-DM initially floods multicast traffic throughout the network.
C. PIM-DM supports only shared trees.
D. PIM-DM uses a pull model to deliver multicast traffic.
E. PIM-DM cannot be used to build a shared distribution tree.
Answer: B,E
NO.17 What are two reasons for an OSPF neighbor relationship to be stuck in exstart/exchange
state? (Choose two.)
A. There is an area ID mismatch
B. There is an MTU mismatch
C. Both routers have the same router ID.
D. There is an authentication mismatch
E. Both routers have the same OSPF process ID
Answer: B,C
NO.18 Which two options are benefits of moving the application development workload to the
cloud?(Choose two.)
A. The application availability is not affected by the loss of a single virtual machine.
B. The workload can be moved or replicated easily.
C. it provides you full control over the software packages and vendor used.
D. :High availability and redundancy is handled by the hypervisor.
E. it provides a more secure environment.
Answer: A,B
NO.19 Which two statements about the client -identifier in a DHCP pool are true? (Choose two)
A. lt specifies a unique identifier that is used only for BOOTP requests.
B. lt specifies a unique identifier that is used only for DHCP requests.
C. lt requires that you specify the hardware protocol.
D. It is specified by appending 01 to the MAC address of a DHCP client.
E. lt specifies a hardware address for the client.
Answer: B,D
7
IT Certification Guaranteed, The Easy Way!
NO.20 Which IPv6 migration method relies on dynamic tunnels that uses the 2002::/16 reserved
address space?
A. 6RD
B. 6to4
C. ISATAP
D. GRE
Answer: B
8
IT Certification Guaranteed, The Easy Way!
Answer: D
What are two effects of the given network configuration? (Choose two)
A. The 192.168.12.0/24 network is added to the R3 database.
B. R1 and R2 fail to form an adjacency.
C. R2 and R3 fail to form an adjacency.
D. R2 advertises the 192.168.23.0/24 network.
E. R2 advertise the 198.168.23.0/24 network.
F. The 192.168.12.0/24 network to the R3 route table.
Answer: C,D
NO.25 Which three options must be configured when deploying OSPFv3 for authentication?
(Choose threE.
A. encryption algorithm
B. authentication key
C. IPsec transform-set
D. authentication method
E. encryption key
F. crypto map
G. IPsec peer
9
IT Certification Guaranteed, The Easy Way!
NO.26 What is the main difference between GETVPN and traditional IPsec encryption techniques?
A. Only GETVPN uses three types ofencryption keys.
B. Only GETVPN uses group SA.
C. Only traditional IPsec uses ISAKMP forauthentication.
D. Only traditional IPsec uses PSKs.
Answer: B
NO.28 Which two statements about Embedded Packet Capture are true? (Choose two)
A. Multicast packets are captured only on ingress
B. It can capture Ipv4 packets only
C. Cisco Express Forwarding must be enabled
D. Captures must be decoded offline
E. Only a single capture point can be activated per interface
Answer: A,C
NO.30 Which IGMP snooping feature tracks IGMPv3 hosts on a per-port basis?
A. IGMPv3 querier
B. IGMPv3 static-group
C. fast-leave
D. explicit tracking
10
IT Certification Guaranteed, The Easy Way!
E. membership report
Answer: A
NO.31 Refer to the exhibit. Which network script automation option or tool is used in the exhibit?
A. EEP
B. Python
C. Bash script
D. NETCONF
E. RESET
Answer: B
NO.32 For which two conditions is Cisco Express Forwarding recursion disables by default when the
BGP Prefix independent Convergence functionality is enabled? (Choose two)
A. next hops that are directly connected
B. next hops learned with any mask shorter than /32
C. next hops learned with a/32 mask
D. next hops learned with a/24 mask
Answer: A,C
NO.34 which two statements about IP SLAs are true? {Choose two)
A. They are used primarily in the distribution layer.
B. Data for the delay performance metric can be collected both one-way and round-trip
C. Statistics are collected and stored in the RIB
D. Data can be collected with a physical probe.
E. They are layer 2 transport independent.
Answer: B,E
11
IT Certification Guaranteed, The Easy Way!
Answer: E
NO.36 Which two statements about the OSPF two-way neighbor state are true? (Choose two)
A. It is valid only on NBMA networks.
B. Each neighbor receives its own router ID in a hello packet from the other neighbor.
C. Each neighbor receives an acknowledgement of its own hello packet from the other neighbor.
D. Each neighbor receives the router ID of the other neighbor in a hello packet from the other
neighbor
E. It is valid only on point-to-point networks.
F. Each neighbor receives a hello message from the other neighbor.
Answer: B,C
NO.37 What is a major difference between Unidirectional Link Detection (UDLD. and Bidirectional
Forwarding Detection (BFD.?
A. UDLD operates at Layer 3 and detects the failure of the Layer 3 connectivity between two routers.
BFD operates at Layer 3 and detects forwarding path failures over multiple Layer 2 hops between two
routers.
B. UDLD operates at Layer 2 and detects failure of physical links. BFD operates at Layer 3 and detects
failure of forwarding paths, which may transit multiple Layer2 hops, between two routers.
C. UDLD operates at Layer 2 and detects failure of physical links BFD operates at Layer 2 and detects
failure of a direct link between two routers or switches.
D. UDLD operates at Layer 3 and detects failure of physical links between adjacent routers.
BFD operates at Layer 3 and detects failure of a forwarding path, which may transit multiple Layer 2
hops , between two routers.
Answer: B
12
IT Certification Guaranteed, The Easy Way!
Answer: C
NO.39 Which statement about the OSPF Loop-Free Alternate feature is true?
A. It is supported when traffic can be redirected to a primary neighbor
B. It is supported on routers that that are configured with virtual links
C. It is supported in VRF OSPF instances.
D. It is supported when a traffic engineering tunnel interface is protected
Answer: C
NO.40 Which feature forces a new Diffie-Hellman key exchange each time data is transmitted over a
IPsec tunnel?
A. PFS
B. rsa-encr authentication
C. rsa-sig authentication
D. 802.1x
E. CRACK authentication
Answer: A
NO.41 Which three statements are true about the spanning-tree loop guard feature? (Choose
three.. )
A. Loop guard affects UplinkFast operation.
B. Loop guard can be enabled on PortFast ports
C. Loop guard operation is not affected by the spanning-tree timers.
D. Loop guard must be enabled on point-to-point link only
E. Loop guard cannot be enabled on a switch that also has root guard enabled.
F. Loop guard can detect a unidirectional link in the same way as UDLD
Answer: C,D,E
13
IT Certification Guaranteed, The Easy Way!
NO.44 Which two statements about the host address 172 150 100 10/18 are true?(Choose two)
A. The network address is 172.150 0 0
B. The network address is 172.150.64.0
C. The network address is 172 150 100 0
D. The broadcast address is 172.150.127.255
E. The broadcast address is 172 150 255 255
F The broadcast address is 172.150.100 255
Answer: B,D
14
IT Certification Guaranteed, The Easy Way!
Answer:
NO.46 Which two statements about the various types of DevOps tools are true?(Choose two.)
A. Chef and Puppet are much more attuned to the needs of system administrators.
B. Puppet and Chef are written in Python . Python skills are a must to operate these two.
C. Salt cannot communicate with clients through general SSH. it use minions client agents only.
D. Puppet requires the installation of a master (server) and agents (clients) architecture for
15
IT Certification Guaranteed, The Easy Way!
configuring systems.
E. Ansible does not require agent node installation and users SSH for performing all tasks.
Answer: D,E
16
IT Certification Guaranteed, The Easy Way!
NO.49 In an MPLS-VPN environment, what is the effect of configuring an identical set of route
targets for a particular VRF but then configuring nonidentical RD across multiple PE devices?
A. The routes are rejected by remote PE because they have a different RD than its routes.
B. The routes propagate to the remote PE, but the PE never installs them in its forwarding table.
C. The routes are correctly managed by the control plane, but there are instances where routes take
up twice as much memory.
D. The routes are not sent to any remote PE with a different RD.
Answer: C
NO.50 what is the source MAC address of a BPDU frame that is sent out of a port ?
A. the lowest MAC address on the switch
B. the higest MAC address on the switch
C. the MAC address of the individual port that is sending the BPDU
D. the same as the MAC address in the brigdge ID
Answer: C
17
IT Certification Guaranteed, The Easy Way!
Which technology can allow Site A and Site B to run OSPF between sites ?
A. Point-to point circuit.
B. BGP
C. GRE Tunnel
D. Cisco MPLS TE
Answer: C
Which two statements about the 192.168.23.0/24 prefix are true?(Choose two.)
A. Router 192.168.45.4 cannot act as a feasible successor.
B. Router 192.168.35.3 is the only successor.
C. Only router 192.168.45.4 is a feasible successor.
D. Routers 192.168.35.3 and 192.168.45.4 are successors.
E. Routers 192.168.35.3 and 192.168.45.4 are feasible successors.
F. Only router 192.168.35.3 is a feasible successor.
Answer: A,B
18
IT Certification Guaranteed, The Easy Way!
NO.56 Which two factors contribute to traffic starvation when TCP and UDP flows are included in a
single traffic class? (Choose two)
A. TCP flows continually lower their transmission rates when congestion occurs in a link.
B. UDP flows continually reduce the window size when congestion occurs on a link.
C. TCP flows maintain a consistent transmission rate when congestion occurs on a link.
D. TCP flows continually reduce the window size when congestion occurs on a link.
E. UDP flows maintain a consistent transmission rate when congestion occurs on a link
F. UDP flows continually lower their transmission rates when congestion is detected.
Answer: A,E
NO.57 Which two methods do IPsec VTIs use to identify and transmit encrypted traffic through the
tunnel? (choose two)
A. static routing
B. object groups
C. ACLs
D. NAT
E. dynamic routing
Answer: A,E
NO.58 Which two statements about TCP MSS are true? (Choose two.)
A. The two endpoints in a TCP connection report their MSS values to one another.
B. H operates at layer 3.
C. MSS values are sent in TCP SYN packets
D. It sets the maximum amount of data that a host sends in an individual datagram
E. It sets the minimum amount of data that a host accepts in an individual datagram
Answer: A,C
NO.59 Which two statements about BIDIR-PIM are true? (Choose two)
A. It uses implicit join messages to signal membership.
B. It is designed to support one-to-many applications within a PIM domain.
C. It uses (*,G) multicast routing entries to make forwarding decisions.
D. It uses a designated forwarder to maintain a loop-free SPT.
E. Traffic can be passed downstream from the shared tree toward the RP.
Answer: C,E
Answer:
19
IT Certification Guaranteed, The Easy Way!
NO.61 Which two statements about BGP confederation architecture are true?Choose two
A. The intraconfederation EBGP default TTL value between sub-ASes is 255.
B. The intraconfederation EBGP default TTL value between sub-ASes is 1.
C. The ASN of a confederation is exclueded from the AS_PATH path length calculation.
D. The AS_SET and AS_SEQ components help prevent loops inside a sub-AS.
E. IBGP sessions inside a sub-AS have a default TTL of 1.
Answer: B,C
NO.63 Which command address learning on the configures port security on a switch to enable
permanent MAC interface?
A. switchport port-security mac-address-learning enable
B. switchport port-security mac-address timer 0
C. switchport port-security mac-address sticky
D. switchport port-security mac-address maximum 1 sticky
E. switchport port-security mac-address permanent
Answer: C
NO.64 In a typical three-node OpenStack deployment, which two components are part of the
controller note ? (Choose two)
A. Neutron server plugin
B. Neutron DHCP agent
20
IT Certification Guaranteed, The Easy Way!
NO.65 On which three options can Cisco PfR base its traffic routing?(Choose threE.
A. Time of day
B. Network performance
C. Router IOS version
D. User-defined link capacity thresholds.
E. An access list with permit or deny statements.
F. Load-balancing requirements.
Answer: B,D,F
NO.66 Which tunneling method can transmit IPv6 traffic over an MPLS infrastructure?
A. 6RD
B. ISATAP
C. 6to4
D. 6PE
Answer: D
NO.67 You are implementing new addressing with EIGRP routing and must use secondary addresses
which are missing from the routing table. Which action is the most efficient soJution to the problem?
A. Disable split-horizon on the interfaces with secondary addresses. /
B. Dlsable split-horizon inside the' EIGRp procBss on the router with the secondary
interfaceaddresses
C. Add additional roulter interfaces and move the secondary addresses to the new interfaces
D. Use a different routing protocol and redistribute the routes between EIGRP and the new protocol
Answer: A
NO.69 Which two statements about SNMP are true? (Choose two)
A. SNMPvl and SNMPv2c use encrypted community strings.
B. SNMPv3 uses encrypted community strings.
C. SNMPv3 provides privacy and access control.
D. All SNMP versions use get, getNext, and getBulk operatinos.
E. All SNMP versions support bulk retrieval and detailed error messages.
21
IT Certification Guaranteed, The Easy Way!
Answer: C,D
22
IT Certification Guaranteed, The Easy Way!
Which additional configuration statement is required on R3 in order to allow multicast traffic sourced
from 192.168.13.3 to flow along the shared-tree?
A. ip route 192.168.14.0 255.255.255.0 Tunnel 0
B. ip route 10.4.4.4 255.255255.255 Tunnel 0
C. ip mroute 10.4.4.4 255.255.255.255 Tunnel 0
D. ip mroute 192.168.14.0 255.255.255.0 Tunnel 0
Answer: C
NO.72 Which two statements about asymmetric routing are true? (Choose two)
A. It can cause packet loss over stateful ICMP and UDP connections
B. It can cause packet loss when a stateful firewall is in use.
C. It can cause TCP connections to close.
D. It can cause packet loss when NAT is in use.
E. It is uncommon in large networks.
Answer: B,D
23
IT Certification Guaranteed, The Easy Way!
Which three statements about the R1 configuration are true? (Choose threE.
A. The virtual circuit identifier is 4006 and the virtual circuit is down.
B. This circuit is using MPLS VC type 4.
C. The local label for the circuit is 1611.
D. The virtual circuit identifier is 1611 and the virtual circuit is down.
E. The targeted LDP session to the remote peer is up.
F. The local label for the circuit is 4006.
Answer: D,E,F
24
IT Certification Guaranteed, The Easy Way!
Answer:
NO.75 Which two items must be confined to caputure packet data with the Embedded Packet
Caputure feature ? (Choose two)
A. the capture point
B. the capture buffer
C. the coputure file export location
D. the caputure filter
E. the capture rate
F. the buffer memory size
Answer: A,B
NO.76 Which enhancement does IGMP version 3 offer over IGMP version 2?
A. support for Source Specific Multicast
B. a mechanism to decrease leave latency
C. authentication of multicast streams
D. backward compatibility with IGMP version 1
Answer: A
NO.77 Which two statements about Cisco IOS XE are true? (Choose two)
A. It is deployed in a Linux-based environment
B. Separate images are required for platform-dependent code
C. It uses a service blade outside Cisco IOS XE to integrate and run applications
D. The FED feature provides separation between the control plane and the data plane
E. Its functions run as multiple separate processes in the OS
Answer: A,E
NO.78 Which technology can be used to prevent flooding of ipv6 multicast traffic on a switch?
A. MLD filtering
B. IGMP snooping
25
IT Certification Guaranteed, The Easy Way!
C. MLD snooping
D. IGMP filtering
Answer: C
Answer:
26
IT Certification Guaranteed, The Easy Way!
How can you configure this network this network so that customers can transparently extend their
networks through the provider?
A. Configure eBGP peering among the CE routers.
B. Configure OSPF peering between the CE and PE routers.
C. Configure eBGP peering between the CE and PE routers.
D. Configure OTP on the CE routers.
Answer: D
NO.81 Which three statements are functions that are performed by IKE phase 1? (Choose three)
A. It builds a secure tunnel to negotiate IKE phase 1 parameters
B. It establishes IPSec security associations
C. It authenticates the identity of the IPsec peers
D. It protects the IKE exchange by negotiating a matching IKE SA policy
E. It protects the identity of IP sec peers
F. It negotiates IPsec SA parameters
Answer: C,D,E
NO.82 Which three message type are used for prefix delegation in DHCPv6?(Choose threE.
A. Solicit
B. Renew
C. Advertise
D. DHCP Discover
E. DHCPAck
F. DHCP Offer
Answer: A,B,C
NO.84 Which two options are the two main phases of PPPoE? (Choose two.)
A. Active Discovery Phase
27
IT Certification Guaranteed, The Easy Way!
B. IKE Phase
C. Main Mode Phase
D. PPP Session Phase
E. Aggressive Mode Phase
F. Negotiation Phase
Answer: A,D
NO.85 What are two of the commands that you can enter to gracefully shut down OSPF and notify
neighbors?(Choose two)
A. router(config-router)#shutdown
B. router(config-router)#graceful shutdown
C. router(config)#ip notify
D. router(config-if)#ip ospf shutdown
E. router(config-if)#ip ospf graceful shutdown
Answer: A,D
NO.86 which three statements about automatic 6to4 tunneling are true?(choose threE.
A. It allows an IPV6 domain to be connected over an IPV4 network
B. 6to4 tunnels are configured only in a point-point configuration
C. It allows an IPV4 domain to be connected over an IPV6 network
D. The IPV4 address embedded into the IPV6 address is used to find other of the tunnel
E. The MAC address embedded into the IPV6 address is used to find the other end of the tunnel
F. 6to4 tunnels are configured in a point-to-mulitipoint configuration
Answer: A,D,F
28
IT Certification Guaranteed, The Easy Way!
Answer:
NO.90 what terminal line command can you enter to prevent a router from attempting a Telnet
connection in response to an incorrect host name entry at the EXEC prompt?
A. Transport preferred none
B. Transport output none
C. Logging synchronous
D. Transport input none
E. No ip domain-lookup
Answer: A
29
IT Certification Guaranteed, The Easy Way!
NO.92 ...
event manager applet OSPF
event syslog parttern "%OSPF-S-ADJCHG: Process 1 , Nbr 10.0.0.2 on GigabitEthernet0/1 from FULL t
o
DOWN,..." ...
Refer to exhibit. which two statementsabout the network environment must be true?(choose two)
A. If the administrator enters the show ip ospf neighbor gigabitEthernet0/1 command, the output is
blank
B. The applet runs only after OSPF neighbors are verified
C. An OSPF neighbor relationship is established when the interface recovers
D. A BGP neighbor relationship is established over GigabitEthernet0/1
E. The applet runs befor any commands are executed
Answer: A,B
The ISIS router type settings on all routers are left at the default value. Which two statements
correctly describe the ISIS adjacencies that will form? (Choose two.)
A. The R1 to R2 adjacency will be L2 only
B. The R1 to R3 adjacency will be L1 and L2
30
IT Certification Guaranteed, The Easy Way!
NO.94 Which option is an incorrect design consideration when deploying OSPF areas?
A. area 0 - area 2-MPLS VPN superbackbone - area 1
B. area 2 - area 0 MPLS VPN backbone - area 1
C. area 1 - MPLS VPN backbone - area 2
D. area I - area 0 - MPLS VPN backbone - area 0 - area 2
E. area 1-MPLS VPN backbone-area 1
Answer: A
NO.95 Which two options are reasons to manipulate the delay metric instead of the bandwidth
metric for EIGRP routing ? (Choose two)
A. because manipulating the bandwidth metric can also affect QoS.
B. because changes to the delay metric are propagated to all neighbors on a segment.
C. because the delay metric provides better handling for busty traffic.
D. because manipulating the bandwidth affects only a particular path.
Answer: A,B
NO.97 Exhibit:
31
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. What is the DSCP value that egresses SW2 toward R2?
A. 0
B. 2
C. 8
D. 10
E. 16
Answer: A
32
IT Certification Guaranteed, The Easy Way!
Answer:
You are configuring Router1 and Router2 for L2TPv3 tunneling. Which two additional configurations
are required to enable Router1 and Router2 to establish the tunnel?(choose two)
33
IT Certification Guaranteed, The Easy Way!
NO.102 Which two options are requirements for AToM support? (Choose two)
A. Cisco Express Forwarding must be disabled
B. MPLS must be configured with an LSP in SP core
C. MPLS must be enabled between the PE and CE routers
D. The PE routers must be able to communicate with each other over IP
E. IP routing must be configured between the PE and CE routers
Answer: B,D
Answer:
34
IT Certification Guaranteed, The Easy Way!
NO.104 Which keychain cryptographic algorithm is supported by the IS-IS routing protocol?
A. MD5
B. HMAC-SHA1-12
C. HMAC-SHA1-20
D. HMAC-MD5
Answer: D
NO.105 Which statement describes the operation of the Generalized TTL Security Mechanism
(GTSM), used by routing protocols to prevent some types of attack?
A. An MD5 hash of the received TTL, source IP, destination IP, protocol , and shared key must match
B. The TTL in a received packet must be a low value (typically 1-2)
C. The TTL in a received packet must be a high value (typically 254-255)
D. Both end systems compute an MD5 hash based on the TTL and a shared secret. If the received and
local value differ, the packet is dropped
Answer: C
NO.106 You are performing a system diagnostics on a CSU in local loop mode and notice that the
mineseen counter has failed to increment. Which type of problem does this behavior indicate?
A. a cabling problem
B. an encoding problem
C. a framing problem
D. a timing problem
Answer: D
NO.107
35
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit.The router sets local-preference to which option when it receives a BGP route
with a community string 1000:130 from a neighbor in the LocalSite peer-group?
A. 80
B. 130
C. no setting
D. 110
E. the default value
Answer: E
NO.108 Which feature monitors network events and takes automated action based on scripts
configured by the administrator?
A. NetFlow
B. Performance Monitoring
C. EPC
D. EEM
Answer: D
NO.109 Which three statements are true about PPP CHAP authentication? (Choose three.)
A. PPP encapsulation must be enabled globally.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.
36
IT Certification Guaranteed, The Easy Way!
Answer: D,E,F
NO.110 Which two statements about the passive-interface command issued under EIGRP are true?
(Choose two)
A. It configures the interface to use unicast messages to establish EIGRP neighbor relationships
B. It disables processing of incoming hello messages
C. It allows incoming routing updates to be received but disables outing routing updates
D. If it is enabled globally under EIGRP on the device, it can be disabled for individual interfaces to
allow those interfaces to remain active
E. It configures the device to advertise only connected interfaces to neighbors with EIGRP
Answer: B,D
You organization has two offices, Site 1 and Site 2, which are connected by a provider backbone, as
shown where must you configure an attachment circuit to allow the two sites to connect over a Layer
2 network using L2TPv3?
A. PE Site 1 Se0/0 and PE Site 2 Se0/0
B. PE Site 1 Fe1/0 and PE Site 2 Fe0/0
C. PE Site 1 Fe0/0 and PE Site 2 Se0/0
D. PE Site 1 Fe0/0 and PE Site 2 Fe0/0
Answer: B
NO.112 Which two statements about NBAR classification are true?(choose two)
A. It requires CEF to be enable on the router
B. It is recommended for capacity planning
C. It can classify IP packets
D. It cannot distinguish UDP flows
E. It can classify MPLS packets
Answer: A,D
37
IT Certification Guaranteed, The Easy Way!
Which statement describes how a router with this configuration treats packets if the devices at
172.16.12.5 and 192.168.3.2 are unreachable ?
A. It routes the packet using the default routing table.
B. It routers the packet into a loop and drops it when the TTL reaches zero.
C. It drop the packet immediately.
D. It sends an ICMP source quench message.
Answer: A
Switch A is connected to two MST domains for the first time. The error is observed on Switch A
%SPANTREE-2-PVSTIM_FAIL: Blocking designated port Fa0/1: Inconsistent superior PVST BPDU
received onVLAN 10
How can this error be resolved?
A. Map VLAN 10 to instance 0 in all MST regions.
B. Remove the 1ST root form MST Region 2
C. Configure PVST+ to allow MST Region 1 to be root for VLAN 10
D. Map VLAN 10 into an appropriate instance on switch A
Answer: C
NO.115 For which reason car two OSPF neighbor routers on the same LAN segment be stuck in the
two-way state?
A. The two routers have different MTUs on the interface.
B. The two routers are configured with different priorities.
C. The interface priority is set to zero on both routers.
D. Both routers have the same OSPF router ID. Correct
Answer: C
NO.116 What command can you enter to configure NBAR to recognize VNC traffic?
A. Ipnbar custom-map VNC tcp-udp 5900 5901
B. Ipnbar application-map VNC udp 5900 5901
C. Ipnbar port-to-application seq 5 VNC tcp 5900 5901
38
IT Certification Guaranteed, The Easy Way!
When you apply these configurations to R1 and R2. which two effects occur? (Choose two)
A. The 172.16.1.1 network is reachable via OSPF on R1
B. RI authenticates using the username Cisco
C. R1 and R2 successfully authenticates using CHAP
D. Authentication between R1 and R2 fails.
E. R1 and R2 authentications using PAP
Answer: B,D
NO.119 which two configurations must you perform on a router so that you can use SCP to send
configuration files to an external server?(choose two)
A. Configure the crypto key encrypt rsa command
B. Configure the ip scp server enable command
C. Configure the login local command under the VTY lines
D. Define a domain-name
E. Configure the ip ssh version 2 command
Answer: A,C
39
IT Certification Guaranteed, The Easy Way!
Answer:
With BGP always-compare-med enabled, which BGP entry is installed in the RIB?
A. Entry 1 because it was installed first (oldest) in the BGP table.
B. Entry 1 because it has the best MED of the external routes.
C. Entry 2 because it has the lowest router ID.
D. Entry 3 because it has the lowest MED.
Answer: D
NO.122 1 Which two statement sabout marking fields are true?(Choose two)
40
IT Certification Guaranteed, The Easy Way!
NO.123
Refer to the exhibit .Which two statements about the output are true?(Choose two)
A. BFD on RT1 has negotiated the BFD capability with its pe r
B. BFD is active on interface GigabitEthernet0/3 and is using ICMP
C. BFD is active on interface GigabitEthernet0/3 and is using UDP
D. BFD last failed 476 ms ago on interface GigabitEthernet0/3 /
E. BFD is active for BGP on RT1
Answer: D,E
NO.124 Which ISAKMP feature can protect a GDOI from a hacker using a network sniffer while a
security association is established?
A. An ISAKMP phase 1 security association
B. An ISAKMP phase 2 security association
C. The Proof of Possession(POP)
D. A ISAKMP phase 2 GROUPKEY-PUSH exchange
E. An ISAKMP phase 2 GROUPKEY-PULL exchange
Answer: A
NO.125 What are the two types of Embedded Event Manager policies?
A. action
B. event
41
IT Certification Guaranteed, The Easy Way!
C. script
D. applet
E. set
F. label
Answer: C,D
NO.126 R1------------------------R2-----------------------R3---------------------------R4
10.10.38.0
route prefix
R2
ip prefix-list ccie seq 5 permit 10.10.32.0/22 le 24
route-map ccie permit 10
match ip address prefix-list ccie
set tag 10
route-map cce permit 20
set tag 20
R3
ip prefix-list ccie seq 5 permit 10.10.32.0/23 le 24
route-map ccie permit 10
match ip address prefix-list ccie
set tag 30
route-map cce deny 20
Refer to eh exhibit. which statement about the 10.10.38.0/22 route is true?
A. It arrives at router R4 with the tag 20
B. It arrives at router R4 without a tag
C. It arrives at router R4 with the tag 10
D. It arrives at router R4 with the tag 30
Answer: C
NO.127 Which two commands should you enter to enable IP Source Guard with source IP and MAC
address filtering?(Choose two)
A. ip verify source tracking
B. switchport port-security
C. ip verify unicast source
D. ip verify source
E. ip verify source port-security
Answer: B,E
NO.128 Which action does route poisoning take that serves as a loop-prevention method?
A. It prohibits a router from advertising back onto the interface from which it was learned.
B. lt advertises a route with an unreachable metric back onto the interface from which it was
learned.
C. It immediately sends routing updates with unreachable metric to all devices.
D. It poisons the route by tagging it uniquely within the network.
42
IT Certification Guaranteed, The Easy Way!
Answer: C
NO.129
The OSPF adjacency between two routers cannot be established. What is the root cause of the
problem?
A. Both routers are designated routers.
B. different area ID
C. mismatched OSPF network types
D. authentication error
E. area type mismatch
Answer: E
Answer:
43
IT Certification Guaranteed, The Easy Way!
NO.131 Which command configures port secrity on a switch to enable permanent MAC address
learning on the interface?
A. switchportport-security mac-9ddress permanent
B. switchport port-security mac-address-learning enable
C. switcport port-security mac-address maximum 1 sticky
D. switchport port-security mac-address timer 0
E. switchport port-security mac-address sticky
Answer: E
44
IT Certification Guaranteed, The Easy Way!
Answer:
NO.134 Which two options are EIGRP route authentication encryption modes? (Choose two)
A. MD5
B. HMAC-AES
C. ESP-AES
D. HMAC-SHA2-256bit
Answer: A,D
NO.135 What characteristic of OSPFv3 LSAs enables support for prefix suppression?
A. Router-LSAs and Network-LSAs do not contain topology information
B. Router LSAs and Network-LSAs do not contain prefix information
C. Router-LSAs and Network-LSAs are flooded into the entire OSPF domain
D. Router-LSAs and Network-LSAs are flooded only on the local link
Answer: B
NO.136 which two options are two problems that Bridge Assurance can protect against?(choose
two)
A. BPDU flooding
B. The forwarding of data traffic after the spanning tree algorithm is stopped
C. Ports being put into a root-inconsistent state
D. Slow convergence time after a topology change
45
IT Certification Guaranteed, The Easy Way!
NO.139 Which SlP feature can protect the network environment from loops in case of software
failure?
A. RootGuard
B. BPDU Guard
C. Bridge Assurance
D. Portfast
Answer: B
NO.140 Which 1Pv4 mitigation method allows 1Pv4-only devices to communicate with 1Pv6-only
devices?
A. GRE tunnel
B. Dual stack
C. ISA TAP tunnel
D. NAT64
Answer: D
46
IT Certification Guaranteed, The Easy Way!
NO.142 If you configure a router interface both IPv4 and IPv6 on an IS-IS network in single- topology
mode, what
additional configuration is required?
A. IPv4 and IPv6 addresses must be configured with the same prefix length
B. IPv4 and IPv6 must be configured with different metric types
C. IPv4 and IPv6 must be configured to run the same IS-IS level
D. IPv4 and IPv6 must be configured on different routing protocols
Answer: C
NO.143 Which two statements about QoS classification and marking are true? (Choose two)
A. After classification of a packet, the device can only transmit the packet as is, or discard it
B. It can classify packets based on their source IP and MAC addresses only
C. Through the use of traffic policing, CAR provides rate limiting capabilities
D. CAR is capable of classifying and reclassifying packets as they are processed
E. It can classify packets based on their source and destination IP and MAC addresses only
F. CAR rate policies use CoS, IP precedence, and prefix lists to match traffic
Answer: B,F
NO.144 Which regular expression will match prefixes from the AS 200 that directly connected to our
AS?
47
IT Certification Guaranteed, The Easy Way!
A. A$
B. A200)
C. _200$
D. A200_ E- _200_
Answer: D
What conclusion can you draw from the given ping output?
A. The ping operation sent packets ranging from 505 to 1500 bytes in size.
B. Fragmentation failed during the ping operation.
C. The packet life was exceeded in 5 percent of the operations.
D. The Verbose option was set in the IP header.
Answer: B
NO.146 Which two options are restrictions of BGP ORF? (Choose two)
A. It can be used only with IPv4 multicast.
B. It requires access lists to match routes.
C. It can be used only with eBGP.
D. Multicast is not supported.
E. It can be used only with iBGP.
Answer: C,D
NO.147 Which two statements are true about 6to4 tunneling? (Choose two)
A. It works by appending the public IPv4 address (converted into hexadecimal format) to the
2002::/16 prefix.
B. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 51.
C. It works by appending the private IPv4 address (converted into hexadecimal format) to the
2002::/16 prefix.
D. It embeds the IPv6 packet into the IPv4 payload with the protocol type set to 41.
Answer: A,D
48
IT Certification Guaranteed, The Easy Way!
NO.150 When multiple AAA authentication methods are specified in a method list and all working
normally, how is the user authenticated?
A. The user is authenticated against all provided authentication sources and granted the most
restricted set of access privileges
B. The user is authenticated against the first listed authentication source only
C. The user is authenticated against the provided authentication sources in order until a match is
found
49
IT Certification Guaranteed, The Easy Way!
D. The user is authenticated against all provided authentication sources and granted the least
restricted set of access privileges
Answer: C
Answer:
50
IT Certification Guaranteed, The Easy Way!
NO.152
Answer:
51
IT Certification Guaranteed, The Easy Way!
NO.154 Which three configuration settings must match for switchs to be in the same MST
region?(Choose threE.
A. VLAN names
B. Revision number
C. Region name
D. Domain name
E. Password
F. VLAN-to-instance assignment
Answer: B,C,F
NO.155 Which two statements about the max-age time in IS-IS are true ?(Choose two)
A. The IS-IS max-age time is 20 minutes by default.
B. The IS-IS max-age time decrements from max-age to zero.
C. The IS-IS max-age time is 60 minutes by default.
D. The IS-IS max-age time increments from zero to max-age.
Answer: A,B
NO.156 Which two statements about PIM-DM are true? (Choose two.)
A. It forwards multicast packets on a source tree.
B. It requires an RP.
C. It forwards multicast packets on a shared distribution tree.
D. It floods multicast packets to neighbors that have requested the data.
E. It floods multicast packets throughout the network.
F. It forwards multicast packets to neighbors that have requested the data.
Answer: A,E
52
IT Certification Guaranteed, The Easy Way!
NO.157 Which two options are required parts of an EEM policy?(choose two)
A. Exit status
B. Event register keyword
C. Namespace import
D. Body
E. Entry status
Answer: B,D
NO.158 Which two statements about lANA-reserved addresses are true?(Choose two.)
A. The prefix FF9::/32 is reserved for source-specific multicast on IPv6.
B The address range 239 0.0.0/8 is reserved for source-specific multicast on IPv4.
B. The address range 232.0.0.0/8 is reserved for source-specific multicast on IPv4.
C. The prefix FF3x::/32 is reserved for source-specific multicast on IPv6.
E The address range 225.0.0.0/8 is reserved for source-specific multicast on IPv4.
D. The prefix FF00::/32 is reserved for source-specific multicast on IPv6.
Answer: C,D
NO.159 Which two statements are true about an EVPL? (Choose two )
A.it does not allow for service multiplexing
B.It has a high degree of transparency
C.The EVPL service is also referred to as E-line
D.It is a point-to-point Ethernet connection between a pair 01UNls
Answer: CD
NO.160 Which option describes how a router responds is configured and it receives theidentical LSA
before the interval is set?
A. The LSA is added to the OSPF a notification is sent to the sending router to slow down its
LSA packet updates.
B. The LSA is added to the database.
C. The LSA is ignored notification is sent to the sending router to slow down its LSA packet updates.
Answer: C
NO.161 Which three statements about IS-IS are true? (Choose three.)
A. IS-IS is a cisco proprietary routing protocols.
B. IS-IS has the capability to provide address summarization between areas.
C. IS-IS is an IETF standard.
D. IS-IS has three different levels of authentication: interface level, process level, and domain level.
E. IS-IS can be used to route both IP and CLNP.
F. IS-IS can be used only in the service provider network.
Answer: C,D,E
53
IT Certification Guaranteed, The Easy Way!
NO.163 Which command can you enter to prevent a router from displaying Telnet connection
messages on the terminal?
A. service telnet-zeroldle
B. ip telnet hidden hostname
C. ip telnet hidden address
D. no ip domain-lookup
E. ip telnet quiet
Answer: E
NO.164 Which information is contained in an OSPF Type 7 Not-So-Stubby Area NSSA External LSA?
A. The paths and costs to all OSPF NSSA areas that are external to the current area.
B. The path and costs to reach other stub area border routers in the OSPF routing domain.
C. The address of routers that connect the current area to other areas and the cost to reach those
routers.
D. External network address,mask,and cost to reach each network that is external to the OSPF
domain and only within the NSSA
E. The external network address,mask,and cost to reach networks that are external to the OSPF
NSSA,including the default route.
Answer: D
NO.165 Which two statements about enhanced object tracking are true?(Choose two)
A. With HSRP, it can track only the line-protocol state.
B. It can track over 200 objects at once.
C. It supports stateful switchover with HSRP
D. It supports stateful switchover with GLBP
E. Tracking objects are identified with unique numbers
Answer: B,E
NO.166 Which three sets of fields that can be included in a NetFlow export template? (Choose
three.
A. IGP
B. IPv4 main cache
C. ODR
D. BGP PIC
E. PfR
F. MPLS labels
Answer: B,D,F
54
IT Certification Guaranteed, The Easy Way!
NO.167 Which measure does ISIS use to avoid sending traffic with a wrong MTU configuration?
A. ISIS does not protect from MTU mismatch.
B. MTU value is communicated in ISIS Sequence Number PDUs (SNP) and ISIS adjacency is not
established if an MTU mismatch is detected
C. ISIS uses path MTU discovery as specified in RFC 1063.
D. ISIS uses padding of hello packets to full MTU.
Answer: D
NO.168
Refer to the exhibit R1 is unable to ping the device at 10.3.3.3.Which two options are possible
reasons for the problem?(Choose two.)
A. The static route is configured as a host route.
B. The static route points to a broadcast interface without a next-hop.
C. IP CEF is disabled on the local router.
D. Proxy ARP is disabled on the next-hop router.
E. The dynamic routing protocol configuration is missing.
F. IP CEF is disabled on the remote router
Answer: B,D
55
IT Certification Guaranteed, The Easy Way!
NO.170 Which two statements about apportioned dual-tier WAN rate-based Ethernet circuits are
true? (Choose two)
A. The service provider deploys an advanced CPE device to the subscriber, which provides enhanced
Layer 3 QoS functionality.
B. It requires the subscriber to implement egress QoS.
C. It requires the subscriber to implement ingress QoS.
D. The service provider deploys a simple CPE device to the subscriber, which providers fast circuit
access.
E. The service provider supports classification and queuing, while the subscriber marks and re-marks
packets on ingress.
F. It requires ingress re-marking.
Answer: A,E
NO.171 Which two statements about GLBP are true? (Choose two.)
A. It uses Hello, Request and Reply packet reply.
B. Each GLBP group supports up to 4 MAC address.
C. It support stateful switchover.
D. It communities to multicast address 244.0.0.18.
E. It allows members to elect up to two gateways as the AVG.
Answer: B,C
NO.172 Which two statements about Cisco Express Forwarding load balancing are true?(choose
two)
A. Each hash maps directly to a single entry in the RIB
B. Cisco Express Forwarding can load-balance over o maximum of two destinations
C. It combines the source and destination IP address to create a hash for each destination
D. It combines the source IP address subnet mask to create a hash for each destination
E. Each hash maps directly to a single entry in the adjacency table
Answer: C,E
NO.173 Exhibit:
56
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. Which three statements about the output are true? (Choose three.)
A. Group 224.0.1.40 is a reserved address , and it should not be used for multicast user data transfer.
B. One or more multicast groups are operating in PIM multicast user data transfer.
C. Group 239.192.1.1 is reserved address, and it should not be used for multicast user data transfer.
D. A multicast receiver has requested to join one or more of the multicast groups.
E. This switch is currently receiving a multicast data stream that is being forwarded out VLAN 150.
F. One or more of multicast data streams will be forwarded out to neighbor 10.85.20.20.
Answer: A,D,E
Answer:
57
IT Certification Guaranteed, The Easy Way!
NO.176 Which two statements about route redistribution are true? (Choose two.)
A. Redistributing the entire BGP table from the Internet works well when using multiple OSPF
areas.
B. IS-IS does not no support Layer 2 routes that leak into a Layer 1 domain.
C. Mutual redistribution at multiple points can create a routing loop.
D. IBGP is used within the AS to Carry EBG P attributes that otherwise would be lost if EBG P was
redistributed into IGP.
E. The unequal cost multipath load-balancing characteristic is lost when redistributing OSPF into
EIGRP.
Answer: C,D
NO.177
58
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. All routers are running EIGRP and the network has R3 to R4 are configured as
EIGRP stub, if when the R2 goes down,which statement is true?
A. R1 sends traffic destined to 192.168.0.100 via R2
B. R2 does not have a router to 192.168.0.0/24 in the routing table.
C. The prefix 192.168.0.0/24 becomes stuck-in-active on R4
D. R3 does not advertise 192.168.0.0/24 to R4 anymore
1 00% Valid Cisco Exams
Answer: B
NO.179 which two statements about root guard and loop guard are true?(choose two)
A. Loop guard uses its own keep alives to prevent loops by detecting failures
B. Root guard disables an interface only when a superior BPDU is received
C. Loop guard uses BPDU keep alives to determine unidirectional traffic
59
IT Certification Guaranteed, The Easy Way!
D. When loop guard is enabled, the port is transitioned to the root-inconsistent state
E. Root guard should be enabled on an upstream interface
F. Loop guard uses its own keep alives to determine unidirectional traffic
Answer: B,C
NO.181 Which three actions are required when configuration NAT-PT? (Choose threE.
A. Specify a ::/48 prefix that will map to a MAC address.
B. Specify a::/32 prefix that will map to an IPV6 address.
C. Specify an IPv6-to-IPv4 translation.
D. Enable NAT-PT Globally.
E. Specify a ::/96 prefix that will map to an IPv4 address.
F. Specify an IPv4-to-IPv6 translation.
Answer: C,E,F
when packets are transmitted from R1 to R2, where are they encrypted?
A. within the crypto map
B. on the E0/0 interface on R1
C. on the outside interface
D. on the E1/0 interface on R2
E. in the forwarding engine
F. in the tunnel
Answer: F
NO.183
60
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. R1 and R2 have been configured as BGP neighbors, but their session is stuck in
active. Which action can you take that will enable a session to beestablished?
A. Enable synchronization on R1 R2
B. Issue the neighbor 10.1.12 .2 activate command on R'1
C. Configure 10.1.12.1 as the BGP router 10 on R1
D. Configure a neighbor relation ship with the Loopback0 address of R1 on R2
Answer: D
NO.184 Which option describes the characteristics of a public infrastructure as a service cloud
service cloud?
A. It is a cloud service where the underlying hardware is managed by the cloud service provider.
B. It is a cloud computing platform that facilitates the creation of web application without the need
to maintain
the supporting software applications
C. It is a cloud computing platform that facilitates the creation of web applications without the need
to maintain
the supporting software operating systems.
D. It is a way of delivering cloud computing infrastructure (servers, storage, network and operating
systems) as
an on demand service.
Answer: D
NO.185 Which technology allows several switches to operate together as one device?
A. HSRP
B. VRRP
C. LACP
D. Stack Wise.
Answer: D
NO.186 Which two events occur when a packets is decapsulated in a GRE tunnel? (Choose two.)
A. The source IPv4 address in the IPv4 payload is used to forward the packet.
61
IT Certification Guaranteed, The Easy Way!
B. The destination IPv4 address in the IPv4 payload is used to forward of the packets.
C. The version field of the GRE header is incremented.
D. The GRE keepalive mechanism is reset.
E. The TTL of the payload packet is incremented.
F. The TTL of the payload is discremented.
Answer: B,E
NO.187 On a network using DiffServ, which option refers to the actions that applied to a packet as it
moves through the network?
A. DSCP
B. PHB
C. Code-point
D. IP-precedence
Answer: A
SW1 and SW2 are connected to routers R1 and R2 via their L2 trunk ports. Which command can you
enter on the switches to allow the hosts on VLAN 20 to join the multicast group 239.10.10.10
via the upstream L2 ports?
A. ip igmp snooping vlan 20 mrouter interface gigabitethernet0/0
B. ip igmp snooping vlan 20 static 239.10.10.10 interface gigabitethernet0/0
C. igmp snooping querier 239.10.10.10
D. ip igmp snooping vlan 20 mrouter learn cgmp
Answer: B
NO.189 Which technology does Cisco PfR use to collect passive monitoring statics?
A. NBAR
B. SNMP
C. Syslog
62
IT Certification Guaranteed, The Easy Way!
D. NetFlow
Answer: D
NO.190 Which two statements about 802.1Q tunneling are true? (Choose two.)
A. It requires a system MTU of at least 1504 bytes.
B. The default configuration sends Cisco Discovery Protocol, STP: and VTP information.
C. Traffic that traverses the tunnel is encrypted.
D. It is supported on private VLAN ports.
E. MAC-based QoS and UDLD are supported on tunnel ports.
F. Its maximum allowable system MTU is 1546 bytes.
Answer: A,E
NO.192 In Which 802.1D port state are the root bridge, the root part, and the designated ports
elected?
A. Disabled
B. Blocking
C. Learning
D. Forwarding
E. Listening
Answer: D
NO.193 Which two statements about Metro Ethernet services are true?(choose two)
A. EPLAN is a point-to-point service from one customer site to another across an MPLS backbone
B. EVPL is a multipoint service that emulates a LAN over an MPLS backbone
C. EVPL is a multipoint service with a root node that is suitable for multicast services
D. EVPL is a point-to-point service from one customer site to another across an MPLS backbone
E. EPLAN is a multipoint service that emulates a LAN over an MPLS backbone
F. EVPL is a point-to-point service from one customer site to another across an MPLS backbone
Answer: D,E
63
IT Certification Guaranteed, The Easy Way!
NO.195 Which three protocols are permitted by IEEE 802.1x port-based authentication before the
client is successfully
authenticated by the RADIUS server?
A. EAPOL
B. BOOTP
C. STP
D. CDP
E. TCP
F. IP
Answer: A,C,D
64
IT Certification Guaranteed, The Easy Way!
NO.199 Which two statements about EIGRP load balancing are true? (Choose two.)
A. EIGRP supports 6 unequal-cost paths
B. A path can be used for load balancing only if it is a feasible successor
65
IT Certification Guaranteed, The Easy Way!
NO.201 which two statements about asymmetric routing are true?(choose two)
A. It can cause TCP nonnections to close
B. It can cause packet loss when a stateful firewall is in use
C. It can cause packet loss over statefull ICMP and UDP connections
D. It can cause packet loss when NAT is in use
E. It is uncommon in large networks
Answer: B,D
Answer:
66
IT Certification Guaranteed, The Easy Way!
If this network is in the process of being migrated from EIGRP to OSPF, and all routers are now
running both protocols, which action must you perform to complete the migration?
A. Change the EIGRP administrative distance to 95
B. Change the OSPF administrative distance to 95
C. Change the OSPF administrative distance to 115
D. Change the EIGRP administrative distance to 115
Answer: D
NO.204 Which TCP feature allows a client to request a specific packet that was lost?
A. Selective acknowledge
B. Flow control
C. Fast recovery
D. Sliding window
Answer: A
NO.205
67
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. Which two conclusions can you draw from this command and its output?(choose
two)
A. Rl0 has a missing label binding (or 192.168.40.171/32
B. The MPLS ping failed
C. 192.168.40.171/32 exists in the global routing table
D. A valid LSP exists and it matches the corresponding MPLS FEC
E. The MPLS ping was successful
F. R10 has a valid lablel binding for 192.168.40.171/32
Answer: A,B
NO.206 Which two BGP attributes are optional, non-transitive attributes? (Choose two)
A. cluster list
B. local preference
C. AS path
D. MED
E. weight
Answer: A,D
NO.207 Exhibit:
With BGP always-compare-med enabled, which BGP entry is installed in the RIB?
A. Entry 1 because it was installed first (oldest) in the BGP table.
B. Entry 1 because it has the best MED of the external routes.
C. Entry 2 because it has the lowest router ID.
D. Entry 3 because it has the lowest MED.
Answer: D
NO.208 Which command can you enter to set a default route match tag for internal EIGRP routes?
A. eigrp route-tag 25.25.25.25
B. eigrp default-route-tag 25.25.25.25
C. route-map EIGRP 25
D. match-tag list EIGRP_Default
Answer: B
68
IT Certification Guaranteed, The Easy Way!
NO.209 Which command can you enter to disable logging for VTY lines?
A. No logging monitor
B. No logging buffer
C. No logging console
D. No logging trap
E. No logging count
Answer: A
NO.210 Which three options are the main security features in SNMPv3? (choose threE.
A. authentication
B. MIB persistence
C. message integrity
D. authorization
E. encryption
F. accounting
Answer: A,C,E
NO.211 Exhibit:
NO.212 Which technology can be used to secure the core of an STP domain?
A. UplinkFast
B. BPDU guard
C. BPDU filter
D. root guard
Answer: D
NO.213 Which three conditions can cause excessive unicast flooding? (Choose three.)
A. Asymmetric routing
B. Repeated TCNs
69
IT Certification Guaranteed, The Easy Way!
NO.215 How long will the root bridge continue to send configuration BPDUs to notify all bridges to
age out their MAC
address tables?
A. The max-age time
B. The forward delay + max-age time
C. The forward delay time
D. Three times the hello interval
Answer: B
70
IT Certification Guaranteed, The Easy Way!
After you applied this configuration to R1 and R 2 they failed to form an ISIS adjacency.
Which reason for the problem is most likely true?
A. The network statements are mismatched
B. The IP subnets are mismatched
C. T he bandwidth is mismatched
D. The MTUs are mismatched
Answer: D
NO.217 Which extended ping IP header option allows you to specify one or more hops over which
the packets will travel without specifying the full path?
A. verbose
B. loose
C. strict
D. record
Answer: B
NO.218 Which two Cisco Express Forwarding tables are located in the data plane? (Choose two)
A. the forwarding information base
B. the label information table
C. the label forwarding information base
D. the IP routing table
E. the adjacency table
Answer: A,C
71
IT Certification Guaranteed, The Easy Way!
All routers are running EIGRP and the network has converged. R3 and R4 are configured as EIGRP
stub. If the link between R1 and R3 goes down, Which statement is true?
A. R3 does not advertize 192.168.0.0/24 to R4 anymore.
B. R2 does not have a route to 192.168.0.0/24 in the routing table.
C. The prefix 192.168.0.0/24 becomes stuck-in-active on R4.
D. R1 sends traffic destined to 192.168.0.100 via R2
Answer: B
NO.220 Which two statements about MSDP are true? (Choose two)
A. It is supported both for IPV4 and IPV6 multicast deployments
B. It is encapsulated into UDP segments
C. It is encapsulated into PIM packets
D. It interconnects into PIM-SM domains
E. MSDP peers are established using multiprotocol BGP
F. MPLS is required to establish MSDP peering
Answer: D,E
NO.221 Which two statements about IS-IS neighbor adjacencies are true?(Choose two )
A. Each device must have the same 6-type systemID
B. Neighboring devices must have the same level.
72
IT Certification Guaranteed, The Easy Way!
C. If the ignore-mtu command is configured on both devices.the devices can have different MTU
settings
D. Each device's 4-type router ID must be unique.
E. Level 1 devices must be in the same area
Answer: B,E
Which two configurations must you apply to R2 so that it correctly translates the internal network to
a public IP address?
A. access-list 1 permit 10.2.0.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/1
interface GigabitEthernet0/0
ip nat inside
interface GigabitEthernet0/1
ip nat outside
B. access-list 1 permit 10.2.0.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
interface GigabitEthernet0/0
ip nat outside
interface GigabitEthernet0/1
ip nat inside
C. ip nat pool NAT 209.165.201.9 209.165.201.14 netmask 255.255.255.248 access-list 1 permit
10.2.0.0 0.0.0.255
ip nat inside source list 1 pool NAT
interface GigabitEthernet0/0
ip nat inside
interface GigabitEthernet0/1
ip nat outside
D. ip nat inside source static 10.1.2.100 209.165.201.9
ip nat inside source static 10.1.2.110 209.165.201.10
ip nat inside source static 10.1.2.120 209.165.201.1
73
IT Certification Guaranteed, The Easy Way!
interface GigabitEthernet0/0
ip nat inside
interface GigabitEthernet0/1
ip nat outside
E. access-list 1 permit 10.2.0.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
interface GigabitEthernet0/0
ip nat inside
interface GigabitEthernet0/1
ip nat outside
F. ip nat inside source static 10.1.2.100 209.165.201.9
ip nat inside source static 10.1.2.110 209.165.201.10
ip nat inside source static 10.1.2.120 209.165.201.1
interface GigabitEthernet0/0
ip nat outside
interface GigabitEthernet0/1
ip nat inside
Answer: C,D
Answer:
74
IT Certification Guaranteed, The Easy Way!
NO.224 Which IP SLA operation type uses IP to measure the round-trip time between a router and a
device?
A. UDP Jitter for VoIP
B. HTTP
C. ICMP Echo
D. ICMP Path Jitter
Answer: C
NO.225 Which two statements about 6to4 tunnels are true? (Choose two)
A. They allow isolated IPv6 domains to connect over an IPv4 network
B. The IPv4 infrastructure acts as a virtual NBMA link
C. There is no requirement for dual-stack(IPv4 and IPv6) on the border routers
D. They require routers to be configured in pairs
E. They support point-to-point automatic tunnels
Answer: A,B
NO.226 Which three mode are valid PfR monitoring modes of operation? (Choose threE.
A. passive mode (based on Cisco IP SLA probes)
B. route monitor mode (based on BGP route changes)
C. RMON mode (based on RMONv 1 and RMONv2 datA.
D. active mode (based on Cisco IP SLA probes)
E. passive mode (based on NetFlow datA.
F. fast mode (based on Cisco IP SLA probes)
Answer: D,E,F
NO.227 Which difference between IGMP Snooping and PIM Snooping is true
A. IGMP Snooping is a Cisco-proprietary technology,while PIM snooping is standard-based
B. IGMP Snooping controls multicast traffic to multicast listeners,while PIM snooping blocks multicast
traffic from multicast listeners
C. IGMP Snooping replicates multicast traffic to multicast listeners,while PIM snooping blocks
multicast traffic from multicast listeners.
D. IGMP Snooping allows traffic designed to 239.0.0.0/24 destination group only,while PIM snooping
filters multicast traffic ro all hosts.
Answer: B
NO.228 What command can you enter on a Cisco router so that it can both polled a time server and
be polled by a time server
A. ntp server
B. ntp broadcast client
C. ntp broadcast destination
D. ntp peer
Answer: D
75
IT Certification Guaranteed, The Easy Way!
NO.229 How many address families can a single OSF P\13 instance support?
A. 1
B. 2
C. 5
D. 10
Answer: A
Answer:
NO.231 Which two EtherChannel modes can create an LACP EtherChannel?(Choose two)
A. on
B. active
C. passive
D. auto
E. desirable
Answer: B,C
NO.232 Which two options are requirements for Control-Plane Policing? (Choose two.)
A. Cisco Express Forwarding must be enabled globally.
B. Cisco Discovery Protocol must be disabled in the control plane.
76
IT Certification Guaranteed, The Easy Way!
NO.234 which statement about the BGP scope of the cost community is true?
A. It is shared with IBGP neighbors and route reflectors
B. It is shared with IBGP and EBGP neighbor
C. It is shared with IBGP neighbors only
D. It is shared with IBGP and confederation peers
E. It is shared with EBGP neighbors only
Answer: D
NO.236 Which two authentication options were new in SNMPv3 (Choose two)
77
IT Certification Guaranteed, The Easy Way!
A. noAuth
B. Auth
C. noAuthNopriv
D. authNoPriv
E. authPriv
F. Priv
Answer: C,D
NO.237 If the default-information originate always command is configured on R4 what route type is
assigned to the default route in R1's
A. O
B. E2
C. O IA
D. E1
Answer: C
NO.238 Which two statements about the spanning-tree timers in a switched network are true?
(Choose two)
A. The root bridge sends out a configuration BPDU every hello interval
B. The default hello time is two seconds
C. After receiving a BPDU from the root bridge, a non-root bridge waits for the hello interval before
forwarding
it out
D. The root bridge sends out a TCN every max-age interval
Answer: A,B
Which two statements about the output are true? (Choose two.)
A. 802.1D spanning tree is being used.
B. Setting the priority of this switch to 0 for VLAN 1 would cause it to become the new root.
C. The hello, max-age, and forward delay timers are not set to their default values.
78
IT Certification Guaranteed, The Easy Way!
79
IT Certification Guaranteed, The Easy Way!
R1 has an OSPF path to R2 and R3 for 10.1.0.0/24, but R1 has a routing entry for
10.1.0.0/24 from only one router at a time.
Which option is the most likely cause?
A. The R1 maximum-path is set to 1.
B. R2 has a higher administrative distance.
C. R2 is using a filter list.
D. R2 is using an offset-list.
Answer: A
NO.244 Which TCP features allows a client to request a specific packet that was lost?
A. flow control
B. sliding window
C. fast recovery
D. selective acknowledgment
Answer: D
NO.245
80
IT Certification Guaranteed, The Easy Way!
Refer to exhibit. R1, R2, and R3 are in different statellite offices of the same organization. A multiast
vido source is located behind R1. R3 frequently receives video streams interded for R2. These streams
saturate the available bandwidth of R3. Which configuration change can alleviate the congestion on
R3?
A. Configure R3 to send an immediate-leave message when necessary 10 stop receiving unwanted
traffic
B. Configure IGMP snooping on R1 R 2 and R3
C. Place a PIM filter on the switches and interfaces that connect 10 R1R2 and R3
D. Enable IGMP snooping On all switches that contect to R1 R2 and R3
E. Place a PIM filter on the switch and interface that connect to R1 only
Answer: D
Answer:
81
IT Certification Guaranteed, The Easy Way!
NO.247 which IS-IS feature allows an IS-IS router to determine a prefix without performing an SPF
compilation?
A. SFP throtting
B. isis retransmit-throttle-interval command
C. Isp-gen-interval command
D. Partial route Computation
E. overload bit
Answer: D
NO.248 Which metric vectors are stored but are not used by default in EIGRP?
A. Reliability and delay
B. Bandwidth and delay
C. Load and reliability
D. Load and bandwidth
Answer: C
NO.249
Refer to the exhibit . While reviewing a log file on a router with this NTP configuration you note that
the log entries of the router display a different time than the NTP time. Which action can you take to
correct the problem?
A.Add the local time keyword to the service timestamps log datetime statement
B.Add the msec keyword to the service timestamps log datetime statement
C.Add the statement ntp broadcast to the NTP configuration of the neighboring router
D.Configure the router to be the NTP master
82
IT Certification Guaranteed, The Easy Way!
E.Remove the datetime keyword from the service time stamps log datetime statement
Answer: A
R1 and R2 advertise 10.50.1.0/24 to R3 and R4 as shown.R1 is the primary path. Which path does
traffic take from the data center to the file server?
A. All traffic travels from R4 to R2 to R1 to the file server.
B. Traffic is load-balanced from R4 to R2 and R3. Traffic that is directed to R3 then continues to R1 to
the file server. Traffic that is directed to R2 continues to the file server.
C. All traffic travels from R4 to R2 to the files server.
D. All traffic travels from R4 to R3 to R1 to the file server.
Answer: A
Notice that debug ip bgp updates has been enables. What can you conclude from the debug output?
A. BGP neighbor 10.1.3.4 established a new BGP session.
B. This is result of clear ip bgp 10.1.2.3 in command.
C. This is result of the clear ip bgp 10.1.3.4 out command.
D. BGP neighbor 10.1.3.4 performed a graceful restart.
Answer: B
NO.252 Which technology can be used to secure the edge of an STP domain?
A. root guard
B. BPDU guard
C. UplinkFast
D. BPDU filter
Answer: A
83
IT Certification Guaranteed, The Easy Way!
Which two statements about the given MPLS VPN ate true? (Choose two.)
A. It includes four CE routers.
B. Router A and router 1 must be BGP neighbors.
C. It includes four P routers.
D. It includes two CEs and two Pes.
E. Only one connection is outside the ISP network.
Answer: C,D
NO.254 Which metric vectors are stored but are not used by default in EIG RP?
A. Reliability and delay
B. Load and reliability
C. Load and bandwidth
D. Bandwidth and del
Answer: B
NO.255 Which two IP packet types always traverse to the route processor CPU? (Choose two)
A. Data-plane packets.
B. Forwarding-plane packets
C. Control-plane packets
D. Services-plane packets
E. Management-plane packets
Answer: C,E
84
IT Certification Guaranteed, The Easy Way!
Answer:
85
IT Certification Guaranteed, The Easy Way!
NO.260 Which three values are used to generate a unique bridge ID for each VLAN in PVST+?
(Choose three)
A. port cost
B. max age
C. spanning-tree MAC address
D. port priority
E. switch priority
F. extended system ID
Answer: C,E,F
NO.261 Which two features are incompatible with loopguard on a port ?(Choose two)
A. BPDU skew detection
B. root guard
C. PortFast
D. uplink fast
E. backbone fast
Answer: B,C
NO.262 Which two statements about IS-IS metrics are true?(choose two)
86
IT Certification Guaranteed, The Easy Way!
NO.263 What are three required attributes in a BGP update message? (select threE.
A. AGGREGATOR
B. AS_PATH
C. ORIGIN
D. MED
E. NEXT_HOP
Answer: B,C,E
NO.264 Which options is the default LACP load-balancing algorithm for IP traffic on Layer 3?
A. the source and destinnation IP port
B. the destination IP port
C. the source and destination IP address
D. the destination port
E. the source IP port
Answer: C
NO.265 For which two purposes can RTCP be used (Choose two)
A. Collecting information about VoIP service quality
B. Authenticating RTP sessions
C. Providing encryption for RTP flows
D. Providing resource reservation service for VoIP traffic
E. Providing resource reservation service for VoIP traffic
F. Providing out-of-band statistics and control information for RTP sessions
Answer: A,F
NO.266 You are configuring Wireshark on a Cisco Catalyst 4500E Switch a Supervisor 8. Which three
action can you take to prevent the capture from overloading the CPU? {Choose threE.
A. Use an in-line filter.
B. Reconfigure the buffers to accommodate the additional traffic.
C. Attach the specific ports that are part of the data path.
D. Configure a policy a policy map, class map, and an access list to express the match conditions.
E. Use an appropriate ACL
F. Add memory to the Supervisor.
Answer: A,C,E
NO.267 You have been asked to connect a remote network with different DSCP mappings to the
87
IT Certification Guaranteed, The Easy Way!
primary network of
your organization. How can you configure the network devices so that the two networks work
together
seamlessly?
A. Configure the mls qos trust command on the trunk ports that internetwork two networks
B. Configure VLAN-based QoS on all switchs on both networks
C. Configure an aggregate policewr on the ingres interfaces of the trunk ports that interconnect the
two
networks
D. Configure a mutation map on the devices on the primary network that connect to the network
Answer: A
NO.268 Which two characteristics of an loT network are true ? (Choose two)
A. loT networks must be designed for low-powered devices
B. loT network are 100% reliable.
C. The transmission rate in an loT network is consistent.
D. loT networks are bandwidth constrained.
E. loT networks use IS-IS for routing.
Answer: A,C
NO.269 which condition must be true to allow an access port to trust QoS markings on an incoming
frame?
A. The switch must be configured globally with the vlan dot1q tag native command
B. The switch must be configured globally with the mls qos trust cos command
C. The port must be configured with the mls qos trust dscp command
D. The port must be configured with the mls qos cos command
Answer: C
NO.270
Refer to the exhibit If R1 and R2 cannot establish an OSPF neighbor relationshipwhich two action can
you take to Choose two
A. Configuration PPP authentication under the R2 Gigabitethernet 0/1 interface
B. Change the ip local pool command on R2 to ip local pool pool! 192 168 12 192 168 1.5 I"
88
IT Certification Guaranteed, The Easy Way!
NO.271 Which two statements about NAT are true? (Choose two)
A. Static NAT supports a one-to-one address mapping
B. Dynamic NAT allows hosts inside a network to use a pool of addresses to access hosts outside the
network
C. PAT uses destination port numbers identity address mappings
D. Static NAT release the translated address for use by another device when it is inactive
E. One-to-one mapping denies outside traffic from accessing an inside host
Answer: A,B
NO.272 Which three steps are required to enable SSH access on a Cisco routers?(choose three)
A. generating an RSA or DSA cryptographic key
B. configuring VTY lines for use with SSH
C. configuring a domain name
D. configuring the version of SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key
Answer: A,B,C
NO.273 Refer to the exhibit. Which two possible reasons why the administrator is unable to log into
the
switch remotely are true? (Choose two)
A. An ACL is configured to reject connections from PC1
B. The user is using the incorrect username
C. SSH is disabled
D. The Telnet VTY lines are busy
E. The Baud rate is misconfigured
Answer: C,D
NO.274 which option describes how the IP address is assigned when you configure a Layer3
EtherChannel
interface?
A. The first IP address added to the EtherChannel is used automatically
B. You must assign the IP address to a port channel logical interface
C. The last IP address added to the EtherChannel is used automatically
D. You must assign the IP address to the tunnel interface
Answer: B
NO.275
89
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. Which two route types advertised by a router with this configuration?
(Choose two)
A. connected
B. summary
C. static
D. redistributed
E. external
Answer: A,B
NO.276 Which two statements are true about control plane policing?(Choose two.)
A. Control plane policing will affect only traffic that is destined to the route processor.
B. Access lists that are used in policies for control plane policing must not use the log keyword.
C. Access lists that use the deny rule in control plane policing do n ogress to the next class.
D. The log keyword can be used but the be used in policing.
Answer: A,B
NO.277 On an MPLS L3VPN, which two tasks are performed by the PE router? (Choose two.)
A. It exchanges VPNv4 routes with other PE routers.
B. It typically exchanges iBGP routing updates with the CE device.
C. It distributes labels and forwards labeled packets.
D. It exchanges VPNv4 routes with CE devices.
E. It forwards labeled packets between CE devices.
Answer: A,C
Answer:
90
IT Certification Guaranteed, The Easy Way!
NO.280 Which two statements about the STP dispute function are true? (Choose two)
A. It compares the downstream port states reported in received BPDUs.
B. The upstream switch uses received BPDUs to detect unidirectional link failures.
C. The downstream switch uses received BPDUs to detect unidirectional link failures.
D. When a designated port detects a conflict, it changes its role by reverting to a discarding state
Answer: A,B
91
IT Certification Guaranteed, The Easy Way!
The PC is experiencing intermittent connectivity failures to the internet. If ADSL-R1 uses a PPPoE
connection, what action can you take to correct the problem.
A. Configure a system MTU of 1512 on ADSL-R1
B. Configure OSPF on the connection between PC1 and HomeS1
C. Replace the dialer interface with a virtual template.
D. Configure an MTU of 1492 on the dialer interface on ADSL-R1
E. Configure the same OSPF process on HomeR1 and HomeS1
Answer: D
NO.282 Which condition must be satisfied before a Cisco router running RIP can poison a route ?
A. The invalid timer must expire.
B. The hold down timer must expire.
C. The flush timer must expire.
D. The flush timer must reach 240 seconds.
E. The metric must equal! 6.
Answer: A
92
IT Certification Guaranteed, The Easy Way!
Answer:
NO.285 Which option describes the effect of the command ip route vrf DMZ
192.168.0.0.255.255.0.0
172.16.5.5 global?
A. It creates a s1atic default route in the "lh1 DMZ, and the next hop is in the global routing table.
B. It creates a static route in the VRF DMZ for 192.168.0.0 255.255.0.0, and the next hop is in the
global routing table.
C. It creates a static route in the global routing table for 192.168.0.0 255.255.0.0, and the next hop
is in the global routing table.
D. It creates a s1atic route in the global routing for 192.168.0.0 255.255.0.0, and the next hop is in
The VRF DMZ.
93
IT Certification Guaranteed, The Easy Way!
E. lt creates a static route in the VRF DMZ for 192.168.0.0 255.255.0.0, and the next hop is in the
VRFDMZ.
Answer: B
NO.286 Which three criteria are used for stackwise election of a master switch?
A. VLAN revision number
B. longest uptime
C. highest MAC address
D. user-selected priority
E. IOS version number
F. lowest MAC address
Answer: B,D,F
NO.288 Which PIM feature allows the same multicast group address to be reused in different
administrative domains?
A. Proxy Registering
B. IP Multicast Helper
C. IP Multicast Boundary
D. CGMP
Answer: B
NO.289
Refer to exhibit. Which statement about the 192.168.100.0/24 destination network is true?
A. The Reported distance for the Successor is 128256
B. The metric installed into the route tabel is 4352
C. The metric installed into the route table is 126256
D. The Reported Distance for the Feasible Successor is 409600
Answer: A
94
IT Certification Guaranteed, The Easy Way!
NO.290 Which two statements about IP source guard are true?(Choose two.)
A. It must be applied to EtherChannel port members
B. It is available only on L2 ports.
C. It is supported in software only.
D. It is not supported on private VLANS.
E. It blocks DHCP packets
Answer: B,D
NO.291 A packet from network 10.0.1.0/24 destined for network 10.0.2.0/24 arrives at Rl on
interface GiO/0, but the router drops the packet instead of transmitting it out interface Gi0/1.
Routers A and B are the edge devices at two different sites as shown. If each site contains an IPv6
network that must be able to communicate over an IPsec tunnel, which type of authentication can be
in
use between the two sites?
A. MD5
B. pre-shared key
C. 802.1x
D. CHAP
Answer: B
95
IT Certification Guaranteed, The Easy Way!
A. portACLs
B. standard ACLs
C. reflexive ACLs
D. dynamic ACLs
E. VLANACLs
Answer: A
NO.294 You have noticed that a switch on your network that is configured for PIM snooping is
flooding multicast traffic
excessively. What action can you take to correct the problem without disabling PIM?
A. Disable designated-route flooding
B. Enable IGMP filtering
C. Enable unknown unicast flood blocking
D. Disable IGMP on the VLANs
Answer: B
NO.296 Two routers are connected on a PPP link using CHAP authentication by default which value
will
the routers use as t identification on the link?
A. Their host names
B. Their IP address on the connected link
C. Their interface numbers
D. Their serial numbers
Answer: A
NO.297 which mechanism can be used on Layer 2 switches so that only multicast packets with
downstream receivers are sent on the multicast router-connected ports?
A. Router Guard
B. IGMP snooping
C. multicast filtering
D. PIM snooping
Answer: D
96
IT Certification Guaranteed, The Easy Way!
Answer:
NO.299 Which two statements about IPsec VTIs are true? (Choose two)
A. Dynamic VTIs allow you to mix proxy types.
B. The dynamic VTI is a multipoint interface that can support multiple IPsec SAs.
C. The IKE SA can be bound to both the VTI and the crypto map in the router.
D. Static VTIs can use the "IP any any" traffic selector only.
E. The IPsec transform set must be configured in transport mode.
F. Static VTIs can encapsulate both IPv4 and IPv6 packets, but IPv4 can carry IPv4 packets and IPv6
can carry IPv6 packets.
Answer: C,D
Router A and B are the edge device at two different sites as shown. The two edge devices use public
addresses on their WAN interfaces, and both sites use RFC1918 for all other addresses.if routers A
97
IT Certification Guaranteed, The Easy Way!
NO.304 Which encryption algorithm is enabled by the Cisco IOS command service
password-encryption?
A. Cisco Type-7
B. Cisco Type-5
C. TKIP
D. MD5
E. Cisco AES
Answer: A
NO.305 What are two major requirements for configuring an extended VLAN with VTPv2 (Choose
two)
A. VLAN pruning must be enabled
B. The device must be operating in VTP transparent mode
C. The configuration must be made in global configuration mode
D. The VLAN must be configured in VLAN database mode
E. The reduced MAC address feature must be disabled
Answer: B,C
98
IT Certification Guaranteed, The Easy Way!
NO.308 Which command can you enter to configure a Cisco router running OSPF to propagate the
static default route 0.0.0.0 0.0.0.0 172.31.15.1 within the OSPF process?
A. default-information originate
B. redistribute static subnets
C. redistribute static metric 1 subnets
99
IT Certification Guaranteed, The Easy Way!
D. redistribute static
Answer: B
Answer:
100
IT Certification Guaranteed, The Easy Way!
Answer:
NO.312
Refer to the exhibit After you configure the given IP SLA on a Cisco router.you note that the device is
unable to fialover to the backup route even when pings to 10.12.34.5 fail.What action can you take to
correct the problem?
A. Change the ip route 0.0.0.0.0.0.0.0.192.168.1.1.53.200 command to ip route
0.0.0.0.0.0.0.0 192.168.1.153.12.
B. Change the ip sla schedule 12 life forever start-time now comman to ip sla schedule 12 life forever
101
IT Certification Guaranteed, The Easy Way!
start-time 00:12 00
C. Change the track 12 ip sla 12 state command to track 12 ip sla 12 reachability.
D. Change the frequency 2 command to frequency 12.
Answer: C
NO.313 Which two options are examples of Northbound and/or Southbound protocols?(Choose vo)
A. OpenStack
B. 1S1S
C. NETCONF
D. JSON
E. BGP-LS
Answer: A,C
Answer:
NO.315 Which two statements about NetFlow version 9 are true? (Choose two.)
A. It supports up to two exporters per cache
B. It supports both encryption and authentication
C. It supports up to six exporters per cache
D. It supports export over TCP and UDP
E. It supports export over UDP only
F. Each flow monitor supports up to 10 exporters
102
IT Certification Guaranteed, The Easy Way!
Answer: D,F
NO.316 External EIGRP route exchange on routers R1 and R2 was failing because the routers had
duplicate router IDs. You changed the eigrp router-id command on R1, but the problem persists. With
additional action must you take to enable the routers to exchange routes?
A. Change the corresponding loopback address.
B. Change the router ID on R2.
C. Reset the EIGRP neighbor relationship.
D. Clear the EIGRP process.
Answer: D
NO.317 Which two statements about IPv6 6to4 tunnels are true? (Choose two)
A. Sites use addresses from the 2002::/16 prefix
B. Sites use addresses from link-local scope
C. They are point-to-multipoint tunnels
D. They are point-to-point tunnels
E. They rely on GRE encapsulation
Answer: A,C
NO.318
Refer to the exhibit. R1 has an OSPF path to R2 and R3 for 10.1.0.0/24but R1 has a routing entry for
10.1.0.0/24 from only one router at a time. Which option is the most likely cause?
A. The R1 maximum path is set to 1.
B. R2 has a higher administrative distance.
C. R2 is using a filter list
D. R2 is using an offset list.
Answer: A
103
IT Certification Guaranteed, The Easy Way!
Answer:
NO.320 What are two requirements for BFD static route support? (Choose two)
A. CEF must be configured on all routers that will carry traffic.
B. BFD must be configured on all Ethernet, virtual-template, and dialer interfaces that will carry
traffic.
C. All routers that will carry traffic must have the same software version.
D. All routers that will carry traffic must be the same model.
E. Parameters must be configured on all routers that will carry traffic.
F. Parameters must be configured on all interfaces that will carry traffic.
Answer: A,F
104
IT Certification Guaranteed, The Easy Way!
Answer:
NO.322 Which two protocols are used by the management plane? Choose two?
A. Telnet
B. BGP
C. OSPF
D. ISSU
E. DTP
F. FTP
Answer: A,F
NO.323 Which two statements about AAA authentication are true? (Choose two)
A. RADIUS authentication queries the router's local username database.
B. TACASCS+ authentication uses an RSA server to authenticate users.
C. Local user names are case-insensitive.
D. Local authentication is maintained on the router.
E. KRB5 authentication disables user access when an incorrect password is entered.
Answer: D,E
105
IT Certification Guaranteed, The Easy Way!
Answer: D,E
NO.325 Which two statements about 6PE are true? (choose two)
A. iBGP peering between the PE routers should be done using an IPv6 address
B. It does not require MPLS between the PE routers
C. It requires a VRF on the IPv6 interface
D. It requires BGP to exchange labeled IPv6 unicast between PE routers
E. Uses an IPv4-mapped IPv6 address as the IPv4 next-hop on PE router
Answer: D,E
NO.326 Which protocol enables routers in an MPLS environment to use labels to move traffic?
A. FTP
B. POP
C. LLDP
D. PPP
E. L2TP
F. LOP
Answer: F
According to the given show line output, which type of line is connected to the router?
A. auxiliary
B. Telnet
C. terminal
D. Console
E. SSH
Answer: A
NO.328 Which IS-IS router type can have neighbors in any area?
A. Level 1/Level 2 Intermediate System only
B. Both Level 1 Intermediate Systems and Level 2 Intermediate Systems
C. Level 2 Intermediate System only
D Both Level 1/Level 2 Intermediate Systems and Level 2 Intermediate Systems
D. Level 1 Intermediate System only
Answer: A
NO.329 Which two statements aretrue about control plane policing?(Choose two)
106
IT Certification Guaranteed, The Easy Way!
A. Access list that are used in po|1cies for control plane policing must not use the l g keyword
B. The log keyword can be used but the log-input keyword must not be used in policies for control
plane policing
C. Packets denied by an explicit access control list entry do not progress to the next class in control
plane policing
D. Control plane policing will affect only traffic that is destined to the route processor
Answer: A,C
NO.331 Which 1Pv6 solution provides network information to clients without providing an 1Pv6
host address?
A. autoconfiguration
B. stateless DHCPv6
C. stateful DHCPv6
D. prefix delegation
Answer: A
107
IT Certification Guaranteed, The Easy Way!
You must complete the configuration on R1 so that a maximum of three links can &e used and
fragmentation is supported.
You must complete the configuration on R1 so that a maximum of three links can be used and
fragmentation is supported.
Which additional configuration accomplishes this task?
A. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links minimum 1
ppp multilink links maximum 3
ppp multilink interleave
B. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink fragment delay 20
C. interface Multilink19
ip address 192.168.1.1 255.255.255.0
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink fragment delay 20
ppp multilink interleave
D. interface Multilink19
ip address 192.168.1.1 255.255.255.252
ppp multilink
ppp multilink group 19
ppp multilink links maximum 3
ppp multilink interleave
108
IT Certification Guaranteed, The Easy Way!
Answer: A
Explanation:
The "ppp multilink interleave" command is needed to enable link fragmentation and Interleaving
(LFI). The Cisco IOS Link Fragmentation and Interleaving (LFI) feature uses Multilink PPP (MLP). MLP
provides a method of splitting, recombining, and sequencing datagrams across multiple logical data
links. MLP allows packets to be fragmented and the fragments to be sent at the same time over
multiple point-to-point links to the same remote address.
ppp multilink links maximum
To limit the maximum number of links that Multilink PPP (MLP) can dial for dynamic allocation, use
the ppp multilink links maximum command in interface configuration mode.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcflfi.html
NO.334 Which two statements about 1Pv4 and 1Pv6 networks are true? (Choose two.)
A. ln IPv6, hosts perform fragmentation.
B. IPv6 uses a UDP checksum to verify packet integrity.
C. ln IPv6, routers perform fragmentation.
D. In IPv4 fragmentation is performed by the source of the packet.
E. IPv4 uses an optional checksum at the transport layer.
F. IPv6 uses a required checksum at the network layer.
Answer: A,B
This network is undergoing a migration from pvst+ to mst. S1 is the MSTO root bridge and S2 is the
MSTO secondary root
A. Interface G0/1 is blocked on S3 for VLAN40 and VLAN 50 and load balancing fails until S3 is
migrated to
MST
B. Interface G0/0 is blocked on S3 for VLAN40 and VLAN50 unless it is configured for load balancing
with
PVST+
C. Interface G0/0 is blocked on S3 for VLAN40 and VLAN 50 and load balancing fails until S3 is
109
IT Certification Guaranteed, The Easy Way!
migrated to
MST
D. VLAN traffic automatically load balances between G0/0 and G0/1 on S3 using PVST+
E. PVST+ inherits the load-balancing configuration from MST
Answer: A
NO.336 Which command can you enter on an interface so that the interface will notify the sender of
a packet that the packet that the path is sub-optimal?
A. ip nhrp record
B. ip nhrp set-unique-bit
C. ip nhrp shortcut
D. ip nhrp redirect
E. ip nhrp cost 65535
Answer: D
NO.337 Which three statements about EVCs are true? (Choose three.)
A. Spanning Tree must use MST mode on EVC ports.
B. PAGP is supported on EVC ports.
C. Spanning Tree must use RSTP mode on EVC ports.
D. LACP is supported on EVC ports.
E. Layer 2 multicast framing is supported.
F. Bridge domain routing is required.
Answer: A,B,D
NO.339
110
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. This routes is advertising which routes via BGP?
A. BGP routes that originated on RT1
B. AJI routes
C. all BGProutes from AS 65006
D. BGP routes that originated from AS 65006 and BGP routes that originated on this router
E. No routes
Answer: D
NO.340 Exhibit:
NO.341 Which two statements about PfR are true? (Choose two)
A. lt manages traffic classes
B. lt provides a narrower scope of route control than OER.
C. lt provides intelligent route control on a per-application basis.
D. lt supports split tunneling and spoke-to-spoke links.
E. lt always prefers the least cost path.
111
IT Certification Guaranteed, The Easy Way!
Answer: A,C
NO.343 When you implement CoPP on your network, what is its default action?
A. Drop management ingress traffic to the control plane.
B. Monitor ingress and egress traffic to the control plane by using access groups that are applied to
the interface
C. Block all traffi
D. Rate-limit bidirectional traffic to the control plane.
E. Permit all traffi
Answer: E
R2 is configured with an IP helpler address on Gi0/0/0 and it is sharing routes with R1 using OSPF. If
PC1 is configured to request an IP address from the DHCP server, which two statements
correctly describe communications between the devices on the netwok?(choose two)
A. R1 forwards DHCPREQUEST messages to IP address 172.16.1.100
B. PC1 sends DHCPDISCOVER messages to IP address 255.255.255.255
C. R1 forwards DHCPDISCOVER messages to IP address 255.255.255.255
D. PC1 sends DHCPREQUEST messages to IPaddress 255.255.255.255
E. R1 forwards DHCPOFFER messages to IP address 172.16.1.100
Answer: A,B
112
IT Certification Guaranteed, The Easy Way!
NO.346 Company A have two remote sites, which are connected to a common ISP by BGP. At each
site, company
A is using the same autonomous system number. Which BGP feature can you implement to enable
routing between the two site?
A. allowas-in
B. AS path prepending
C. communities
D. peer groups
Answer: A
Answer:
113
IT Certification Guaranteed, The Easy Way!
NO.349 Which statement about the RPF interface in a BIDIR-PIM network is true?
A. In a BIDIR-PIM network the RPF interface can be the interface that is used reach the PIM
rendezvous or the interface that is used to reach the source.
B. In a BIDIR-PIM network the RPF interface is always the interface that is used to reach the source.
C. There is no RPF interface concept in BIDIR-PIM networks
D. In a BIDIR network the RPF interface is always the interface that is used to reach the PIM
rendezvous point.
Answer: D
NO.350 Which three pieces of information are carried on OSPF type-3 LSAs? (Choose threE.
A. metric
B. authentication type
C. link state
D. IP subnet
E. externaI route tag
F. subnet mask
Answer: A,D,F
NO.351
114
IT Certification Guaranteed, The Easy Way!
Refer to exhibit R2 is configured as the R1 neighbor in area 51, but R2 fails to receive the configured
summary route. Which action can you take to correct the problem?
A. Replace the summary .address command with the area-range command
B. Configure a summary address under R1interfate GigabitEthernet0/0
C. Configure a summary address under R1 interface GigabREthernet1/0
D. Configure the no discard-route command in the OSPF process of R1
E. Gonfigure ip ospf network broadcast under the Loopback0 interface of R1
Answer: A
NO.352 Which two statements about RTF and RTCP are true? (Choose two)
A. An RTP port is a random even-numbered TCP port between 16,384 and 32,767 and the associated
RTCP
port is the sequential odd-numbered port
B. RTCP provides encryption and authentication for RTP flows
C. RTCP packets contain application-level information about the RTP source
D. An RTP session includes TCP port numbers for both RTP and the associated RTCP session
E. RTCP provides QoS information about data delivered over RTP
F. RTCP supports multiple packet types, including sender reports, receiver reports, and application-
specific
packets
Answer: A,E
NO.353 which three security controls would you take into consideration when implementing IoT
capabilities? (choose three)
A. Layered Security Approach
B. Define lifecycle controls for IoT devices
115
IT Certification Guaranteed, The Easy Way!
NO.355 Under which two circumstances is IPsec transport mode appropriate ? (Choose two)
A. When both hosts are behind IPsec peers.
B. When the hosts are transmitting router management traffic.
C. When only one host is behind an IPsec peer.
D. When only IP header encryption is needed.
E. When IPsec peers are the source and the destination of the traffic.
F. When only IP header authentication is needed.
Answer: B,E
NO.356 Which two statements about the host address 10.88.100.10/13 are true?(Choose two.)
A. The network address is 10.64.0.0
B. The network address is 10.88.100.0
C. The network address is 10.88.0.0
D. The broadcast address is 10.95.255.255
E. The broadcast address is 10.88.255.255
F. The broadcast address is 10.64.255.255
Answer: C,D
NO.357 Which two statements about debugging on Cisco routers are true? (Choose two)
A. Using console logging can reduce the performance impact of the debug command
B. The debug command can be run in privileged exec mode only
C. By default, the router logs debug command output to vty lines
D. The terminal monitor command copies debug output to the terminal
E. The debug ip packet command can debug IP traffic that is fast-switched on the router
F. The debug command can be run in user exec mode
Answer: B,D
116
IT Certification Guaranteed, The Easy Way!
C. dot1q trunk.
D. DTP os a point-to-point protocol.
E. When removing VLAN 1 from a trunk,management traffic such as CDP is no longer passed
in that VLAN.
Answer: C
NO.359 Which PIM mode can forward traffic by using only (*.G) routing table entries?
A. Space-dese mode
B. Bidirectional mode
C. Deuce mode
D. Sparse mode
Answer: B
You organization has two offices, Site 1 and Site 2, which are connected by provider backbone, as
shown. Where must you
configure an attachment circuit to allow the two sites to connect over a Layer 2 networking using
L2TPv3?
A. PE Site 1 SE0/0 and PE Site 2 Se0/0
B. CE Site 1 Fa0/0 and PE Site 2 Se0/0
117
IT Certification Guaranteed, The Easy Way!
118
IT Certification Guaranteed, The Easy Way!
NO.363 Which three actions are required when configuring NAT-PAT? (Choose threE.
A. Specify an 1Pv4-to-1Pv6 translation.
B. Enable NAT-PT globally.
C. Specify a: :/96 prefix that will map to an IP4 address.
D. Specify a: :/48 prefix that will map to a MAC address.
E. Specify a ::/32 prefix that will map to an 1Pv6 address.
F. Specify an 1Pv6-to-1Pv4 translation.
Answer: A,C,F
119
IT Certification Guaranteed, The Easy Way!
NO.366 which two statements about route summarization are true?(choose two)
A. When a packet is routed to a destination, the router chooses the most specific prefix from the
routing table
B. Routes are automatically summarized to their classful boundary with OSPF
C. BGP sends both specific and aggregate routes unless the keyword "summary-only" is configured
D. It is recommended for use on discontinuous networks
120
IT Certification Guaranteed, The Easy Way!
NO.367 Which three factors does Cisco PFR use to calculate the best exit path?(Choose threE.
A. Reachability
B. Delay
C. Quality of service
D. Packet size
E. Adminstrative distance
F. Loss
Answer: A,B,F
Answer:
NO.369 which two actions can you take to allow the network 172.29.224.0/24 to be reachable from
peer 192.168.250.53? (Choose two)
121
IT Certification Guaranteed, The Easy Way!
NO.370 Which interior gateway protocol is based on open standards, uses a shortest-path first
algorithm , provides native protocols, and operates at the data link layer?
A. IS-IS
B. EIGRP
C. BGP
D. OSPF
Answer: A
NO.371 Which QoS policy is recommended to support an MPLS network with six classes?
A. map Flow-label bits into the Exp field
B. map IP precedence bits into the DSCP field
C. map DSCP bits into the Exp field
D. map IP CoS bits into the IP Precedence field
Answer: D
How can you configure R6 so that traffic returns to subnet 172.16.6.0/24 via R5?
A. Advertise prefix 172.16.6.0/24 to neighbor R5 with AS 65006 prepended.
B. Configure the neighbor 1 0.5.6.5 send-community standard command.
C. Advertise prefix 172.16.6.0/24 to neighbor R5 with metric 80.
D. Set local preference for all prefixes received from neighbor R5 to 200.
Answer: B
122
IT Certification Guaranteed, The Easy Way!
Answer:
NO.374 Which two conditions must be before IS-IS Level1 routers will become adjacent?(ChoosE.
A. The routers must share a common Autonomous 8ystem Number
B. The routers must share a common process ID
C. The routers must be in different areas
D. The routers must share a common NETWORK SEGMENT
E. The routers must be configured with the neighbor command
F. The routers must be in same area
Answer: D,F
NO.376 Which two statements about PPP CHAP authentication are true? (Choose two)
A. lt is a one-way authentication method
B. lt uses a secret password, which is sent across the link for authentication
123
IT Certification Guaranteed, The Easy Way!
NO.378 Which two statements about logging are true? (Choose two)
A. When you enable sequence numbers, the date timestamp is disabled automatically by default
B. A log message can include both uptime and the date timestamps
C. A log message's facility value indicates the hardware on which the log message was generated
D. Logs can be displayed on the console or on a remote terminal
E. Log messages include a mnemonic that describes the message
F. The mnemonic can refer to a hardware device, a protocol, or a software module
Answer: D,E
Answer:
124
IT Certification Guaranteed, The Easy Way!
Which router will be used to forward traffic to destinations unknown in the area?
A. R4
B. R5
C. R2
D. R1
E. R6
F. R3
125
IT Certification Guaranteed, The Easy Way!
Answer: D
NO.382 O: 252
Refer to the exhibit. Which twostatementsabout the device configuration are 1rue?
(Choose two)
A. The device has control-plane protection enabled
8 .The device implicitly allows Telnet connections
B. The GigabitEthernet0/1 interface of the device allows incoming SSH and SNMP connections
C. The device has management-plane protection enabled
D. The device allows SSH connections to its loopback interface
Answer: C,D
NO.385
126
IT Certification Guaranteed, The Easy Way!
NO.386 Which two message types allow PIM snooping to forward multicast traffic? (Choose two)
A. membership query messages
B. leave messages
C. bidirectional PIM DF election messages
D. Hello messages
Answer: C,D
NO.388 Which tunnel type can be used with encryption to provide security for IPv6 over IPv4?
A. 6RD
B. 6to4
C. ISATAP
127
IT Certification Guaranteed, The Easy Way!
D. IPv4-compatible
E. GRE
Answer: E
NO.391 Which command can you use to redistribute IBGP routes into the IGP?
A. no synchronization
B. redistribute protocol process-number
128
IT Certification Guaranteed, The Easy Way!
C. bgp redistribute-internal
D. synchronization
Answer: C
NO.392 Which two statements about LISP encapsulation with EIGRP OTP are true ( Choose 2)
A. It supports dynamic multipoint tunneling
B. It supports dynamic point-to-point tunneling
C. It uses the instance ID to support virtualisation
D. It supports manual point-to-point tunneling
E. The LISP control plane exchanges routes and determines the next hop
Answer: A,C
129
IT Certification Guaranteed, The Easy Way!
Answer:
130
IT Certification Guaranteed, The Easy Way!
NO.396 Which three statements describe the characteristics of a VPLS architecture? (Choose three )
A. It can suppress the flooding of traffic
B. It forwards Ethernet frames
C. It supports MAC address aging
D. It maps MAC address destinations to IP next hops
E. It conveys MAC address reachability information in a separate control protocol
F. It replicates broadcast and multicast frames to multiple ports
Answer: B,C,F
Which two route types are advertised by a router with this configuration? (Choose two.)
A. connected
B. external
C. summary
D. static
E. redistributed
131
IT Certification Guaranteed, The Easy Way!
Answer: A,C
NO.399 An IPv6 network has different MTUs on different segments, if the network is experiencing
reliability issues,
which option is the most likely reason ?
A. HSRPv6 is configured inly
B. The MTU size is greater than 1470 bytes
C. The do not fragment bit is marked
D. ICMPv6 is filtered
Answer: D
NO.400 Which two statements are true about IS-IS? (Choose two.)
A. IS-IS DIS election is nondeterministic.
B. IS-IS SPF calculation is performed in three phases.
C. IS-IS works over the data link layer, which does not provide for fragmentation and reassembly.
D. IS-IS can never be routed beyond the immediate next hop.
Answer: C,D
NO.401 Which command sets the maximum segment size for a TCP packet initiated from a router?
A. ip tcp window-size
B. ip tcp mss
C. ip mtu
D. ip tcp adjust-mss
Answer: B
NO.402 Which TCP feature allows a client to request a specific packet that was lost?
A. Flow control
B. Sliding window
C. Fast recovery
D. Selective acknowedgment
Answer: D
132
IT Certification Guaranteed, The Easy Way!
NO.404 What are three core Features of GET VPN? (Choose three.)
A. The rekey mechanism.
B. Time-based anti-replay
C. AES
D. MPLS
E. Partial mesh
F. Cooperative keys
Answer: A,B,F
NO.405 Which two statements about a flat single-hub DMVPN with NHRP are true?(choose two)
A. NHRP shortens the configuration 01the hub router
B. NHRP dynamically provides informatlon about the spoke routers to the hub
C. NHRP disables multicast
D. The hub muter uses NHRP to initiate the GRE tunnel with spokes
E. The spoke routers act as the NHRP servers
Answer: A,B
133
IT Certification Guaranteed, The Easy Way!
NO.406 Which protocol allows connections made by an NBMA network to dynamically learn
connected address
A. PPP
B. NHRP
C. HDLC
D. POP
Answer: B
NO.407 Which trunking configuration between two Cisco switches can cause a security risk?
A. configuring incorrect channel-groups on the switches.
B. disabling DTP on the trunk ports.
C. configuring different trunk modes on the switches.
D. configuring different native VLANs on the switches.
E. configuring mismatched VLANs on the trunk.
Answer: D
NO.408 how does an EIGRProuter respond when it receives a query for a route it is in the process of
poisoning?
A. It forwards the query to other neighbors
B. It adds the route to its route table
C. It sends a posion squash message to the to the querying neighbor
D. It notifies the querying neighbor to add the route
Answer: C
NO.409 When you cpnfigure an IPv6 IPSec tunnel which two fields can represent the ISAKMP
identity of a peer?(Choose Jwo)
A. encryption algorithm
B. DH group identifier
C. hostname
D. IPv6 address
Answer: C,D
134
IT Certification Guaranteed, The Easy Way!
Answer:
Answer:
135
IT Certification Guaranteed, The Easy Way!
NO.413 Which IS-IS process is responsible for flooding local link information to adjacent routers ?
A. decision
B. receive
C. forward
D. update
Answer: D
NO.414 Which two statements about IS-IS authentication are true ?(Choose two.)
A. Level 2 LSPs transmit the password encrypted inside the IS-IS PDU.
B. Area and domain authentication must be configured together.
C. Passwords can be configured on a per-interface basis.
D. If LSP authentication is in use , unauthorized devices can form neighbor adjacencies.
E. Lever 1 LSPs use the domain password.
Answer: A,C
NO.415 how does control plane policing protect the route processor?
A. It treats the route processor as a separate entity within MQC
B. It disables access to the control plane during an attack
C. It dynamically enables ingress ACLs on selected interfaces
D. It marks non-essential traffic and moves it to the Scavenger class
Answer: C
136
IT Certification Guaranteed, The Easy Way!
The Main 1 and Branch 1 switches are connected directly over over an MPLS pseudowire, and both
runn UDLD. After router B1 reloads because of a power failure, the pseudowire.
However the Branch 1 switch is unable to reach the Main 1 switch. Which two actions can you take to
restore connectivity and problem from recurring? (Choose two)
A. Configure a backup pseudowire between the Main 1 and Branch I Switchs.
B. Issue the shutdown and no shutdown commands on the Branch 1 switch uplink to the B1 router
only.
137
IT Certification Guaranteed, The Easy Way!
C. Configure a backup GRE tunnel between the Main I and Branch 1 switches.
D. Issue the shutdown and no shutdown commands on both the Branch 1 switch uplink to the B1
router and the Main 1 switch's uplink to the M1 router
E. Enable errdisable recovery on both the Main I and Branch I switches.
F. Enable UDLD recovery on both the Main I and Branch I switches.
Answer: B,E
NO.419 In which way does the Bridge Assurance mechanism modify the default spanning-tree
behavior
in an effort to prevent bridging loops?
A. IF BPDUs are no longer received on a port, the switch immediately sends a out a TCN BPDU.
B. Extended topology information is encoded into all BPDUs.
C. BPDUs are sent bidirectional on all active networks ports, including blocked and alternate ports.
D. Received BPDUs are looped back toward the sender to ensure that link is bidirectional.
Answer: C
NO.420 Exhibit:
if the web server has been configured to listen only to TCP port 8080 for all HTTP requests
, which command can you enter to how internet users to access the web server on HTTP port 80?
A. ip nat inside source static tcp 10.1.1.100 80 10.1.1.100 8080
B. ip nat outside source static tcp 10.1.1.100 80 10.1.1.100 8080
C. ip nat outside source static tcp 10.1.1.100 8080 10.1.1.100 80
D. ip nat inside source static tcp 10.1.1.100 8080 10.1.1.100 80
Answer: D
Answer:
138
IT Certification Guaranteed, The Easy Way!
NO.422 Which feature prevents multicast flooding to routers on a common VLAN that are not a part
of the multicast distribution tree for the particular group?
A. IGMP Snooping Querier
B. PIM Snooping
C. IGMP Proxy
D. PIM-SM
Answer: B
NO.423 Which two features are incompatible with Loop Guard on a port? (Choose two.)
A. Root Guard
B. PortFast
C. UplinkFast
D. BackboneFast
E. BPDU skew detection
Answer: A,B
NO.425 Which two statements about native VLANs are true? (Choose two.)
A. They require VTPv3.
B. They are used to forwarded untagged traffic only.
C. They are used to forward tagged traffic only.
D. They are configured in VLAN database mode.
E. They are configured under the trunk interface.
F. They are used to forward both tagged and untagged traffi
Answer: B,E
139
IT Certification Guaranteed, The Easy Way!
Answer:
140
IT Certification Guaranteed, The Easy Way!
NO.430 0n which three options can Cisco PfR base its traffic routing? (Choose threE.
A. Time of day
B. Network performance
C. Router lOS version
D. User-defined link capacity thresholds.
E. An access list with perm it or deny statements.
F. Load-balancing requirements.
Answer: B,D,F
141
IT Certification Guaranteed, The Easy Way!
Answer:
142
IT Certification Guaranteed, The Easy Way!
Answer: A,F
Which two possible network conditions can you infer from this configuration? (Choose two)
A. R2 is configured as the NTP master with a stratum of 7
B. R1 is using the default NTP source configuration
C. The authentication parameters on R1 and R2 mismatched.
D. RI and R2 have established an NTP session
Answer: B,C
NO.435 How does EIGRP derive the metric for manual summary routes ?
A. It uses the worst metric vectors of all component routes in the topology table.
B. It uses the best metric vectors of all component routes in the topology table.
C. It uses the best composite metric of any component route in the topology table
D. It uses the worst composite metric of any component route in the topology table
Answer: C
NO.436 Which topology allows the split-horizon rule to be safely disabled when using EIGRP?
A. Hub and spoke
B. Ring
C. Full mesh
D. Partial mesh
Answer: A
NO.437 Which PIM multicast type is designed to be used for many-to-many applications Within
individual
PIM domains?
A. PIM-DM
B. Bidir-PIM
C. PIM-SM
D. SSM
Answer: B
NO.438 Which two statements about out-of-order packet transmission are true? (Choose two.)
A. It can occur when packets are duplicated and resent
143
IT Certification Guaranteed, The Easy Way!
NO.439 Which mechanism does GET VPN use to preserve IP header information?
A. IPsec tunnel mode
B. GRE
C. MPLS X
D. IPsec transport mode
Answer: A
NO.440 NO: 39
Which two statements about IGMP filters that are operating in access mode are true?
(Choose two)
A. A filter that is applied on the SVI must use the same setting as a same filter that is applied to the
trunk port.
B. They can be applied to the access point only.
C. The port filter is always checked first.
D. The SVI filter is always checked first.
E. They can be applied on both the SVI and the access port.
Answer: C,E
NO.441 Ping and Traceroute extended options are very useful. What is the difference between using
the Record option with the ping command vs. the traceroute command?
A. The record option is not supported with the ping command
B. The record option is not supported with the traceroute command
C. When leveraged with the ping command, the Record option of this command not only informs you
of the hops that the echo request (ping) went through to get the destination, but is also informs you
of the hops it visited on the return path
D. When leveraged with the traceroute command, the Record option of this command not only
informs you of the hops that the echo request (ping) went through to get the destination, but is also
informs you of the hops it visited on the return path
Answer: C
144
IT Certification Guaranteed, The Easy Way!
Answer:
NO.443 Which two pieces of information are returned by the show ipv6 mid snooping querier
command? (Choose two)
A. Learned group information
B. IPv6 address information
C. MLD snooping querier configuration
D. incoming interface
Answer: B,D
NO.444 Which type of QoS is used on the CE device to rate-limit the aggregate traffic towards the
WAN Ethernet circuit?
A. CBWFQ
B. WRED
C. LLQ
D. FIFO
Answer: C
145
IT Certification Guaranteed, The Easy Way!
NO.447 Which two authentication mechanisms are supported by SNMPv3 ?{Choose two)
A. SHA
B. username without password
C. username and password
D. DES
E. a community string
F. 265-bit AES
Answer: A,C
146
IT Certification Guaranteed, The Easy Way!
NO.450 Which two are best practices when configuring VLAN and switch port ?{Choose two)
A. Assign an unused VLAN to all unsed ports.
B. Always use MST to ensure a loop-free topology.
C. Use a dedicated native VLAN ID for all trunk ports.
D. Use VLAN1 as the network management VLAN
E. Set the default port status to Enable.
Answer: A,C
147
IT Certification Guaranteed, The Easy Way!
When a user attempted to log in to R1 via the console, the logon was successful but the user was
placed in user EXEC mode instead of privileged EXEC mode. What action can you take to correct the
problem?
A. Configure the privilege level 15 command under line console 0
B. Configure the username jdoe privilege 15 password 0 cisco command under the global
configuration
C. Configure the aaa authentication login default local enable command under the global
configuration
D. Configure the enable secret level 15 cisco command under the global configuration
E. Configure the aaa authentication console command under the global configuration
Answer: B
NO.452
Refer to the exhibit Which statement about the R1 multicast network environment is true?
A. RPF builds the topolog y using the unicast data for source address 101.108.10
B. The default mroute uses Tunnel10 as the exit interface for 10.1.108.10
C. RPF uses the OSPF'100 table for source address 10.1.108 .10
D. A static mroute is configured to poin multicast traffic for 10.30.30.32 through Ethernet1/0
Answer: B
NO.453 In a DMVPN solution, which component can the GRE tunnel source and destination
generate automatically?
A. pre-shared keys
B. crypto ACLs
C. QoS markings
D. policy maps
Answer: B
148
IT Certification Guaranteed, The Easy Way!
NO.455 How can you configure Wireshark captures to help you troubleshoot output drops on your
network?
A. File the captures to show TCP errors
B. Reduce the time axis to subsecond intervals
C. Collect traffic that is both entering and leaving the affected subnet
D. Collect traffic only when output exceeds the interface rate
Answer: C
NO.457 when EIGRP Auto-summary is enable, what does Auto Summarization do in EIGRP?
A. Summarizes networks from different network boundaries crossing the same major boundary
B. Summarizes networks from same network boundaries
C. Summarizes all network boundaries
D. Summarizes networks from different network boundaries Crossing the different major boundary
Answer: D
NO.458 Which two statements about VRF-lite are true? (Choose two)
A. An isolated VRF routing table is created for each VRF
B. A single customer VRF can support overlapping IP addresses
C. Multiple ISP customers can be supported on one customer edge device.
D. Two or more VRFs can be assigned to a single Layer 3 interface
E. At least one physical interface must be configured to enable a VRF
Answer: A,B
NO.459 Which option describes how the IP address is assigned when you configure a Layer 3
EtherChannel interface?
A. You must assign the IP address to the tunnel interface.
149
IT Certification Guaranteed, The Easy Way!
NO.460 Which three configuration settings must match for switches to be in the same MST region?
(Choose threE.
A. VLAN names
B. password
C. revision number
D. VLAN-to-instance assignment
E. region name
F. domain name
Answer: C,D,E
NO.462 Which three fields are present in the IPv6 header? (Choose threE.
A. Next Header
B. Traffic Class
C. Options
D. Time to Live
150
IT Certification Guaranteed, The Easy Way!
E. Flags
F. Flow Label
Answer: A,B,F
NO.465 What does the DIS on a LAN periodically transmit in multicast to ensure that the.IS-IS link-
state Database is accurate?
A. ISH
B. CSNP
C. IIH
D. PSNP
E. LIP
Answer: B
151
IT Certification Guaranteed, The Easy Way!
After you configure the given IP SLA on a Cisco router, you note that the device is unable to failover
to the backup route even when pings to 10.12.34.5 fail. What action can you take to correct the
problem?
A. Change the ip route 0.0.0.0.0.0.0.0 192.168.1.153 200 command to ip route
0.0.0.0.0.0.0.0
192.168.1.153 12.
B. Change the ipsla schedule 12 life forever start-time now command to ipsla schedule 12 life
forever start- time 00:12:00.
C. The track 12 ipsla 12 state command to track 12 ipsla 12 reachability.
D. Change the frequency 2 command to frecuency 12.
Answer: C
NO.467 Which two conditions can cause unicast flooding? (Choose two)
A. RIB table overflow
B. Forwarding table overflow
C. Symmetric routing
D. Multiple MAC addresses in the Layer 2 forwarding table
E. Recurring TCNs
Answer: B,E
NO.468 For what reason might you choose to use an SVTI interface instead of a crypto map on a
tunnel interface?
A. SVTIs support dynamic routing protocols without GRE headers.
B. SVTIs can support multiple IPSec SAs.
C. SVTIs can carry non-IP traffic.
D. SVTIs support CEF-switched traffic shaping.
Answer: A
NO.469 Which two statements about 6to4 tunnels are true? (Choose two.)
A. They support point-to-point multipoint traffic.
B. They encapsulate IPv6 packets, which allow the packets to travel over Ipv4 infrastructure.
C. They support point-to-point traffic.
D. The support OSPF and EIGRP traffic.
E. They generate an IPv6 prefix using a common IPv4 address.
F. They allow IPv4 packets to travel over Ipv6 infrastructure without modification.
Answer: A,B
152
IT Certification Guaranteed, The Easy Way!
NO.471 When you deploy DMVPN,what is the purpose of the command crypto isakmp key ciscotest
address 0.0.0.0 0.0.0.0?
A. It is configured on the hub and spoke routers to establish peering.
B. It is configured on the hub to sent the pre-shared key for the spoke routers
C. It is configured on the Internet PE routers to allow traffic to traverse the ISP core
D. It is configured on the spokes to indicate the hub router.
Answer: B
NO.472
Refer to the exhibit Which IPv6 OSPF network type is applied to interface Fa0/0 of R2 by default ?
A.broadcast
B.Ethernet
C.multipoint
D.point-to-point
Answer: A
NO.473 Which two statements about cisco Express Forwarding are time? (Choose two)
153
IT Certification Guaranteed, The Easy Way!
A. Adjacency tables and Cisco Express Forwarding tables require packet switching.
B. Cisco Express Forwarding tables contain forwarding information on and adjacency tables contain
reachability information.
C. Adjacency tables and Cisco Express forwarding tables can be separately.
D. Changing MAC header rewrite strings requires cache validation.
E. Cisco Express Forwarding tables contain reach ability information and adjacency tables contain
forwarding information.
Answer: C,E
NO.474 Which three features require Cisco Express Forwarding? (Choose three.)
A. NBAR
B. AutoQoS
C. fragmentation
D. MPLS
E. UplinkFast
F. BackboneFast
Answer: A,B,D
If R1 uses EIGRP to learn route 192.168.10.0/24 from R2, which interface on R1 uses split horizon for
route 192.168.10.0/24?
A. Se0/0
B. Fa0/0
C. Se1/0
D. Fa0/1
Answer: B
NO.476 If you configure EIGRP redistribution on a router without specifying metric values.how the
router respond?
A. It assigns the lowest possible metrics
B. It uses K Values to assign new metrics
C. It uses the originating protocol metrics
D. It fails to enter redistributed routes into the route table
154
IT Certification Guaranteed, The Easy Way!
Answer: D
Answer:
NO.479 which two options are valid IPv6 extension header types?(choose two)
A. Flow Label
B. Version
C. Encapsulating security Payload
D. Mobility
E. Traffic Class
Answer: C,D
When pockets are transmitted from r1 to r2, where are they encrypted?
A. on the EO/0 interface on R1
B. on the outside interface
C. in the forwarding engine
155
IT Certification Guaranteed, The Easy Way!
D. in the tunnel
E. within the crypto map
F. on the EO/1 interface on R2
Answer: A
Answer:
156
IT Certification Guaranteed, The Easy Way!
NO.482 If running an OSPF process without the capability vrf-lite command in a VRF, which value
does the router
additionally check on an OSPF Type 3 LSA?
A. the tag
B. the Max Age timer
C. the prefix length
D. the DN bit
Answer: D
NO.483
Refer to the exhibit. If R1 contacts the RADIUS server but is unable to find the user name in the server
database, how will R1 respond?
A. It will attempt to authenticate the user against the local database
B. It will attempt to contact the TACACS+ server
C. It will prompt the user to enter a new username
D. It will deny the user access
Answer: A
If R1 and R2 are on the same network, what is the effect on the network when you apply the given
configuration to R 1 and R2?
A. A symmetric routing occurs because the bandwidth and delay K value settings are mismatched.
B. The interface bandv.4dlh and delay settings adjust automatically to match the new metric
settings.
C. The neighbor adjacency between R1 and R2temporarily resets and then reestablishes itself.
157
IT Certification Guaranteed, The Easy Way!
NO.485 How are the Cisco Express Forwarding table and the FIB related to each other?
A. Cisco Express Forwarding use a FIB to make IP destination prefix-based switching decisions.
B. The FIB is used to population the Cisco Express Forwarding table.
C. There can be only FIB but multiple Cisco Express Forwarding tables on IOS devices.
D. The Cisco Express Forwarding table allows route lookups to be forwarding to be route processor
for processing before they are sent to the FIB
Answer: A
NO.486 What command can you enter to enable client autoconfiguration over an ISATAP tunnel?
A. tunnel mode ipv6ip isatap
B. no ipv6 nd ra suppress
C. ipv6 nd ra suppress
D. tunnel mode ipv6ip 6rd
Answer: B
NO.488 which value does IS-IS use for Partial Route Computation?
A. IPv4
B. change routes
C. multi area routes
D. variable-length subnets
Answer: B
158
IT Certification Guaranteed, The Easy Way!
NO.492
Refer to the exhibit.Which configuration must you apply to a router so that it can generate a log
message in the given format?
A. service sequence-numbers
159
IT Certification Guaranteed, The Easy Way!
NO.493 Where must the spanning-tree timers be configured if they are not using the default timers?
A. Changing the default timers is not allowed
B. They must be on any non-root bridge
C. Timers must be modified manually in each switch
D. They must be on the root bridge
Answer: D
NO.495 Which two conditions must be met before IS-IS Level 1 routers will become
adjacent?(choose two)
A. The router must share a common process ID
B. The routers must be in the same area
C. The routers must be configured with eh neighbor command
D. The router must be in different areas
E. The routers must share a common network segment
F. The routers must share a common Autonomous System Number
Answer: B,E
NO.496 Which three technologies can be used to implement redundancy for IPv6? (Choose threE.
A. IPv6 NA
B. NHRP
C. HSRP
D. DVMRP
E. GLBP
F. IPv6 RA
Answer: C,E,F
160
IT Certification Guaranteed, The Easy Way!
Answer:
After you apply the given configurations to R1 and R2.which networks does R2 advertise to R1?
A. both 172 16.32.0/20 and 172 16.33.0/24
B. 172.16.32.0/20 only
C. 172.16.0.0/16 only
D. 172.16.33.0/24 only
Answer: C
161
IT Certification Guaranteed, The Easy Way!
NO.499 Which two operating modes does VPLS support? (Choose two)
A. Transport mode
B. Loose mode
C. VLAN mode
D. Strict mode
E. Port mode
F. Dynamic mode
Answer: C,E
NO.501 What is the cause of ignores and overruns on an interface, when the overall traffic rate of
the interface is low?
A. a hardware failure of the interface
B. a software bug
C. a bad cable
D. microbursts of traffic
Answer: D
NO.502 Which two statements about DHCP operations are true? (Choose two)
A. When the DHCP relay agent receives a DHCP messages, If generates a new DHCP message to
transmit
B. The client uses option 125 in a DHCPDISCOVER message to discover the DHCP server
C. The DHCP server inserts option 150 when it sends a DHCPOFFER message
D. The client uses TTL to discover a DHCP server and obtain a leased IP address
E. The DHCP relay agent can insert option 82 with additional information about the client identity
Answer: B,E
NO.503 Which feature must be enabled to support IGMP snooping on a VLAN that is operating
without a multicast router?
A. PIM snooping
B. Auto-RP
C. The IGMP snooping querier
D. MLD
Answer: C
162
IT Certification Guaranteed, The Easy Way!
NO.504 When the BGP additional-paths feature is used, what allows a BGP speaker to differentiate
between the different available paths?
A. The remote BGP peer prepends its own next-hop address to the prefix.
B. A unique path identifier is encoded into a dedicated field to the NLRI.
C. A route distinguisher is appended to the prefix by the receiving BGP speaker.
D. The additional path information is encoded in an extended community.
Answer: B
NO.507 Which two items must be confined to caputure packet data with the Embedded Packet
Caputure feature ? (Choose two)
A. the capture point
B. the capture buffer
C. the coputure file export location
D. the caputure filter
E. the capture rate
F. the buffer memory size
Answer: A,B
NO.508 Which two statements about PPP PAP are true? (Choose Two)
A. It can protect against playback attacks.
B. Login attempts are controlled by the remote node.
C. It is supported only on synchronous interface.
D. It requires two way authentication.
E. It is vulnerable to trial and error attacks.
Answer: B,E
NO.509 In a simple MPLS L3VPN. which two tasks are performed by a PE router?(Choose two)
163
IT Certification Guaranteed, The Easy Way!
NO.510 Which command sequence will configure an auto IP SLA scheduler that starts at 12:45AM on
January 1,
ends after 1hour of inactivity, and repeats every 3 hours for one week?
A. ip sla auto schedule Jan1 start-time 00:45 jan 1 frequency 360 life forever porbe-interval
43200
B. ip sla schedule Jan1 start-time 12:45 jan 1 frequency 60 life 10800 porbe-interval 43200
C. ip sla schedule Jan1 start-time 00:45 jan 1 frequency 360 life 10800 porbe-interval
10800
D. ip sla schedule Jan1 start-time 12:45 jan 1 ageout 360 life 604800 porbe-interval 43200
E. ip sla auto schedule Jan1 start-time 00:45 jan 1 ageout 360 life 604800 porbe-interval
10800
Answer: E
NO.511 In a simple MPLS L3VPN, which two tasks are performed by the PE router?
(Choose two.)
A. It establishes pseudo wires with other PEs.
B. It exchanges VPNv4 and VPNv6 routes with CE Devices.
C. It assigns labels to routes in individual VPNs.
D. It forwards labeled packets to CE devices.
E. It exchanges VPNv4 or VPNv6 route with other PE routers.
Answer: C,E
NO.512 Which technology uses MPLS to provide 1Pv6 connectivity o customers in the core network
without the need for dual stack?
A. 6to4
B. NAT64
C. NAT
D. SPE
Answer: D
NO.513 which feature can be used to allow hosts with routes in the global routing table to access
hosts in a VRF?
A. route target communities
B. address families
C. route leaking
D. extended communities
164
IT Certification Guaranteed, The Easy Way!
Answer: C
If router R1 sends traffic marked with IP precedence 3 to R2's Loopback 0 address, which class would
the traffic match on R2's Gi1/0 interface?
A. CM-CLASS-3
B. class-default
C. CM-CLASS-2
D. CM-CLASS-1
Answer: B
NO.515 which two statements about route redistribution default metrics are true?(choose two)
A. When IGP is redistributed into RIP, it has a default metric of 1
B. When IGP is redistributed into IS-IS, it has a default metric of 115
C. When IGP is redistributed into OSPF, it has a default metric of 110
D. When EIGRP is redistributed into OSPF as E2, it has a default metric of 20
E. When BGP is redistributed into OSPF, it has a default metric of 1
Answer: D,E
165
IT Certification Guaranteed, The Easy Way!
Edge 1 and Edge 2 are running OTV across the transport Network. When an Ethernet frame destined
for MAC address BB arrives at Edge 1, how is the frame encapsulated?
A. Edge 1 encapsulates the frame in an OTV packet after removing the layer 2 preamble and FCS
B. Edge 1 encapsulates the frame in an OTV packet preserving the layer 2 preamble and FCS
C. Edge 1 encapsulates the frame in an OTV packet after recalculating the FCS
D. Edge 1 encapsulates the frame in an OTV after updating the layer 2 preamble with Edge2's MAC
address
Answer: B
NO.517 How is a targeted LDP session different from a standard LOP session?
A. Targeted LDP is used only for neighbors on different segments.
B. Targeted LDP requires SDP to be enabled.
C. Targeted LDP requires RSVP to be enabled.
D. Targeted LDP uses unicast hello messages to peer with other devices
Answer: C
NO.518 Which two statements about OSPF route filtering are true? (Choose two)
A. It can be based on the source router ID.
B. It can be based on the external route tag.
C. It affects LSA flooding.
D. It can be based on the as-path.
E. It can be based on distance-
Answer: A,B
166
IT Certification Guaranteed, The Easy Way!
Routers A and B are the edge devices at two different sites such as shown.
'The two edge devices use public addresses on their WAN interfaces and the both sites use RFC
1918 for all other addresses. If routers A and B have established an IP sec tunnel, which statement
about the network environment must be true?
A. Router A1 and router 81 are using NAT translation to allow private-address traffic to traverse
the tunnel.
B. Router A and router Bare using BGP to share routes between the two sites
C. The tunnel terminates on the ISP routes
D. Each site is capable of routing private addressing over the IPsec tunnel
Answer: D
NO.521 When you implement the EIGRPadd-paths feature, which configuration can cause routing
issues on a
DMVPN circuit?
A. disabling the default variance under the EIGRPprocess
B. enable synchronization under the EIGRPprocess
C. disabling ECMP mode under the EIGRPprocess
D. disabling automatic summarization
E. disabling NHRPwhen deploying EIGRPover DMVPN
F. enabling next-hop-self under the EIGRPprocess
Answer: A
NO.522 Which two options are parts of an EEM policy? (Choose two.)
A. event register
167
IT Certification Guaranteed, The Easy Way!
B. body
C. environment must defines
D. namespace import
E. entry status
F. exit status
Answer: A,B
Answer:
168
IT Certification Guaranteed, The Easy Way!
Answer:
169
IT Certification Guaranteed, The Easy Way!
Which two options are two benefits of this configuration? (Choose two)
A. increased security
B. redundancy
C. reduced jitter
D. reduced latency
E. load sharing
Answer: B,E
NO.526 Which two statements about the Add path support in EIGRP feature are true ? (Choose two)
A. The next-hop-self command should be disabled to prevent interference with the add- paths
command
B. It uses the variance command to alter the metrics of routes
C. It is supported with both DMVPN and GETVPN
D. It is supported in both classic EIGRP and EIGRP named mode configurations
E. It allows a DMVPN hub to advertise as many as five best paths
Answer: A,E
NO.528 Which technology must be enabled on an interface before L2TPv3 can operate correctly?
170
IT Certification Guaranteed, The Easy Way!
A. OSPF
B. MPLS
C. CEF
D. STP
Answer: C
NO.529 Which two statements about OSPFv3 are true? (Choose two.)
A. lt supports the use of a cluster ID for loop prevention.
B. It supports unicast address families for IPv6 only.
C. lt supports unicast address families for 1Pv4 and 1Pv6
D. lt supports only one address family per instance.
E. It supports multicast address families for 1Pv4
F. lt supports multicast address families for 1Pv6
Answer: C,D
NO.530 Which two statements about the BGP community attribute are true?(Choose two.)
A. Routers send the community attribute to all BGP neighbors automatically.
B. A router can change a received community attribute before advertising it to peers.
C. It is a well-known, discretionary BGP attribute.
D. It is an optional transitive BGP attribute.
E. A prefix can support only one community attribute.
Answer: B,D
NO.531 According to the networking best practices .which network device should be used for
optimization and rate limiting?
A. the provider core device
B. the provider edge device
C. the customer core device
D. the coustomer edge device
Answer: D
Answer:
171
IT Certification Guaranteed, The Easy Way!
When R2 attempted to copy a file the TFTP server, it received this error messagE. When action can
172
IT Certification Guaranteed, The Easy Way!
173
IT Certification Guaranteed, The Easy Way!
Which two options are effects of the given configuration? (Choose two)
A. It enables Cisco Express Forwarding on interface FastEthernetO/0
B. It sets the data export destination to 209.165.200.227 on UDP port 49152
C. It enables NetFlow switching on interface FastEthernetO/0
D. It configures the export process to include the BGP peer AS of the router gathering the data.
E. It sets the data export destination to 209.165.200.227 on TCP port 49152.
Answer: B,C
NO.537 which two statement about EIGRPload balancing are true?(choose two)
A. EIGRPsupports unequal-cost paths by default
B. Any path in the EIGRPtopology table can be used for unequal-cost load balancing
C. EIGRPsupports 6 unequal-cost paths
D. Cisco Express Forwarding is required to load-balance across interfaces
E. A path can be used for load balancing only if it is a feasible successor
Answer: C,E
NO.538 which three types of traffic are protected when you implement IPsec within an IPv6-in-IPv4
tunnel?(choose three)
A. IPv6 multicast traffic
B. IPv6 link-local traffic
C. IPv6 unicast traffic
D. IPv6 broadcast traffic
E. IPv4 broadcast traffic
F. IPv4 tunnel control traffic
Answer: A,B,C
174
IT Certification Guaranteed, The Easy Way!
Answer:
175
IT Certification Guaranteed, The Easy Way!
Answer:
176
IT Certification Guaranteed, The Easy Way!
After you apply the given configurations to R1 and R2, which network does R2 advertise to R1?
A. 172.16.0.0 /16 only
B. Both 172.16.32.0/20 and 172.16.33.0/24
C. 172.16.32.0/20 only
D. 172.16.33.0/24 only
Answer: A
Answer:
177
IT Certification Guaranteed, The Easy Way!
Which two statements about this CoS mapping are true? (Choose two.)
A. It maps the first queue and first threshold to CoS2 and CoS3 .
B. It maps the second queue and first threshold to CoS 2.
C. It maps the second queue and first threshold to CoS 3.
D. It maps CoS values to the transmit queue threshold.
E. It maps the second threshold to CoS 2 and CoS 3.
Answer: D,E
178
IT Certification Guaranteed, The Easy Way!
179
IT Certification Guaranteed, The Easy Way!
NO.547 Which two statements about route redistribution default metrics are true?(Choose two)
A. When an IGP is redistributed into OSPF,it has a default metric of 110.
B. When an IGP is redistributed into RIP,it has a default metric of 1.
C. When BGP is redistributed into OSPF,it has a default metric of 1.
D. When an IGP is redistributed into IS-IS,it has a default metric of 115.
E. When EIGRP is redistributed into OSPF as E2,it has a default metric of 20.
Answer: C,E
NO.550 which action must you take to configure encryption for a dynamic VPN ?
A. Configure an FQDN identity in the crypto key string.
B. Configure an FQDN on the router.
C. Configure an FQDN peer in the crypto profile.
D. Configure an FQDN in the crypto key string.
180
IT Certification Guaranteed, The Easy Way!
Answer: A
NO.551 what are two message types that are filtered by an IPv4 multicast boundary?(choose two)
A. PIM hello messages to 224.0.0.13
B. PIM Prune messages
C. PIM hello messages on the local segment
D. PIM Register messages
E. PIM Join messages
F. link-local message
Answer: A,B
NO.552 Which two hashing algorithms can be used when configuring SNMPv3? (Choose two)
A. MD5
B. SHA-1
C. Blowfish
D. DES
E. AES
F. SSL
Answer: A,B
NO.554 In an MPLS-VPN environment, what is the effect of configuration an identical set of route
targets for a particular VRF but then configuration a nonidentical RD across multiple PE devices?
A. The routes are not sent to any remote PE with different RD.
B. The routes are directly managed by the control plane, but there are instances where routes take
up twice as much memory.
C. The routes are rejected by the remote PE because they have a different RD than its routes.
D. The routes propagate to the remote PE, but the PE never installs the, in its forwarding table.
Answer: D
181
IT Certification Guaranteed, The Easy Way!
Answer:
182
IT Certification Guaranteed, The Easy Way!
Which three statements correctly describe the route reflectors behavior? (Choose three )
A. The route reflector will reflect routes from R1 to R2
B. The route reflector will not reflect routes from R1 to R2
C. The route reflector will reflect routes from R1 to R3
D. The route reflector will not reflect routes from R1 to R3
E. The route reflector will reflect routes from R3 to R1
F. The route reflector will not reflect routes from R3 to R1
Answer: A,C,E
After you configured DHCP snooping to block a rouge DHCP server from
assigning IP addresses to devices on your network you notice that all ports on the switch are still
trusted. Which action can you take to correct the problem?
183
IT Certification Guaranteed, The Easy Way!
NO.559 Which action does route poising take that serves as a loop-prevention method?
A. It prohibits a router from advertising back onto the interface from which it was learned.
B. It immediately sends routing updates with an unreachable metric to all devices.
C. It poisons the route by tagging it uniquely within the network.
D. It advertises a route with an unreachable metric back onto the interface from which it was
learned.
Answer: B
NO.561 Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.)
A. the process ID
B. the hello interval
C. the subnet mask
D. authentication
184
IT Certification Guaranteed, The Easy Way!
E. the router ID
F. the OSPF interface priority
Answer: B,C,D
NO.562 Which two statements about the default SNMP configuration are true? (Choose two)
A. All SNMP notification types are sent
B. The SNMP trap receiver is congigured
C. SNMPv3 is the default version
D. The SNMP agent is enabled.
E. SNMPv1 is the default version.
Answer: A,E
NO.563 What are the two EEM event subscribers? (Choose two)
A. applet
B. script
C. syslog
D. CLI
E. none
Answer: A,B
NO.565 On a network with multiple VLANs, which three tasks must you perform to configure IP
source guard on
185
IT Certification Guaranteed, The Easy Way!
NO.566 You need to modify the IOS L3switch configuration for High Availability operation. What
additional configuration is needed, if any?
A. Modify the configuration to use VRRP, which has additional functionally that works better for High
Availability.
B. Enable HSRP preempt with a delay to allow time for he routing and switching protocols to
converge.
C. Enable HSRP preempt to force the primary L3 switch to resume th master role after a failure.
D. The shown configuration is sufficient for High functionally.
Answer: B
186
IT Certification Guaranteed, The Easy Way!
NO.570 Which two statements about AT0M are true? (Choose two)
A. When using AToM, the IP precedence field is not copied to the MPLS packet
B. It provides support for L2VPN features on ATM interfaces
C. It encapsulates Layer 2 frames at the egress PE
D. AToM supports connecting different L2 technologies using internetworking option
E. The loopback address of the PE router must be either /24 or /32
Answer: A,D
When R2 attempted to copy a file from the TFTP server, it received this error message.
Which action can you take to correct the problem?
A. Configure the iptftp source-interface Loopback0 command on R1.
B. Configure the iptftp source-interface Loopback0 command on R2.
C. Configure the iptftp source-interface Fa0/1 command on R2.
D. Change the access-list configuration on R1 to access-list 1 permit 172.16.1.0 0.0.0.255
E. Configure the iptftp source-interface Fa0/1 command on R1.
Answer: B
NO.572 Your NetFlow collector is not working due to a large amount of traffic entering your network
which is destined to a single IP address. Which NetFlow feature allows you to collect the top source
hosts for this traffic on the local router?
A. NetFlow can export flows only to.a external flow collector
187
IT Certification Guaranteed, The Easy Way!
B. ip flow-top-talkers
C. ip accounting
D. show ip cache flow
Answer: B
NO.574 R1
interface Loopback0
ip address 172.16.1.1 255.255.255.255
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
router eigrp 100
no auto-summary
redistribute connected metric 10000 1 255 1 1500
router ospf1
redistribute eigrp 100
network 192.168.12.0 0.0.0.255 area 0
R2
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
router ospf1
network 192.168.12.0 0.0.0.255 area 0
Refer to the exhibit. While troubleshooting a connectivity issue between R1 and R2, you determine
that R1's
Loopback0 network is missing from R2's route table. What is this likely cause the problem>
A. The router is configured to redistribute only broadcast networks
B. The router can redistribute only point-to-point networks
C. The route is excluding the Loopback0 interface fro redistribute because it si redistributing other
OSPF
interface
D. The subnets keywords is missing from the redistribute eigrp command on R1
Answer: D
NO.575 Which type of packet is sent by an HSRP router to advertise the virtual IP address?
A. Gratuitous ARP
B. ARP Request
C. HSRP Hello
D. HSRP Coup
188
IT Certification Guaranteed, The Easy Way!
Answer: A
NO.576 What are two ways DHCPv6 guard can mitigate man-in-the-middle attacks?
A. An interface in the server device role can use ACLs to filter authorized servers.
B. An interface in the server device role can drop all DHCPv6 server messages.
C. An interface in the client device role can use ACLs to filter authorized servers.
D. An interface in the server device role can use prefix-lists to filter authorized DCHP reply messages.
E. An interface in the client device role blocks all DCHPv6 server messages by default.
Answer: C,E
NO.577 Which is the maximum number of classes that MQC can support in a single policy map ?
A. 512
B. 256
C. 128
D. 64
Answer: B
NO.578 Which attribute is not part of the BGP extended ecommunity when a PE creates a.VPN- IPv4
route while running OSPF between PE-CE?
A. MED
B. OSPF network type
C. OSPF domain identifier
D. OSPF route type
E. OSPF router id
Answer: B
NO.579
Refer to the exhibit.Which two statements are true regarding prefix 10.1.0.0/24?(Choose two)
189
IT Certification Guaranteed, The Easy Way!
A. The prfix is in policyand Cisco PfR rerouted the.traffic' via 10.4.5.3 Et0/1 because of an OOP event
B. The prfix is in policyand Cisco PfR did not reroute the traffic via 10.4.5.3 Et0/1 because the traffic
was previously in policy
C. Cisco PfR is monitoring the prefix via active throughput IP SLA proble mode only
D. Cisco PfR is monitoring the pr fix via monitorwhich provides both NetFlow and IP SLA
measurements /
E. Cisco PfR is monitoring the prefix via passive NetFlow mode only
Answer: B,D
NO.580 Which two options are two problems that Bridge Assurance can protect against ? (Choose
two)
A. The forwarding of data traffic, after the spanning tree algorithm is stopped
B. BPDU flooding
C. Ports being put into a root-inconsistent state
D. Show convergence time after a topology change
E. Unidirectional link failures
Answer: C,E
NO.581 Which two route types are allowed to exit an EIGRP stub? (Choose two)
A. Host
B. Connected
C. Default
D. Static
E. Summary
Answer: B,E
while Reviewing a log file on a router with this NTP configuration ,you note that the log entries of the
router display a different time than the NTP timE.which action can u take to correct the
190
IT Certification Guaranteed, The Easy Way!
problem?
A. add the local time keyword to the service timestamps log datetime statement.
B. add the msec keyword to the service time stamps log datetime statement
C. add the statement ntp broadcast to the ntp configuration of the neighboring router
D. configure the router to be the NTP master
E. Remove the datetime keyword from the service time stamps log datetime statement.
Answer: A
NO.584 Which statement about the default QoS configuration on a.Cisco switch is true?
A. AII traffic is sent through four egress queues
B. Port trust is enabled
C. The Port CoS value is 0
D. The CoS value of each tagged packet is modified
Answer: C
NO.585 Which option is the common primary use case for tools such as Puppet.Chef.Ansible.and
Salt?
A. network function visualization
B. network orchestration
C. Configuration management
D. Policy assurance
Answer: C
NO.586 Which IPv6 tunneling mechanism requires a service provider to nude one of its own native
IPv6 blocks to guarantee that its IPv6 hosts will be reachable?
A. 6rd tunneling
B. Automatic 6to4 tunneling
C. manual ipv6ip tunneling
D. NAT-PT tunneling
E. Automatic 4to6 tunneling
F. ISATAP tunneling
Answer: F
NO.587
Refer to the exhibit. Which two effects of this configuration are true?(choose two)
A. The priority queue is disabled
B. Queue 1 is allocated 4 percent of the availabel bandwdith and queue 2 is allocated 2 percent of
the available bandwidth
C. Queue 1 is a priority queue that is allocated 1/3 of theailable bandwidth
D. Queue 1 is served twice as fast as queue 2
191
IT Certification Guaranteed, The Easy Way!
NO.588 Which two solutions can reduce UDP latency? (Choose two)
A. low-latency queuing
B. congestion-avoidance algorithm
C. fast retransmission
D. IP service level agreements
E. fast start
F. fast recovery
Answer: A,D
NO.590 Which options is the implicit access rule for IPv6 ACLs?
A. permit all
B permit neighbor discovery, deny everything else
B. deny all
C. permit all ICMP, deny everything else
Answer: B
Answer:
192
IT Certification Guaranteed, The Easy Way!
Which two statements about the output are true? (Choose two.)
A. 802.1D spanning tree is being used.
B. Setting the priority of this switch to 0 for VLAN 1 would cause it to become the new root.
C. The hello, max-age, and forward delay timers are not set to their default values.
D. Spanning-tree PortFast is enabled on GigabitEthernet1/1.
Answer: A,B
Explanation:
8 02.1D is the standard for Spanning tree, which is being used here. For priority, The priority order
starts from 0 (yes, 0 is valid) and then increases in 4096.
0 , 4096, 8192, 12288, .... Etc.
The lower the number is, the higher is the priority. Here we see that the current root has a priority of
8192, so configuring this with a priority of 0 will make it the new root.
193
IT Certification Guaranteed, The Easy Way!
Answer:
Which action can you take to prevent loops and suboptimal routing on this network?
A. Configure the rfc2328compatibility command under the Cisco IOS OSPF routing process only
B. Configure the rfc2328compatibility command under the Cisco IOS OSPF NX-OS routing process
only
C. Configure the ref1583compatibility command under the Cisco NX-OS OSPF routing process only
D. Configure the ref1583compatibility command under the Cisco IOS OSPF routing process only
E. Configure the rfc2328compatibility command Cisco IOS and NX-OS OSPF routing processes
F. Configure the rfc2328compatibility command under the Cisco IOS and NX-OS OSPF routing
Answer: C
NO.595 Which two protocols are used by the management plane?(choose two)
194
IT Certification Guaranteed, The Easy Way!
A. oSPF
B. bGP
C. DTP
D. telnet
E. ISSU
F. TFTP
Answer: D,F
NO.596 For which r ason can two QSPF neighbor routers on the same LAN segment be stuck in the.
Wvo-way state?
A. The two routers have different MTUs on the interface.
B. The two routers are configured with different priorities
C. The intefface priority is set to zero on both routers.
D. Both routers have the same OSPF router 10.
Answer: C
NO.597 Which IPv6 migration allows IPv4-only devices to communicate with IPv6-only devices?
A. ISATAP tunnel
B. GRE tunnel
C. Dual stack
D. NAT64
Answer: D
NO.598 Which two statements about static routing are true?(Choose two)
A. It is highly scalable as networks grow.
B. It provides better security than dynamic routing.
C. It reduces configuration errors.
D. It requires less bandwidcth and fewer CPU cycles than dynamic routing protocols.
E. It can be implemented more quickly than dynamic routing.
Answer: B,D
Answer:
195
IT Certification Guaranteed, The Easy Way!
NO.601 which IPv6 first hop security feature blocks traffic sourced form ipv6 address that are
outside the prefix gleaned from router advertised
A. IPv6 source guard
B. IPv6 DHCP guard
C. IPv6 RA guard
D. IPv6 prefix guard
Answer: D
NO.602 Which two statements about EIGRP acknowledgement packets are true?(choose two)
A. They are unicast
B. They are Hello packets sent without data
C. They can combine multiple packs in a single packet
D. They are multicast
E. They are broadcast
F. They are required for every request packet
Answer: A,B
NO.603 What is the default console authentication method on the Cisco routers ?
A. Local
B. EAPol
C. open
D. TACACS+
E. no authentication
F. RADIUS
Answer: E
196
IT Certification Guaranteed, The Easy Way!
Answer:
What is the reason that the two devices failed to form an EIGRP neighbor relationship?
A. The K-values are valid.
B. The two devices have different key IDs.
C. The hold timers are mismatched.
197
IT Certification Guaranteed, The Easy Way!
NO.606 When you implement PfR, which IP SLA probes is used to determine the MOS?
A. throughput
B. jitter
C. latency
D. packet loss
Answer: B
NO.607 Which command can you enter on a device so that unsolicited log messages appear on the
console after solicited log messages?
A. logging bufferd 4096
B. no logging console
C. logging synchronous
D. service timestamps log uptime
Answer: C
NO.608 What are the three required attributed in a BGP update message?
A. Aggregator
B. Community
C. Next_hop
D. Origin
E. Med
F. AS_PATH
Answer: C,D,F
NO.609 Which two BGP attributes are optional non-transitive attributes? (Choose two.)
A. Weight
B. MED
C. Local preference
D. Cluster list
E. AS path
Answer: B,D
198
IT Certification Guaranteed, The Easy Way!
Answer:
NO.611 which three statements about the route preference of IS-IS are true?(choose two)
A. An L1 path is preferred over an L2 path
B. Within each level, a path that supports optional metric is preferred over a path that supports only
the default metric
C. The Cisco IS-IS implementation usually performs equal cost path load balancing on up to eight
paths.
D. An L2 path is preferred over an L1 path
E. Both L1 and L2 routes will be installed in the routing table at the same time
F. Within each level of metric support, the path with the lowest metric is preferred.
Answer: A,B,F
NO.612 What can PfR passive monitoring mode measure for UDP flows?
A. loss
B. delay
C. reachability
D. throughput
199
IT Certification Guaranteed, The Easy Way!
Answer: D
If the route to 10.1.1.1 is removed from the R2 routing table, which server becomes the master NTP
server?
A. R2
B. The NTP server at 10.3.3.3
C. The NTP server at 10.4.4.4
D. The NTP server with the lowest stratum number
Answer: D
NO.614 Refer to the exhibit. What is the meaning of the asterisk (*) in the LSP Seq Num column of
this "show isis database" output?
A. The LSP originated on a router with an invalid hold time
B. The LSP originated on a L1-L2 type router
C. The LSP originated on the router where the command is being executed
D. The LSP originated on a router which is capable of wide metrics
Answer: D
NO.615 Which two statement about the EIGRP Over the Top feature are true?(Choose two.)
A. EIGRP routers traffic between the PE devices.
B. Traffic is USP-encapsulated on the control plane.
C. The neighbor command must be configured with LISP encapsulation on wach CE device.
D. The network statement must be configured on each PE device to connect separate EIGRP sites.
E. The network statement must be configured on each CE device to connect separate EIGRP sites
F. Traffic is LISP-encapsulated on the data plane.
Answer: C,F
NO.616 What command can you enter to enable client autoconfiguration over an ISATAP tunnel?
A. tunnel mode ipv6ip isatap
B. no ipv6 nd ra suppress
C. ipv6 nd ra suppress
D. tunnel mode ipv6ip 6rd
Answer: B
NO.617 What is the maximum size of a packet that can be sent successfully from R3 to 10.1.2.1
without enabling fragmentation?
A. 1490 bytes
B. 1501 bytes
200
IT Certification Guaranteed, The Easy Way!
C. 1480 bytes
D. 1479 bytes
E. 1500 bytes
F. 1521 bytes
Answer: C
Answer:
NO.619 When you deploy DMVPN, what is the purpose of the command crypto isakmp key ciscotest
address
0.0.0.0?
A. It configured on hub to set the pre-shared key for the spoke routers
B. It configured on the Internet PE routers to allow traffic to traverse the ISP core
C. It configured on the spokes to indicate the hub router
D. It configured on hub and spoke router to establish peering
Answer: A
NO.620 Which two statements correctly describe MLD snooping? (Choose two.)
A. It is independent of IGMP snooping
B. It can be disabled globally and then enabled on individual VLANs
201
IT Certification Guaranteed, The Easy Way!
NO.621 Which three responses can a remote RADIUS server return to a client? (Choose threE.
A. Reject-Access
B. Access-Accept
C. Access-Reject
D. Accept-confirmed
E. Reject-Challenge
F. Access-Challenge
Answer: B,C,F
When it attempted to register the EEM script, the device returned this error message.
Which action can you take to correct the problem?
A. Configure the end command at the end of the BACKUP EEM policy
B. Configure the event none command so that the event can be triggered manually
C. Configure the event action to run the applet
D. Configure the event manager run command to register the event
Answer: C
NO.623 Which IP SLA operation type is enhanced by the use of the IP SLAs Responder?
A. DNS
B. HTTP
C. ICMP Echo
D. UDP Echo
Answer: D
NO.624 What are two functions of an NSSA in an OSPF network design?(Choose two)
A. It overcomes issues with suboptimal routing when there are multiple exit points from the areas
B. It uses opaque LSAs
C. It allows ASBRs to inject external routing information into the area
D. An ASBR advertises type 7 LSAs into the area
E. An ABR advertises type 7 LSAs into the area
Answer: C,D
NO.625 which two statements about single-hub DMVPN are true?(choose two)
A. Two spokes that are behind different NAT devices that both use PAT can establish a poke-to-spoke
connection
202
IT Certification Guaranteed, The Easy Way!
B. Cisco best practices recommend that dynamic spoke-to-spoke tunnel connections use wildcard
preshared keys for ISAKMP authentication
C. Dynamic spoke-to-spoke tunnel connections support IKE certificates for ISAKMP authentication
D. Each DMPN spoke requires a unique IP address after NAT translation
E. DMVPN networks support GRE tunnel keepalives on multipoint GRE tunnels
F. DMVPN networks support GRE tunnel keepalives on point-to-point GRE tunnels
Answer: C,E
NO.626 Which two statements about HDLC operations in asynchronous balanced mode are true?
(Choose two.)
A. Either device can send frames at any time.
B. Each device must negotiate with its neighbor before sending frames.
C. Each device must negotiate with its neighbor to recover from framing errors.
D. Either device can initiate transmission of frames.
E. The initiating device sends a DTE frame.
Answer: C,D
NO.627 Which GDOI key is responsible for encrypting control plane traffic?
A. the traffic encryption key.
B. the preshared key
C. the key encryption key
D. the key-chain.
Answer: A
NO.628 How can you protect a device from Dos attacksdirected against its terminal and
management ports?
A. Enable AAA local authentication on the terminal and management ports
B. Configure TCP keepalives on the terminal and management ports
C. Reserve a terminal or management port with a highly restrictive ACL
D. Configure the max-login-attempts command on the terminal and management ports
Answer: D
NO.629 which two statements about the IS-IS cost metric are true?(choose two)
A. The cost is calculated automatically based on the interface bandwidth and delay
B. It is the only IS-IS metric supported on Cisco devices
C. The cost is calculated automatically based on the delay only
D. The cost is calculated automatically based on the interface bandwidth only
E. A default cost of 1 is automatically assigned to all interface
F. A default cost of 10 is automatically assigned to all interface
Answer: D,F
203
IT Certification Guaranteed, The Easy Way!
Answer:
NO.632 Which two statements about logging are true? (Choose two)
A. The mnemonic can refer to a hardware device, a protocol, or a software module.
B. When you enable sequence numbers, the datetime timestamp is disabled automatically by
default.
C. Log messages include a mnemonic that describes the message.
D. A log message's facility value indicates the hardware on which the log message was generated.
E. Logs can be displayed on the console or on a remote terminal.
F. A log message can include both uptime and the datetime timestamp.
Answer: C,E
204
IT Certification Guaranteed, The Easy Way!
NO.634 A network engineer implements ISIS for IPv6 and then discovers that ISIS adjacencies are
going down. Which action can be taken to fix this problem?
A. Enable multitopology on the ISIS domain
B. Configure link local IPv6 addresses on ISIS interfaces
C. Change the is-type on all ISIS routers to level-2-only
D. Enable ISIS for IPv6 on loopback interfaces
Answer: D
205
IT Certification Guaranteed, The Easy Way!
Answer:
206
IT Certification Guaranteed, The Easy Way!
Answer: D
You are configuring the S1 switch for the switch port that connects to the clients company- Which
configuration blocks users on the port from using more than 6 Mbps of traffic and marks the traffic
for a class of service of 1?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
NO.640 163 QUESTIN TEXT IS NOT AVAILABLEwhich three statements about EIGRP and BFD are true
? (choose threE.
A. BFD is independent of the routing protocol,so it can be used as a generic failure detection
mechanism for EIGRP.
207
IT Certification Guaranteed, The Easy Way!
B. Some parts of BFD can be distributed to the data plane,so it can be less CPU-intensive than
reduced timers, which exist wholly at the control plane.
C. Reduced EIGRP timers have an absolut minimum detection timer of 1-2 seconds; BFD can provide
sub-second failure detection
D. BFD is tied to specific routing protocols and can be used for generic fault detection for the
OSPF,EIGRP and BGP routing protocol
E. BFD is dependent on the EIGRP routing protocol,so it can be used as a specific failure detection
mechanism
F. BFD resides on the control plane,so it is less CPU-intensive than if it resided on the date plane
Answer: A,B,C
NO.641 Which IS-IS network type can operate in the absence of a DIS?
A. point-to-multipoint
B. Ethernet
C. NBMA
D. point-point
Answer: D
NO.642 Which two statements about DMVPN with NHRP are true? (Choose two)
A. NHRP shortens the configuration of the hub router.
B. NHRP dynamically provides information about the spoke routers to the hub.
C. NHRP disables multicast
D. The hub router uses NHRP to initiate the GRE tunnel with spokes.
E. The spoke routers act as the NHRP servers.
Answer: A,B
208
IT Certification Guaranteed, The Easy Way!
If the given network is in the process of being migrated from EIGRP to OSPF , includes external
routes, and all routers are currently running both protocol action must you perform to complete the
migration?
A. Change the EIGRP Administrative Distance to 111, wait until all routers are present, and then
change it back to the default value.
B. Change the OSPF Administrative Distance to 91, wait until all routers are present, and then change
it back to the default value.
C. Change the EIGRP Administrative Distance to match the OSPF Administrative Distance, wait until
all
Routers are present, and then change the EIGRP Administrative Distance back to the default value.
D. Change the OSPF Administrative Distance to 171, wait until all routers are present, and then
change it
back to the default value.
Answer: D
NO.644 Which two statements about scheduling multiple IP SLA operations are true?
A. You must configure IP SLA operations before you can schedule a group of operations.
B. The ip sla monitor group schedule command must be configured on the device.
C. You must configure the frequency of each IP SLA operation before it can start.
D. The IP SLA operations must be scheduled at a maximum interval of 30 seconds.
E. Every IP SLA operation in a single group must start at the same time.
Answer: A,C
Answer:
209
IT Certification Guaranteed, The Easy Way!
NO.646 An IP SLA fails to generate statistics. How can you fix the problem?
A. Add the verify-data command to the router configuration
B. Reload the router configuration.
C. Remove the ip sla schedule statement from the router configuration and re-enter it.
D. Add the debug ip sla trace command to the router configuration.
E. Add the debug ip sla error command to the router configuration.
Answer: A
Answer:
210
IT Certification Guaranteed, The Easy Way!
NO.648 which two methods are used to configure an RP in a PIM-SM network?(choose two)
A. PIM-DM
B. anycast
C. SSM
D. Auto-RP
E. BSR
Answer: D,E
NO.649 Which two OSPF network type require the use of a DR and BDR? {Choose two)
A. non-broadcast networks
B. point-to-point networks
C. point-to-point non-broadcast networks
D. broadcast networks
E. point-to-multipoint networks
Answer: A,D
NO.650 According to the networking best practices, which networ1< device should be used for
optimization and rate limiting?
A. The provider core device
B. The provider edge device
C. The customer core device
D. The customer edge device
Answer: D
Answer:
211
IT Certification Guaranteed, The Easy Way!
NO.652 Which three features does GETVPN support to improve deployment and scalability?
(Choose three.)
A. redundant IPsec tunnels between group members and the key server
B. allowing traffic to be discarded until a group member registers successfully.
C. GDOI protocol configuration between group members and the key server.
D. local exceptions in the traffic classification ACL.
E. redundant multicast replication streaming through the use of a bypass tunnel.
F. configuration of multiple key servers to work cooperatively.
Answer: A,E,F
You have noticed that when the link netween R2 and R3 goes down, traffic to route
1 92.168.1.0/24 continues to exit R1 through interface F0/0. If all routers on the given network are
running
EIGRP, what is the most likely reason for the problem?
A. R3 waits until the R2 hold time expires before advertising its path
B. R2 is failing to properly advertise 192.168.10.0/24 because it is configured as a hub router instead
of a Stub
router
C. R2 is still advertising the summary route because one child route exists
212
IT Certification Guaranteed, The Easy Way!
Which two statements about the device configuration are true? (Choose two.)
A. The device has control-plane protection enabled.
B. The device implicitly allows Tel net connections.
C. The GigabitEthemet0/1 interface of the device allows incoming SSH and SNMP connections.
D. The device has management-plane protection enabled.
E. The device allows SSH connections to its loopback interface.
Answer: C,D
NO.655 Which mechanism does GET VPN use to preseNeIP header information?
A. MPLS
B. IPsec transpo mode
C. GRE
D. IPsec tunnel mode
Answer: D
NO.656 Which statement is true when using a VLAN ID from the extended VLAN range (1006-
4094)?
A. STP is disabled by default on extended-range VLANs.
B. VLANs in the extended VLAN range can only be used as private
C. VLANs in the extended VLAN range cannot be pruned
D. VLANs in the extended VLAN range can be used within either client or server mode
Answer: C
NO.657 What is the EUI 64-bit address corresponding to MAC address 0032F4C57781?
A. FFFE0032F4C57781
B. 0032F4FFFEC57781
C. 0032F4C57781FFFE
D. C57781FFFE0032F4
Answer: B
NO.658 Which two statements about IPv4 and IPv6 networks are true? ( Choose two)
A. IPv6 uses a required checksum at the network layer
213
IT Certification Guaranteed, The Easy Way!
NO.659 Which Catalyst switch feature configured on a per-port basis can be used to prevent
attached hosts from joining select multicast group?
A. IGMP Filtering
B. MLD Filtering
C. IGMP Snooping
D. PIM Snooping
Answer: A
NO.661 Which option describes the purpose of the no ip next-hop-self eigrp configuration line in
DMVPN
deployment?
A. It allows the spoke routers to change the next hop value when sending EIGRPupdates to the hub
router
B. It enables EIGRPto dynamically assign the next hop value based on the EIGRPdatabase
C. It allows the spoke routers to change the next hop value when sending EIGRPupdates to the spoke
router
D. It preserves the original next hop value as learned by the spoke routers
E. It preserves the original next hop value as learned by the hub routers
Answer: D
214
IT Certification Guaranteed, The Easy Way!
Answer:
NO.663 %CFIB-7-CFIB_EXCEPTIONS: FIB TCAM exception, Some entries will be software switched
Refer to the exhibit. If a Layer 3 switch running OSPF in a VRF-lite configuration reports this error,
which action can you take to correct the problem?
A. Add the vrf-lite capability to the OSPF configuration
B. Set mls cef maximum-routes in the global configuration
C. Configure the control plane with a large memory allocation to support the Cisco Express
Forwarding
Information Base
D. Upgrade the Layer 3 switch to a model that can support more routes
Answer: B
NO.665 Which three options are capabilities of queuing and scheduling?(Choose three)
A. queue buffers
B. weighted tail drop
C. bandwidth limitation
D. CAR
E. PBR
F. policing
Answer: A,C,F
215
IT Certification Guaranteed, The Easy Way!
NO.667 Which route types are redistributed from OSPF into BGP by default?
A. AII route types
B. External routes only
C. lnter-area routes only
D. lntra-area routes only
E. lntra-area routes and inter-area routes
Answer: E
NO.668 Which two statements about IPv6 PIM are true?(Choose two)
A. PIM-SM and PIM-SSM can be configured in the same network
B. PIM-SM bases its RPF checks on the unicast routing table
C. It supports both sparse mode and dense mode
D. It supports both Auto-RP and BSR
E. It works in conjunction with unicast routing protocols to send and receive multicast updates
Answer: A,B
NO.669 A floating static route pointing to an interface appears in the routing table even when the
interface
is down. Which action can you take to correct the problem?
A. Correct the DHCP-provided route on the DHCP server
B. Remove the permanent option form the static route
C. Correct the administrative distance
D. Configure the floating static route to point to another route the routing table
Answer: B
NO.670
216
IT Certification Guaranteed, The Easy Way!
NO.672 Which command must you configure on a device so it can establish an IPv6-in-IPv4 IPSec
tunnel?
A. vrf context vrf-name
B. mpls ip
C. ip cef
D. ipv6 unicast-routing
217
IT Certification Guaranteed, The Easy Way!
Answer: D
If R1 and R2 cannot establish an EIGRP neighbor adjacency, which reason for the problem is most
likely true?
A. The auto-summary command under the route process is disabled
B. The hello-interval and hold-time values are invalid
C. The MTU value between R1 and R2 is too small
D. The primary networks are on different subnets
Answer: D
NO.675 Which option describes how a VTPv3 device responds when it detects a VTPv2 device on a
trunk
port?
A. It sends VTPv2 packets only
B. It sends a Special packet that contains VTPv3 and VTPv2 packets information.
C. It sends VTPv3 packets only.
D. It sends VTPv3 and VTPv2 packets.
Answer: D
NO.676 Which data plane protocol does EIGRP Over the Top use
A. GRE
B. MPLS
C. LISP
D. IP-in-IP
Answer: C
NO.677 Which mechanism does get vpn use to preserve ip header information?
218
IT Certification Guaranteed, The Easy Way!
A. GRE
B. MPLS
C. IPsec transport mode
D. IPsec tunnel mode
Answer: D
NO.678 Refer to the exhibit. Which EEM script can you apply to the device so that logged-in users
are recorded in syslog messages
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
219
IT Certification Guaranteed, The Easy Way!
Answer:
Which option describes the purpose of the as-set argument of the aggregate-address command?
A. It provides a list of AS numbers top which the aggregate is advertised.
B. It provides a predefined AS path in the aggregate advertisement that is used to indicate and
aggregate
prefix.
C. It provides as AS path in the aggregate advertisement that contains only the local AS number.
D. It provides an AS path in the aggregate advertisement that includes the AS numbers of the
component
members.
Answer: D
NO.681 Which feature can be used to allow hosts with routes in the global routing table to access
hosts in a VRF?
A. Extended communities
B. Route target communities
C. Route leaking
D. Address families
Answer: C
NO.682 Which option describes show a network administrator prevents possible routing loops for
VLSM subnets that are missing from the routing table?
A. Create a route for the subnet to the null interface and then redistribute the static route into the
routing process.
B. Create a loopback interface with the correct subnet and then redistribute the connected interface
to the routing table
C. Create a loopback interface with the correct subnet and the routing protocol automatically injects
it into its routing process
220
IT Certification Guaranteed, The Easy Way!
D. Create a route for the subnet to the null interface and the routing protocol automatically injects it
into its routing process.
Answer: A
NO.683 When you deploy DMVPN, What is the purpose of the command key cisco test address
0.0.0.0.0.0.0.0.?
A. lt is configured on the hub and spoke routers to establish peering
B. It is configured on the hub to set the pre-shared key for the spoke routers.
C. It is configured on the internet PE routers to traverse the ISP core.
D. lt is configured on the spokes to router.
Answer: B
NO.685 Which cache aggregagation scheme is supported by NetFlow ToS-based router aggregation?
A. destination prefix
B. AS
C. protocol port
D. prefix-port
Answer: D
NO.687 Which statement is true when using a VLAN ID from the extended ULAN range (1006-
4094)?
A. STP is disabled by default on extended-range VLANs.
B. VLANs in the extended VLAN range can only be used as private VLANs.
C. VLANs in the extended VLAN range cannot be pruned.
D. VLANs in the extended VLAN range can be used with VTPV2 in either client or server mode.
Answer: C
221
IT Certification Guaranteed, The Easy Way!
NO.688 Which effect of configuring the passive-interface S0/0 command under the EIGRP routing
process is true?
A. It prevents EIGRP neighbor relationships from being formed over interface S0/0
B. It configures interface S0/0 to send hello packets with the passive-interface bit set
C. It configures interface S0/0 to suppress all outgoingrouting updates
D. It configures_interface S0/0 to reject al-I incoming routing updates
Answer: A
NO.690 Which command can you enter to allow a multicast-enabled router to advertise itself to the
BSR router as PIMv2 c-RP?
A. ip pim autorp listener
B. ip pim send-rp-announce
C. ip pim rp-candidate
D. ip pim rp-address
E. ip pim send-rp- discovery
Answer: C
Which two statements about this configuration are true? (Choose two)
A. It creates summary routes and injects them into EIGRP
B. It prevent 172.16.0.0/16 from being distributed into EIGRP
C. It allows a default route to be distributed into EIGRP
D. It prevent a default route to being distributed into EIGRP
E. It allows 172.16.0.0/16 and larger students to be distributed into EIGRP
F. It allow 172.16.0.0/16 to be distributed into EIGRP
Answer: C,F
222
IT Certification Guaranteed, The Easy Way!
223
IT Certification Guaranteed, The Easy Way!
NO.695 Which two protocols exclude the source and destination IPaddresses from the application
data stream?
(Choose two)
A. TFTP
B. NTP
C. SMTP
D. SSH
E. SNMP
Answer: B,C
224
IT Certification Guaranteed, The Easy Way!
Answer:
NO.698 Which feature can you implement to most efficiently protect customer traffic in a rate-
limited WAN Ethernet service
A. IntServ with RSVP
B. DiffServ
C. Q-in-Q
D. The IPsec VTI qos pre-classify command
E. HCBWFQ
Answer: B
NO.699 Which two route types are allowed to exit an EIGRPstub?(choose two)
A. summary
B. host
C. static
D. connected
E. default
Answer: A,D
NO.700 Which two statements about class maps are true? {Choose two)
A. As many as eight DSCP values can be included in a match dscp statement.
B. A policy map can be used to designate a protocol within a class map.
C. The match class command can nest a class map with more than one match command is match-
225
IT Certification Guaranteed, The Easy Way!
any.
Answer: A,C
multiple hosts on the 10.2.2.0/24 network are sending traffic to the web server, Which configuration
can you apply to R2 so that traffic from host 1 uses the path R2-R1-R3 to reach the web server,
without affecting other hosts?
A. access-list 1 permit 10.2.2.0 0.0.0.255
B. interface FastEthernet2/0 ip policy route-map POLICY-ROUTE
C. access-list 1 permit 10.2.2.3 255.255.255.255
D. access-list 1 permit 10.2.2.3 0.0.0.0
E. access-list 1 permit 10.2.2.4 0.0.0.0
F. ip local policy route -map PLICY-ROUTE
Answer: D
Answer:
226
IT Certification Guaranteed, The Easy Way!
NO.703 Which option is the Cisco recommended method to secure access to the console port?
A. Set the privilege level to a value less than 15
B. Configure a very short timeout (less than 100 milliseconds) for the port
C. Configure the activation-character command
D. Configure an ACL
Answer: C
NO.704 What are the two requirements for BGP to install a classful network into the BGP routing
table?
(Choose two.)
A. Synchronization is disabled.
B. The AS contains the entire classful network.
C. Auto-summary is enabled.
D. A classful network is statement with a classful mask is in the routing table.
E. A classful network statement with a lower administrative distance ~he routing table.
F. Synchronization is enabled.
Answer: C,D
NO.706 Which prefix list matches and permits all RFC 1918 network 10.0.0.0 routes that have masks
of /16 through /24?
A. ip prefix-list foo seq 10 permit 10.0.0.0/8 ge 15 le 25
B. ip prefix-list foo seq 10 permit 10.0.0.0/8 ge 16 le 24
C. ip prefix-list foo seq 10 permit 10.0.0.0/16 le 24
D. ip prefix-list foo seq 10 permit 10.0.0.0/16 ge 15 le 25
Answer: B
227
IT Certification Guaranteed, The Easy Way!
right
Answer:
NO.708 What command can you configure on a router so that traffic generated from the router is
policy-routed?
A. ip local policy
B. ip route-cache policy
C. ip policy
D. ip route-map
Answer: A
228
IT Certification Guaranteed, The Easy Way!
NO.710 Which three options are there of the valid message types for DHCPv6? (Choose three.)
A. Request
B. Solicit
C. Discover
D. Advertise
E. Offer
F. Leave
Answer: A,B,D
NO.712 An NSSA area has two ABRs connected to Area 0. Which statement is true?
A. Both ABRs translate Type-7 LSAs to Type-5 LSAs
B. No LSA translation is needed
229
IT Certification Guaranteed, The Easy Way!
C. Both ABRs forward Type-5 LSAs from the NSSA area to backbone are.
D. The ABR with the highest router ID translates Type-7 LSAs to Type-5 LSAs
Answer: D
The route-map wan2site is being used for redistributing BGP routes into the eigrp 28 process Which
option best describes the resulting redistribution of routes ?
A. policy routing matches 0 packets means that there are no matches and no routes are being
redistributed
B. all routes are being redistributed with a metric and a tag
C. The denysequence 5 is preventing any routes from and a tag
D. a default routes is being redistributed with a metric and a tag
Answer: C
NO.716 Into which two pieces of information does the LISP protocol split the device
identity?(Choose two)
A. Enterprise Identifier
230
IT Certification Guaranteed, The Easy Way!
B. LISP ID
C. Resource Location
D. Device ID
E. Routing Locator
F. Endpoint Identifier
Answer: E,F
NO.717 You are using the limited scope multicast IP address 239.128.0.1 for a high volume data
distribution
application. what symptom would you expect to find in the network?
A. The video traffic cannot be handled by a limited scope multicast address
B. There is no problem and the network is performing smoothly , just as designed
C. The high volume traffic is being sent to the 224.128.0.1 multicast address as well as on the original
address, causing high network load on all multicast subnets
D. The high volume application creates high network traffic load on all systems on the subnets where
the video is being sent.
Answer: B
NO.719 Exhibit:
Refer to the exhibit. While troubleshooting an issue with a blocked switch port. you find this error in
the switch log. Which action should you take first to locate the problem?
A. Execute the show interface command to check FastEthernet 0/1
B. Check the attached switch for a BPDU filter
C. Test the link for unidirectional failures.
D. Check the attached switch for an interface configuration issue.
Answer: B
NO.720 which two OSPF network type require the use of a DR and BDR?(choose two)
A. broadcast networks
B. point-to-multipoint network
C. point-to-point non-broadcast networks
231
IT Certification Guaranteed, The Easy Way!
D. non-broadcast networks
E. point-to-point networks
Answer: A,D
Which two statements about this route table are true?( Choose two).
A. The OSPF routes with the IA flag have their administrative distances incremented as they leave the
router.
B. The OSPF routes with the E2 flag retain the same metric as they leave the router.
C. The BGP routes are internal.
D. The BGP routes are external.
E. The OSPF routes with the E2 flag have their metrics incremented as they leave the router.
Answer: B,C
NO.724 Which two statements about SNMP inform requests are true? (choose two)
A. For a particular event, an SNMP inform may be sent more than once
B. SNMP informs are sent to the SNMP manager and are acknowledged
C. SNMP informs are sent to the SNMP manager without acknowledgement
D. For a particular event, an SNMP inform is sent only once
E. SNMP informs are sent to the SNMP agent without acknowledgement
F. SNMP informs consume less bandwidth than SNMP traps
Answer: A,C
232
IT Certification Guaranteed, The Easy Way!
While troubleshooting the failure of two devices to establish an IPSec tunnel, you generated the
given debug output on R2. What is the most likely reason the tunnel failed?
A. Main mode processing failed on the peer
B. Main mode processing failed on R2
C. The ACLs are mismatched on the devices
D. R2 was unable to connect to the peer
Answer: C
NO.726 Which two options are potential impacts of microbursts? (Choose two.)
A. invalid checksum
B. tail drops
C. packet loss
D. unicast flooding
E. asymmetric routing
F. unnecessary broadcast traffic
Answer: B,C
Answer:
233
IT Certification Guaranteed, The Easy Way!
NO.728 Which Cisco IOS XE component provides separation between the control plane and the data
plane?
A. Common Management Enabling Technology
B. Free and Open Source Software
C. POSIX
D. Forwarding and Feature Manager
Answer: D
NO.729 Which marking field is used only as an internal marking within a router?
A. QOS Group
B. Discard Eligiblity
C. IP Precedence
D. MPLS Experimental
E. CoS
Answer: A
234
IT Certification Guaranteed, The Easy Way!
Which two statements about this topology are true? (Choose two)
A. Destination 192.168.23.0/24 is unable to use interface Fa0/1 as the LFA.
B. Interface FastEthernet 0/1 is the primary path to destination 192.168.23.0/24.
235
IT Certification Guaranteed, The Easy Way!
C. The FastEthernet 0/0 and FastEthernet 0/1 interfaces are used as LFA for destination
192.168.23.0/24
D. Only interface FastEthernet 0/1 are used as the LFA for destination 192.168.23.0/24.
E. Interface FastEthernet 0/0 is the primary path to destination 192.168.23.0/24.
F. Only FastEthernet 0/0 is used as the LFA to destination 192.168.23.0/24.
Answer: A,E
NO.734 Which MLD message type does a host send to join rrulticast groups?
A. Join/prune
B. Hello
C. Query
D. Done
E. Report
F. Assert
Answer: E
Which two additional configuration lines must you add so that the device will capture data packets
using Embedded Packet Capture (EPC)? (Choose two.)
A. monitor capture buffer BUFFER_CAPTURE filter access-list CAPTURE_FILTER
B. monitor capture point ip process-switched POINT_CAPTURE from-us
C. monitor capture point associate POINT_CAPTURE BUFFER_CAPTURE
D. monitor capture buffer BUFFER_CAPTURE limit aIlow-nth-pak 100
E. monitor capture point start all
Answer: C,E
NO.736 which type of access-list will allow incoming traffic for sessions that originated from within
your network?
A. reflexive ACLs
B. time-based ACLs
236
IT Certification Guaranteed, The Easy Way!
C. dynamic ACLs
D. standard ACLs
Answer: A
NO.737
Refer to the exhibit.If the default-information originate always command is configured on R4,what
route type is assigned to the default route in RVs route table?
A. O
B. E2
C. OIA
D. E1
Answer: B
NO.738 Which are the two requirements for BGP to install a classful network into the BGP routing
table? (Choose two)
A. Synchronization is disabled
B. The AS contains the entire classful network
C. Auto-summary is enabled
D. A classful network statement with a classful mask is in the routing table
E. A classful network statement with a lower administrative distance is in the routing table
F. Synchronization is enabled
Answer: C,D
NO.740 Exhibit:
237
IT Certification Guaranteed, The Easy Way!
A. 2-WAY
B. ATTEMPT
C. LOADING
D. EXCHANGE
E. FULL
Answer: D
NO.741 Which feature must be enabled so that an IS-IS single topology can support IPv6 traffic?
A. extended metrics
B. adjacency checking
C. new-style TLVs only
D. both new-and old-style TLVs
E. old-style TLVs only
Answer: C
NO.743 Which three statements about BGP soft reconfiguration are true? (Choose threE.
A. Outbound soft reconfiguration requires additional configuration on the BGP neighbor
B. Inbound soft reconfiguration requires additional memory
238
IT Certification Guaranteed, The Easy Way!
NO.744 Which two statements about VSS are true? (Choose two.)
A. It requires physical switches to be collocated.
B. It is dependent on spanning-tree.
C. It requires three IP addresses per ULAN.
D. Each VSS has a single management IP address
E. It can eliminate the need for HSRP.
Answer: D,E
which two configurations must you apply to the master controller and the border router to provide
then(choose two)?
A. Border#
key chain PFR
key 0
key-string Cisco
pfr border
logging
local loopback 0
B. Master#
key chain PFR
key 0
key-string Cisco
pfr master
logging
border 10.1.1.3 key-chain PFR
interface GigabitEthernet0/0/0 internal
interface GigabitEthernet0/0/1 external
interface GigabitEthernet0/0/2 external
C. Border#
key chain PFR
key 0
key-string Cisco
239
IT Certification Guaranteed, The Easy Way!
pfr border
logging
local loopback 0
master 10.1.1.1 key-chain PFR
D. Master#
key chain PFR
key 0
key-string Cisco
pfr master
logging
border 10.1.1.3 key-chain PFR
interface GigabitEthernet0/0/1 internal
interface GigabitEthernet0/0/0 external
E. Master#
key chain PFR
key 0
key-string Cisco
pfr border
logging
local loopback 0
master 10.1.1.1 key-chain PFR
F. Border#
key chain PFR
key 0
key-string Cisco
pfr master
logging
border 10.1.1.3 key-chain PFR
interface GigabitEthernet0/0/1 internal
interface GigabitEthernet0/0/0 external
interface GigabitEthernet0/0/2 external
Answer: B,C
NO.746 Which prefix List Matches and permits all RFC 1918 network 1 0.0.0.0 routes that have
subnet marks of /16 trough /24?
A. ip prefix-list foo seq 10 perm it 10.0.0.0/16 le 24.
B. ip prefix-list foo seq 10 permit 10.0.0.0/16 ge 15 le 25.
C. ip prefix-list foo seq 10 perm it 1 0.0.0.0/8 ge 15 le 25.
D. ip prefix-list foo seq 10 permit 10.0.0.0/8 ge 16 le 24.
Answer: D
NO.747 Which two statements about IGMP filtering are true? (Choose two)
A. It supports IGMPv3 join messages.
B. By default, an interface can join a maximum of 4 IGMP groups
C. It supports general IGMP Queries
240
IT Certification Guaranteed, The Easy Way!
NO.748 Which two parameters does the Tunnel Mode Auto Selection feature select automatically?
(Choose two)
A. the tunneling protocol
B. the transport protocol
C. the ISAKMP profile
D. the tunnel peer
E. the transform-set
Answer: A,B
NO.750 Which two statements about Cisco Express Forwarding are true? (Choose two)
A. The FIB table and the adjacency table reside on the line cards when distributed Cisco Express
Forwarding is enabled.
B. Layer 2 next-hop address information is maintained in the adjacency table.
C. The FIB table and the adjacency table reside on the line cards when Cisco Express Forwarding is
enabled.
D. Layer 2 next-hop address information is maintained in the FIB table.
E. The FIB table resides on the route processor and the adjacency table resides on the line cards
when Cisco Express Forwarding is enabled.
Answer: A,B
241
IT Certification Guaranteed, The Easy Way!
Answer:
NO.752 Which PHB type allows for the best interoperability with IP Precedence already used in the
network?
A. Expedited Forwarding
B. Assured Forwarding
C. Class Selector
D. Default
Answer: C
NO.753 Which two statements about NAT are true? Choose two?
A. Static NAT supports a one to one address mapping
B. One to one mapping denies outside traffic from accessing an inside host
C. PAT uses destination port numbers identity address mapping
242
IT Certification Guaranteed, The Easy Way!
D. Static NAT release the translated address for use by another device when it is inactive
E. Dynamic NAT allows hosts inside a network to use a pool of addresses to access hosts outside the
network
Answer: A,E
If the route to 10.1.1.1 is removed from the R2 routing table, which server becomes the master NTP
server?
A. R2
B. the NTP server at 10.3.3.3
C. the NTP server at 10.4.4.4
D. the NTP server with the lowest stratum number
Answer: D
Explanation:
NTP uses a concept called "stratum" that defines how many NTP hops away a device is from an
authoritative time source. For example, a device with stratum 1 is a very accurate device and might
have an atomic clock attached to it. Another NTP server that is using this stratum 1 server to sync its
own time would be a stratum 2 device because it's one NTP hop further away from the source. When
you configure multiple NTP servers, the client will prefer the NTP server with the lowest stratum
value.
Reference: https://networklessons.com/network-services/cisco-network-time-protocol-ntp/
NO.756 Which IPv6 tunneling type establishes a permanent link between IPv6 domains over IPv4?
A. 6to4 tunneling
B. ISATAP tunneling
C. IPv4-compatible tunneling
D. manual tunneling
Answer: D
NO.757 When EIGRP Auto-Summary is enabled, what does Auto Summarization do in EIGRP ?
A. Summarizes all network boundaries
B. Summarizes network from different network boundaries crossing different major boundary
243
IT Certification Guaranteed, The Easy Way!
NO.758 Which three types of Layer 2 isolation do private VLANs provide? (Choose threE.
A. Community
B. Isolated
C. Blocking
D. Promiscuous
E. Private group
Answer: A,B,D
Answer:
244
IT Certification Guaranteed, The Easy Way!
The route-map wan2site is being used to redistribute BGP routes into the eigrp 28 process.
Which option best describes the
resulting redistribution of routes?
A. The deny, sequence 5 is preventing any routes from and a tag
B. A default routes is being redistributed with a metric and a tag
C. Policy routing matches 0 packets means that there are no matches and no routes are being
redistributed
D. All routes are being redistributed with a metric and a tag
Answer: A
NO.761 What value does MAC Authentication Bypass use, by default, for the password attribute in
its RADIUS Access-Request message?
A. The MAC address of the switch
B. The password learned from the EAP Response
C. The MAC address of the endpoint to be authenticated
D. The password supplied for the RADIUS server
Answer: C
245
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit. The route-map wan2site is being used for redistributing BGP routes into the
eigrp 28 process Which option best describes the resulting redistribution of routes?
A. Policying routing matches: 0 packets means that there are no matches and no routes are being
redistributed
B. A default route is being redistributed with a metric and a tag
C. The deny sequence 5 is preventing any routes from being redistributed
D. AII routes are being redistributed with a metric and a tag
Answer: C
NO.763 Which Cisco PfR monitoring mode is recommended for Internet edge deployments?
A. active mode
B. fast mode
C. active throughput mode
D. passive mode
Answer: D
NO.764 Which feature must be enabled prior to enabling the IGM P Snooping Querier?
A. PIM-SM
B. SSM
C. IP helper
D. IGMP Snooping
246
IT Certification Guaranteed, The Easy Way!
Answer: D
When packets are transmitted from R1 to R2, where are they encrypted?
A. On the E0/1 interface on R2
B. On the outside Interface
C. In the tunnel
D. In the forwarding engine
E. Within the crypto map
F. On the E0/0 interface on R1
Answer: C
NO.768 Which two statements about IS-IS are true? {Choose two)
A. The default hello interval is 10 seconds and the default hold timer is 30 seconds.
B. Both IS-IS routers need to have the same capabilities in the hello packet in order to form
neighbors.
C. The hello interval can be changed on a per-interface basis with the command ISIS hello- multiplier.
D. Both routers need to have the same hello intervals and hello timers in order to form IS- IS
neighbors.
Answer: A,C
247
IT Certification Guaranteed, The Easy Way!
You have configured a VRF named Blue on R1 as shown. Which action must you take to enable uRPF
on the R1 interface E1/0?
A. Configure the ip verify Blue unicast source reachable-via rx allow-default command on interface
E0/1
B. Configure the ip verify Blue unicast source reachable-via rx allow-default command under the VRF
Blue process
C. Configure the ip verify unicast source reachable-via rx allow-default command under the VRF Blue
process
D. Configure the ip verify vrf Blue unicast source reachable-via rx allow-default command on
interface E0/1
E. Configure the ip verify unicast source reachable-via rx allow-default command on interface E1/0
Answer: E
NO.770 From which component does an IS-IS router construct its link-state database?
A. LSAs
B. LSPs
C. hello packets
D. SPTs
Answer: B
NO.772 Which two statements about SSM are true? (Choose two)
248
IT Certification Guaranteed, The Easy Way!
Which configuration must you apply to a router so that it can generate a log message in this format?
A. Service timestamps log datetime localtime show-timezone
Service sequence-numbers
B. Service timestamps log datetime msec localtime
Service sequence-numbers
C. Service timestamps log datetime msec localtime show-timezone
Service sequence-numbers
D. Service timestamps log datetime msec localtime show-timezone
Service linenumber
E. Service timestamps log datetime msec localtime show-timezone
Service alignment logging
Answer: C
NO.774 What is the default time-out value of an ARP entry in Cisco IOS Software?
A. 720 minutes
B. 240 minutes
C. 60 minutes
D. 480 minutes
E. 120 minutes
Answer: B
NO.775 Which value does EIGRP use to determine the metric for a summary address?
A. The average of the component metrics
B. A default fixed value
C. The lowest metric among the component routes
D. The highest metric among the component routes
Answer: C
NO.776 Which two configuration options are available for PIM snooping? (Choose two.)
A. On a specific interface on the device.
B. On a range of interfaces on the device.
C. Under the VLAN in VLAN configuration mode.
D. Globally on the device.
E. Under the SVI for the corresponding VLAN.
249
IT Certification Guaranteed, The Easy Way!
Answer: D,E
Which two options are two problems that can occur with this configuration? (Choose two)
A. The MPLS path from R1 to R5 becomes unreachable.
B. R1 and R5 are unable to establish an LDP relationship.
C. The label for the R1 loopback address is filtered from other MPLS routers.
D. The label for the R5 loopback address is filtered from other MPLS routers
E. MPLS traffic from R1 to R5 takes a suboptimal path.
Answer: A,D
NO.778 Which command sequence must you enter to configure SSH access to a Cisco router?
A. A.ip ssh version ip domain-name crypto key zeroize
B. B.hostname ip domain-lookup crypto key generate rsa
C. C.hostname ip domain-name crypto key zeroize
D. D.ip ssh version ip domain-name crypto key generate rsa
E. E.ip shs version ip domain-lookup crypto key zeroize
F. F.hostname ip domain-name crypto key generate rsa
Answer: F
NO.779 Which two statements about private VLAN communications are true? (Choose two)
A. Primary VLAN traffic is passed across trunk interfaces.
B. Isolated ports communicate with other isolated ports.
C. Promiscuous ports communicate with all other ports.
D. Promiscuous ports connect only to routers.
250
IT Certification Guaranteed, The Easy Way!
Answer: A,C
NO.780 Which two services are used to transport Layer 2 frames across a packet-switched network?
(Choose two.)
A. Frame Relay
B. ATM
C. AToM
D. L2TPv3
Answer: C,D
NO.781 Which two statements about TCP MSS are true? (Choose two.)
A. The two endpoints in a TCP connection report their MSS values to one another.
B. It operates at Layer 3.
C. MSS values are sent in TCP SYN packets
D. It sets the maximum amount of data that a host sends in an individual datagram
E. It sets the minimum amount of data that a host accepts in an individual datagram
Answer: C,D
NO.782 Which two statements about LDP are true? (Choose two)
A. LDP sessions are established between LSRs
B. It enables LSRs to communicate label bindings
C. It sends hello messages over TCP
D. It uses a 16-byte identifier
E. It supports only directed-connected neighbors
F. It sends hello messages as UDP packets via unicast
Answer: A,B
NO.783 Which IPv6 migration method allows IPv4-only devices to communicate with IPv6-only
devices?
A. Dual stack
B. NAT64
C. ISATAP tunnel
D. GRE tunnel
Answer: B
NO.784 Which two statements about MPLS label stack encoding are true?(Choose two) Which two
statements about MPLS label stack encoding are true? ( Choose two)
A. When a device forwards a labeled packet, it must copy the TTL of the incoming label to the
outgoing label
B. When an MPLS label stack undergoes the swap operation, it swaps the top and bottom labels
C. When a device forwards a labeled packet, it must copy the TTL of the outgoing label to the top
label
D. MPLS labels are encoded in little-endian format
251
IT Certification Guaranteed, The Easy Way!
NO.785 Which two events occur when a packet is decapsulated in a GRE tunnel?(Choose two)
A. The destination IPv4 address in the IPv4 payload is used to forward the packet
B. The source IPv4 address in the IPv4 payload is used to forward the packet
C. The GRE keepalive mechanism is reset
D. The version field in the GRE header is incremented
E. The TTL of the payload packet is decremented
F. The TTL of the payload packet is incremented
Answer: A,E
Answer:
252
IT Certification Guaranteed, The Easy Way!
NO.788
Refer to the exhibit. How is voice traffic entering this router on interface GigabitEthernet0/0 being
handled by the shown marking policy?
A. Any traffic matching access list voice is trusted and marking is not changed.
B. AII voice is being set to DSCP 0
C. AII voice is being set to AF21
D. Any traffic matching access-list voice is set to EF
Answer: A
253
IT Certification Guaranteed, The Easy Way!
NO.790 In which 802.1D port state are the root bridge, the root port, and the designated port(s)
elected?
A. Listening
B. learning
C. forwarding
D. blocking
E. disabled
Answer: C
NO.791 Exhibit:
254
IT Certification Guaranteed, The Easy Way!
Which two statements about this network are true? (Choose two)
A. It allows successful traceroute operations from R3 to R2
B. It allows successful traceroute operation from R1 to R2
C. It generates syslog messages for all discarded packet
D. It is configured with control-plane policing in silent mode
E. It is configured as distributed control-plane services
Answer: B,E
NO.792 You are backing up a server with a 1 Gbps link and a latency of 2 ms. Which two statements
about the backup are true? (Choose two.)
A. The bandwidth delay product is 2 Mb.
B. The default TCP send window size is the limiting factor.
C. The default TCP receive window size is the limiting factor.
D. The bandwidth delay product is 500 Mb.
E. The bandwidth delay product is 50 Mb.
Answer: A,C
255
IT Certification Guaranteed, The Easy Way!
Which two statements about the R1 configuration are true? (Choose two)
A. Timestamp are disabled for log messages.
B. The service timestamps log uptime command is configured.
C. R1 is using the default format for log output.
D. Sequence numbers and timestamps for log output
E. The buffer is set to the default size of 4096 bytes.
Answer: D,E
NO.795 When you implement the EIGRP add-paths feature, which configuration can cause routing
issues on a DMVPN circuit?
A. disabling ECMP mode under the EIGRP process.
B. disabling automatic summarization
C. enabling next-hop-self under the EIGRP process.
D. enabling synchronization under the EIGRP process
E. disabling the default variance under the EIGRP process
F. disabling NHRP when deploying EIGRP over DMVPN
Answer: E
Answer:
256
IT Certification Guaranteed, The Easy Way!
257
IT Certification Guaranteed, The Easy Way!
Answer:
If R1 generated this response to the show debug command, which statement about its debug its
258
IT Certification Guaranteed, The Easy Way!
NO.802 Which DHCP message type cloes the DHCP Server send to a client to confirm its allocated IP
address?
A. DHCPACK
B. DHCPOFFER
C. DHCPDISCOVER
D. DHCPREQUEST
Answer: A
NO.803 If you configure a router interface for both IPv4 and IPv6 on an IS-IS network in single-
topology mode.what additional configuration is required?
A. IPv4 and IPv6 must be configured on different routing protocols
B. IPv4 and IPv6 must be configured to run the same IS-IS level.
C. IPv4 and IPv6 must be configured with different metric types
D. IPv4 and IPv6 addresses must be configured with the same prefix length
Answer: B
Answer:
259
IT Certification Guaranteed, The Easy Way!
NO.807 Which two elements are required to define a class-map? (Choose two.)
A. A traffic-class name
B. A series of match commands.
C. A traffic policy name
D. A series of set command
E. A command such as bandwidth, fair-queue, or random-detect to enable a QoS option.
F. An attachment to an interface
Answer: A,B
NO.808 What feature can a device use to identify other members of the same IPv6 multicast group
on a network segment?
A. MLD
B. MSDP
C. source-specific multicast
D. rendezvous points
Answer: A
260
IT Certification Guaranteed, The Easy Way!
route-map ADV
match IP address prefix-list ADV
match IP address prefix-list EXT
ip prefix-list ADV permit 172.16.0.0/24
ip prefix-list EXT permit 10.10.10.10/32
C. neighbor x.x.x.x advertise-map ADV
route-map ADV
match IP address prefix-list ADV
match IP address prefix-list EXT
ip prefix-list ADV permit 172.16.0.0/24
ip prefix-list EXT permit 10.10.10.10/32
D. neighbor x.x.x.x advertise-map ADV exist-map EXT
route-map ADV
match IP address prefix-list ADV
route-map EXT
match IP address prefix-list EXT
ip prefix-list EXT permit 172.16.0.0/24
ip prefix-list ADV permit 10.10.10.10/32
Answer: A
NO.810 Which two options are benefits of EIGRP OTP? {Choose two)
A. It fully supports multicast traffic.
B. It allow the administrator to use different autonomous system number per EIGRP domain.
C. It allow EIGRP routers to peer across a service provider without the service provider involvement.
D. It allows the customer EIGRP domain to remain contiguous.
E. It requires only minimal support from the service provider.
F. It allows EIGRP neighbors to be discovered dynamically.
Answer: C,D
261
IT Certification Guaranteed, The Easy Way!
If R1 and R2 cannot establish an OSF neighbor relationshipwhich two action can you take to (Choose
two)
A. Configuration PPP authentication under the R2 Gigabitethemet 0/1 interface
B. Change the ip local pool command on R2 to ip local pool pooh 192 168 1 2 192 168 15
C. Configuration R1 to send the username and password on the Dialer 1 interface
D. Change the PPP authentication to CHAP authentication
E. Configure PPP encapsulation under the R1 virtual-template interface
Answer: C,E
NO.812 Refer to the exhibit. An Ipv6 tunnel is configured between site A and site B.
Which feature does the tunnel support?
A. single policy
B. transport mode
C. site-to-site tunnel mode
D. OSPFv2
Answer: C
262
IT Certification Guaranteed, The Easy Way!
NO.815 Which feature provides local database policy options that are similar to those ofTACACS-t-
and RADIUS servers?
A. authentication fallback
B. reflexive ACLs
C. AAA attributes
D. 802.1x
Answer: D
NO.816 Which three statements about Ansible are true? {Choose three.)
A. Ansible by default manages remote machines over SSL.
B. No ports other than the SSH port are required ; there is no additional PKI infrastructure to
maintain.
C. Ansible requires remote agent software.
D. Ansible by default manages remote machines over SSH.
E. Ansible does not require specific SSH keys or dedicated users.
F. Ansible requires server software running on a management machine.
Answer: B,D,F
NO.817 Which three elements compose a network entity title? (Choose three.)
A. area ID
B. domain ID
C. system ID
D. NSAP selector
E. MAC address
F. IP address
Answer: A,C,D
263
IT Certification Guaranteed, The Easy Way!
E. Link groups set a preference for primary and fallback (backup) external exit interfaces.
Answer: E
264
IT Certification Guaranteed, The Easy Way!
Answer:
NO.822 What are two mechanisms that directed ARP uses to help resolve IP addresses to hardware
addresses? (Choose two)
A. It removes address-resolution restrictions, allowing dynamic protocols to advertise rou
information for the device loopback address.
B. It uses ICMP redirects to advertise next-hop addresses to foreign hosts
265
IT Certification Guaranteed, The Easy Way!
NO.823 Which traffic-monitoring class allows Cisco PfR to run on platforms with limited border-
router functionality?
A. active monitoring
B. fast failover monitoring
C. passive monitoring
D. combined monitoring
E. special monitoring
Answer: B
NO.825 Exhibit:
Your network is suffering excessive output drops. Which two actions can you take to resolve the
problem? (Choose two.)
A. Install a switch with larger buffers.
B. Configure a different queue set.
C. Reconfigure the switch buffers.
D. Configure the server application to use TCP.
E. Update the server operating system.
Answer: A,B
266
IT Certification Guaranteed, The Easy Way!
267
IT Certification Guaranteed, The Easy Way!
NO.828 Which two statements about TCP tail drop are true? (Choose two)
A. It increases the congestion window after each acknowledgement
B. It uses bandwidth efficiently along the entire link
C. It causes TCP flows to be dropped at different intervals
D. It decreases the congestion window after each acknowledgement
E. It causes TCP global synchronization
Answer: C,E
NO.830 Which IPv6 tunneling method allows Host A to communicate with Host B within the same
site?
A. ISATAP
B. 6to4
C. GRE
D. Manual
Answer: A
NO.831 After you configure split horizon on an EIGRP hub-and-spoke network. You notice that some
routes are missing on the spoke routers. Which two actions can you take to correct the problem?
(Choose two)
A. lncrease the Hello and Hold timers on the connections between the routers
B. Configure unicast neighbor statements on both the hub and the spokes
268
IT Certification Guaranteed, The Easy Way!
NO.832 Which two improvements do SIA-Query and SIA-Reply messages add to EIGRP? {Choose
two)
A. Stuck-in-active conditions are solves faster.
B. They prevent a route from going into the stuck-in-active state.
C. They help in the localization of the real failure in the network.
D. The EIGRP adjacency between two neighbors never goes down.
Answer: A,C
NO.833 Which option is the default LACP load-balancing algorithm for IP traffic on Layer 3?
A. the source and destination IP address
B. the source IP port
C. the source and destination MAC address
D. the destination port
E. the destination IP port
Answer: A
Answer:
269
IT Certification Guaranteed, The Easy Way!
NO.836 n an STP domain. Which two topology are true a nonroot switch, when it reveives a
configuration BPDU from the root bridge with the TC bit set? (Choose two)
A. It does not recalculate the STP topology upon receiving change notification from the root switch.
B. It sets the MAC table aging time to max_age time.
C. It recalculates the STP topology upon receiving topology change notification from the root switch.
D. It sets the MAC table aging time to forward_delay time.
Answer: A,D
NO.837 Which IPv6 first-hop security feature blocks traffic sourced from IPv6 addresses that are
outside the prefix gleaned from router advertisements?
A. IPv6 RA guard
B. IPv6 DHCP guard
C. IPv6 source guard
D. IPv6 prefix guard
Answer: D
270
IT Certification Guaranteed, The Easy Way!
NO.839 Which three service offer VLAN transparency for WAN Ethernet services? (Choose threE.
A. ERMS
B. EPL
C. ERS
D. MPLS
E. EMS
F. EWS
Answer: B,E,F
NO.840 which two conditions are required for tracking the interface IP routing state?(choose two)
A. The interface line protocol must be up
B. Cisco Express Forwarding must be disable on the interface
C. A VRF must be enabled on the interface
D. A known IP address must be configured on the interface
E. IP routing must be disabled on the interface
Answer: A,D
NO.841 What is a reason for an EIGRP router to send an SIA reply to a peer ?
A. To respond to an SIA query that the router is still waiting on replies from its peers
B. To respond to a reply reporting that the prefix has gone stuck-in-active
C. To respond to a query reporting that the prefix has gone stuck-in-active
D. To respond to an SIA query with the alternative path requested
Answer: A
If the Web Server has been configured to listen only to TCP port 8080 for all the HTTP requests, which
command can you enter to show internet users to access the web server on http port 80?
A. ip nat inside source static tcp 10.1.1.100 8080 10.1.1.100 80
B. ip nat outside source static tcp 10.1.1.100 8080 10.1.1.100 80
C. ip nat outside source static tcp 10.1.1.100 80 10.1.1.100 80
271
IT Certification Guaranteed, The Easy Way!
NO.843 Which two statements about migrating a network from pvst+ to rapid pvst+ are true?
(Choose two)
A. Core switches must be migrated before the access layer switches
B. Because rapid-PVST+ is backward-incompatible with PVST+, all switches on the network must be
migrated
at once in a single maintenance window
C. Access layer switches must be migrated before the core switches
D. If the LAN runs in mixed mode automatically during the migration, convergence time is less than
when all
switches are in PVST+ mode
E. Root guard and BPDU guard are disabled automatically during the migration
F. UplinkFast and BackboneFast are disabled automatically during the migration
Answer: C,F
NO.844 What are two prerequisites for configuring Cisco Performance Monitor for IPv4 traffic? (
Choose two)
A. Cisco Express Forwarding or distributed Cisco Express Forwarding must be enabled on the
interface
B. Conditional debugging must be enabled on the router
C. Authenticated connection must be configured for at least one Syslog destination
D. IPv4 routing must be configured on the router
E. Netflow must be enabled on the interface
Answer: A,D
NO.845 Which LSA type is associated with the default route in a totally stubby area?
A. interarea-prefix LSA for ABRs (Type 3)
B. autonomous system external LSA (Type 5)
C. router LSA (Type 1)
D. interarea-router LSAs for ASBRs (Type 4)
Answer: A
NO.846 Which three statements about microbursts are true ? (choose threE.
A. They can occur when chunks of data are sent in quick succession
B. They occur only with UDP traffic
C. They appear as input errors on an interface counter
D. They appear as ignores and overruns on device buffers
E. They can be monitored by IOS software
F. They appear as misses and failures on device buffers
Answer: A,D,E
272
IT Certification Guaranteed, The Easy Way!
NO.847 A host on an Ethernet segment has a different subnet mask than the default gateway. What
can be done to allow it to communicate with devices outside of this subnet?
A. Configure a static route for the host on the default gateway
B. Configure a static ARP entry on the default gateway for the host IP address
C. Enable gratuitous ARP on the host
D. Enable proxy ARP on the default gateway
Answer: A
NO.848 Which two statements about QoS and marking are true? (Choose two)
A. The set-discard-class command can be configured for ATM and MPLS protocols
B. It can use a table map to mark traffic
C. It requires Cisco Express forwarding to be enabled on the sending interface and the receiving
interface
D. It is supported on tunnel interfaces
E. It is supported on Fast EthernetChannel and ATM SVC interfaces
Answer: A,D
NO.849 Which method can an IPv6 host to learn the RP in an IPv6 multicast-enabled network,
A. It receives it as part of the DHCP scope
B. It uses Autoj-RP
C. It extracts it from the multicast address
D. it receives an advertisement through MGBP
Answer: C
NO.850 Which option is the origin code when a route is redistributed into BGP?
A. IGP
B. EGP
C. External
D. Incomplete
E. Unknown
Answer: D
NO.851 Which two statements about RIPng are true? (Choose two)
A. IPv6 can support as many as 8 equal-cost routes.
B. IPv6 can support as many as 32 equal-cost routes.
C. A route with a metric of 15 is advertised as unreachable.
D. Both inbound and outbound route filtering can be implemented on a single interface.
E. 16 is the maximum metric it can advertise.
Answer: D,E
273
IT Certification Guaranteed, The Easy Way!
What is the effect on the network when you apply these configuration to RI and R2?
A. Asymmetric routing occurs because the bandwidth and delay K value settings are mismatched.
B. The interface bandwidth and delay settings adjust automatically to match the new metric settings
C. The neighbor adjacency between R1 and R2 temporarily resets and then reestablishes itself.
D. R1 and R2 fail to form a neighbor adjacency.
Answer: D
NO.853 What are the two Cisco recommended methods for reducing the size of the TCAM on a
Layer 3 switch?Choose two
A. Use the ip route profile command.
B. Adjust the output queue buffers.
C. Filter unwanted routes.
D. Optimize the SDM template.
E. Use summary routes.
Answer: C,E
NO.854 Which command can you enter to disable logging for terminal lines?
A. no logging trop
B. no logging monitor
C. no logging buffer
D. no logging console
E. no logging count
Answer: B
274
IT Certification Guaranteed, The Easy Way!
NO.856 : 34
Which two statements about WRED are true? (Choose two)
A. It is a packet-classification mechanism
B. It drops IP traffic before non-IP traffic
C. It is most useful with adaptive traffic
D. It is a congestion-management mechanism
E. It is a congestion-avoidance mechanism
F. It can be configured on the same interface as WFQ
Answer: C,E
NO.858 Which two statements about VPLS are true? (Choose two)
A. The service provider provisions CE devices.
B. It transmits broadcast traffic more efficiently than Ethernet switches.
C. It uses broadcast replication to transmit Ethernet packets with multicast MAC addresses.
D. It enables CE devices to operate as part of an L3 VPN.
275
IT Certification Guaranteed, The Easy Way!
E. It enables CE devices on different networks to operate as if they were in the same LAN.
F. It enables PE and CE devices to operate as if they were routing neighbors.
Answer: C,E
NO.859 Which two statements about IPv6 RA guard are true? (Choose two)
A. It blocks unauthorized ICMPv6 Type 134 packets
B. It supports host mode and router mode
C. It provides security for tunneled I Pv6 traffic
D. It is supported in the ingress and egress directions
E. It blocks unauthorized ICMPv6 Type 133 packets
Answer: A,B
NO.860 If EIGRP and OSPF are configured within an administrative domain for the same network,
which value can you change so that the OSPF becomes the installed routing protocol for all routes?
A. Local preference
B. Metric
C. MED
D. Administrative distance
E. Prefix length
Answer: D
NO.861 Which two statements about DMVPN are true? (Choose two.)
A. It flows both the hub and the spokes to use dynamic IP addresses.
B. It supports mufticast and QoS within tunnels.
C. It provides a routable interface for terminating IPSec tunnels.
D. It is a tunnel-less VPN technology.
E. It is an open standard.
F. It uses automatic IPSec triggering to build IPSec tunnels.
Answer: B,F
NO.862 What are three of the key fields that define a unique NetFlow flow?(3)
A. Layer 3 protocol type
B. Type of service
C. Source MAC address
D. Canonical Format identifier
E. Input logical interface
F. Cyclic Redundancy Check
Answer: A,B,E
NO.863 Which two statements about IGPs are true? (Choose two)
A. RIPv2 and OSPF are distance vector protocols
B. OSPF and EIGRP have high resource usage
C. IS-IS and EIGRP are link-state protocols
276
IT Certification Guaranteed, The Easy Way!
NO.864 Which two loops-prevention mechanisms are implemented in BGP? (Choose two)
A. The command bgp bestpath as-path-ignore enables the strict checking of AS_PATH so that they
drop routes with their own AS in the AS_PATH.
B. A route with its own cluster ID in the CKUSTER_LIST is dropped automatically when the route
reenters its own AS.
C. The command bgpbestpath med missing-as-worst assigns the smallest possible MED, which
directly prevents a loop.
D. The command bgpallowa-in enables a route with its own AS_PATH to be dropped when it reenters
its own AS
E. A route with its own AS in the AS_PATH is dropped automatically if the routereenters its own AS.
Answer: B,E
Answer:
277
IT Certification Guaranteed, The Easy Way!
NO.866 Refer to :
Which statement is true about a valid IPv6 address that can be configured on tunnel interface0?
A. 2001:7DCB:5901::/128 is a valid IPv6 address
B. There is not enough information to calculate the IPv6 address
C. 6to4 tunneling allows you to use any IPv6 address
D. 2002:7DCB:5901::/128 is a valid IPv6 address
Answer: D
NO.867 Which option describes how a router responds if LSA throttling is configured and it receives
the identical LSA before the interval is set?
A. The LSA is added to the OSPF database and a notification is sent to the sending router to
slowdown its LSA packet updates.
B. The LSA is added to the OSPF database.
C. The LSA is ignored.
D. The LSA is ignored and a notification is sent to the sending router to slow down its LSA packet
Updates.
Answer: C
278
IT Certification Guaranteed, The Easy Way!
If you apply this configuration to a device on your network, which class map cannot match traffic?
A. CM-EXAMPLE-3
B. CM-EXAMPLE-4
C. CM-EXAMPLE-1
D. CM-EXAMPLE-5
E. CM-EXAMPLE-2
Answer: A
NO.869 An NASSA area has two ABRs connected to Area 0. Which statement is true?
A. Both ABRs translate Type-7 LSAs to Type-5 LSAs.
B. The ABR with the highest router ID translates Type-7 LSAs to Type-5 LSAs.
C. No LSAs translation is needed.
D. Both ABRs forward Type-5 LSAs from the NASA area to backbone area.
Answer: B
Answer:
279
IT Certification Guaranteed, The Easy Way!
NO.872 Which two statement about VPLS are true? (Choose two)
A. Split horizon is used on PE devices to prevent loops.
B. IP is used to switch Ethernet frames between sites.
C. Spanning tree is extended from CE to CE
D. VPLS extends a layer 2 broadcast domain.
E. PE routers dynamic associate to peers.
Answer: A,D
NO.873 Which two methods can you use to limit the range for EIGRP queries? (Choose two.)
A. Use an access list to deny the multicast address 224.0.0.1 outbound from select EIGRP neighbor
and permit everything else.
B. Configure route tagging for all EIGRP routes.
C. Summarize routes at the boundary routers of the EIGRP domain.
D. Configure unicast EIGRP on all routers in the EIGRP domain.
E. Configure stub routers in the EIGRP domain.
F. Use an access list to deny the multicast address 224.0.0.10 outbound from select EIGRP neighbors
and permit everything else.
Answer: C,E
NO.874 What is the mechanism could be used to avoid the problem of TCP Starvation / UDP
Dominance?
A. Place UDP traffic in a dedicated traffic-class with the bandwidth keyword configured
B. Use policy routing to send the UDP and TCP traffic over different paths
280
IT Certification Guaranteed, The Easy Way!
NO.875 What are two differences between IPv6 ISATAP tunneling and IPv6 6to4 tunneling?
(Choose two)
A. Only ISATAP tunneling transfers unicast IPv6 packets between .sites.
B. Only 6to4 tunneling requires 2002::/16 addresses. -
C. Only ISATAP tunneling can transfer IPv6 multicast packets.
D. Only ISATAP tunneling transfers unicast IPv6 packets within a site
E. Only 6to4 tunneling transfers unicast IPv6 packets within a site.
Answer: B,D
NO.877 Which two statements are true about an EPL? (Choose two.)
A. It is a point-to-point Ethernet connection between a pair of NNls
B. It allows for service multiplexing.
C. It has a high degree of transparency.
D. The EPL service is also referred to as E-line
Answer: C,D
NO.878 Which IS-IS metric style is most suitable for MPLS traffic
engineering?
A. narrow
B. wide
C. transition
D. flat
Answer: A
281
IT Certification Guaranteed, The Easy Way!
Answer:
282
IT Certification Guaranteed, The Easy Way!
Routers A and Bare the edge devices at two different sites as shown. If routers A and B have
established an IPsec tunnel, which two statements about the network environment must be true?
(Choose two)
A. The connection could have been authenticated with 802.1 x
B. The connection could have authenticated with a pre-shared key
C. RFC 1918 addresses are in use on the WAN interfaces on router A and router B
D. The connection could have been authenticated with MD5
E. Public IP addresses are in use on the WAN interfaces on router A and router B
Answer: B,E
If a DHCP server has generated the given debug output, which two statements about the network
environment are true?
A. Client 0050.4332 has been assigned an IP address on the 10.10.2.0/24 subnet
B. The DHCP server received a DHCPREQUEST from a client whose ID ends in
4574.302f.30
C. The DHCP pool for the 10.10.2.0/24 subnet is configured incorrectly
D. The DHCP server receives discover messages through a relay agent
E. The DHCP server assigned PC2 an address from the 10.10.3.0/24 subnet
Answer: A,D
283
IT Certification Guaranteed, The Easy Way!
NO.884 What technology allows a PE router to exchange VPNv4 routes with other PE routers?
A. MPLSL3VPN
B MPLSL2VPN
B. VPLS
C. Frame Relay to ATM AAL5 Interworking
Answer: A
NO.886 Which three modes are valid for forming an EtherChannel between the ports of two
switches? {Choose threE.
A. passive/passive
B. active/active
C. active/passive
D. desirable/on
E. auto/auto
F. auto/desirable
Answer: B,C,F
NO.887
Refer to the exhibit.Which two options are effects of this configuration when the router is unable to
reach the TACACS+ server?(Choose two.)
A. Users cannot log in ti the router
B. Users can log in to the router EXEC mode without entering a password.
C. Users can log in to the router user EXEC mode with the username ciscol and the password cisco2.
284
IT Certification Guaranteed, The Easy Way!
D. Users can log in to the router privileged EXEC mode with the username ciscol and the password
cisco2
E. Users can log in to the router privileged EXEC mode without entering a password
F. Users can log in to the router privileged EXEC mode without a username and with the password
cisco3.
Answer: B,F
NO.888 Which two statements about VPLS are true? (Choose two)
A. Split horizon is used on PE devices to prevent loops
B. PE routers dynamically associate to peers
C. VPLS extends a Layer 2 broadcast domain
D. Spanning tree is extended from CE to CE
E. IP is used to switch Ethernet frames between sites
Answer: A,C
NO.889 Which two statements about root guard and loop guard are true? (Choose two)
A. Loop guard uses its own keepalives to determine unidirectional traffic.
B. Loop guard uses its own keepalives to prevent loops by detecting failures.
C. Loop guard uses BPDU keepalives to determine unidirectional traffic.
D. Root guard should be enabled on an upstream interface.
E. Root guard disables an interface only when a superior BPDU is received
F. When loop guard is enabled, the port is transitioned to the root-inconsistent state.
Answer: C,E
NO.891 Which statement about a Cisco APIC controller versus a more traditional SDN controller is
true?
A. APIC uses a policy agent to translate policies into instructions
B. APIC supports OpFlex as a Northbound protocol
C. APIC does suppoort a Southbound REST API
D. APIC uses an imperative model
Answer: A
NO.892 Which option describes the characteristics of a public Infrastructure as a Serveice cloud
service model?
A. It is a way of delivering cloud-computing infrastructure (servers , storage , network , and
B. operating systems ) as an on-demand service.
285
IT Certification Guaranteed, The Easy Way!
C. It is a cloud service where the underlying hardware is managed by the cloud service provider.
D. It is a cloud-computing platform that facilitates the creation of web applications without the
E. need to maintain the supporting software applications.
F. It is a cloud-computing platform that facilitates the creation of web applications without the
need to maintain the supporting software operating systems.
Answer: A
NO.894 Which two statements about QoS marking are true? (Choose two.)
A. It is supported on Fast EtherChannel and ATM SVC interfaces.
B. It is supported on tunnel interfaces.
C. It can use3 a table map to mark traffic.
D. The set discard-class command can be configured for ATM and MPLS protocols.
E. It requires Cisco Express Forwarding to be enabled on the sending interface and the receiving
interface.
Answer: B,E
Answer:
286
IT Certification Guaranteed, The Easy Way!
NO.897 Which statements about the client-identifier in a DHCP pool are true?(Choose two)
A. It is specified by appending 01 to the MAC address of a DHCP client.
B. It specifies a hardware address for the client.
C. It specifies a unique identifier that is used only for BOOTP requests.
D. It specifies a unique identifier that is used only for DHCP request.
E. It requires that you specify the hardware protocol.
Answer: A,D
NO.898 What is used to acknowledge the receipt of LSPs on a point-to-point network in IS-IS?
A. hello
B. CSNP
C. PSNP
D. IIH
E. CSH
Answer: C
Answer:
NO.900 What is the default behavior for a manual summary route when a component route of the
summary disappears?
287
IT Certification Guaranteed, The Easy Way!
A. Regardless of the metric of the component route ,the metric of the summary is unchanged in
order to keep stability
B. If the component route previously had the best composite metric, the same summary metric is
retained for stability /
C. If the component route previously had the best composite metric, the metric of the summary
changes to the next-best composite metric
D. If the component route previously dis not have the best composite metric, the summary metric is
updated and updates are sent to peers
Answer: A
NO.901 Refer to the exhibit.What are two effects of the given configurationChoose two
NO.902 Which two values are required to implement an EIGRP named configuration? (Choose two.)
A. Process-id
B. Router-id
C. Subnet-mask
D. Add ress-family
E. Virtual-instance-name
Answer: D,E
NO.903
288
IT Certification Guaranteed, The Easy Way!
Refer to the exhibit When traffic marked as CoS 5 arrives on the switch.what DSCP value does the
switch apply?
A. 0
B. 32
C. 40
D. 46
E. 48
Answer: B
NO.904 Which LSA type is associated with default route in a totally stubby area?
A. Router LSA(Type 1)
B. Autonomous system external LSA (Type 5)
C. Interarea-router LSAs for ASBRs (Type 4)
D. Interarea-prefix LSA for ABRs (Type 3)
Answer: D
NO.905 Which IPv4 feature can limit indiscriminate flooding of multicast traffic on a VLAN?
A. PIM Snooping
B. IGMP Filtering
C. MLD Filtering
D. IGMP Snooping
Answer: D
Answer:
289
IT Certification Guaranteed, The Easy Way!
NO.907 Which two statements about route summarization are true?(Choose two.)
A. EIGRP can summarize routes at the classful network boundary
B. EIGRP and RIPv2 route summarize are configured with the ip summary-address command under
the route..
C. It can be disabled in RIP,RIPv2 and EIGRP
D. It require a common set of high-order bits for all component routes
E. RIPv2 can summarize-routes beyond the classful network boundary
Answer: A,D
NO.909
Refer to the exhibit. Which statement correctly description how a router with this configuration
treats packets if it does not know a path 172.16.12.5 and 192.168 3 2?
A. it routes the packet based on the packet's destination using the routing table
B. It drop the packet immediately
C. It sends an ICMP source quench message
D. it routes the packet Into a loop and drops it when the JTL reaches zero
Answer: A
290
IT Certification Guaranteed, The Easy Way!
Your network uses an MPLS VPN backbone with OSPF routing between all PE and CE routers and on
the 10Mb backup links between the CE routers notice that traffic from CE3 to CE2 and C4 is flowing
over the backup links instead of the higher-bandwidth MPLS VPN backbone even when the backbone
is up. What can you make to ensure that traffic uses the MPLS VPN backbone instead?
A. Configure 1Gb sham links between PE3 and PE4 and between PE3 and PE2
B. Configure a lover cost metric on the provider netwok's OSPF-to-BGP redistribution
C. Configure 1Gb sham link between PE2 and PE4
D. Configure internal BGP on PE2, PE3, and PE4
Answer: A
NO.911 Which two statements about the command distance bgp 90 60 120 are true?(Choose two)
A. The local distance it sets may conflict with the RIP administrative distance
B. Implementing the command is a Cisco best practice
C. The internal distance it sets is preferred over the external distance
D. The internal distance it sets may conflict with the EIGRP administrative distance
E. The local distance it sets may conflict with the EIGRP administrative distance
F. The external distance it sets is preterred over the internal distance
Answer: A,C
NO.912 Which feature can be used to block traffic from one host to another within one VLAN on a
Layer 2 switch?
A. port security
B. dot1x
C. access list
D. protected ports
Answer: D
291
IT Certification Guaranteed, The Easy Way!
Answer:
NO.914 Which three conditions must be met for the IP routing state of an interface to be
up?(choose threE.
A. The interface must have a known IP address
B. Active IP routing must be enabled
C. Cisco express forwarding must be enabled
D. Cisco discovery protocol must be enabled on the inter face
E. A backup interface must be defined
F. The interface line-protocol state must be up
Answer: A,B,F
292
IT Certification Guaranteed, The Easy Way!
NO.916 Which two statements about CEF polarization are true? (Choose two)
A. The AND operation is performed on the higher-order bits of the source and destination IP address
B. A single link is chosen for all flows
C. The AND operation is performed on the lower-order bits of the source and destination IP address
D. After the XOR process, the flow is processed in the distribution Layer with a different hashing
algorithm
E. It can be prevented by alternating the hashing inputs
F. When enabled, it allows all links to be used efficiently for different traffic flows
Answer: B,E
293