Tingnan ang lahat ng mga set ng pag-aaral

CCNP Route 116

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which protocol uses dynamic address mapping to request the next-hop protocol address for a specific connection? A. Frame Relay inverse ARP B. static DLCI mapping C. Frame Relay broadcast queue D. dynamic DLCI mapping

Normal (Ethernet) ARP Request knows the Layer 3 address (IP) and requests for Layer 2 address (MAC). On the other hand, Frame Relay Inverse ARP knows the Layer 2 address (DLCI) and requests for Layer 3 address (IP) so we called it "Inverse"

Which IPv6 address type is seen as the next-hop address in the output of the show ipv6 rip RIPng database command? A. link-local B. global C. site-local D. anycast E. multicast

Note: + RA messages are sent periodically and in response to device solicitation messages + In the absence of a router, a host can generate only link-local addresses. Link-local addresses are only sufficient for allowing communication among nodes that are attached to the same link

Which statement about the use of tunneling to migrate to IPv6 is true? A. Tunneling is less secure than dual stack or translation. B. Tunneling is more difficult to configure than dual stack or translation. C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts. D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses.

Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure (a core network or the Internet). By using overlay tunnels, you can communicate with isolated IPv6 networks without upgrading the IPv4 infrastructure between them. Overlay tunnels can be configured between border routers or between a border router and a host; however, both tunnel endpoints must support both the IPv4 and IPv6 protocol stacks.

PPPoE is composed of which two phases? A. Active Authentication Phase and PPP Session Phase B. Passive Discovery Phase and PPP Session Phase C. Active Authorization Phase and PPP Session Phase D. Active Discovery Phase and PPP Session Phase

PPPoE is composed of two main phases: + Active Discovery Phase: In this phase, the PPPoE client locates a PPPoE server, called an access concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established. + PPP Session Phase: In this phase, PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.

Which statement is true about the PPP Session Phase of PPPoE? A. PPP options are negotiated and authentication is not performed. Once the link setup is completed, PPPoE functions as a Layer 3 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers. B. PPP options are not negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers. C. PPP options are automatically enabled and authorization is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be encrypted over the PPP link within PPPoE headers. D. PPP options are negotiated and authentication is performed. Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.

PPPoE is composed of two main phases: Active Discovery Phase and PPP Session Phase. In Active Discovery Phase, the client locates an Access Concentrator (Server). A unique Session ID will then be assigned and the PPPoE layer is established. In PPP Session Phase, once authentication and PPP options negotiation is completed, PPPoE will function as a layer 2 encapsulation which allows data to be transferred over the PPP link within PPPoE headers. The PPPoE termination (PADT) is a process wherein the PPPoE session is terminated.

Which PPP authentication method sends authentication information in clear text? A. MS CHAP B. CDPCP C. CHAP D. PAP

Password Authentication Protocol (PAP) is a very basic two-way process. The username and password are sent in plain text, there is no encryption or protection. If it is accepted, the connection is allowed. Note: The PAP "sent-username" and password that each router sends must match those specified with the "username ... password ..." command on the other router.

Which type of BGP AS number is 64591? A. a private AS number B. a public AS number C. a private 4-byte AS number D. a public 4-byte AS number

Private autonomous system (AS) numbers which range from 64512 to 65535 are used to conserve globally unique AS numbers. Globally unique AS numbers (1 - 64511) are assigned by InterNIC. These private AS number cannot be leaked to a global Border Gateway Protocol (BGP) table because they are not unique (BGP best path calculation expects unique AS numbers).

A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection? A. secure copy protocol B. core dumps C. warm reloads D. SNMP E. NetFlow

A core dump is a file containing a process's address space (memory) when the process terminates unexpectedly to identify the cause of the crash

access-list 1 permit 1.0.0.0 0.255.255.255 access-list 2 permit 1.2.3.0 0.255.255.255 ! router rip Which command only announces the 1.2.3.0/24 network out of FastEthernet 0/0? A. distribute list 1 out B. distribute list 1 out FastEthernet0/0 C. distribute list 2 out D. distribute list 2 out FastEthernet0/0

A distribute list is used to filter routing updates either coming to or leaving from our router. In this case, the "out" keyword specifies we want to filter traffic leaving from our router. Access-list 2 indicates only routing update for network 1.2.3.0/24 is allowed (notice that every access-list always has an implicit "deny all" at the end)

For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue? A. The traffic filter is blocking all ICMPv6 traffic. B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly. C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail. D. IPv6 traffic filtering can be implemented only on SVIs.

Answer: C implicit deny all

Which traffic does the following configuration allow? ipv6 access-list cisco permit ipv6 host 2001:DB8:0:4::32 any eq ssh line vty 0 4 ipv6 access-class cisco in A. all traffic to vty 0 4 from source 2001:DB8:0:4::32 B. only ssh traffic to vty 0 4 from source all C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32 D. all traffic to vty 0 4 from source all

Answer: C implicit deny all

IPv6 has just been deployed to all of the hosts within a network, but not to the servers. Which feature allows IPv6 devices to communicate with IPv4 servers? A. NAT B. NATng C. NAT64 D. dual-stack NAT E. DNS64

NAT64 is used to make IPv4-only servers available to IPv6 clients. Note: NAT44 - NAT from IPv4 to IPv4 NAT66 - NAT from IPv6 to IPv6 NAT46 - NAT from IPv4 to IPv6 NAT64 - NAT from IPv6 to IPv4

A company's corporate policy has been updated to require that stateless, 1-to-1, and IPv6 to IPv6 translations at the Internet edge are performed. What is the best solution to ensure compliance with this new policy? A. NAT64 B. NAT44 C. NATv6 D. NPTv4 E. NPTv6

NPTv6 stands for Network Prefix Translation. It's a form of NAT for IPv6 and it supports one-to-one translation between inside and outside addresses

Which statement about the NPTv6 protocol is true? A. It is used to translate IPv4 prefixes to IPv6 prefixes. B. It is used to translate an IPv6 address prefix to another IPv6 prefix. C. It is used to translate IPv6 prefixes to IPv4 subnets with appropriate masks. D. It is used to translate IPv4 addresses to IPv6 link-local addresses.

NPTv6 stands for Network Prefix Translation. It's a form of NAT for IPv6 and it supports one-to-one translation between inside and outside addresses

The following configuration is applied to a router at a branch site: ipv6 dhcp pool dhcp-pool dns-server 2001:DB8:1:B::1 dns-server 2001:DB8:3:307C::42 domain-name example.com ! If IPv6 is configured with default settings on all interfaces on the router, which two dynamic IPv6 addressing mechanisms could you use on end hosts to provide end-to-end connectivity? (Choose two.) A. EUI-64 B. SLAAC C. DHCPv6 D. BOOTP

Stateless Address Auto Configuration (SLAAC) is a method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process.

A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes? A. Track the up/down state of a loopback interface and shut down this interface during maintenance. B. Adjust the HSRP priority without the use of preemption. C. Disable and enable all active interfaces on the active HSRP node. D. Enable HSRPv2 under global configuration, which allows for maintenance mode.

We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.

Which common issue causes intermittent DMVPN tunnel flaps? A. a routing neighbor reachability issue B. a suboptimal routing table C. interface bandwidth congestion D. that the GRE tunnel to hub router is not encrypted

When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make sure the neighborship between the routers is always up.

Which three problems result from application mixing of UDP and TCP streams within a network with no QoS? (Choose three.) A. starvation B. jitter C. latency D. windowing E. lower throughput

When TCP is mixing with UDP under congestion, TCP flows will try to lower their transmission rate while UDP flows continue transmitting as usual. As a result of this, UDP flows will dominate the bandwidth of the link and this effect is called TCP-starvation/UDP-dominance. This can increase latency and lower the overall throughput.

Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet against the routing table? A. source address B. destination address C. router interface D. default gateway

When Unicast Reverse Path Forwarding is enabled, the router checks packets that arrive inbound on the interface to see whether the source address matches the receiving interface.

Which three items can you track when you use two time stamps with IP SLAs? (Choose three.) A. delay B. jitter C. packet loss D. load E. throughput F. path

When enabled, the IP SLAs Responder allows the target device to take two time stamps both when the packet arrives on the interface at interrupt level and again just as it is leaving, eliminating the processing time. At times of high network activity, an ICMP ping test often shows a long and inaccurate response time, while an IP SLAs test shows an accurate response time due to the time stamping on the responder. An additional benefit of the two time stamps at the target device is the ability to track one-way delay, jitter, and directional packet loss. Because much network behavior is asynchronous, it is critical to have these statistics. However, to capture one-way delay measurements the configuration of both the source device and target device with Network Time Protocol (NTP) is required. Both the source and target need to be synchronized to the same clock source. One-way jitter measurements do not require clock synchronization.

A network engineer is investigating the cause of a service disruption on a network segment and executes the debug condition interface fastethernet f0/0 command. In which situation is the debugging output generated? A. when packets on the interface are received and the interface is operational B. when packets on the interface are received and logging buffered is enabled C. when packets on the interface are received and forwarded to a configured syslog server D. when packets on the interface are received and the interface is shut down

Answer: A

Refer to the exhibit. When summarizing these routes, which route is the summarized route? OI 2001:DB8:0:7::/64 [110/20] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 OI 2001:DB8:0:8::/64 [110/20] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 OI 2001:DB8:0:9::/64 [110/20] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 A. OI 2001:DB8::/48 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 B. OI 2001:DB8::/24 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 C. OI 2001:DB8::/32 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 D. OI 2001:DB8::/64 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0

Answer: A

Refer to the exhibit. Which statement about the command output is true? Router#sh ip flow export Source(1) 10.10.10.2 (GigabitEthernet0/1) Destination(1) 10.10.10.1 (5127) A. The router exports flow information to 10.10.10.1 on UDP port 5127. B. The router receives flow information from 10.10.10.2 on UDP port 5127. C. The router exports flow information to 10.10.10.1 on TCP port 5127. D. The router receives flow information from 10.10.10.2 on TCP port 5127.

Answer: A

Which traffic characteristic is the reason that UDP traffic that carries voice and video is assigned to the queue only on a link that is at least 768 kbps? A. typically is not fragmented B. typically is fragmented C. causes windowing D. causes excessive delays for video traffic

Answer: A If the speed of an interface is equal or less than 768 kbps (half of a T1 link), it is considered a low-speed interface. The half T1 only offers enough bandwidth to allow voice packets to enter and leave without delay issues. Therefore if the speed of the link is smaller than 768 kbps, it should not be configured with a queue.

Two aspects of an IP SLA operation can be tracked: state and reachability. Which statement about state tracking is true? A. When tracking state, an OK return code means that the track's state is up; any other return code means that the track's state is down. B. When tracking state, an OK or over threshold return code means that the track's state is up; any other return code means that the track's state is down. C. When tracking state, an OK return code means that the track's state is down; any other return code means that the track's state is up. D. When tracking state, an OK or over threshold return code means that the track's state is down; any other return code means that the track's state is up.

Answer: A Tracking Return Code Track State State OK (all other return codes) Up Down Reachability OK or over threshold (all other return codes) Up Down

A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration? A. Verify the GRE tunnels. B. Verify ISAKMP. C. Verify NHRP. D. Verify crypto maps.

Answer: A When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make sure the neighborship between the routers is always up.

After a recent DoS attack on a network, senior management asks you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? (Choose two.) A. Use the msec option to enable service time stamps. B. Increase the logging history. C. Set the logging severity level to 1. D. Specify a logging rate limit. E. Disable event logging on all noncritical items.

Answer: A,B "Increase the logging history" here is same as "increase the logging buffer". The default buffer size is 4096 bytes. By increasing the logging buffer size we can see more history logging messages. But do not make the buffer size too large because the access point could run out of memory for other tasks. We can write the logging messages to a outside logging server instead.

Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.) A. DNS B. NAT C. port redirection D. stateless translation E. session handling

Answer: A,B NAT-PT provides IPv4/IPv6 protocol translation. It resides within an IP router, situated at the boundary of an IPv4 network and an IPv6 network. By installing NAT-PT between an IPv4 and IPv6 network, all IPv4 users are given access to the IPv6 network without modification in the local IPv4-hosts (and vice versa). Equally, all hosts on the IPv6 network are given access to the IPv4 hosts without modification to the local IPv6-hosts. This is accomplished with a pool of IPv4 addresses for assignment to IPv6 nodes on a dynamic basis as sessions are initiated across IPv4-IPv6 boundaries.

A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage? A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host. B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery. C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment. D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator.

Answer: B

What is the primary service that is provided when you implement Cisco Easy Virtual Network? A. It requires and enhances the use of VRF-Lite. B. It reduces the need for common services separation. C. It allows for traffic separation and improved network efficiency. D. It introduces multi-VRF and label-prone network segmentation.

Answer: C Easy Virtual Network (EVN) is an IP-based network virtualization solution that helps enable network administrators to provide traffic separation and path isolation on a shared network infrastructure. EVN uses existing Virtual Route Forwarding (VRF)-Lite technology to: + Simplify Layer 3 network virtualization + Improve shared services support + Enhance management, troubleshooting, and usability

The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.) A. Traffic Class B. Source address C. Flow Label D. Hop Limit E. Destination Address F. Fragment Offset

A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two.) A. IP routing B. FIB C. ARP cache D. MAC address table E. Cisco Express Forwarding table F. topology table

The command "clear ip route" clears one or more routes from both the unicast RIB (IP routing table) and all the module Forwarding Information Bases (FIBs).

Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel interface on the hub, to support multiple connections from multiple spoke devices? A. DMVPN B. GETVPN C. Cisco Easy VPN D. FlexVPN

Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding? A. FlexVPN B. DMVPN C. GETVPN D. Cisco Easy VPN

DMVPN is not a protocol, it is the combination of the following technologies: + Multipoint GRE (mGRE) + Next-Hop Resolution Protocol (NHRP) + Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP...) (optional) + Dynamic IPsec encryption (optional) + Cisco Express Forwarding (CEF) An mGRE tunnel inherits the concept of a classic GRE tunnel but an mGRE tunnel does not require a unique tunnel interface for each connection between Hub and spoke like traditional GRE. One mGRE can handle multiple GRE tunnels at the other ends. Unlike classic GRE tunnels, the tunnel destination for a mGRE tunnel does not have to be configured; and all tunnels on Spokes connecting to mGRE interface of the Hub can use the same subnet.

Which encapsulation supports an interface that is configured for an EVN trunk? A. 802.1Q B. ISL C. PPP D. Frame Relay E. MPLS F. HDLC

EVN is supported on any interface that supports 802.1q encapsulation, for example, an Ethernet interface. Instead of adding a new field to carry the VNET tag in a packet, the VLAN ID field in 802.1q is repurposed to carry a VNET tag. The VNET tag uses the same position in the packet as a VLAN ID. On a trunk interface, the packet gets re-encapsulated with a VNET tag. Untagged packets carrying the VLAN ID are not EVN packets and could be transported over the same trunk interfaces.

Which technology was originally developed for routers to handle fragmentation in the path between end points? A. PMTUD B. MSS C. windowing D. TCP E. global synchronization

Fragmentation and Path Maximum Transmission Unit Discovery (PMTUD) is a standardized technique to determine the maximum transmission unit (MTU) size on the network path between two hosts, usually with the goal of avoiding IP fragmentation. PMTUD was originally intended for routers in IPv4. However, all modern operating systems use it on endpoints.

A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario? A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO

"The engineer is not concerned with authentication or encryption" so we don't need to use SNMP version 3. And we only use "one-way SNMP notifications" so SNMP messages should be sent as traps (no need to acknowledge from the SNMP server) -> A is correct.

Refer to the exhibit. The command is executed while configuring a point-to-multipoint Frame Relay interface. Which type of IPv6 address is portrayed in the exhibit? frame-relay map ipv6 FE80::4c2 102 A. link-local B. site-local C. global D. multicast

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the ipv6 address link-local command.

router eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out s0 ! access-list 7 permit 172.16.0.0 0.0.255.255 Which one statement is true? A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL. B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B. C. The 10.0.0.0/8 network will not be in the routing table on Router B. D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network. E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.

implicit deny all at the end of all commands configuration

Which two methods of deployment can you use when implementing NAT64? (Choose two.) A. stateless B. stateful C. manual D. automatic E. static F. functional G. dynamic

Address Family Translation (AFT) using NAT64 technology can be achieved by either stateless or stateful means: + Stateless NAT64 is a translation mechanism for algorithmically mapping IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it does not maintain any bindings or session state while performing translation, and it supports both IPv6-initiated and IPv4-initiated communications. + Stateful NAT64 is a stateful translation mechanism for translating IPv6 addresses to IPv4 addresses, and IPv4 addresses to IPv6 addresses. Like NAT44, it is called stateful because it creates or modifies bindings or session state while performing translation. It supports both IPv6-initiated and IPv4-initiated communications using static or manual mappings.

Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.) A. IP address B. routing table C. forwarding table D. access control lists E. NetFlow configuration

All the subinterfaces and associated EVNs have the same IP address assigned. In other words, a trunk interface is identified by the same IP address in different EVN contexts. EVN automatically generates subinterfaces for each EVN. For example, both Blue and Green VPN Routing and Forwarding (VRF) use the same IP address of 10.0.0.1 on their trunk interface: vrf definition Blue vnet tag 100 vrf definition Green vnet tag 200 ! interface gigabitethernet0/0/0 vnet trunk ip address 10.0.0.1 255.255.255.0 -> A is correct. In fact answer B & C are not correct because each EVN has separate routing table and forwarding table. Note: The combination of the VPN IP routing table and the associated VPN IP forwarding table is called a VPN routing and forwarding (VRF) instance.

A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable? A. EZVPN B. IPsec VPN client access C. VPDN client access D. SSL VPN client access

An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections.

What is the purpose of the autonomous-system {autonomous-system-number} command? A. It sets the EIGRP autonomous system number in a VRF. B. It sets the BGP autonomous system number in a VRF. C. It sets the global EIGRP autonomous system number. D. It sets the global BGP autonomous system number.

An example of using "autonomous-system {autonomous-system-number}" command is shown below: router eigrp 100 address-family ipv4 vrf Cust net 192.168.12.0 autonomous-system 100 no auto-summary This configuration is performed under the Provide Edge (PE) router to run EIGRP with a Customer Edge (CE) router. The "autonomous-system 100" command indicates that the EIGRP AS100 is running between PE & CE routers.

Refer to the following output: Router#show ip nhrp detail 10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47 TypE. dynamic, Flags: authoritative unique nat registered used NBMA address: 10.12.1.2 What does the authoritative flag mean in regards to the NHRP information? A. It was obtained directly from the next-hop server. B. Data packets are process switches for this mapping entry. C. NHRP mapping is for networks that are local to this router. D. The mapping entry was created in response to an NHRP registration request. E. The NHRP mapping entry cannot be overwritten.

From the output we learn that the logical address 10.2.1.2 is mapped to the NBMA address 10.12.1.2. Type "dynamic" means NBMA address was obtained from NHRP Request packet. Type "static" means NBMA address is statically configured. The "authoritative" flag means that the NHRP information was obtained from the Next Hop Server (NHS).

Which Cisco VPN technology uses AAA to implement group policies and authorization and is also used for the XAUTH authentication method? A. DMVPN B. Cisco Easy VPN C. GETVPN D. GREVPN

Cisco Easy VPN is an IP Security (IPsec) virtual private network (VPN) solution supported by Cisco routers and security appliances. It greatly simplifies VPN deployment for remote offices and mobile workers. Cisco Easy VPN is based on the Cisco Unity ® Client Framework, which centralizes VPN management across all Cisco VPN devices, thus reducing the management complexity of VPN deployments. There are three components of the Cisco Easy VPN solution: Easy VPN Client, Easy VPN Remote, and Easy VPN Server.

Which method allows IPv4 and IPv6 to work together without requiring both to be used for a single connection during the migration process? A. dual-stack method B. 6to4 tunneling C. GRE tunneling D. NAT-PT

Dual-stack method is the most common technique which only requires edge routers to run both IPv4 and IPv6 while the inside routers only run IPv4. At the edge network, IPv4 packets are converted to IPv6 packets before sending out. 6to4 tunnel is a technique which relies on reserved address space 2002::/16 (you must remember this range). These tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router's IPv4 address, beginning with the 2002::/16 prefix, in this format: 2002:border-router-IPv4-address::/48 For example, if the border-router-IPv4-address is 64.101.64.1, the tunnel interface will have an IPv6 prefix of 2002:4065:4001:1::/64, where 4065:4001 is the hexadecimal equivalent of 64.101.64.1. This technique allows IPv6 sites to communicate with each other over the IPv4 network without explicit tunnel setup but we have to implement it on all routers on the path. NAT-PT provides IPv4/IPv6 protocol translation. It resides within an IP router, situated at the boundary of an IPv4 network and an IPv6 network. By installing NAT-PT between an IPv4 and IPv6 network, all IPv4 users are given access to the IPv6 network without modification in the local IPv4-hosts (and vice versa). Equally, all hosts on the IPv6 network are given access to the IPv4 hosts without modification to the local IPv6-hosts. This is accomplished with a pool of IPv4 addresses for assignment to IPv6 nodes on a dynamic basis as sessions are initiated across IPv4-IPv6 boundaries.

Which statement about dual stack is true? A. Dual stack translates IPv6 addresses to IPv4 addresses. B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel. C. Dual stack translates IPv4 addresses to IPv6 addresses. D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically.

Which three benefits does the Cisco Easy Virtual Network provide to an enterprise network? (Choose three.) A. simplified Layer 3 network virtualization B. improved shared services support C. enhanced management, troubleshooting, and usability D. reduced configuration and deployment time for dot1q trunking E. increased network performance and throughput F. decreased BGP neighbor configurations

Easy Virtual Network (EVN) is an IP-based network virtualization solution that helps enable network administrators to provide traffic separation and path isolation on a shared network infrastructure. EVN uses existing Virtual Route Forwarding (VRF)-Lite technology to: + Simplify Layer 3 network virtualization + Improve shared services support + Enhance management, troubleshooting, and usability

Which NetFlow component is applied to an interface and collects information about flows? A. flow monitor B. flow exporter C. flow sampler D. flow collector

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache. For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode: Router(config)# flow monitor FLOW-MONITOR-1 Router(config-flow-monitor)#

A network engineer notices that transmission rates of senders of TCP traffic sharply increase and decrease simultaneously during periods of congestion. Which condition causes this? A. global synchronization B. tail drop C. random early detection D. queue management algorithm

Global synchronization occurs when multiple TCP hosts reduce their transmission rates in response to congestion. But when congestion is reduced, TCP hosts try to increase their transmission rates again simultaneously (known as slow-start algorithm), which causes another congestion. Global synchronization reduces optimal throughput of network applications and tail drop contributes to this phenomenon. When an interface on a router cannot transmit a packet immediately, the packet is queued. Packets are then taken out of the queue and eventually transmitted on the interface. But if the arrival rate of packets to the output interface exceeds the ability of the router to buffer and forward traffic, the queues increase to their maximum length and the interface becomes congested. Tail drop is the default queuing response to congestion. Tail drop simply means that "drop all the traffic that exceeds the queue limit. Tail drop treats all traffic equally and does not differentiate among classes of service.

A router with an interface that is configured with ipv6 address autoconfig also has a linklocal address assigned. Which message is required to obtain a global unicast address when a router is present? A. DHCPv6 request B. router-advertisement C. neighbor-solicitation D. redirect

IPv6 allows devices to configure their own IP addresses and other parameters automatically without the need for a DHCP server. This method is called "IPv6 Stateless Address Autoconfiguration" (which contrasts to the server-based method using DHCPv6, called "stateful"). In Stateless Autoconfiguration method, a host sends a router solicitation to request a prefix. The router then replies with a router advertisement (RA) message which contains the prefix of the link. Host will use this prefix and its MAC address to create its own unique IPv6 address. Note: + RA messages are sent periodically and in response to device solicitation messages + In the absence of a router, a host can generate only link-local addresses. Link-local addresses are only sufficient for allowing communication among nodes that are attached to the same link

Refer to the exhibit. The DHCP client is unable to receive a DHCP address from the DHCP server. Consider the following output: hostname RouterB ! interface fastethernet 0/0 ip address 172.31.1.1 255.255.255.0 interface serial 0/0 ip address 10.1.1.1 255.255.255.252 ! ip route 172.16.1.0 255.255.255.0 10.1.1.2 Which configuration is required on the Router B fastethernet 0/0 port in order to allow the DHCP client to successfully receive an IP address from the DHCP server? A. RouterB(config-if)# ip helper-address 172.16.1.2 B. RouterB(config-if)# ip helper-address 172.16.1.1 C. RouterB(config-if)# ip helper-address 172.31.1.1 D. RouterB(config-if)# ip helper-address 255.255.255.255

If the DHCP Server is not on the same subnet with the DHCP Client, we need to configure the router on the DHCP client side to act as a DHCP Relay Agent so that it can forward DHCP messages between the DHCP Client & DHCP Server. To make a router a DHCP Relay Agent, simply put the "ip helper-address <IP-address-of-DHCP-Server>" command under the interface that receives the DHCP messages from the DHCP Client.

For troubleshooting purposes, which method can you use in combination with the "debug ip packet" command to limit the amount of output data? A. You can disable the IP route cache globally. B. You can use the KRON scheduler. C. You can use an extended access list. D. You can use an IOS parser. E. You can use the RITE traffic exporter

If you use the "debug ip packet" command on a production router, you can bring it down since it generates an output for every packet and the output can be extensive. The best way to limit the output of debug ip packet is to create an access-list that linked to the debug. Only packets that match the access-list criteria will be subject to debug ip packet. For example, this is how to monitor traffic from 1.1.1.1 to 2.2.2.2 access-list 100 permit ip 1.1.1.1 2.2.2.2 debug ip packet 100 Note: The "debug ip packet" command is used to monitor packets that are processed by the routers routing engine and are not fast switched.

An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information? A. Cisco Express Forwarding has not been configured globally. B. NetFlow output has been filtered by default. C. Flow Export version 9 is in use. D. The command ip flow-capture fragment-offset has been enabled.

In general, NetFlow requires CEF to be configured in most recent IOS releases. CEF decides which interface the traffic is sent out. With CEF disabled, router will not have specific destination interface in the NetFlow report packets. Therefore a NetFlow Collector cannot show the OUT traffic for the interface.

Under which condition does UDP dominance occur? A. when TCP traffic is in the same class as UDP B. when UDP flows are assigned a lower priority queue C. when WRED is enabled D. when ACLs are in place to block TCP traffic

It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially Streaming-Video) within a single service-provider class because of the behaviors of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are detected. Although some UDP applications have application-level windowing, flow control, and retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower transmission rates because of dropping. When TCP flows are combined with UDP flows within a single service-provider class and the class experiences congestion, TCP flows continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if TCP-based applications is assigned to the same service-provider class as UDP-based applications and the class experiences sustained congestion. Granted, it is not always possible to separate TCP-based flows from UDP-based flows, but it is beneficial to be aware of this behavior when making such application-mixing decisions within a single service-provider class.

A network administrator uses IP SLA to measure UDP performance and notices that packets on one router have a higher one-way delay compared to the opposite direction. Which UDP characteristic does this scenario describe? A. latency B. starvation C. connectionless communication D. nonsequencing unordered packets E. jitter

Latency most effects TCP. TCP is a reliable data transfer protocol. The requirements for reliability in the data transfer implies that the protocol will detect any form of data corruption on the part of the network and retransmit until the data is transferred successfully. This 'stop and retransmit' implies that there is no fixed rate for data transfer, nor will any implicit timing of packets be preserved by TCP. TCP is not a real-time protocol. TCP attempts to maximise its data transfer rate through dynamic rate adjustment. The way TCP achieves this is to continually test the network to see if a higher data transfer rate can be supported. When TCP encounters packet loss, it assumes that the loss is due to network congestion, and the protocol immediately reduces its data transfer rate.

Refer to the following access list. access-list 100 permit ip any any log After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this? A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched. B. A packet that matches access-list with the "log" keyword is fast switched. C. A packet that matches access-list with the "log" keyword is process switched. D. A large amount of IP traffic is being permitted on the router.

Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can negatively affect other functions of the network device. There are two primary factors that contribute to the CPU load increase from ACL logging: process switching of packets that match log-enabled access control entries (ACEs) and the generation and transmission of log messages. Process switching is the slowest switching methods (compared to fast switching and Cisco Express Forwarding) because it must find a destination in the routing table. Process switching must also construct a new Layer 2 frame header for every packet. With process switching, when a packet comes in, the scheduler calls a process that examines the routing table, determines which interface the packet should be switched to and then switches the packet. The problem is, this happens for the every packet.

Which three TCP enhancements can be used with TCP selective acknowledgments? A. header compression B. explicit congestion notification C. keepalive D. time stamps E. TCP path discovery F. MTU window

TCP Selective Acknowledgement (SACK) prevents unnecessary retransmissions by specifying successfully received subsequent data. Let's see an example of the advantages of TCP SACK. TCP_ACK.jpgTCP (Normal) Acknowledgement TCP_SACK.jpg TCP Selective Acknowledgement For TCP (normal) acknowledgement, when a client requests data, server sends the first three segments (named of packets at Layer 4): Segment#1,#2,#3. But suppose Segment#2 was lost somewhere on the network while Segment#3 stills reached the client. Client checks Segment#3 and realizes Segment#2 was missing so it can only acknowledge that it received Segment#1 successfully. Client received Segment#1 and #3 so it creates two ACKs#1 to alert the server that it has not received any data beyond Segment#1. After receiving these ACKs, the server must resend Segment#2,#3 and wait for the ACKs of these segments. For TCP Selective Acknowledgement, the process is the same until the Client realizes Segment#2 was missing. It also sends ACK#1 but adding SACK to indicate it has received Segment#3 successfully (so no need to retransmit this segment. Therefore the server only needs to resend Segment#2 only. But notice that after receiving Segment#2, the Client sends ACK#3 (not ACK#2) to say that it had all first three segments. Now the server will continue sending Segment #4,#5, ... The SACK option is not mandatory and it is used only if both parties support it. The TCP Explicit Congestion Notification (ECN) feature allows an intermediate router to notify end hosts of impending network congestion. It also provides enhanced support for TCP sessions associated with applications, such as Telnet, web browsing, and transfer of audio and video data that are sensitive to delay or packet loss. The benefit of this feature is the reduction of delay and packet loss in data transmissions. Use the "ip tcp ecn" command in global configuration mode to enable TCP ECN. The TCP time-stamp option provides improved TCP round-trip time measurements. Because the time stamps are always sent and echoed in both directions and the time-stamp value in the header is always changing, TCP header compression will not compress the outgoing packet. Use the "ip tcp timestamp" command to enable the TCP time-stamp option. The TCP Keepalive Timer feature provides a mechanism to identify dead connections. When a TCP connection on a routing device is idle for too long, the device sends a TCP keepalive packet to the peer with only the Acknowledgment (ACK) flag turned on. If a response packet (a TCP ACK packet) is not received after the device sends a specific number of probes, the connection is considered dead and the device initiating the probes frees resources used by the TCP connection.

A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even if no interesting traffic exists. Which feature can be used to accomplish this task? A. TCP Adjust B. Dialer Persistent C. PPPoE Groups D. half-bridging E. Peer Neighbor Route

The "dialer persistent" command (under interface configuration mode) allows a dial-on-demand routing (DDR) dialer profile connection to be brought up without being triggered by interesting traffic. When configured, the dialer persistent command starts a timer when the dialer interface starts up and starts the connection when the timer expires. If interesting traffic arrives before the timer expires, the connection is still brought up and set as persistent.

What is the result of the command ip flow-export destination 10.10.10.1 5858? A. It configures the router to export cache flow information to IP 10.10.10.1 on port UDP/5858. B. It configures the router to export cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858. C. It configures the router to receive cache flow information from IP 10.10.10.1 on port UDP/5858. D. It configures the router to receive cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.

The "ip flow-export destination 10.10.10.1 5858" command is used to export the information captured by the "ip flow-capture" command to the destination 10.10.10.1. "5858" is the UDP port to which NetFlow packets are sent (default is 2055). The syntax of this command is: ip flow-export destination ip-address [udp-port] [version 5 {origin-as | peer-as}]

A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command? A. It enables receiving NTP broadcasts on the interface where the command was executed. B. It enables receiving NTP broadcasts on all interfaces globally. C. It enables a device to be an NTP peer to another device. D. It enables a device to receive NTP broadcast and unicast packets.

The "ntp broadcast client" command is used under interface mode to allow the device to receive Network Time Protocol (NTP) broadcast packets on that interface

Refer to the exhibit. Which statement about the configuration is true? ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip sla monitor 1 type jitter dest-ipaddr 200.0.10.3 dest-port 65051 num-packets 20 ! request-data-size 160 tos 128 frequenzy 30 ip sla monitor schedule 1 start-timer after 00:05:00 A. 20 packets are being sent every 30 seconds. B. The monitor starts at 12:05:00 a.m. C. Jitter is being tested with TCP packets to port 65051. D. The packets that are being sent use DSCP EF.

The "num-packets" specifies the number of packets to be sent for a jitter operation. The "frequency" is the rate (in seconds) at which this IP SLA operation repeats. The "tos" defines a type of service (ToS) byte in the IP header of this IP SLA operation.

Refer to Exhibit: Router#show adjacency Protocol Interface Address IP Serial0 192.168.209.130(2) (incomplete) IP Serial0 192.168.209.131(7) IP Ethernet0 192.168.201.1(7) A network administrator checks this adjacency table on a router. What is a possible cause for the incomplete marking? A. incomplete ARP information B. incorrect ACL C. dynamic routing protocol failure D. serial link congestion

The "show adjacency" command is used to display information about the Cisco Express Forwarding adjacency table or the hardware Layer 3-switching adjacency table. There are two known reasons for an incomplete adjacency: + The router cannot use ARP successfully for the next-hop interface. + After a clear ip arp or a clear adjacency command, the router marks the adjacency as incomplete. Then it fails to clear the entry. Note: Two nodes in the network are considered adjacent if they can reach each other using only one hop.

Which switching method is used when entries are present in the output of the command show ip cache? A. fast switching B. process switching C. Cisco Express Forwarding switching D. cut-through packet switching

The "show ip cache" command displays the contents of a router's fast cache. Note: If CEF is disabled and fast switching is enabled, the router begins to populate its fast cache.

Which parameter in an SNMPv3 configuration offers authentication and encryption? A. auth B. noauth C. priv D. secret

The SNMPv3 Agent supports the following set of security levels: + NoAuthnoPriv: Communication without authentication and privacy. + AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm). + AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and export packets are not being sent? A. output drops B. enqueuing for the RP C. fragmentation failures D. adjacency issues

The "show ip flow export" command is used to display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches. An example of the output of this command is shown below: Router# show ip flow export Flow export v5 is enabled for main cache Exporting flows to 10.51.12.4 (9991) 10.1.97.50 (9111) Exporting using source IP address 10.1.97.17 Version 5 flow records 11 flows exported in 8 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting 0 export packets were dropped due to output drops The "output drops" line indicates the total number of export packets that were dropped because the send queue was full while the packet was being transmitted.

A network engineer is notified that several employees are experiencing network performance related issues, and bandwidth-intensive applications are identified as the root cause. In order to identify which specific type of traffic is causing this slowness, information such as the source/destination IP and Layer 4 port numbers is required. Which feature should the engineer use to gather the required information? A. SNMP B. Cisco IOS EEM C. NetFlow D. Syslog E. WCCP

Which two commands would be used to troubleshoot high memory usage for a process? (Choose two.) A. router#show memory allocating-process table B. router#show memory summary C. router#show memory dead D. router#show memory events E. router#show memory processor statistics

The "show memory allocating-process table" command displays statistics on allocated memory with corresponding allocating processes. This command can be also used to find out memory leaks. A memory leak occurs when a process requests or allocates memory and then forgets to free (de-allocate) the memory when it is finished that task. Note: In fact the correct command should be "show memory allocating-process totals" (not "table") The "show memory summary" command displays a summary of all memory pools and memory usage per Alloc PC (address of the system call that allocated the block). An example of the output of this command is shown below: show_memory_summary.jpg Legend: + Total: the total amount of memory available after the system image loads and builds its data structures. + Used: the amount of memory currently allocated. + Free: the amount of memory currently free. + Lowest: the lowest amount of free memory recorded by the router since it was last booted. + Largest: the largest free memory block currently available. Note: The show memory allocating-process totals command contains the same information as the first three lines of the show memory summary command. An example of a high memory usage problem is large amount of free memory, but a small value in the "Lowest" column. In this case, a normal or abnormal event (for example, a large routing instability) causes the router to use an unusually large amount of processor memory for a short period of time, during which the memory has run out. The show memory dead command is only used to view the memory allocated to a process which has terminated. The memory allocated to this process is reclaimed by the kernel and returned to the memory pool by the router itself when required. This is the way IOS handles memory. A memory block is considered as dead if the process which created the block exits (no longer running). The command show memory events does not exist.

Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed? A. Disable CDP on the interface. B. Execute the vpdn enable command. C. Execute the no switchport command. D. Enable QoS FIFO for PPPoE support.

The "vpdn enable" command is used to enable virtual private dialup networking (VPDN) on the router and inform the router to look for tunnel definitions in a local database and on a remote authorization server (home gateway). The following steps include: configure the VPDN group; configure the virtual-template; create the IP pools.

After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this information, what do you conclude about these IPv6 addresses? A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device. B. The addresses were misconfigured and will not function as intended. C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast. D. The IPv6 universal/local flag (bit 7) was flipped. E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled.

How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry? A. by forwarding the packet B. by dropping the packet C. by creating a new FIB entry for the packet D. by looking in the routing table for an alternate FIB entry

The first routers would receive a packet, remove the Layer 2 information, and verify that the route exists for the destination IP address. If a matching route could not be found, the packet was dropped. If a matching route was found, the router would identify it and add new Layer 2 information to the packet. The Layer 2 source address would be the router's outbound interface, and the destination information would be next hop's Layer 2 address.

An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters: mac address C601.420F.0007 subnet 2001:DB8:0:1::/64 Which IPv6 addresses should the engineer add to the documentation? A. 2001:DB8:0:1:C601:42FF:FE0F:7 B. 2001:DB8:0:1:FFFF:C601:420F:7 C. 2001:DB8:0:1:FE80:C601:420F:7 D. 2001:DB8:0:1:C601:42FE:800F:7

The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address. In this question, the MAC address C601.420F.0007 is divided into two 24-bit parts, which are "C60142" (OUI) and "0F0007" (NIC). Then "FFFE" is inserted in the middle. Therefore we have the address: C601.42FF.FE0F.0007. Then, according to the RFC 3513 we need to invert the Universal/Local bit ("U/L" bit) in the 7th position of the first octet. The "u" bit is set to 1 to indicate Universal, and it is set to zero (0) to indicate local scope. In this case we don't need to set this bit to 1 because it is already 1 (C6 = 11000110). Therefore with the subnet of 2001:DB8:0:1::/64, the full IPv6 address is 2001:DB8:0:1:C601:42FF:FE0F:7/64

What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log router (config)#access-list 101 permit ip any any router (config)#interface fastEthernet 1/0 router (config-if)#ip access-group 101 in A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0- 172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts. B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet. C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts. D. It prevents private internal addresses to be accessed directly from outside.

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) We will refer to the first block as "24-bit block", the second as "20-bit block", and to the third as "16-bit" block. Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 256 contiguous class C network numbers.

What is a function of NPTv6? A. It interferes with encryption of the full IP payload. B. It maintains a per-node state. C. It is checksum-neutral. D. It rewrites transport layer headers.

The NPTv6 mapping translations that the firewall performs are checksum-neutral, meaning that "... they result in IP headers that will generate the same IPv6 pseudo-header checksum when the checksum is calculated using the standard Internet checksum algorithm [ RFC 1071 ]." See RFC 6296, Section 2.6, for more information about checksum-neutral mapping. If you are using NPTv6 to perform destination NAT, you can provide the internal IPv6 address and the external prefix/prefix length of the firewall interface in the syntax of the test nptv6 CLI command. The CLI responds with the checksum-neutral, public IPv6 address to use in your NPTv6 configuration to reach that destination.

To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security level. What effect does this action have on the SNMP messages? A. They become unauthenticated and unencrypted. B. They become authenticated and unencrypted. C. They become authenticated and encrypted. D. They become unauthenticated and encrypted.

Which two actions must you perform to enable and use window scaling on a router? (Choose two.) A. Execute the command ip tcp window-size 65536. B. Set window scaling to be used on the remote host. C. Execute the command ip tcp queuemax. D. Set TCP options to "enabled" on the remote host. E. Execute the command ip tcp adjust-mss.

The TCP Window Scaling feature adds support for the Window Scaling option in RFC 1323, TCP Extensions for High Performance . A larger window size is recommended to improve TCP performance in network paths with large bandwidth-delay product characteristics that are called Long Fat Networks (LFNs). The TCP Window Scaling enhancement provides that support. The window scaling extension in Cisco IOS software expands the definition of the TCP window to 32 bits and then uses a scale factor to carry this 32-bit value in the 16-bit window field of the TCP header. The window size can increase to a scale factor of 14. Typical applications use a scale factor of 3 when deployed in LFNs. The TCP Window Scaling feature complies with RFC 1323. The maximum window size was increased to 1,073,741,823 bytes. The larger scalable window size will allow TCP to perform better over LFNs. Use the ip tcp window-size command in global configuration mode to configure the TCP window size.

What are the three modes of Unicast Reverse Path Forwarding? A. strict mode, loose mode, and VRF mode B. strict mode, loose mode, and broadcast mode C. strict mode, broadcast mode, and VRF mode D. broadcast mode, loose mode, and VRF mode

The Unicast Reverse Path Forwarding feature (Unicast RPF) helps the network guard against malformed or "spoofed" IP packets passing through a router. A spoofed IP address is one that is manipulated to have a forged IP source address. Unicast RPF enables the administrator to drop packets that lack a verifiable source IP address at the router. Unicast RPF is enabled on a router interface. When this feature is enabled, the router checks packets that arrive inbound on the interface to see whether the source address matches the receiving interface. Cisco Express Forwarding (CEF) is required on the router because the Forwarding Information Base (FIB) is the mechanism checked for the interface match. Unicast RPF works in one of three different modes: + Strict mode: router will perform two checks for all incoming packets on a certain interface. First check is if the router has a matching entry for the source in the routing table. Second check is if the router uses the same interface to reach this source as where it received this packet on. + Loose mode: only check if the router has a matching entry for the source in the routing table + VRF mode: leverage either loose or strict mode in a given VRF and will evaluate an incoming packet's source IP address against the VRF table configured for an eBGP neighbor.

A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario? A. The command access-list 1 defines interesting traffic that is allowed through the tunnel. B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface. C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel. D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.

The command "ip nat inside source list 1 int s0/0 overload" translates all source addresses that pass access list 1, which means all the IP addresses, into an address assigned to S0/0 interface. Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.

A network engineer executes the "ipv6 flowset" command. What is the result? A. Flow-label marking in 1280-byte or larger packets is enabled. B. Flow-set marking in 1280-byte or larger packets is enabled. C. IPv6 PMTU is enabled on the router. D. IPv6 flow control is enabled on the router.

The command "ipv6 flowset" allows the device to track destinations to which the device has sent packets that are 1280 bytes or larger.

Refer to the following configuration command. router (config-line)# ntp master 10 Which statement about this command is true? A. The router acts as an authoritative NTP clock and allows only 10 NTP client connections. B. The router acts as an authoritative NTP clock at stratum 10. C. The router acts as an authoritative NTP clock with a priority number of 10. D. The router acts as an authoritative NTP clock for 10 minutes only.

The command "ntp master [stratum]" is used to configure the device as an authoritative NTP server. You can specify a different stratum level from which NTP clients get their time synchronized. The range is from 1 to 15. The stratum levels define the distance from the reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard. A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server... A stratum server may also peer with other stratum servers at the same level to provide more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers).

Prefix Next Hop Interface 0.0.0.0/0 192.168.201.1 Fa0/0 192.168.201.1/0 192.168.201.1 Fa0/0 Based on this FIB table, which statement is correct? A. There is no default gateway. B. The IP address of the router on FastEthernet is 209.168.201.1. C. The gateway of last resort is 192.168.201.1. D. The router will listen for all multicast traffic.

The command "show ip cef" is used to display the CEF Forwarding Information Base (FIB) table. There are some entries we want to explain: + If the "Next Hop" field of a network prefix is set to receive, the entry represents an IP address on one of the router's interfaces. In this case, 192.168.201.2 and 192.168.201.31 are IP addresses assigned to interfaces on the local router. + If the "Next Hop" field of a network prefix is set to attached, the entry represents a network to which the router is directly attached. In this case the prefix 192.168.201.0/27 is a network directly attached to router R2's Fa0/0 interface. But there are some special cases: + The all-0s host addresses (for example, 192.168.201.0/32) and the all-1s host addresses (not have in the output above but for example, 192.168.201.255/32) also show as receive entries. + 255.255.255.255/32 is the local broadcast address for a subnet + 0.0.0.0/32: maybe it is a reserved link-local address + 0.0.0.0/0: This is the default route that matching all other addresses (also known as "gateway of last resort"). In this case it points to 192.168.201.1 -> Answer C is correct.

An engineer executes the ip flow ingress command in interface configuration mode. What is the result of this action? A. It enables the collection of IP flow samples arriving to the interface. B. It enables the collection of IP flow samples leaving the interface. C. It enables IP flow while disabling IP CEF on the interface. D. It enables IP flow collection on the physical interface and its subinterfaces.

The following is an example of configuring an interface to capture flows into the NetFlow cache. CEF followed by NetFlow flow capture is configured on the interface: Router(config)# ip cef Router(config)# interface ethernet 1/0 Router(config-if)# ip flow ingress or Router(config-if)# ip route-cache flow Note: Either ip flow ingress or ip route-cache flow command can be used depending on the Cisco IOS Software version. Ip flow ingress is available in Cisco IOS Software Release 12.2(15)T or above.

A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see? A. connectionless-oriented B. service-oriented C. connection-oriented D. application-oriented

The keyword "tcp-connect" enables the responder for TCP connect operations. TCP is a connection-oriented transport layer protocol -> C is correct.

Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24? A. 10.9.1.0/24 B. 10.8.0.0/24 C. 10.8.0.0/16 D. 10.8.0.0/23

The prefix-list "ip prefix-list name permit 10.8.0.0/16 ge 24 le 24" means + Check the first 16 bits of the prefix. It must be 10.8 + The subnet mask must be greater or equal 24 + The subnet mask must be less than or equal 24 -> The subnet mask must be exactly 24 Therefore the suitable prefix that is matched by above ip prefix-list should be 10.8.x.x/24

Refer to the exhibit. Sampler: mysampler, id: 1, packets matched: 10, mode: random sampling mode Which statement about the output of the show flow-sampler command is true? A. The sampler matched 10 packets, each packet randomly chosen from every group of 100 packets. B. The sampler matched 10 packets, one packet every 100 packets. C. The sampler matched 10 packets, each one randomly chosen from every 100-second interval. D. The sampler matched 10 packets, one packet every 100 seconds.

The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode, incoming packets are randomly selected so that one out of each n sequential packets is selected on average for NetFlow processing. For example, if you set the sampling rate to 1 out of 100 packets, then NetFlow might sample the 5th, 120th, 299th, 302nd, and so on packets. This sample configuration provides NetFlow data on 1 percent of total traffic. The n value is a parameter from 1 to 65535 packets that you can configure. In the above output we can learn the number of packets that has been sampled is 10. The sampling mode is "random sampling mode" and sampling interval is 100 (NetFlow samples 1 out of 100 packets).

Which type of traffic does DHCP snooping drop? A. discover messages B. DHCP messages where the source MAC and client MAC do not match C. traffic from a trusted DHCP server to client D. DHCP messages where the destination MAC and client MAC do not match

The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped): + The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall. + The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on. + The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received. + The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.

A router receives a routing advertisement for the same prefix and subnet from four different routing protocols. Which advertisement is installed in the routing table? A. RIP B. OSPF C. iBGP D. EIGRP

The table below lists the default administrative distance values of popular routing protocols: Routing Protocols Default Administrative Distance EIGRP 90 OSPF 110 RIP 120 eBGP 20 iBGP 200 Connected interface 0 Static route 1

When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication? A. username B. password C. community-string D. encryption-key

There are three SNMP security levels (for SNMPv1, SNMPv2c, and SNMPv3): + noAuthNoPriv: Security level that does not provide authentication or encryption. + authNoPriv: Security level that provides authentication but does not provide encryption. + authPriv: Security level that provides both authentication and encryption. For SNMPv3, "noAuthNoPriv" level uses a username match for authentication.

A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner? A. PAP B. dot1x C. IPsec D. CHAP E. ESP

There are three authentication methods that can be used to authenticate a PPPoE connection: + CHAP - Challenge Handshake Authentication Protocol + MS-CHAP - Microsoft Challenge Handshake Authentication Protocol Version 1 & 2 + PAP - Password Authentication Protocol In which MS-CHAP & CHAP are two encrypted authentication protocol while PAP is unencrypted authentication protocol. Note: PAP authentication involves a two-way handshake where the username and password are sent across the link in clear text; hence, PAP authentication does not provide any protection against playback and line sniffing. With CHAP, the server (authenticator) sends a challenge to the remote access client. The client uses a hash algorithm (also known as a hash function) to compute a Message Digest-5 (MD5) hash result based on the challenge and a hash result computed from the user's password. The client sends the MD5 hash result to the server. The server, which also has access to the hash result of the user's password, performs the same calculation using the hash algorithm and compares the result to the one sent by the client. If the results match, the credentials of the remote access client are considered authentic. A hash algorithm provides one-way encryption, which means that calculating the hash result for a data block is easy, but determining the original data block from the hash result is mathematically infeasible.

Which PPP authentication method sends authentication information in cleartext? A. MS CHAP B. CDPCP C. CHAP D. PAP

A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered: switch#show flow exporter Flow_Exporter-1 What is the expected output? A. configuration of the specified flow exporter B. current status of the specified flow exporter C. status and statistics of the specified flow monitor D. configuration of the specified flow monitor

This command is used to display the current status of the specific flow exporter, in this case Flow_Exporter-1. For example N7K1# show flow export Flow exporter Flow_Exporter-1: Description: Fluke Collector Destination: 10.255.255.100 VRF: default (1) Destination UDP Port 2055 Source Interface Vlan10 (10.10.10.5) Export Version 9 Exporter Statistics Number of Flow Records Exported 726 Number of Templates Exported 1 Number of Export Packets Sent 37 Number of Export Bytes Sent 38712 Number of Destination Unreachable Events 0 Number of No Buffer Events 0 Number of Packets Dropped (No Route to Host) 0 Number of Packets Dropped (other) 0 Number of Packets Dropped (LC to RP Error) 0 Number of Packets Dropped (Output Drops) 0 Time statistics were last cleared: Thu Feb 15 21:12:06 2015

A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output? (Choose three.) A. inbound crypto map B. remaining key lifetime C. path MTU D. tagged packets E. untagged packets F. invalid identity packets

This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below: Router#show crypto ipsec sa interface: FastEthernet0 Crypto map tag: test, local addr. 12.1.1.1 local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0) current_peer: 12.1.1.2 PERMIT, flags={origin_is_acl,} #pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918 #pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0, #send errors 1, #recv errors 0 local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2 path mtu 1500, media mtu 1500 current outbound spi: 3D3 inbound esp sas: spi: 0x136A010F(325714191) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 3442, flow_id: 1443, crypto map: test sa timing: remaining key lifetime (k/sec): (4608000/52) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: inbound pcp sas: outbound esp sas: spi: 0x3D3(979) transform: esp-3des esp-md5-hmac , in use settings ={Tunnel, } slot: 0, conn id: 3443, flow_id: 1444, crypto map: test sa timing: remaining key lifetime (k/sec): (4608000/52) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs. Note: Maybe "inbound crypto map" here mentions about crypto map name.

A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same VRF. At a later time, a new loopback is added to Router 1, but it cannot ping any of the existing interfaces. Which two configurations enable the local or remote router to ping the loopback from any existing interface? (Choose two.) A. adding a static route for the VRF that points to the global route table B. adding the loopback to the VRF C. adding dynamic routing between the two routers and advertising the loopback D. adding the IP address of the loopback to the export route targets for the VRF E. adding a static route for the VRF that points to the loopback interface F. adding all interfaces to the global and VRF routing tables

This question is not clear because we have to configure a static route pointing to the global routing table while it stated that "all interfaces are in the same VRF". But we should understand both outside and inside interfaces want to ping the loopback interface.

A network engineer is trying to modify an existing active NAT configuration on an IOS router by using the following command: (config)# no ip nat pool dynamic-nat-pool 192.1.1.20 192.1.1.254 netmask 255.255.255.0 Upon entering the command on the IOS router, the following message is seen on the console: %Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy What is the least impactful method that the engineer can use to modify the existing IP NAT configuration? A. Clear the IP NAT translations using the clear ip nat traffic * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. B. Clear the IP NAT translations using the clear ip nat translation * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. C. Clear the IP NAT translations using the reload command on the router, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. D. Clear the IP NAT translations using the clear ip nat table * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic.

This solution involves clearing the IP NAT translations using the clear ip nat translation command, and then replacing the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. To do this, create a script with the configuration commands written in a text format. For example: clear ip nat translation * config terminal no ip nat pool old pool name ip nat pool new pool ....... Once you have the script, cut and paste the script into the router enable mode (Router#). Note: This may take more than one try since it is still possible that the router will create a translation after the translation has been cleared.

A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites? A. interface Tunnel0 bandwidth 1536 ip address 209.165.200.230 255.255.255.224 tunnel source Serial0/0 tunnel mode gre multipoint B. interface fa0/0 bandwidth 1536 ip address 209.165.200.230 255.255.255.224 tunnel mode gre multipoint C. interface Tunnel0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source 209.165.201.1 tunnel-mode dynamic D. interface fa 0/0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source 192.168.161.2 tunnel destination 209.165.201.1 tunnel-mode dynamic

To allow communication to multiple sites using only one tunnel interface, we need to configure that tunnel in "multipoint" mode. Otherwise we have to create many tunnel interfaces, each can only communicate to one site.

A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this? A. router(config-if)#ip helper-address 172.20.14.225 B. router(config-if)#udp helper-address 172.20.14.225 C. router(config-if)#ip udp helper-address 172.20.14.225 D. router(config-if)#ip helper-address 172.20.14.225 69 53 49

To let a router forward broadcast packet the command ip helper-address can be used. The broadcasts will be forwarded to the unicast address which is specified with the ip helper command.ip helper-address {ip address}When configuring the ip helper-address command, the following broadcast packets will be forwarded by the router by default: • TFTP - UDP port 69 • Domain Name System (DNS) - UDP port 53 • Time service - port 37 • NetBIOS Name Server - port 137 • NetBIOS Datagram Server - port 138 • Bootstrap Protocol (BOOTP) - port 67 • TACACS - UDP port 49

Refer to the following command: router(config)# ip http secure-port 4433 Which statement is true? A. The router will listen on port 4433 for HTTPS traffic. B. The router will listen on port 4433 for HTTP traffic. C. The router will never accept any HTTP and HTTPS traffic. D. The router will listen to HTTP and HTTP traffic on port 4433.

To set the secure HTTP (HTTPS) server port number for listening, use the ip http secure-port command in global configuration mode. To return the HTTPS server port number to the default, use the no form of this command. ip http secure-port port-number no ip http secure-port

What is the default OSPF hello interval on a Frame Relay point-to-point network? A. 10 B. 20 C. 30 D. 40

When saying "Frame Relay point-to-point" network, it means "Frame Relay subinterfaces" run "point-to-point". Notice that Frame Relay subinterfaces can run in two modes: + Point-to-Point: When a Frame Relay point-to-point subinterface is configured, the subinterface emulates a point-to-point network and OSPF treats it as a point-to-point network type + Multipoint: When a Frame Relay multipoint subinterface is configured, OSPF treats this subinterface as an NBMA network type. And there are 4 network types which can be configured with OSPF. The hello & dead intervals of these types are listed below: Network Type Hello Interval (secs) Dead Interval (secs) Point-to-Point 10 40 Point-to-Multipoint 30 120 Broadcast 10 40 Non-Broadcast 30 120 Therefore the default OSPF hello interval on a Frame Relay point-to-point network is 10 seconds.

Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFv3. The networks that are advertised from Router A do not show up in Router B's routing table. After debugging IPv6 packets, the message "not a router" is found in the output. Why is the routing information not being learned by Router B? A. OSPFv3 timers were adjusted for fast convergence. B. The networks were not advertised properly under the OSPFv3 process. C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A. D. IPv6 unicast routing is not enabled on Router A or Router B.

You must enable ipv6 globally using the command (config)# ipv6 unicast-routing , and you must configure an IPv6 address on an interface by using the ipv6 address <address> command. In Cisco IOS Release 12.2(11)T or earlier releases, IPv6 supports only process switching for packet forwarding.The CEF and distributed CEF are supported in later IOS releases.

CCNP Route 116

Kaugnay na mga set ng pag-aaral

Gateway Exam 2

CompensationMGMT Quiz 12

Human Evolutionary Biology - Final Exam

QMB 3602 Module 6 HW

Microbiology Quiz 3 Review

360 exam ch5-8

Steele CH 11

251 Specialized Traffic Enforcement

Viruses, Viroids, and prions

Consumer behavior chp 15(exam 2)

MGT 4950 Chapter 5

Ch 2 - Hardware & Materials

RN Nutrition Online Practice 2019 A

IMS Final (7,8,12,13,14)

480 Quiz Questions

FIN 323 Chapter 5 Homework Practice for Exam

spigel "white flight"

Developmental stages

LEED GA - Study Guide

C234 (2nd set)