Topic 6: MC

Question No : 492 - Topic 6 Which statement describes Cisco PfR link groups? A. Link groups enable Cisco PfR Fast Reroute when NetFlow is enabled on the external interfaces of the border routers.

Answer : A B. Link groups define a strict or loose hop-by-hop path pReference: C. Link groups are required only when Cisco PfR is configured to load-balance all traffic. D. Link groups are enabled automatically when Cisco PfR is in Fast Reroute mode. E. Link groups set a preference for primary and fallback (backup) external exit interfaces. Answer: E Explanation: The Performance Routing - Link Groups feature introduced the ability to define a group of exit links as a preferred set of links, or a fallback set of links for PfR to use when optimizing traffic classes specified in an PfR policy. PfR currently selects the best link for a traffic class based on the preferences specified in a policy and the traffic class performanceusing parameters such as reachability, delay, loss, jitter or MOSon a path out of the specified link. Reference: http://www.cisco.com/c/en/us/td/docs/ios/pfr/configuration/guide/15_1/pfr_15_1_book/pfr- link-group.html

Question No : 485 - Topic 6 In the DiffServ model, which class represents the lowest priority with the lowest drop probability? A. AF11 B. AF13 C. AF41 D. AF43

Answer : A Explanation: Assured Forwarding (AF) Behavior Group Class 1 Class 2 Class 3 Class 4 Low Drop AF11 (DSCP 10) AF21 (DSCP 18) AF31 (DSCP 26) AF41 (DSCP 34) Med Drop AF12 (DSCP 12) AF22 (DSCP 20) AF32 (DSCP 28) AF42 (DSCP 36) High Drop AF13 (DSCP 14) AF23 (DSCP 22) AF33 (DSCP 30) AF43 (DSCP 38) Reference: http://en.wikipedia.org/wiki/Differentiated_services

Question No : 528 - Topic 6 Which statement about shaped round robin queuing is true? A. Queues with higher configured weights are serviced first. B. The device waits a period of time, set by the configured weight, before servicing the next queue. C. The device services a single queue completely before moving on to the next queue. D. Shaped mode is available on both the ingress and egress queues.

Answer : A Explanation: SRR is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only available on the egress queues SRR differs from typical WRR. With WRR queues are serviced based on the weight. Q1 is serviced for weight 1 period of time, Q2 is served for weight 2 period of time, and so forth. The servicing mechanism works by moving from queue to queue and services them for the weighted amount of time. With SRR weights are still followed; however, SRR services Q1, moves to Q2, then Q3 and Q4 in a different way. It does not wait at and service each queue for a weighted amount of time before moving on to the next queue. Instead, SRR makes several rapid passes at the queues; in each pass, each queue might or might not be serviced. For each given pass, the more highly weighted queues are more likely to be serviced than the lower priority queues. Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-e- series-switches/prod_qas0900aecd805bacc7.html

Question No : 533 - Topic 6 A configuration includes the line ip nbar port-map SSH tcp 22 23 443 8080. Which option describes the effect of this configuration line? A. It configures NBAR to search for SSH using ports 22, 23, 443, and 8080. B. It configures NBAR to allow SSH connections only on ports 22, 23, 443, and 8080. C. It enables NBAR to inspect for SSH connections. D. It creates a custom NBAR port-map named SSH and associates TCP ports 22, 23, 443, and 8080 to itself.

Answer : A Explanation: The ip nbar-port-map command configures NBAR to search for a protocol or protocol name using a port number other than the well-known port. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/command/reference/fqos_r/qrfcmd10.pd

Question No : 536 - Topic 6 You are installing a new device to replace a device that failed. The configuration of the failed device is stored on a networked server, and the new device has an RXBOOT image installed. Under which condition does the streamlined Setup mode fail? A. The last four bits of the configuration register are not equal to the decimal value 0 or 1. B. The startup configuration file was deleted. C. Bit 6 is set in the configuration register. D. The startup configuration is corrupt.

Answer : A Explanation: The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field. The boot field determines if the router boots manually, from ROM, or from Flash or the network. To change the boot field value and leave all other bits set to their default values, follow these guidelines: If you set the configuration register boot field value to 0x0, you must boot the operating system manually with the boot command. If you set the configuration register boot field value to 0x1, the router boots using the default ROM software. If you set the configuration register boot field to any value from 0x2 to 0xF, the router uses the boot field value to form a default boot filename for booting from a network server. For more information about the configuration register bit settings and default filenames, refer to the appropriate router hardware installation guide. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf010. html

Question No : 525 - Topic 6 Which configuration sets a minimum quality of service on a Layer 2 access switch? A. mls qos cos override mls qos cos 2 B. mls qos cos 2 C. mls qos trust cos mls qos cos 2 D. mls qos trust cos E. mls qos trust dscp

Answer : A Explanation: The mls qos cos override interface command must be used to ensure that untrusted CoS values are explicitly set 0 (default). Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/Qo S-SRND-Book/QoSDesign.html

Question No : 494 - Topic 6 Which two actions can you take to allow the greatest number of pertinent packets to be stored in the temporary buffer of Cisco IOS Embedded Packet Capture? (Choose two.) A. Specify the sampling interval. B. Specify the capture buffer type. C. Specify a reflexive ACL. D. Specify the minimum packet capture rate. E. Specify the packet size. F. Store the capture simultaneously onto an external memory card as the capture occurs.

Answer : A,B Explanation: Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear) and the maximum number of bytes of each packet to capture. The packet capture rate can be throttled using further administrative controls. For example, options allow for filtering the packets to be captured using an Access Control List and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/xe- 3s/asr1000/epc-xe-3s-asr1000-book/nm-packet-capture-xe.html

Question No : 499 - Topic 6 Which two options are two characteristics of the HSRPv6 protocol? (Choose two.) A. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.0fff. B. It uses UDP port number 2029. C. It uses virtual MAC addresses 0005.73a0.0000 through 0005.73a0.ffff. D. It uses UDP port number 2920. E. If a link local IPv6 address is used, it must have a prefix. question_answerVIEW ANSWER SHOW COMMENTS 0

Answer : A,B Explanation: HSRP IPv6 Virtual MAC Address Range HSRP IPv6 uses a different virtual MAC address block than does HSRP for IP: 0005.73A0.0000 through 0005.73A0.0FFF (4096 addresses) HSRP IPv6 UDP Port Number Port number 2029 has been assigned to HSRP IPv6. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15- sy/fhp-15-sy-book/HSRP-for-IPv6.html

Question No : 523 - Topic 6 Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two.) A. NetFlow version 9 adds support for IPv6 headers. B. NetFlow version 9 adds support for MPLS labels. C. NetFlow version 9 adds support for the Type of Service field. D. NetFlow version 9 adds support for ICMP types and codes.

Answer : A,B Explanation: NetFlow version 9 includes support for all of these fields that version 5 supports and can optionally include additional information such as Multiprotocol Label Switching (MPLS) labels and IPv6 addresses and ports.

Question No : 471 - Topic 6 Which two hashing algorithms can be used when configuring SNMPv3? (Choose two.) A. MD5 B. SHA-1 C. Blowfish D. DES E. AES F. SSL

Answer : A,B Explanation: Note that SNMPv3 does not send passwords in clear-text and uses hash-based authentication with either MD5 or SHA1 functions (HMAC authentication the packet conted is hashed along with authentication key to produce the authentication string). Reference: http://blog.ine.com/2008/07/19/snmpv3-tutorial/

Question No : 524 - Topic 6 Which two tasks are required for configuring SNMP to send traps on a Cisco IOS device? (Choose two.) A. Create access controls for an SNMP community. B. Configure SNMP notifications. C. Configure the SNMP agent. D. Configure SNMP status monitoring and troubleshooting. E. Configure SNMP server group names. F. Configure the SNMP server engine ID.

Answer : A,B Explanation: The best current practices recommend applying Access Control Lists (ACLs) to community strings and ensuring that the requests community strings are not identical to notifications community strings. Access lists provide further protection when used in combination with other protective measures. This example sets up ACL to community string: access-list 1 permit 1.1.1.1 snmp-server community string1 ro 1 ✑ SNMP Notifications A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Unsolicited . Traps are messages alerting the SNMP manager to a condition on the network. Inform requests (informs) are traps that include a request for confirmation of receipt from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml#wp1007320

Question No : 489 - Topic 6 Which two statements about the client-identifier in a DHCP pool are true? (Choose two.) A. It specifies a unique identifier that is used only for DHCP requests. B. It is specified by appending 01 to the MAC address of a DHCP client. C. It specifies a hardware address for the client. D. It specifies a unique identifier that is used only for BOOTP requests. E. It requires that you specify the hardware protocol.

Answer : A,B Reference: Example: Device(dhcp-config)# client-identifier 01b7.0813.8811.66 Specifies the unique identifier for DHCP clients. This command is used for DHCP requests. DHCP clients require client identifiers. You can specify the unique identifier for the client in either of the following ways: A 7-byte dotted hexadecimal notation. For example, 01b7.0813.8811.66, where 01 represents the Ethernet media type and the remaining bytes represent the MAC address of the DHCP client. A 27-byte dotted hexadecimal notation. For example, 7665.6e64.6f72.2d30.3032.342e.3937.6230.2e33.3734.312d.4661.302f.31. The equivalent ASCII string for this hexadecimal value is vendor-0024.97b0.3741-fa0/1, where vendor represents the vendor, 0024.97b0.3741 represents the MAC address of the source interface, and fa0/1 represents the source interface of the DHCP client. See the Troubleshooting Tips section for information about how to determine the client identifier of the DHCP client. Note The identifier specified here is considered for a DHCP client that sends a client identifier in the packet. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15- mt/dhcp-15-mt-book/config-dhcp-server.html

Question No : 500 - Topic 6 Which three statements about implementing an application layer gateway in a network are true? (Choose three.) A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used. B. It maintains granular security over application-specific data. C. It allows synchronization between multiple streams of data between two hosts. D. Application layer gateway is used only in VoIP/SIP deployments. E. Client applications require additional configuration to use an application layer gateway. F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.

Answer : A,B,C Explanation: An ALG may offer the following functions: ✑ allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall rendering the network vulnerable to attacks on those ports. ✑ converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. This aspect introduces the term 'gateway' for an ALG. ✑ recognizing application-specific commands and offering granular security controls over them ✑ synchronizing between multiple streams/sessions of data between two hosts exchanging data. For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server. During large file transfers, the control connection may remain idle. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes. Reference: http://en.wikipedia.org/wiki/Application-level_gateway

Question No : 535 - Topic 6 Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.) A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used. B. It maintains granular security over application-specific data. C. It allows synchronization between multiple streams of data between two hosts. D. Application layer gateway is used only in VoIP/SIP deployments. E. Client applications require additional configuration to use an application layer gateway. F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.

Answer : A,B,C Explanation: An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These actions can be one or more of the following depending on your configuration of the firewall and NAT: ✑ Allow client applications to use dynamic TCP or UDP ports to communicate with the server application. ✑ Recognize application-specific commands and offer granular security control over them. ✑ Synchronize multiple streams or sessions of data between two hosts that are exchanging data. ✑ Translate the network-layer address information that is available in the application payload Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe- 3s/asr1000/nat-xe-3s-asr1k-book/fw-msrpc-supp.html

Question No : 507 - Topic 6 What are the three primary components of NetFlow? (Choose three.) A. Flow caching B. A flow collector C. The data analyzer D. Flow sequence numbers E. Cisco Express Forwarding F. Multicast

Answer : A,B,C Explanation: NetFlow includes three key components that perform the following capabilities: analyzes and collects IP data flows entering router or switch interfaces and prepares data for export. It enables the accumulation of data on flows with unique characteristics, such as IP addresses, application, and CoS. captures exported data from multiple routers and filters and aggregates the data according to customer policies, and then stores this summarized or aggregated data. Users can leverage Cisco NetFlow collector as a flow collector, or they can opt for a variety of third-party partner products. A Graphical user interface displays and analyzes NetFlow data collected from FlowCollector files. This allows users to complete near-real-time visualization or trending analysis of recorded and aggregated flow data. Users can specify the router and aggregation scheme and desired time interval. Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios- netflow/product_data_sheet0900aecd80173f71.html

Question No : 505 - Topic 6 Which three statements about GLBP are true? (Choose three.) A. It uses a virtual MAC address that starts with 0007.b4. B. It elects a single active virtual gateway to appoint and manage multiple active virtual forwarders. C. It allows the configured virtual IP address to be used on a physical interface as well. D. It uses a virtual MAC address that starts with 0070.4b. E. It elects multiple active virtual gateways to appoint and manage a single active virtual forwarder. F. Preemption is enabled for the configured active virtual gateway by default. question_answerVIEW ANSWER SHOW COMMENTS 0

Answer : A,B,C Explanation: The virtual MAC address in GLBP is 0007.b400.xxyy where xx is the GLBP group number and yy is the different number of each gateway (01, 02, 03). One of the routers in a GLBP group is elected as an AVG Active Virtual Gateway. There is only one active AVG in a group, and its task is to respond to ARP requests sent to the virtual gateway IP address replying different virtual MAC addresses in response packets. GLBP allows the configured virtual IP address to be used on a physical interface. By default, the GLBP gateway preemptive scheme is disabled. A backup virtual gateway can become the AVG only if the current AVG fails, regardless of the priorities assigned to the virtual gateways.

Question No : 515 - Topic 6 Which two statements about class maps are true? (Choose two.) A. As many as eight DSCP values can be included in a match dscp statement. B. The default parameter on a class map with more than one match command is match- any. C. The match class command can nest a class map within another class map. D. A policy map can be used to designate a protocol within a class map.

Answer : A,C Explanation: Answer A. ] (Optional) Identifies a specific IP differentiated service code point (DSCP) value as a match criterion. Up to eight DSCP values can be included in one match statement. Answer C. (Optional) Specifies the name of a traffic class to be used as a matching criterion (for nesting traffic class [nested class maps] within one another). Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfmcli2.html

Question No : 476 - Topic 6 Which two statements about logging are true? (Choose two.) A. Log messages are sent to the console port by default. B. Log messages are displayed in a Telnet session by default. C. Interface status changes are logged at the Notification level. D. Interface status changes are logged at the Informational level. E. System restart messages are logged at the Critical level. F. Reload requests are logged at the Notification level.

Answer : A,C Explanation: By default, switches send the output from system messages and debug privileged EXEC commands to a logging process. The logging process controls the distribution of logging messages to various destinations, such as the logging buffer, terminal lines, or a UNIX syslog server, depending on your configuration. The process also sends messages to the console. Table 29-3 Message Logging Level Keywords Level Keyword Level Description Syslog Definition emergencies System unstable LOG_EMERG alerts Immediate action needed LOG_ALERT critical Critical conditions LOG_CRIT errors Error conditions LOG_ERR warnings Warning conditions LOG_WARNING notifications Normal but significant condition LOG_NOTICE informational Informational messages only LOG_INFO debugging Debugging messages LOG_DEBUG The software generates four other categories of messages: Error messages about software or hardware malfunctions, displayed at levels warnings through emergencies. These types of messages mean that the functionality of the switch is affected. For information on how to recover from these malfunctions, see the system for this release. Output from the debug commands, displayed at the debugging level. Debug commands are typically used only by the Technical Assistance Center. Interface up or down transitions and system restart messages, displayed at the notifications level. This message is only for information; switch functionality is not affected. Reload requests and low-process stack messages, displayed at the informational level. This message is only for information; switch functionality is not affected. References: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12- 1_9_ea1/configuration/guide/scg/swlog.html http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12- 2_55_se/configuration/guid

Question No : 514 - Topic 6 Which statement about VRRP is true? A. It supports load balancing. B. It can be configured with HSRP on a switch or switch stack. C. It supports IPv4 and IPv6. D. It supports encrypted authentication.

Answer : B Explanation: VRRP Limitations ✑ You can configure both HSRP and VRRP on a switch or switch stack. However, you cannot add a switch model that supports only one protocol to a stack that is configured for both protocols. ✑ The VRRP implementation on the switch does not support the MIB specified in RFC 2787. ✑ The VRRP implementation on the switch supports only text -based authentication. ✑ The switch supports VRRP only for IPv4. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/1 2-2_58_se/configuration/guide/3750xscg/swhsrp.html#pgfId-1107127

Question No : 539 - Topic 6 Which two statements about the default router settings for SSH connections are true? (Choose two.) A. The default timeout value for the SSH negotiation phase is 120 seconds. B. Data is exchanged in clear text by default unless AAA authentication is enabled on the console. C. The default number of authentication retries is 3. D. SSH is enabled by default when you configure the username command.

Answer : A,C Explanation: ip ssh {timeout seconds | authentication-retries number} Configures the SSH control parameters: ✑ Specify the time-out value in seconds; the default is 120 seconds. The range is 0 to 120 seconds. This parameter applies to the SSH negotiation phase. After the connection is established, the Switch uses the default time-out values of the CLI- based sessions. By default, up to five simultaneous, encrypted SSH connections for multiple CLI-based sessions over the network are available (session 0 to session 4). After the execution shell starts, the CLI-based session time-out value returns to the default of 10 minutes. ✑ Specify the number of times that a client can re-authenticate to the server. The default is 3; the range is 0 to 5. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/secur ity/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01000.html

Question No : 495 - Topic 6 Which three protocols can use enhanced object tracking? (Choose three.) A. HSRP B. Proxy-ARP C. VRRP D. GLBP E. NTP F. DHCP

Answer : A,C,D Explanation: The Enhanced Object Tracking feature separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by other processes and HSRP. This feature allows tracking of other objects in addition to the interface line-protocol state. A client process such as HSRP, Virtual Router Redundancy Protocol (VRRP), or Gateway Load Balancing Protocol (GLBP), can register its interest in tracking objects and then be notified when the tracked object changes state. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/15-mt/iap- 15-mt-book/iap-eot.html

Question No : 483 - Topic 6 Which two statements about HSRP are true? (Choose two.) A. Its virtual MAC is 0000.0C07.Acxx. B. Its multicast virtual MAC is 0000.5E00.01xx. C. Its default configuration allows for pre-emption. D. It supports tracking. E. It supports unique virtual MAC addresses.

Answer : A,D Explanation: Default HSRP Configuration Feature Default Setting HSRP version Version 1 HSRP groups None configured Standby group number Standby MAC address is the HSRP group number Standby priority Standby delay 0 (no delay) Standby track interface priority Standby hello time 3 seconds Standby holdtime 10 seconds ✑ The standby track interface configuration command ties the router hot standby priority to the availability of its interfaces and is useful for tracking interfaces that are not configured for HSRP. When a tracked interface fails, the hot standby priority on the device on which tracking has been configured decreases by 10. If an interface is not tracked, its state changes do not affect the hot standby priority of the configured device. For each interface configured for hot standby, you can configure a separate list of interfaces to be tracked. ✑ The standby track interface-priority interface configuration command specifies how much to decrement the hot standby priority when a tracked interface goes down. When the interface comes back up, the priority is incremented by the same amount. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/1 2-2_55_se/configuration/guide/3750xscg/swhsrp.html

Question No : 477 - Topic 6 Which two statements about static NAT are true? (Choose two.) A. An outside local address maps to the same outside global IP address. B. An inside local address maps to a different inside global IP address. C. An outside local address maps to a different outside global IP address. D. An inside local address maps to the same inside global IP address.

Answer : A,D Explanation: Example found at the reference link below: Reference: http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation- nat/4606-8.html

Question No : 484 - Topic 6 Which two statements about SNMP traps are true? (Choose two.) A. They are sent by an agent after a specified event. B. They are sent when solicited after a specified event. C. They are equivalent to a community string. D. They provide solicited data to the manager. E. They are sent by a management station to an agent. F. Vendor-specific traps can be configured.

Answer : A,F Explanation: The SNMP agent contains MIB variables whose values the SNMP manager can request or change. A manager can get a value from an agent or store a value into the agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to a manager's requests to get or set data. An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Traps can mean improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP connection, loss of connection to a neighbor, or other significant events. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12- 2_55_se/configuration/guide/scg_2960/swsnmp.html

Question No : 513 - Topic 6 In the DiffServ model, which class represents the lowest priority with the highest drop probability? A. AF11 B. AF13 C. AF41 D. AF43

Answer : B Explanation: Assured Forwarding (AF) Behavior Group Class 1 Class 2 Class 3 Class 4 Low Drop AF11 (DSCP 10) AF21 (DSCP 18) AF31 (DSCP 26) AF41 (DSCP 34) Med Drop AF12 (DSCP 12) AF22 (DSCP 20) AF32 (DSCP 28) AF42 (DSCP 36) High Drop AF13 (DSCP 14) AF23 (DSCP 22) AF33 (DSCP 30) AF43 (DSCP 38) Reference: http://en.wikipedia.org/wiki/Differentiated_services

Question No : 522 - Topic 6 What is a reason to use DHCPv6 on a network that uses SLAAC? A. To get a record of the IPs that are used by the clients B. To push DNS and other information to the clients C. No reason, because there is no need for DHCPv6 when using SLAAC D. Because DHCPv6 can be used only in stateful mode with SLAAC to record the IPs of the clients E. Because DHCPv6 can be used only in stateless mode with SLAAC to record the IPs of the clients F. Because DHCPv6 is required to use first-hop security features on the switches

Answer : B Explanation: SLAAC is by far the easiest way to configure IPv6 addresses, simply because you dont have to configure any IPv6 address. With SLAAC, a host uses the IPv6 Neighbor Discovery Protocol (NDP) to determine its IP address and default routers. Using SLAAC, a host requests and listens for Router Advertisements (RA) messages, and then taking the prefix that is advertised to form a unique address that can be used on the network. For this to work, the prefix that is advertised must advertise a prefix length of 64 bits (i.e., /64). But the most significant of Stateless Address Autoconfiguration (SLAAC) is it provided no mechanism for configuring DNS resolver information.Therefore SLACC can be used along with DHCPv6 (Stateless) to push DNS and other information to the clients.

Question No : 493 - Topic 6 Which two options are actions that EEM can perform after detecting an event? (Choose two.) A. Place a port in err-disabled. B. Generate an SNMP trap. C. Reload the Cisco IOS Software. D. Send an SMS.

Answer : B,C Explanation: action snmp-trap To specify the action of generating a Simple Network Management Protocol (SNMP) trap when an Embedded Event Manager (EEM) applet is triggered, use the action snmp-trap command in applet configuration mode. ction reload To specify the action of reloading the Cisco IOS software when an Embedded Event Manager (EEM) applet is triggered, use the action reload command in applet configuration mode. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs_eem2.html

Question No : 478 - Topic 6 Which three actions are required when configuring NAT-PT? (Choose three.) A. Enable NAT-PT globally. B. Specify an IPv4-to-IPv6 translation. C. Specify an IPv6-to-IPv4 translation. D. Specify a ::/96 prefix that will map to an IPv4 address. E. Specify a ::/48 prefix that will map to a MAC address. F. Specify a ::/32 prefix that will map to an IPv6 address.

Answer : B,C,D Explanation: The detailed steps on configuring NAY-PT is found at the reference link below: Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/i p6-nat_trnsln.html

Question No : 540 - Topic 6 Which three message types are used for prefix delegation in DHCPv6? (Choose three.) A. DHCP Discover B. Renew C. Solicit D. DHCP Offer E. Advertise F. DHCP Ack

Answer : B,C,E Explanation: DHCPv6 Message Types For a client to get an IPv6 address successfully from a DHCPv6 server, the Client-Server Conversation happens using the following messages. Client--->Server Messages Server--->Client Messages Lets look at each message types in detail: SOLICIT This is the first step in DHCPv6, where a DHCPv6 client sends a Solicit message to locate DHCPv6 servers. ADVERTISE Message from the client, the DHCPv6 server sends an Advertise message to indicate that it is available for DHCP service, in response to a Solicit message received from a client. REQUEST This message is sent by the DHCPv6 client.Client sends a Request message to request configuration parameters which includes IP addresses or delegated prefixes, from a specific server. CONFIRM Confirm message is sent by the client to any available server in the network to confirm that the client is still on the same link or it has to be removed. This message also confirms the IPv6 addresses that are assigned to the link are still valid. This could happen in case when a client detects a change in link-layer connectivity or if the device is powered on and it is found that one or more leases are still valid. Note that only the prefix portion of the addresses are validated and not the actual leases. RENEW A client sends a Renew message to the server when it wants to extend the lifetimes on the addresses and other configuration parameters assigned to the client and also to update other configuration parameters. REBIND In case of No response from the DHCPv6 Server for the Renew message, the client sends a Rebind message to any available server to extend the lifetimes on the address and to update other configuration parameters. REPLY A Reply message is sent by the DHCPv6 Server in response to a Solicit, Request, Renew, Rebind message received from a client. The reply message is sent by the server in response to a confirm message (either confirming or denying) that the addresses assigned to the client are a

Question No : 512 - Topic 6 Which three options are components of an EEM CLI policy? (Choose three.) A. Safe-Tcl B. applet name C. Fast Tcl D. event E. action F. Tcl bytecode question_answerVIEW ANSWER

Answer : B,D,E Explanation: The Embedded Event Manager (EEM) monitors events that occur on your device and takes action to recover or troubleshoot these events, based on your configuration. EEM consists of three major components: Event statements Events to monitor from another Cisco NX-OS component that might require some action, workaround, or notification. Action statements An action that EEM can take, such as sending an e-mail, or disabling an interface, to recover from an event. Policies An applet name paired with one or more actions to troubleshoot or recover from the event. Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/system_manage ment/6x/b_5500_System_Mgmt_Config_6x/b_5500_System_Mgmt_Config_6x_chapter_01 0011.html

Question No : 503 - Topic 6 In a PfR environment, which two statements best describe the difference between active mode monitoring and fast mode monitoring? (Choose two.) A. Active mode monitoring can monitor and measure actual traffic via NetFlow data collection. B. Fast mode monitoring can measure bursty traffic better than active mode. C. Active mode monitoring uses IP SLA probes for the purpose of obtaining performance characteristics of the current WAN exit link. D. Fast mode monitoring uses IP SLA probes via all valid exits continuously to quickly determine an alternate exit link.

Answer : C,D Explanation: Active Monitoring PfR uses Cisco IOS IP Service Level Agreements (SLAs) to enable active monitoring. IP SLAs support is enabled by default. IP SLAs support allows PfR to be configured to send active probes to target IP addresses to measure the jitter and delay, determining if a prefix is out-of-policy and if the best exit is selected. The border router collects these performance statistics from the active probe and transmits this information to the master controller. Fast Failover Monitoring Fast failover monitoring enables passive and active monitoring and sets the active probes to continuously monitor all the exits (probe-all). Fast failover monitoring can be used with all types of active probes: Internet Control Message Protocol (ICMP) echo, jitter, TCP connection, and UDP echo. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/pfr/command/pfr-cr-book/pfr- s1.html

Question No : 496 - Topic 6 Which two statements about the default SNMP configuration are true? (Choose two.) A. The SNMP agent is enabled. B. The SNMP trap receiver is configured. C. All SNMP notification types are sent. D. SNMPv1 is the default version. E. SNMPv3 is the default version.

Answer : C,D Explanation: Default SNMP Configuration Feature Default Setting SNMP agent Enabled SNMP community strings Read-Only: Public Read-WritE. Private Read-Write-all: Secret SNMP trap receiver None configured SNMP traps None enabled SNMP version If no version keyword is present, the default is version 1. SNMPv3 authentication If no keyword is entered, the default is the noauth (noAuthNoPriv) security level. SNMP notification type If no type is specified, all notifications are sent. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12- 1_19_ea1/configuration/guide/2950scg/swsnmp.html

Question No : 472 - Topic 6 Which two statements about NPTv6 are true? (Choose two.) A. The translation is invisible to applications that hard code IP information within the application logic. B. It is a one-way stateful translation for the IPv6 address. C. Translation is 1:1 at the network layer. D. It is a two-way stateless translation for the network prefix.

Answer : C,D Explanation: This document describes a stateless, transport-agnostic IPv6-to-IPv6 Network Prefix Translation (NPTv6) function that provides the address-independence benefit associated with IPv4-to-IPv4 NAT (NAPT44) and provides a 1:1 relationship between addresses in the "inside" and "outside" prefixes, preserving end-to-end reachability at the network layer NPTv6 Translation is stateless, so a "reset" or brief outage of an NPTv6 Translator does not break connections that traverse the translation function, and if multiple NPTv6 Translators exist between the same two networks, the load can shift or be dynamically load shared among them. NPTv6 is defined to include a two-way, checksum-neutral, algorithmic translation function, and nothing else. Reference: https://tools.ietf.org/html/rfc6296

Question No : 530 - Topic 6 Which two statements best describe the difference between active mode monitoring and passive mode monitoring? (Choose two.) A. Passive mode monitoring uses IP SLA to generate probes for the purpose of obtaining information regarding the characteristics of the WAN links. B. Active mode monitoring is the act of Cisco PfR gathering information on user packets assembled into flows by NetfFow. C. Active mode monitoring uses IP SLA probes for obtaining performance characteristics of the current exit WAN link. D. Passive mode monitoring uses NetFlow for obtaining performance characteristics of the exit WAN links.

Answer : C,D Explanation: ✑ Passive and Active Monitoring Passive monitoring is the act of OER gathering information on user packets assembled into flows by NetFlow. OER, when enabled, automatically enables NetFlow on the managed interfaces on the border routers. By aggregating this information on the border routers and periodically reporting the collected data to the master controller, the network prefixes and applications in use can automatically be learned. Additionally, attributes like throughput, reachability, loading, packet loss, and latency can be deduced from the collected flows. Active monitoring is the act of generating IP SLA probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. Active probes can either be implicitly generated by OER when passive monitoring has identified destination hosts, or explicitly configured by the network manager in the OER configuration. Reference: http://products.mcisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/Transport_div ersity/Transport_Diversity_PfR.html#wp199209

Question No : 486 - Topic 6 Which three factors does Cisco PfR use to calculate the best exit path? (Choose three.) A. quality of service B. packet size C. delay D. loss E. reachability F. administrative distance

Answer : C,D,E Explanation: Cisco PfR selects an egress or ingress WAN path based on parameters that affect application performance, including reachability, delay, cost, jitter, and Mean Opinion Score (MOS). Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os- software/performance-routing-pfr/product_data_sheet0900aecd806c4ee4.html

Question No : 529 - Topic 6 On which three options can Cisco PfR base its traffic routing? (Choose three.) A. Time of day B. An access list with permit or deny statements C. Load-balancing requirements D. Network performance E. User-defined link capacity thresholds F. Router IOS version

Answer : C,D,E Explanation: Key Advantages of using PfR for Load balancing: ✑ Utilization based load-balancing: PfR takes real-time link utilization into account when load balancing the links. This will ensure that a link will not go beyond a certain percentage of its maximum capacity (75% by default). ✑ Application Performance based Load Balancing: PfR does not randomly forward traffic through one link or another. It takes application performance requirements into consideration and then forwards the traffic through a link which meets the performance policy requirements. PfR also load balances the link at the same time. ✑ Bi-directional Solution: PfR is a bi-directional load balancing solution which influences outbound as well as in-bound traffic. ✑ Consolidated Centralized View: PfR offers consolidated and centralized view of the state of all external links in the network. At any given time, the network administrator can see the current link utilization (in kbps and percentage of its capacity), maximum link threshold, and the policies applied to the links in the network. Reference: http://docwiki.cisco.com/wiki/PfR:Solutions:InternetOutboundLoadBalancing

Question No : 547 - Topic 6 Which three modes are valid PfR monitoring modes of operation? (Choose three.) A. route monitor mode (based on BGP route changes) B. RMON mode (based on RMONv1 and RMONv2 data) C. passive mode (based on NetFlow data) D. active mode (based on Cisco IP SLA probes) E. fast mode (based on Cisco IP SLA probes) F. passive mode (based on Cisco IP SLA probes)

Answer : C,D,E Explanation: Modes are: Mode monitor passive Passive monitoring is the act of PfR gathering information on user packets assembled into flows by Netflow. Passive monitoring is typically only recommended in Internet edge deployments because active probing is ineffective because of security policies that block probing. PfR, when enabled, automatically enables Netflow on the managed interfaces on the Border Routers. By aggregating this information on the Border Routers and periodically reporting the collected data to the Master Controller, the network prefixes and applications in use can automatically be learned. Mode monitor active Active monitoring is the act of generating Cisco IOS IP Service Level Agreements (SLAs) probes to generate test traffic for the purpose of obtaining information regarding the characteristics of the WAN links. PfR can either implicitly generates active probes when passive monitoring has identified destination hosts, or the network manager can explicitly configured probes in the PfR configuration. When jitter probes are used (common use case), Target Discovery is used to learn the respond address and to automatically generate the probes. Mode monitor Fast This mode generates active probes through all exists continuously at the configured probe frequency. This differs from either active or both modes in that these modes only generate probes through alternate paths (exits) in the event the current path is out-of-policy. Reference: http://docwiki.cisco.com/wiki/PfR:Technology_Overview#Mode_monitor_passive

Question No : 548 - Topic 6 For which three routing protocols can Cisco PfR provide direct route control? (Choose three.) A. OSPF B. IS-IS C. BGP D. EIGRP E. static routing F. ODR

Answer : C,D,E Explanation: Q. Can you elaborate more on the Parent Route and why it's so important to PfR? A. Yes. For any route that PfR modifies or controls (BGP, Static, PIRO, EIGRP, PBR), having a Parent prefix in the routing table eliminates the possibility of a routing loop occurring. This is naturally a good thing to prevent in routed networks. Reference: http://docwiki.cisco.com/wiki/Performance_Routing_FAQs#Route_Control Topic 7, Mix Questions

Question No : 532 - Topic 6 Which two statements about NetFlow are true? (Choose two.) A. It must be configured on each router in a network. B. It supports ATM LAN emulation. C. The existing network is unaware that NetFlow is running. D. It uses SIP to establish sessions between neighbors. E. It provides resource utilization accounting.

Answer : C,E Explanation: NetFlow identifies packet flows for both ingress and egress IP packets. It does not involve any connection-setup protocol, either between routers or to any other networking device or end station. NetFlow does not require any change externally--either to the packets themselves or to any networking device. NetFlow is completely transparent to the existing network, including end stations and application software and network devices like LAN switches. Also, NetFlow capture and export are performed independently on each internetworking device; NetFlow need not be operational on each router in the network. NetFlow data provides fine-grained metering for highly flexible and detailed resource utilization accounting. For example, flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service, and application ports. Service providers might utilize the information for billing based on time-of-day, bandwidth usage, application usage, or quality of service. Enterprise customers might utilize the information for departmental chargeback or cost allocation for resource utilization. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/12-4t/nf- 12-4t-book/ios-netflow-ov.html

Question No : 508 - Topic 6 In the DiffServ model, which class represents the highest priority with the highest drop probability? A. AF11 B. AF13 C. AF41 D. AF43

Answer : D Explanation: AF43 Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence. Table of AF Classes and Drop Priority Drop Precedence Class 1 Class 2 Class 3 Class 4 Low drop AF11 DSCP 10 001010 AF21 DSCP 18 010010 AF31 DSCP 26 011010 AF41 DSCP 34 100010 Medium drop AF12 DSCP 12 001100 AF22 DSCP 20 010100 AF32 DSCP 28 011100 AF42 DSCP 36 100100 High drop AF13 DSCP 14 001110 AF23 DSCP 22 010110 AF33 DSCP 30 011110 AF43 DSCP 38 100110 Reference: https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=56

Question No : 502 - Topic 6 Which variable in an EEM applet is set when you use the sync yes option? A. $_cli_result B. $_result C. $_string_result D. $_exit_status

Answer : D Explanation: The CLI event detector screens CLI commands for a regular expression match. When a match is found, an event is published. The match logic is performed on the fully expanded CLI command after the command is successfully parsed and before it is executed. The CLI event detector supports three publish modes: Synchronous publishing of CLI events--The CLI command is not executed until the EEM policy exits, and the EEM policy can control whether the command is executed. The read/write variable, _exit_status, allows you to set the exit status at policy exit for policies triggered from synchronous events. If _exit_status is 0, the command is skipped, if _exit_status is 1, the command is run. ✑ Asynchronous publishing of CLI events--The CLI event is published, and then the CLI command is executed. ✑ Asynchronous publishing of CLI events with command skipping--The CLI event is published, but the CLI command is not executed. Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr- book/eem-cr-e1.html

Question No : 543 - Topic 6 Which two routing protocols are not directly supported by Cisco PfR route control, and rely on the Cisco PfR subfeature PIRO? (Choose two.) A. BGP B. EIGRP C. Static routing D. OSPF E. IS-IS

Answer : D,E Explanation: Protocol Independent Route Optimization (PIRO) introduced the ability of Performance Routing (PfR) to search for a parent routean exact matching route, or a less specific routein the IP Routing Information Base (RIB), allowing PfR to be deployed in any IP- routed environment including Interior Gateway Protocols (IGPs) such as OSPF and IS-IS. Reference: http://www.cisco.com/c/en/us/td/docs/ios/pfr/configuration/guide/15_1/pfr_15_1_book/pfr- piro.html

Question No : 517 - Topic 6 What can PfR passive monitoring mode measure for TCP flows? A. only delay B. delay and packet loss C. delay and reachability D. delay, packet loss, and throughput E. delay, packet loss, throughput, and reachability

Answer : E Explanation: Passive monitoring metrics include the following: Delay: Cisco PfR measures the average delay of TCP flows for a given prefix or traffic class. Delay is the measurement of the round-trip response time (RTT) between the transmission of a TCP synchronization message and receipt of the TCP acknowledgement. Packet loss: Cisco PfR measures packet loss by tracking TCP sequence numbers for each TCP flow; it tracks the highest TCP sequence number. If it receives a subsequent packet with a lower sequence number, PfR increments the packet-loss counter. Packet loss is measured in packets per million. Reachability: Cisco PfR measures reachability by tracking TCP synchronization messages that have been sent repeatedly without receiving a TCP acknowledgement. Throughput: Cisco PfR measures TCP throughput by measuring the total number of bytes and packets for each interesting traffic class or prefix for a given interval of time. Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os- software/performance-routing-pfr/product_data_sheet0900aecd806c4ee4.html