New ENARSI Questions

Question 1

Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and
accounting settings, but the switch cannot communicate with the server. Which action resolves
this issue?

A. Correct the timeout value

B. Match the authentication port
C. Correct the shared secret
D. Match the accounting port

Answer: B

Question 2

Refer to the exhibit. A company is evaluating multiple network management system tools.
Trending graphs generated by SNMP data are returned by the NMS and appear to have multiple
gaps. While troubleshooting the issue, an engineer noticed the relevant output. What solves the
gaps in the graphs?
A. Remove the class map NMS from being part of control plane policing
B. Remove the exceed-rate command in the class map
C. Configure the CIR rate to a lower value that accommodates all the NMS tools
D. Separate the NMS class map in multiple class maps based on the specific protocols with
appropriate CoPP actions

Answer: D

Question 3

Drag and drop the credentials from the left onto the remote login information on the right to
resolve a failed login attempt to vtys. Not all credentials are used.

aaa new-model
aaa authentication login default none
aaa authentication login telnet local
!
username cisco password 0 Ocsic
!
line vty 0
password LetMeIn
login authentication telnet
transport input telnet
line vty 1
password LetMeIn
transport input telnet
Answer:

vty 0:
+ cisco
+ 0csic

vty 1:
+ no username
+ no password

Question 4

Refer to the exhibit. An engineer is monitoring reachability of the configured default routes to
ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved?

R1
ip sla 100
icmp-echo 10.12.1.254
!
track 10 ip sla 100 reachability
!
ip route 0.0.0.0 0.0.0.0 10.12.1.254 track 10
ip route 0.0.0.0 0.0.0.0 10.13.1.254 10
!
R1#show ip route
--Output Omitted--
Gateway of last resort is 10.13.1.254 to network 0.0.0.0

S* 0.0.0.0/0 [10/0] via 10.13.1.254

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.11.1.0/24 is directly connected, GigabitEthernet0/1
L 10.11.1.1/32 is directly connected, GigabitEthernet0/1
C 10.12.1.0/24 is directly connected, GigabitEthernet0/0
L 10.12.1.1/32 is directly connected, GigabitEthernet0/0
C 10.13.1.0/24 is directly connected, GigabitEtheraet0/2
L 10.13.1.1/32 is directly connected, GigabitEthernet0/2

A. Use the icmp-echo command to track both default routes

B. Start IP SLA by matching numbers for track and ip sla commands
C. Start IP SLA by defining frequency and scheduling it
D. Use the same AD for both default routes

Answer: C

Question 5

Refer to the exhibit. Redistribution is enabled between the routing protocols, and now PC2 PC3,
and PC4 cannot reach PC1. What are the two solutions to fix the problem? (Choose two)

A. Filter RIP and OSPF routes back into OSPF from EIGRP when redistributing into OSPF in
R2
B. Filter all routes except EIGRP routes when redistributing into OSPF in R3
C. Filter OSPF routes into RIP from EIGRP when redistributing into RIP in R2
D. Filter all routes except RIP routes when redistributing into EIGRP in R2
E. Filter RIP routes back into RIP when redistributing into RIP in R2
Answer: C E

Question 6

Which label operations are performed by a label edge router?

A. PUSH and PHP

B. SWAP and POP
C. SWAP and PUSH
D. PUSH and POP

Answer: D

Question 7

Refer to the exhibit. The network administrator configured VRF lite for customer A. The
technician at the remote site misconfigured VRF on the router. Which configuration will resolve
connectivity for both sites of customer A?

ip vrf customer_a
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface FastEthernetO.1
encapsulation dot1Q 2
ip vrf forwarding customer_a
ip address 192.168.4.1 255.255.255.0
!
router ospf 1
log-adj adjacency-changes
!
router ospf 2 vrf customer_a
log-adj adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
!
end

A.
ip vrf customer_a
rd 1:2
route-target both 1:1

B.
ip vrf customer_a
rd 1:2
route-target both 1:2
C.
ip vrf customer_a
rd 1:1
router-target import 1:1
router-target export 1:2

D.
ip vrf customer_a
rd 1:1
route-target export 1:2
router-target import 1:2

Answer: A

Question 8

Drag and drop the operations from the left onto the locations where the operations are
performed on the right.

Answer:

Label Switch Router:

+ Reads the labels and forwards the packet based on the labels
+ Performs penultimate hop popping

Label Edge Router:

+ Handles traffic between multiple VPNs
+ Assigns labels to unlabelled packets

Question 9
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used
as a transit AS router for several service providers. Which configuration ensures that the branch
router in AS 45123 advertises only the local networks to all SP neighbors?

A.
ip as-path access-list 1 permit ^45123$
!
router bgp 45123
neighbor SP-Neighbors filter-list 1 out

B.
ip as-path access-list 1 permit ^45123
!
router bgp 45123
neighbor SP-Neighbors filter-list 1 out

C.
ip as-path access-list 1 permit ^$
!
router bgp 45123
neighbor SP-Neighbors filter-list 1 out

D.
ip as-path access-list 1 permit
!
router bgp 45123
neighbor SP-Neighbors filter-list 1 out

Answer: C

Question 10

Refer to the exhibit. An engineer is trying to get a packet destined for 192.168.32.100
forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action forwards the
packets through 10.1.1.1?

Router#show ip route
…
D 192.168.32.0/19 [90/25789217] via 10.1.1.1
R 192.168.32.0/24 [120/4] via 10.1.1.2
O 192.168.32.0/26 [110/229840] via 10.1.1.3

A. Configure EIGRP to receive 192.168.32.0 route with lower metric

B. Configure EIGRP to receive 192.168.32.0 route with lower administrative distance
C. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24
D. Configure EIGRP to receive 192.168.32.0 route with longer prefix than /19
Answer: C

Question 11

Refer to the exhibit. A junior engineer updated a branch router configuration. Immediately after
the change, the engineer receives calls from the help desk that branch personnel cannot reach
any network destinations. Which configuration restores service and continues to block
10.1.1.100/32?

A. ip prefix-list 102 seq 15 permit 0.0.0.0/32 le 32

B. route-map FILTER-IN permit 20
C. ip prefix-list 102 seq 5 permit 0.0.0.0/32 le 32
D. route-map FILTER-IN deny 5

Answer: B

Question 12

An engineer configured a leak-map command to summarize EIGRP routes and advertise

specifically loopback 0 with an IP of 10.1.1.1 255.255.255.252 along with the summary route.
After finishing configuration, the customer complained not receiving summary route with
specific loopback address. Which two configurations will fix it? (Choose two)

router eigrp 1
!
route_map Leak-Route deny 10
!
interface Serial 0/0
ip summary-address eigrp 1 10.0.0.0 255.0.0.0 leak-map Leak-Route

A. Configure route-map Leak-Route permit 10 and match access-list 1

B. Configure access-list 1 permit 10.1.1.1 0.0.0.252
C. Configure access-list 1 and match under route-map Leak-Route
D. Configure route-map Leak-Route permit 20
E. Configure access-list 1 permit 10.1.1.0 0.0.0.3

Answer: A E

Question 13

Refer to the exhibit. An IP SLA is configured to use the backup default route when the primary
is down, but it is not working as desired. Which command fixes the issue?

R1(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1

R1(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.2 10
R1(config)#ip sla 1
R1(config)#icmp-echo 1.1.1.1 source-interface FastEthernet0/0
R1(config)#ip sla schedule 1 life forever start-time now
R1(config)#track 1 ip sla 1 reachability

A. R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1

B. R1 (config)# ip route 0.0.0 0 0.0.0 0 2.2.2 2
C. R1 (config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 10 track 1
D. R1(config)# ip sla track 1

Answer: A

Question 14

What is an advantage of using BFD?

A. It detects local link failure at layer 1 and updates routing table

B. It detects local link failure at layer 3 and updates routing protocols
C. It has sub-second failure detection for layer 1 and layer 2 problems
D. It has sub-second failure detection for layer 1 and layer 3 problems

Answer: C

Question 15

Refer to the exhibit. The ACL is placed on the inbound GigabitEthernet 0/1 interface of the
router. Host 192.168.10.10 cannot SSH to host 192.168.100.1 even though the flow is
permitted. Which action resolves the issue without opening full access to this router?
ip access-list extended FILTER
deny tcp 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 22
deny tcp 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 23
deny tcp 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 80
deny tcp 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 eq 443
permit tcp host 192.168.10.10 host 192.168.100.10 eq ssh
permit ip any any
!
interface GigabitEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip access-group FILTER in

A. Temporarily move the permit ip any any line to the beginning of the ACL to see if it the flow
works
B. Run the show access-list FILTER command to view if the SSH entry has any hit statistics
associated with it
C. Move the SSH entry to the beginning of the ACL
D. Temporarily remove the ACL from the interface to see if the flow works

Answer: C

Question 16

Which component of MPLS VPN is used to extend the IP address so that an engineer is able to
identify to which VPN it belongs?

A. RD
B. VPNv4 address family
C. RT
D. LDP

Answer: A

Question 17

Refer to the exhibit. BGP is flapping after the CoPP policy is applied. What are the two
solutions to fix the issue? (Choose two)

policy-mapp COPP-7600
class COPP-CRITICAL-7600
police cir 2000000 bc 62500
conform-action transmit
exceed-action transmit
!
class class-default
 police cir 2000000 bc 6250
conform-action transmit
exceed-action drop
!
class-map match-all COPP-CRITICAL-7600
match access-group name COPP-CRITICAL-7600
!
ip access-list extended COPP-CRITICAL-7600
permit ip any any eq http
permit ip any any eq https

A. Configure BGP in the COPP-CRITICAL-7600 ACL

B. Configure a higher value for CIR under the default class to allow more packets during peak
traffic
C. Configure a higher value for CIR under the class COPP-CRITICAL-7600
D. Configure a three-color policer instead of two-color policer under class COPP-CRITICAL-
7600
E. Configure IP CEF to CoPP policy and BGP to work

Answer: A B

Question 18

During the maintenance window, an administrator accidentally deleted the telnet-related

configuration that permits a Telnet connection from the inside network (Eth 0/0) to the outside
of the network between Friday-Sunday night hours only. Which configuration resolves the
issue?

A.
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
!
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range
changewindow
!
time-range changewindow
periodic 22:00 to 05:00

B.
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
!
access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range
changewindow
!
time-range changewindow
periodic Friday Saturday Sunday 22:00 to 05:00
C.
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
!
access-list 101 permit udp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range
changewindow
!
time-range changewindow
periodic Friday Saturday Sunday 22:00 to 05:00

D.
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in
!
access-list 101 permit udp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range
changewindow
!
time-range changewindow
periodic Friday Saturday Sunday

Answer: B

Question 19

Refer to the exhibit. Which action resolve intermittent connectivity observed with the SNMP
trap packets?
A. Add a new class map to match TCP traffic
B. Add one new entry in the ACL 120 to permit the UDP port 161
C. Increase the CIR of the mgmt class map
D. Decrease the committed burst size of the mgmt class map

Answer: C

Question 20

An engineer configured a company’s multiple area OSPF head office router and Site A cisco
routers with VRF lite. Each site router is connected to a PE router of an MPLS backbone. After
finishing both site router configurations, none of the LSA 3,4 5, and 7 are installed at Site A
router.
Which configuration resolves this issue?

A. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf
abc
B. configure capability vrf-lite on Head Office and its connected PE router under router ospf 1
vrf abc
C. configure capability vrf-lite on both PE routers connected to Head Office and Site A routers
under router ospf 1 vrf abc
D. configure capability vrf-lite on Head Office and Site A routers under router ospf 1 vrf abc

Answer: D

OSPF & EIGRP Questions

https://www.networktut.com/ospf-eigrp-questions

Question 1

Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family
configuration?

A.
router ospfv3 1
address-family ipv4
B. Router(config-router)#ospfv3 1 ipv4 area 0
C. Router(config-if)#ospfv3 1 ipv4 area 0
D.
router ospfv3 1
address-family ipv4 unicast

Answer: C
Question 2

Refer to the exhibit. User in the branch network of 2001:db8:0:4 report they cannot access the
internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this
issue?

R1#show ipv6 eigrp topology Branch#show ipv6 eigrp topology

EIGRP-IPv6 Topology Table for EIGRP-IPv6 Topology Table for
AS(100)/ID(10.1.12.1) AS(100)/ID(4.4.4.4)
Codes: P – Passive, A – Active, U – Update, Q Codes: P – Passive, A – Active, U – Update, Q
– Query, R – Rely, – Query, R – Rely,
r – reply Status, s – sia Status r – reply Status, s – sia Status
P 2001:DB8:0:4::/64, 1 successors, FD is P 2001:DB8:0:4::/64, 1 successors, FD is 2816
28416 via Connected, GigabitEthernet0/0
via FE80::C828:DFF:FEF4:1C (28416/2816), P 2001:DB8:0:1::/64, 1 successors, FD is
FastEthernet3/0 28416
P 2001:DB8:0:1::/64, 1 successors, FD is 2816 via FE80:C820:17FF:FE04:54 (28416/2816),
via Connected, GigabitEthernet0/0 FastEthernet1/0
P ::/0, 1 successors, FD is 2816 P 2001:DB8:0:14::/64, 1 successors, FD is
via FE80::C821:17FF:FE04:8 (2816/256), 28160
GigabitEthernet1/0 via Connected, FastEthernet1/0
P 2001:DB8:0:14::/64, 1 successors, FD is P 2001:DB8:0:12::/64, 1 successors, FD is
28160 28416
via Connected, FastEthernet3/0 via FE80:C820:17FF:FE04:54 (28416/2816),
P 2001:DB8:0:12::/64, 1 successors, FD is FastEthernet1/0
2816
via Connected, GigabitEthernet0/0

A. Issue the eigrp stub command on R1

B. Issue the no neighbor stub command on R1
C. Issue the eigrp stub command on R2
D. Issue the no eigrp stub command on R2

Answer: B

Explanation
In the output of R1, we see R1 has a default route to the Internet via G1/0, which is correct but
R2 does not have this route. One reasonable answer of this issue is R1 has been configured as a
stub router so it only advertised connected and summary routes. In Branch router output, we
also see routes that are directly connected to R1 only.

Note: In this topology, only Branch router should be configured as stub, not R1 router.

Question 3

Refer to the exhibit. An engineer configuration a static route on a router, but when the engineer
checks the route to the destination, a different next hop is chosen. What is the reason for this?

Router#show running-config | include ip route

ip route 192.168.2.2 255.255.255.255 209.165.200.225 130
Router#show ip route
---output omitted---
Gateway of last resort is not set

192.168.1.0/32 is subnetted, 1 subnets

C 192.168.1.1 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O 192.168.2.2 [110/11] via 192.168.12.2,00:33:32, Ethernet0/0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/0
L 192.168.12.1/32 is directly connected, Ethernet0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.0/24 is directly connected, Ethernet0/1
209.165.200.226/32 is directly connected, Ethernet0/1

A. The configured AD for the static route is higher than the AD of OSPF
B. The metric of the OSPF route is lower than the metric of the static route
C. Dynamic routing protocol always have priority over static routes
D. The syntax of the static route is not valid do the route is not considered

Answer: A

Question 4

Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network
10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary
route missing?

Router#show ip route
Gateway of last resort is not set

192.168.1.0/32 is subnetted, 1 subnets

O 192.168.1.1[110/11] via 192.168.12.1,13:32:22, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Loopback0
L 192.168.2.2/32 is directly connected, Loopback0
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Ethernet0/1
L 192.168.3.1/32 is directly connected, Ethernet0/1
 192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/0
L 192.168.12.2/32 is directly connected, Ethernet0/0
Router#show running-config | section ospf
router ospf 1
summary-address 10.0.0.0 255.0.0.0
redistribute static subnets
network 192.168.3.0 0.0.0. 255 area 0
network 192.168.12.0 0.0.0. 255 area 0
Router#

A. The summary route is not visible on this router, but it is visible on other OSPF routers in the
same area
B. The summary-address command is used only for summary prefixes between areas
C. The summary route is visible only in the OSPF database not in the routing table
D. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated

Answer: D

Question 5

Refer to the exhibit. Which option describes why the EIGRP neighbors of this router are not
learning routes that are received from OSPF?
router eigrp 1
redistribute ospf 100
network 10.10.10.0 0.0.0.255
auto-summary
!
router ospf 100
network 172.16.0.0 0.0.255.255 area 100
redistribute eigrp 1

A. The subnet defined in OSPF is not part of area 0

B. Default metrics are not configured under EIGRP
C. There is no overlap in the subnets advertised
D. The routing protocols do not have the same AS number

Answer: B

BGP Questions
https://www.networktut.com/bgp-questions

Question 1
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The router
R2 learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3. What is the
reason the route is not advertised?
R2#show ip bgp
BGP table version is 4, local router ID is 209.65.200.225
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

* i 172.16.25.0/24 209.165.200.225 0 100 0 ?
R3#show ip bgp summary
BGP router identifier 192.168.3.3, local AS number 65000
BGP table version is 4, main routing table version 4

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
192.168.2.2 4 65000 8 7 4 0 0 01:00:18 0

A. Route reflector setup requires full BGP mesh between the routers
B. In route reflector setup only classification prefix are advertised from one client to another
C. In route reflector setup only classful prefix are advertised to other clients
D. R2 does not have a route to the next hop, so R2 does not advertise the prefix to the clients

Answer: D

Question 2

Refer to the exhibit. Which control plan policy limits BGP traffic that is destined to the CPU to
1 Mbps and ignores BGP traffic that is higher rate?
Cat3850-Stack-2#show policy-map

Policy Map LIMIT_BGP

Class BGP
drop

Policy Map LIMIT_BGP

Class BGP
Average Rate Traffic Shaping
cir 10000000 (bps)

Policy Map POLICY_BGP

Class BGP
police cir 1000k bc 1500
conform-action transmit
exceed-action transmit

Policy Map COPP

Class BGP
police cir 1000k bc 1500
conform-action transmit
exceed-action drop
A. policy-map SHAPE_BGP
B. policy-map LIMIT_BGP
C. policy-map POLICE_BGP
D. policy-map COPP

Answer: D

Question 3

Refer to the exhibit. A router receiving BGP routing updates from multiple neighbors for
routers in AS 690. What is the reason that the router still sends traffic that is destined to AS 690
to a neighbor other than 10.222.10.1?

!
neighbor 10.222.1.1 route-map SET-WEIGHT in
neighbor 10.222.1.1 remote-as 1
!
ip as-path access-list 200 permit ^690$
ip as-path access-list 200 permit ^1800$
!
route-map SET-WEIGHT permit 10
match as-path 200
set local-preference 250
set weight 200

A. The local preference value in another neighbor statement is higher than 250
B. The local preference value should be set to the same value as the weight in the route map
C. The route map is applied in the wrong direction
D. The weight value in another statement is higher than 200

Answer: D

Question 4

Refer to the exhibit. What is the result if applying this configuration?

R1#show policy-map control-plane
Control Plane
Service-policy input: CoPP-BGP

Class-map: BGP (match-all)

2716 packets, 193843 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name BGP
drop

Class-map: class-default (match-any)

5212 packets, 64484847 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
A. The router can form BGP neighborships with any other device.
B. The router can form BGP neighborships with any device that matched by the access list
named ―BGP‖
C. The router cannot form BGP neighborships with any other device
D. The router cannot form BGP neighborships with any device that is matched by the access list
named ―BGP‖

Answer: D

Question 5

Refer to the exhibit, in which circumstance does the BGP neighbor remain in the idle condition?

R200#show ip bgp summary

BGP router identifier 10.1.1.1, local AS number 65000

BGP table version is 26, main routing table version 26
1 network entries using 132 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 296 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 2) using 28 bytes of memory
BGP using 508 total bytes of memory
BGP activity 24/23 prefixes, 24/23 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.0.2.2 4 65100 20335 20329 0 0 0 00:02:04 Idle(PfxCt)

R200#

A. if prefixes are not received from the BGP peer

B. if prefixes reach the maximum limit
C. if a prefix list is applied on the inbound direction
D. if prefixes exceed the maximum limit

Answer: D

Route-map Questions
https://www.networktut.com/route-map-questions

Question 1

R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:

ip prefix-list test seq 5 permit 192.168.130.0/24
route-map OUT permit 10
match ip address prefix-list test
set as-path prepend 65000

What is the result when the route-map OUT command is applied toward an eBGP neighbor R1
(1.1.1.1) by using the ―neighbor 1.1.1.1 route-map OUT out‖ command?

A. R1 sees 192.168.130.0/24 as two hops away instead of one AS hop away

B. R1 does not forward traffic that is destined for 192.168.130.0/24
C. Network 192.168.130.0/24 is not allowed in the R1 table
D. R1 does not accept any route other than 192.168.130.0/24

Answer: A

Question 2

Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing
table by using the configuration that is shown. The route is still present in the routing table as an
OSPF route. Which action blocks the route?
Router#show access-lists
Standard IP access list 1
10 permit 192.168.2.2 (1 match)
Router#
Router#show route-map
route-map RM-OSPF-DL, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Router#
Router#show running-config | section ospf
router ospf 1
network 192.168.1.1 0.0.0.0 area 0
network 192.168.12.0 0.0.0.255 area 0
distribute-list route-map RM-OSPF-DL in
Router#

A. Add this statement to the route map ―route-map RM-OSPF-DL deny 20‖
B. Use a prefix list instead of an access list in the route map
C. Change sequence 10 in the route-map command from permit to deny
D. Use an extended access list instead of a standard access list

Answer: C

Question 3

Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that
is sourced from the 192.168.130.0/24 network to 17.20.20.0/30 network?
A. access-list 1 permit 192.168.130.0 0.0.0.255
!
interface Gi0/2
ip policy route-map test
!
route-map test permit 10
match ip address 1
set ip next-hop 172.20.20.2

B. access-list 1 permit 192.168.130.0 0.0.0.255

!
interface Gi0/2
ip policy route-map test
!
route-map test permit 10
match ip address 1
set ip next-hop 172.20.20.1

C. access-list 1 permit 192.168.130.0 0.0.0.255

!
interface Gi0/1
ip policy route-map test
!
route-map test permit 10
match ip address 1
set ip next-hop 172.20.40.2

D. access-list 1 permit 192.168.130.0 0.0.0.255

!
interface Gi0/1
ip policy route-map test
!
route-map test permit 10
match ip address 1
set ip next-hop 172.20.40.1

E. access-list 1 permit 192.168.130.0 0.0.0.255

!
interface Gi0/1
ip policy route-map test
!
route-map test permit 10
match ip address 1
set ip next-hop 172.20.20.1

Answer: E

Redistribution Questions
https://www.networktut.com/redistribution-questions

Question 1

Refer to the exhibit. Which statement about R1 is true?

R1 (config)#route-map ADD permit 20

R1 (config-route-map)#set tag 1
R1 (config)#router ospf 1
R1 (config-router)#redistribute rip subnets route-map ADD

A. OSPF redistributes RIP routes only if they have a tag of one

B. RIP learned routes are distributed to OSPF with a tag value of one
C. R1 adds one to the metric for RIP learned routes before redistributing to OSPF
D. RIP routes are redistributed to OSPF without any changes

Answer: B

Question 2

Refer to the exhibit. Which routes from OSPF process 5 are redistributed into EIGRP?

router eigrp 1
redistribute ospf 5 match external route-map OSPF-TO-EIGRP
metric 10000 2000 255 1 1500
route-map OSPF-TO-EIGRP
match ip address TO-OSPF

A. E1 and E2 subnets matching access list TO-OSPF

B. E1 and E2 subnets matching prefix list TO-OSPF
C. only E2 subnets matching access list TO-OSPF
D. only E1 subnets matching prefix list TO-OSPF
Answer: A

Question 3

Refer to Exhibit. Which statement about redistribution from BGP into OSPF process 10 is true?

router ospf 10
router-id 192.168.1.1
log-adjacency-changes
redistribute bgp 1 subnets route-map BGP-TO-OSPF
!
route-map BGP-TO-OSPF deny 10
match ip address 50
route-map BGP-TO-OSPF permit 20
!
access-list 50 permit 172.16.1.0 0.0.0.255

A. Network 172.16.1.0/24 is not redistributed into OSPF

B. Network 10.10 10.0/24 is not redistributed into OSPF
C. Network 172.16.1.0/24 is redistributed with administrative distance of 1
D. Network 10.10.10.0/24 is redistributed with administrative distance of 20

Answer: A

Question 4

Which two statements about redistributing EIGRP into OSPF are true? (Choose two)

A The redistributed EIGRP routes appear as type 3 LSAs in the OSPF database
B. The redistributed EIGRP routes appear as type 5 LSAs in the OSPF database
C. The administrative distance of the redistributed routes is 170
D. The redistributed EIGRP routes appear as OSPF external type 1
E. The redistributed EIGRP routes as placed into an OSPF area whose area ID matches the
EIGRP autonomous system number
F. The redistributed EIGRP routes appear as OSPF external type 2 routes in the routing table

Answer: B F

Question 5

Refer to the exhibit. After redistribution is enabled between the routing protocols, PC2, PC3,
and PC4 cannot reach PC1.
Which action can the engineer take to solve the issue so that all the PCs are reachable?
A. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.
B. Set the administrative distance 100 under the process on R2.
C. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP.
D. Redistribute the directly connected interfaces on R2.

Answer: A

Question 6

Refer to the exhibit. Which subnet is redistributed from EIGRP to OSPF routing protocols?

R3
router ospf 100
 redistribute eigrp 100 subnets route-map OSPF-TAG-1

ip prefix-list OSPF-TAG-PRF seq 5 deny 10.1.0.0/16 le 24

!
ip prefix-list OSPF-TAG-PRF-1 seq 5 permit 10.2.0.0/18 le 24
!
route-map OSPF-TAG-1 deny 5
match ip address prefix-list OSPF-TAG-PRF
set tag 40
!
route-map OSPF-TAG-1 permit 10
match ip address prefix-list OSPF-TAG-PRF-1
set tag 80
!

A. 10.2.2.0/24
B. 10.1.4.0/24
C. 10.1.2.0/24
D. 10.2.3.0/26

Answer: A

Question 7

Refer to the exhibit. An engineer is trying to redistribute OSPF to BGP, but not all of the routes
are redistributed. What is the reason for this issue?

O E2 10.0.0.0 [110/20] via 192.168.12.2, 00:00:33, Ethernet0/0

O 192.168.3.0/24 [110/20] via 192.168.12.2, 00:00:43, Ethernet0/0
Router#
Router#show ip bgp
--output omitted--
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.1/32 0.0.0.0 0 32768 ?
*> 192.168.3.0 192.168.12.2 20 32768 ?
*> 192.168.12.0 0.0.0.0 0 32768 ?
Router#show running-config | section router bgp
router bgp 65000
bgp log-neighbor-changes
redistribute ospf 1
Router#

A. By default, only internal OSPF routes are redistributed into BGP

B. By default, only internal routers and external type 1 routes are redistributed into BGP
C. BGP convergence is slow, so the route will eventually be present in the BGP table
D. Only classful networks are redistributed from OSPF to BGP

Answer: A

Question 8
Refer to the exhibit The output of the trace from R5 shows a loop in the network.

R1 R5#traceroute 10.1.1.1
router eigrp 1
redistribute connected Type escape sequence to abort.
network 10.1.12.1 0.0.0.0 Tracing the route to 10.1.1.1
————————————–
R3 1 10.1.35.3 80 msec 44 msec 20 msec
router ospf 1 2 10.1.23.2 44 msec 104 msec 64 msec
redistribute eigrp 1 3 10.1.24.4 44 msec 64 msec 40 msec
network 10.1.35.3 0.0.0.0 area 0 4 10.1.45.5 24 msec 40 msec 20 msec
————————————– 5 10.1.35.3 92 msec 144 msec 147 msec
R4 6 10.1.23.2 103 msec 77 msec 88 msec
router eigrp 1 —output omitted—
redistribute ospf 1 metric 2000000 1 255 1 1500
!
router ospf 1
network 10.1.45.4 0.0.0.0 area 0

Which configuration prevents this loop?

Option A Option B
R3 R3
router ospf 1 router eigrp 1
redistribute eigrp 1 subnets route-map SET- redistribute ospf 1 subnets route-map SET-
TAG TAG
! !
route-map SET-TAG permit 10 route-map SET-TAG permit 10
set tag 1 set tag 1

R4 R4
router eigrp 1 router eigrp 1
redistribute ospf 1 metric 2000000 1 255 1 redistribute ospf 1 metric 2000000 1 255 1
1500 route-map FILTER-TAG 1500 route-map FILTER-TAG
! network 10.1.24.4 0.0.0.0
route-map FILTER-TAG deny 10 !
match tag 1 route-map FILTER-TAG deny 10
! match tag 1
route-map FILTER-TAG permit 20 !
route-map FILTER-TAG permit 20
Option C Option D
R3 R3
router ospf 1 router ospf 1
redistribute eigrp 1 subnets route-map SET- redistribute eigrp 1 subnets route-map SET-
TAG TAG
! !
route-map SET-TAG permit 10 route-map SET-TAG deny 10
set tag 1 set tag 1

R4 R4
router eigrp 1 router eigrp 1
redistribute ospf 1 metric 2000000 1 255 1 redistribute ospf 1 metric 2000000 1 255 1
1500 route-map FILTER-TAG 1500 route-map FILTER-TAG
! !
route-map FILTER-TAG permit 10 route-map FILTER-TAG deny 10
match tag 1 match tag 1

A. Option A
B. Option B
C. Option C
D. Option D

Answer: A

MPLS Questions
https://www.networktut.com/mpls-questions

Question 1

Which transport layer protocol is used to form LDP sessions?

A. UDP
B. SCTP
C. TCP
D. RDP

Answer: C
Question 2

Which statement about MPLS LDP router ID is true?

A. The force keyword changes the router ID to the specific address causing any impact
B. The loopback with the highest IP address is selected as the router ID
C. If not configured, the operational physical interface is chosen as the router ID even if a
loopback is configured
D. If MPLS LDP router ID must match the IGP router ID

Answer: B

Question 3

Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?

A. Multi-paths eibgp 2
B. Maximum-paths ibgp 2
C. Multi-paths 2
D. Maximum-paths 2

Answer: D

Question 4

Refer to the exhibit. What does the imp-null tag represent in the MPLS VPN cloud?

Router#show tag-switching tdp bindings

(...)
tib entry: 10.10.10.1/32, rev 31
local binding: tag: 18
remote binding: tsr: 10.10.10.1:0, tag:imp-null
remote binding: tsr: 10.10.10.2:0, tag:18
remote binding: tsr: 10.10.10.6:0, tag:21
tib entry: 10.10.10.2/32, rev 22
local binding: tag: 17
remote binding: tsr: 10.10.10.2:0, tag:imp-null
remote binding: tsr: 10.10.10.1:0, tag:19
remote binding: tsr: 10.10.10.6:0, tag:22

A. Include the EXP bit

B. Exclude the EXP bit
C. Impose the label
D. Pop the label

Answer: D
Question 5

Which list defines the contents of an MPLS label?

A. 20-bit label; 3-bit traffic class; 1 -bit bottom stack; 8-bit TTL
B. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
C. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
D. 32-bit label; 3-bit traffic class; 1 -bit bottom stack; 8-bit TTL

Answer: A

Question 6

What statement about route distinguishes in an MPLS network is true?

A. Route distinguishers make a unique VPNv4 address across the MPLS network
B. Route distinguishers allow multiple instances of a routing table to coexist within the edge
router
C. Route distinguishers are used for label bindings
D. Route distinguishers define which prefixes are imported and exported on the edge router

Answer: A

VRF-Lite Questions
https://www.networktut.com/vrf-lite-questions

Question 1

What is the output of the following command:

show ip vrf

A. Shows default RD values

B. Displays IP routing table information associated with a VRF
C. Shows routing protocol information associated with a VRF
D. Displays the ARP table (static and dynamic entries) in the specified VRF

Answer: A

Question 2

Which protocol does VRF-Lite support?

A. IS-IS
B. ODR
C. EIGRP
D. IGRP

Answer: C

Question 3

Which two statements about VRF-Lite configurations are true? (Choose two)

A. They support the exchange of MPLS labels

B. Different customers can have overlapping IP addresses on different VPNs
C. They support a maximum of 512.000 routes
D. Each customer has its own dedicated TCAM resources
E. Each customer has its own private routing table
F. They support IS-IS

Answer: B E

Question 4

What is the role of a route distinguisher via a VRF-Lite setup implementation?

A. It extends the IP address to identify which VRF instance it belongs to

B. It manages the import and export of routes between two or more VRF instances
C. It enables multicast distribution for VRF-Lite setups to enhance EGP routing protocol
capabilities
D. It enables multicast distribution for VRF-Lite setups to enhance IGP routing protocol
capabilities

Answer: A

Question 5

Which command displays the IP routing table information that is associated with VRF-Lite?

A. show ip vrf
B. show ip route vrf
C. show run vrf
D. show ip protocols vrf
Answer: B

Question 6

Which configuration enables the VRF that is labeled ―inet‖ on FastEthernet0/0?

A. R1(config)# ip vrf Inet

R1(config-vrf)#ip vrf FastEthernet0/0

B. R1 (conflg)#ip vrf Inet FastEthernet0/0

C. R1(config)# ip vrf Inet

R1(config-vrf)#interface FastEthernet0/0
R1(config-if)#ip vrf forwarding Inet

D. R1 (config)#router ospf 1 vrf Inet

R1 (config-router)#ip vrf forwarding FastEthernet0/0

Answer: C

DMVPN Questions
https://www.networktut.com/dmvpn-questions

Question 1

Which protocol is used to determine the NBMA address on the other end of a tunnel when
mGRE is used?

A. NHRP
B. IPsec
C. MP-BGP
D. OSPF

Answer: A

Question 2

Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in

DMWN. Which two commands are missing? (Choose two)
On R2: On R3: On R4:
R2(config)#interface tunnel 1 R3(config)#interface tunnel 1 R4(config)#interface tunnel 1
R2(config-if)#ip address R3(config-if)#ip address R4(config-if)#ip address
10.1.1.2 255.255 255.0 10.1.1.3 255.255.255.0 10.1.1.4 255.255.255 0
R2(config-if)#tunnel source R3(config-if)#tunnel source R4(config-ff)#tunnel source
FasEthernet0/0 FastEthernet0/0 FastEthernet0/0
R2(config-if)#tunnel mode gre R3(config-if)#tunnel mode gre R4(config-if)#tunnel mode gre
multipoint multipoint multipoint
R2(config-if)#ip nhrp network- R3(config-if)#ip nhrp network- R4(config-if)#ip nhrp network-
id 222 id 333 id 444
R2(config-if)#ip nhrp nhs R3(config-if)#ip nhrp nhs R4(config-if)#ip nhrp nhs
10.1.1.1 10.1.1.1 10.1.1.1
R2(config-if)#ip nhrp map R3(config-if)#ip nhrp map R4(config-if)#ip nhrp map
10.1.1.1 192.1.1.1 10.1.1.1 192.1.1.1 10.1.1.1 192.1.1.1

A. The ip nhrp redirect command is missing on the spoke routers.

B. The ip nhrp shortcut command is missing on the spoke routers.
C. The ip redirect commands is missing on the hub router.
D. The ip shortcut commands is missing on the hub router.
E. The ip nhrp command is missing on the hub router.

Answer: B C

Question 3

Refer to the following output:

Router#show ip nhrp detail

10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
Type: dynamic, Flags: authoritative unique nat registered used
NBMA address: 10.12.1.2

What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server
B. Data packets are process switches for this mapping entry
C. NHRP mapping is for networks that are local to this router
D. The mapping entry was created in response to an NHRP registration request
E. The NHRP mapping entry cannot be overwritten

Answer: A

Question 4

Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel
interface on the hub, to support multiple connections from multiple spoke devices?

A. DMVPN
B. GETVPN
C. Cisco Easy VPN
D. FlexVPN

Answer: A

Question 5

Which protocol is used in a DMVPN network to map physical IP addresses to logical IP

addresses?

A. BGP
B. LLDP
C. EIGRP
D. NHRP

Answer: D

Question 6

Which two methods use IPsec to provide secure connectivity from the branch office to the
headquarters office? (Choose two)

A. DMVPN
B. MPLS VPN
C. Virtual Tunnel Interface (VTI)
D. SSL VPN
E. PPPoE
Answer: A C

Question 7

Refer to the exhibit. Which interface configuration must be configured on the spoke A to enable
a dynamic DMVPN tunnel with the spoke B router?

A. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.11 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel destination FastEthernet0/0
tunnel mode gre multipoint

B. interface Tunnel0
ip address 10.1.0.11 255.255.255.0
ip nhrp network-id 1
tunnel source 1.1.1.10
ip nhrp map 10.0.0.11 172.17.0.2
tunnel mode gre

C. interface Tunnel0
ip address 10.0.0.11 255.255.255.0
ip nhrp map multicast static
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel mode gre multipoint

D. interface Tunnel0
ip address 10.0.0.11 255.255.255.0
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
ip nhrp nhs 10.0.0.1
ip nhrp map 10.0.0.1 172.17.0.1
Answer: D

Question 8

Which security feature can protect DMVPN tunnels?

A. IPsec
B. TACACS+
C. RTBH
D. RADIUS

Answer: A

Question 9

Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went
down, and both spoke-to-spoke and hub were not establishing. Which two actions resolved the
issue? (Choose two)

R2: R3:
R2(config)#crypto isakmp policy 10 R3(config)#crypto isakmp policy 10
R2(config-isakmp)#hash md5 R3(config-isakmp)#hash md5
R2(config-isakmp)#authentication pre-share R3(config-isakmp)#authentication pre-share
R2(config-isakmp)#group 2 R3(config-isakmp)#group 2
R2(config-isakmp)#encryption 3des R3(config-isakmp)#encryption 3des
R2(config)#crypto isakmp key cisco address R3(config)#crypto isakmp key cisco address
10.1.1.1 10.1.1.1
R2(config)#crypto ipsec transform-set TSET R3(config)#crypto ipsec transform-set TSET
esp-des esp-md5-hmac esp-des esp-md5-hmac
R2(cfg-crypto-trans)#mode transport R3(cfg-crypto-trans)#mode tunnel
R2(config)#crypto ipsec profile TST R3(config)#crypto ipsec profile TST
R2(ipsec-profile)#set transform-set TSET R3(ipsec-profile)#set transform-set TSET
R2(config)#interface tunnel 123 R3(config)#interface tunnel 123
E2(config-if)#tunnel protection ipsec profile R3(config-if)#tunnel protection ipsec profile
TST TST

A. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3

B. Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3
C. Change the mode from mode transport to mode tunnel on R2
D. Configure the mode from mode tunnel to mode transport on R3

Answer: A B

AAA Questions
https://www.networktut.com/aaa-questions

Question 1

Refer to the exhibit. An engineer is trying to configure local authentication on the console line,
but the device is trying to authenticate using TACACS+. Which action produces the desired
configuration?

R1#show running-config | include aaa

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login Console local
R1#show running-config | section line
line con 0
logging synchronous
R1#

A. Add the aaa authentication login default group tacacs+ local-case command to the global
configuration
B. Add the login authentication Console command to the line configuration
C. Replace the capital ―C‖ with a lowercase ―c‖ in the aaa authentication login Console local
command
D. Add the aaa authentication login default none command to the global configuration

Answer: B

Question 2

Refer to the exhibit. Why is user authentication being rejected?

TAC+: TCP/IP open to 171.68.118.101/49 failed —
Destination unreachable; gateway or host down
AAA/AUTHEN (2546660185): status = ERROR
AAA/AUTHEN/START (2546660185): Method=LOCAL
AAA/AUTHEN (2546660185): status = FAIL
As1 CHAP: Unable to validate Response. Username chapuser: Authentication failure

A. The TACACS+ server expects ―user‖ but the NT client sends ―domain\user‖
B. The TACACS+ server refuses the user because the user is set up for CHAP
C. The TACACS+ server is down and the user is in the local database
D. The TACACS+ server is down and the user is not in the local database

Answer: D

NTP Questions
https://www.networktut.com/ntp-questions

Question 1

Refer to the exhibit. An administrator noticed that after a change was made on R1, the
timestamps on the system logs did not match the clock. What is the reasons for this error?
service timestamps debug datetime msec
service timestamps log datetime
clock timezone MST -7 0
clock summer-time MST recurring
ntp authentication-key 1 md5 00101AOB0152181206224747071E 7
ntp server 10.10.10.10

R1#show clock
*06:13:44.045 MST Sun Dec 30 2018
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#logging host 10.10.10.20
R1(config)#end
R1#
*Dec 30 13:15:26: %SYS-S-CONFIG_I: Configured from console by console
R1#
*Dec 30 13:1S:28: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.10.10.20 port
514 started – CLI initiated

A. The keyword localtime is defined on the timestamp service command

B. The NTP server is in an different time zone
C. An authentication error with the NTP server results in an incorrect timestamp
D. The system clock is set incorrectly to summer-time hours
Answer: B

Question 2

Refer to the exhibit An engineer is troubleshooting BGP on a device but discovers that the clock
on the device does not correspond to the time stamp of the log entries.
Which action ensures consistency between the two times?
*Feb 28 12:41:57: %BGP-5-ADJCHANGE: neighbor 192.168.2.2 Down User reset
*Feb 28 12:41:57: %BGP_SESSION-5-ADJCHANGE : neighbor 192.168.2.2 IPv4 Unicast
topology base removed from session User reset
*Feb 28 12:41:57: %BGP-5-ADJCHANGE: neighbor 192.168.2.2 Up
R1#show clock
*13:42:00.506 CET Feb 28 2019

A. Configure the logging clock synchronize command in global configuration mode

B. Configure the service timestamps log uptime command in global configuration mode
C. Configure the service timestamps log datetime localtime command in global configuration
mode
D. Make sure that the clock on the device is synchronized with an NTP server

Answer: C

Question 3

A network engineer is investigating a flapping (up/down) interface issue on a core switch that is
synchronized to an NTP server. Log output does not show the time of the flap.

Which command allows on the switch the time of the flap according to the dock on the device?

A. clock calendar-valid
B. service timestamps log datetime localtime show-timezone
C. service timestamps log uptime
D. dock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00

Answer: B

Access-list Questions
https://www.networktut.com/access-list-questions

Question 1
Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable
using a secure web browser. What is needed to fix the problem?
access-list 100 deny tcp any any eq 465
access-list 100 deny tcp any eq 465 any
access-list 100 permit tcp any any eq 80
access-list 100 permit tcp any eq 80 any
access-list 100 permit udp any any eq 443
access-list 100 permit udp any eq 443 any

A. permit tcp port 465

B. permit tcp port 443
C. permit udp port 465
D. permit tcp port 22

Answer: B

Question 2

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::
1/64?

A. ipv6 access-list Deny_Telnet

sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64
!
int Gi0/0
ipv6 access-map Deny_Telnet in
!

B. ipv6 access-list Deny_Telnet

sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64
!
int Gi0/0
ipv6 traffic-filter Deny_Telnet in
!

C. ipv6 access-list Deny_Telnet

sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 eq telnet
!
int Gi0/0
ipv6 access-map Deny_Telnet in
!
D. ipv6 access-list Deny_Telnet
sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 eq telnet
!
int Gi0/0
ipv6 traffic-filter Deny_Telnet in

Answer: D

Control Plane Questions

https://www.networktut.com/control-plane-questions

Question 1

While troubleshooting connectivity issues to a router, these details are noticed:

– standard pings to all router interfaces, including loopbacks, are successful.

– Data traffic is unaffected.
– SNMP connectivity is intermittent.
– SSH is either or disconnects frequently.

Which command must be configured first to troubleshoot this issue?

A. Show policy-map control-plane

B. Show policy-map
C. Show interface inc drop
D. Show ip route

Answer: A

Question 2

Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect.
The engineer connects by using the console and find the displayed output when
troubleshooting. Which command must be used in configuration mode to enable SSH on the
device?

R1#show ip ssh
SSH Disabled — version 1.99
% Please create RSA keys to enable SSH (and of at least 768 bits for SSH v2).
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size: 1024 bits
IOS Keys in SECSH format (ssh-rsa, base64 encoded): NONE
R1#

A. crypto key generate rsa

B. ip ssh enable
C. no ip ssh disable
D. ip ssh version 2

Answer: A

Question 3

Which option is the best for protecting CPU utilization on a device?

A. fragmentation
B. COPP
C. ICMP redirects
D. ICMP unreachable messages

Answer: B

Question 4

An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two)

A. Configure the TFTP authentication on the source router with the ―tftp-server authentication
local‖ command.
B. Configure a user on the source router with the username tftp password tftp command.
C. Enable the TFTP server on the source router with the tftp-server flash:<filename> command.
D. TFTP is not supported in recent IOS versions, so an alternative method must be used.
E. Copy the file to the destination router with the copy tftp: flash: command

Answer: C E

IPv6 Questions
https://www.networktut.com/ipv6-questions

Question 1
Which is statement about IPv6 inspection is true?

A. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor
tables
B. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor
tables
C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor
tables
D. It learns and secures binding for stateless autoconfiguration addresses in Layer 2 neighbor
tables

Answer: D

Question 2

Which statement about IPv6 RA Guard is true?

A. It does not offer protection in environments where IPv6 traffic is tunneled

B. It cannot be configured on a switch port interface in the ingress direction
C. Packets that are dropped by IPv6 RA Guard cannot be spanned
D. It is not supported in hardware when TCAM is programmed

Answer: A

IP SLA Questions
https://www.networktut.com/ip-sla-questions

Question 1

Which command is used to check IP SLA when an interface is suspected to receive lots of
traffic with options?

A. show track
B. show threshold
C. show timer
D. show delay

Answer: A

Question 2
Refer to the exhibit. ISP 1 and ISP 2 directly connect to the internet. A customer is tracking
both ISP links to achieve redundancy and cannot see the Cisco IP SLA tracking output on the
router console. Which command is missing from the IP SLA configuration?

A. Start-time now
B. Start-time 00:00
C. Start-time 0
D. Start-time immediately

Answer: A

Question 3

A network engineer needs to verify IP SLA operations on an interface that shows on indication
of excessive traffic. Which command should the engineer use to complete this action?

A. show frequency
B. show track
C. show reachability
D. show threshold

Answer: B

Question 4

Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be
modified in the event that Fa0/0 losses reachability with the router R3 Fa0/0 interface. The route
has changed to flow through route R2.

Which debug command is used to troubleshoot this issue?

A. debug ip flow
B. debug ip sla error
C. debug ip routing
D. debug ip packet

Answer: C

SNMP Questions
https://www.networktut.com/snmp-questions

Question 1

Which SNMP verification command shows the encryption and authentication protocols that are
used in SNMPv3?

A. show snmp group

B. show snmp user
C. show snmp
D. show snmp view

Answer: B

Question 2

Refer to the exhibit. Network operations cannot read or write an configuration on the device
with this configuration from the operation subnet. Which two configuration fix the issue?
(Choose two)

snmp-server community ciscotest 1

snmp-server host 192.168.1.128 ciscotest
snmp-server enable traps bgp
A. Configure SNMP rw permission in addition to community ciscotest
B. Modify access list 1 and allow operations subnet in the access list
C. Modify SNMP rw permission in addition to version 1
D. Configure SNMP rw permission in addition to version 1
E. Configure SNMP rw permission in addition to community ciscotest 1

Answer: A B

DHCP Questions
https://www.networktut.com/dhcp-questions

Question 1

Users were moved from the local DHCP server to the remote corporate DHCP server. After the
move, none of the users were able to use the network. Which two issues will prevent this setup
from working property? (Choose two)

A. Auto-QoS is blocking DHCP traffic

B. The DHCP server IP address configuration is missing locally
C. 802.1X is blocking DHCP traffic
D. The broadcast domain is too large for proper DHCP propagation
E. The route to the new DHCP server is missing

Answer: B E

Question 2

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server.
The DHCP server is configured as shown. About 300 total nonconcurrent users are using this
DHCP server, but none of them are active for more than two hours per day.

Which action fixes the issue within the current resources?

R1#show running-config | section dhcp

ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp pool DHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
lease 0 12

A. Configure the DHCP lease time to a bigger value

B. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool
C. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP
pool
D. Configure the DHCP lease time to a smaller value

Answer: D

DNA Center Questions

https://www.networktut.com/dna-center-questions

Question 1

An engineer configured the wrong default gateway for the Cisco DNA center enterprise
interface during the install. Which command must the engineer run to correct the configuration?

A. Sudo update config install

B. Sudo maglev reinstall
C. Sudo magiev-config update
D. Sudo maglev install config update

Answer: C

Question 2

When provisioning a device in Cisco DNA Center, the engineer sees the error message
―Cannot select the device. Not compatible with template.‖. What is the reason for the error?

A The software version of the template is different from the software version of the device
B. The changes to the template were not committed
C. The template has an incorrect configuration
D. The tag that was used to filter the templates does not match the device tag

Answer: D

Question 3

While working with software images, an engineer observes that Cisco DNA Center cannot
upload its software image directly from the device. Why is the image not uploading?

A. The device has lost connectivity to Cisco DNA Center

B. The software image for the device is in bundle mode
C. The software image for the device is in install mode
D. The device must be resynced to Cisco DNA Center

Answer: C

Drag Drop Questions

https://www.networktut.com/drag-drop-questions

Question 1

Drag and drop the MPLS VPN concepts from the left onto the correct descriptions on the right.

Answer:

+ propagates VPN reachability information: multiprotocol BGP

+ distributes labels for traffic engineering: Resource Reservation Protocol
+ uniquely identifies a customer prefix: route distinguisher
+ controls the import/export of customer prefixes: route target

Question 2

Drag and drop the address from the left onto the correct IPv6 filter purposes on the right.
Answer:

+ permit NTP from this source 2001:0D88:0800:200c::1f – permit ip

2001:d88:800:200c::c/126 2001:0DBB:800:2010::/64 eq 123
+ permit syslog from this source 2001:0D88:0800:200c::1c – permit ip
2001:D88:800:200c::e/126 2001:0DBB:800:2010::/64 eq 514
+ permit HTTP from this source 2001:0D8B:0800:200c::0fff – permit ip
2001:d8b:800:200c::800/117 2001:0DBB:800:2010::/64 eq 80
+ permit HTTPS from this source 2001:0D8B:0800:200c::07ff – permit ip
2001:d8b:800:200c::/117 2001:0DBB:800:2010::/64 eq 443

Question 3

Drag and drop the packet from the left onto the correct descriptions on the right.

Answer:
+ user-generated packets that are always forwarded by network devices to other end-station
devices: data plane packets
+ network device generated or received packets that are used for the creation of the network
itself: control plane packets
+ network device generated or received packets; packets that are used to operate the network:
management plane packets
+ user-generated packets that are forwarded by network devices to other end-station devices, but
that require higher priority than the normal traffic by the network devices: services plane
packets

Question 4

Drag and drop the SNMP attributes in Cisco IOS devices from the onto the correct SNMPv2c
or SNMPv3 categories on the right.

Answer:

SNMPv2c:
+ community string
+ no encryption
+ read-only

SNMPv3:
+ username and password
+ authentication
+ privileged

Question 5
Drag and drop the MPLS terms from the left onto the correct definitions on the right.

Answer:

+ device that forwards traffic based on labels: P

+ path that the labeled packet takes: LSP
+ device that is unaware of MPLS labeling: CE
+ device that removes and adds the MPLS labeling: PE

Question 6

Drag and drop the OSPF adjacency states from the left onto the correct descriptions on the
right

Answer:

+ Each router compares the DBD packets that were received from the other router: Exchange
+ Routers exchange information with other routers in the multiaccess network: 2-way
+ The neighboring router requests the other routers to send missing entries: Loading
+ The network has already elected a DR and a backup BDR: Exstart
+ The OSPF router ID of the receiving router was not contained in the hello message: Init
+ No hellos have been received from a neighbor router: Down

Question 7

Drag and drop the DHCP messages from the left onto the correct uses on the right.

Answer:

+ server-to-client communication, refusing the request for configuration parameters:

DHCPNAK
+ client-to-server communication, indicating that the network address is already in use:
DHCPDECLINE
+ server-to-client communication with configuration parameters, including committed network
address: DHCPACK
+ client-to-server communication, asking for only local configuration parameters that the client
has already externally configured as an address: DHCPINFORM

Miscellaneous Questions
https://www.networktut.com/miscellaneous-questions

Question 1

What is a prerequisite for configuring BFD?

A. All routers in the path between two BFD endpoints must have BFD enabled
B. Jumbo frame support must be configured on the router that is using BFD
C. Cisco Express Forwarding must be enabled on all participating BFD endpoints
D. To use BFD with BGP, the timers 3 9 command must first be configured in the BGP routing
process
Answer: C

Question 2

Which two protocols can cause TCP starvation? (Choose two)

A. TFTP
B. SNMP
C. SMTP
D. HTTPS
E. FTP

Answer: A B

Question 3

Which method changes the forwarding decision that a router makes without first changing the
routing table or influencing the IP data plane?

A. Policy-based routing
B. Nonbroadcast multi-access
C. Packet switching
D. Forwarding information base

Answer: A

Question 4

Which attribute eliminates LFAs that belong to protected paths in situations where links in a
network are connected through a common fiber?

A. Interface-dispoint
B. Shared risk link group-disjoint
C. Linecard-disjoint
D. Lowest-repair-path-metric

Answer: B

Question 5
Refer to the exhibit. An administrator that is connected to the console does not see debug
messages when remote users log in. Which action ensures that debug messages are
displayed for remote loggings?

R1(config)#do show running-config | section line|username

username cisco secret 5 $l$^e/o$I3G5cXODxpYMSJ70PzEyoO
line con 0
logging synchronous
line vty 0 4
login local
transport input telnet
R1(config)# logging console 7
R1(config)# do debug authentication
R1(config)#

A. Enter the transport input ssh configuration command

B. Enter the terminal monitor exec command
C. Enter the logging console debugging configuration command
D. Enter the aaa new-model configuration command

Answer: C (?)

Refer to the exhibit. Why is the remote NetFlow server failing to receive the NetFlow data?

config t

flow record v4_r1

match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
flow exporter EXPORTER-1
destination 172.16.10.2
transport udp 90
exit
!
flow monitor FLOW-MONITOR-1
record v4_r1
exit
!
ip cef
!

interface Ethernet0/0.1
ip address 172.16.6.2 255.255.255.0
ip flow monitor FLOW-MONITOR-1 input

A. The flow exporter is configured but is not used.

B. The flow monitor is applied in the wrong direction.
C. The flow monitor is applied to the wrong interface.
D. The destination of the flow exporter is not reachable.

Answer: A

Question 7

Given the network diagram, which address would successfully summarize only the networks
seen?

A. 192.168.0.0/24
B. 192.168.8.0/20
C. 192.168.8.0/21
D. 192.168.12.0/20
E. 192.168.16.0/21
F. These networks cannot be summarized.

Answer: C