IT Exam Questions and Solutions Library
Refer to the exhibit. An engineer is troubleshooting an issue using the debug ip packet command and notices that no time stamps are shown on R4 to establish the event time. Which configuration resolves this issue by showing time stamps regardless of the time zone in R4 logs? A. service timestamps log datetime localtime msec B. service timestamps debug datetime localtime msec C. service timestamps log datetime msec show-timezone D. service timestamps debug datetime msec show-timezone  Suggested Answer: D
How do devices operate in MPLS L3VPN topology? A. P routers provide connectivity between PE devices with MPLS switching. B. P and associated PE routers with IGP populate the VRF table in different VPNs. C. CE routers connect to the provider network and perform LSP functionality. D. P routers support PE to PE VPN tunnel without LSP functionality. Â Suggested Answer: A
Refer to the exhibit. The engineer is reviewing the logs on the DENVER router and notices that this error message repeats constantly: *Jun 12 13:42:03.399: %TCP-6-BADAUTH: No MD5 digest from 10.40.1.1(27174) to 10.40.1.2(179) tableid - 0 Which action resolves the issue? A. Configure OSPF link authentication on the router with IP address 10.40.1.1. B. Configure NTP authentication on the router with IP address 10.40.1.1. C. Configure BGP authentication on the router with IP address 10.40.1.2. D. Configure BGP authentication on the router with IP address 10.40.1.1. Â Suggested Answer: D
What are the two benefits of using BFD? (Choose two.) A. synchronous path determination B. subsecond failure detection C. supports ail routing protocols D. supports UDLD failure E. forwarding path failure detection  Suggested Answer: BE
Refer to the exhibit. An engineer must troubleshoot an issue affecting the communication from router R2 to the TACACS server. Which configuration resolves the issue? A. R1 (config)#tacacs-server packet maxsize 43974 B. R2(config)#tacacs server advrt -R2 (config-server-tacacs)#key xyz123 C. R2(config)#tacacs-server packet maxsize 43974 D. R1 (config)#tacacs server advrt -R1 (config-server-tacacs)#kty xyz123 Â Suggested Answer: B
Refer to the exhibit. An engineer configured SNMP in R1 to be able to save and upload configurations to the SNMP server but failed when they tried to backup R1 configuration on the server. Which configuration resolves the issue? A. snmp server tftp-server-list 66 B. copy running-config tftp://10.66.66.66/r1-confg C. snmp server tftp-server-list 20 D. copy running-config tftp://10.66.66.66/c: r1-confg  Suggested Answer: A
What are two features of BFD? (Choose two.) A. reliable B. replaces hello messages C. requires routing protocols D. scalable E. intensive on CPU for Layer 2 links  Suggested Answer: BD
What is the role of LDP in MPLS networks? A. It creates MPLS packet forwarding along with the IGP routes. B. It enables label binding information to exchange with peer LSRs. C. It disables label binding information to exchange with peer LSRs. D. It enables label binding that exchanges route descriptors. Â Suggested Answer: B
Which Layer 3 VPN attribute allows different customers to connect to the same MPLS network with overlapping IP ranges? A. RT B. RD C. VRF D. MP-BGP Â Suggested Answer: B
Refer to the exhibit. An engineer configured IP SLA to monitor a next hop on a router for reachability. When the next hop is unreachable, the router is executing tracking and falling over another route, but packet loss is experienced because the reachability is flapping. Which action resolves the issue? A. Increase the frequency of the sla probe to 60. B. Append delay up 60 down 60 to the track command. C. Append delay up 0 down 0vto the track command. D. Increase the timeout of the sla probe to 6000. Â Suggested Answer: B
Refer to the exhibit. The services at branch B are down. An engineer notices that router A and router B are not exchanging any routes. Which configuration resolves the issue on router B? A. B. C. D. Â Suggested Answer: D
What is the use of IPv6 snooping? A. captures IPv6 routing protocol packets to analyze B. requires an external IPv6 packet analyzer C. required for the operation of IPv6 RA Guard D. captures any type of user traffic to create a binding table  Suggested Answer: D
Refer to the exhibit. An engineer must troubleshoot a connectivity issue impacting the redistribution of the subnet 172.16.2.48/28 into the OSPF domain. Which configuration on router R1 advertises this subnet into the OSPF domain? A. R1(config)#route-map CCNP permit 10R1(config-route-map)#match tag 200R1(conflg-route-map)#exit -R1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP B. R1(config)#route-map CCNP deny 10R1(conflg-route-map)#match tag 200R1(config)#route-map CCNP permit 10R1(config)#router ospf 10 -R1(conflg-router)#redistrlbute eigrp 100 subnets route-map CCNP C. R1(config)#route-map CCNP permit 10R1(config-route-map)#match route-type internalR1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP D. R1(config)#route-map CCNP permit 10R1(config-route-map)#match route-type level-2R1(config)#router ospf 10 -R1(config-router)#redistribute eigrp 100 subnets route-map CCNP Â Suggested Answer: A
SIMULATION - Guidelines - This is a lab item in which tasks will be performed on virtual devices. • Refer to the Tasks tab to view the tasks for this lab item. • Refer to the Topology tab to access the device console(s) and perform the tasks. • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window. • All necessary preconfigurations have been applied. • Do not change the enable password or hostname for any device. • Save your configurations to NVRAM before moving to the next item. • Click Next at the bottom of the screen to submit this lab and move to the next question. • When Next is clicked, the lab closes and cannot be reopened. Topology - Tasks - Configure IPSec security policy on tunnel interfaces to ensure data confidentiality and integrity where mGRE tunnels are up and running between HUB and SPOKE routers. 1. Configure the ISAKMP policy parameters with the following attributes: • AES256 • SHA256 • Group2 • lifetime 86400 2. Ensure that GRE IP Header should be encrypted inside the IPSec packet. Verify IPSec security association and ISAKMP encrypted key. Use ISAKMP key "abc123". 3. Configure a flexible ISAKMP Policy on the HUB to add peers that have the dynamic IP addresses where SPOKES must add HUB IP static entry using an encrypted key. Use a single command to configure it. Use IPSec phase-2 transform-set name as T-SET and IPSec Profile name as ’IPSEC-PROFILE’.  Suggested Answer:
Which feature drops packets if the source address is not found in the snooping table? A. IPv6 Destination Guard B. IPv6 Source Guard C. Binding Table Recovery D. IPv6 Prefix Guard  Suggested Answer: B
Refer to the exhibit. An engineer must advertise LAN network 192.168.1.0 of router A to router B through OSPF. The engineer notices that router B was configured, but the LAN network of router A is not in the routing table of router B. Which configuration on router A resolves the problem? A. B. C. D. Â Suggested Answer: B
Refer to the exhibit. R1 is multihomed to ISP1 and ISP2. uRPF strict mode has been configured on both interfaces uplinked to the ISPs. Traffic destined to the Internet over ISP1 returns to R1 via ISP2 and is immediately dropped. Which configuration changes address this issue and allow return traffic from the other ISP? A. R1(config)#interface fastethernet 0/1R1(config-if)# ip verify unicast source reachable-via any B. R1(config)#interface fastethernet 0/1R1(config-if)# ip verify unicast source reachable-via any allow-default C. R1(config)#interface fastethernet 0/0R1(config-if)# no ip verify unicast source reachable-via any allow-default D. R1(config)#interface fastethernet 0/0R1 (config-if)# ip verify unicast source reachable-via rx  Suggested Answer: A
Refer to the exhibit. Routers R1 and R2 exchange routes to each other's loopback through OSPF. Telnet traffic must be blocked from R2 Lo0 to R1 Lo2. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: C
Refer to the exhibit. After an engineer configured a new Cisco router as a DHCP server, users reported two primary issues: • Devices in the HR subnet have intermittent connectivity problems. • Workstations in the LEGAL subnet cannot obtain IP addresses. Which configurations must the engineer apply to ROUTER_1 to restore connectivity for the affected devices? A. B. C. D.  Suggested Answer: D
Refer to the exhibit. The default route from R1 must be withdrawn from the routing table if R1 cannot ping 10.1.1.1, but it is not working correctly. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: A
What is the purpose of the DHCPv6 Guard? A. It messages between a DHCPv6 server and a DHCPv6 client (or relay agent). B. It allows DHCPv6 reply and advertisements from (rogue) DHCPv6 servers. C. It shows that clients of a DHCPv6 server are affected. D. It blocks DHCPv6 messages from relay agents to a DHCPv6 server. Â Suggested Answer: D
An engineer must configure encrypted packets for a single router OSPF neighborship. Which configuration meets this requirement? A. B. C. D. Â Suggested Answer: C
Refer to the exhibit. Customer B has decided not to receive any routes from R1 that originated outside the AS 100. Which AS path access list must the engineer choose to meet this requirement? A. ip as-path access-list 1 permit ^10[0-9]*$ B. ip as-path access-list 1 permit ^100$ C. ip as-path access-list 1 permit _100$ D. ip as-path access-list 1 permit _100_ Â Suggested Answer: C
Which IPv6 security feature blocks all traffic from an IPv6 host when initially connecting to a switch port except for traffic to gain an IPv6 address and discover IPv6 neighbors? A. IPv6 Source Guard B. IPv6 DHCP Guard C. IPv6 Destination Guard D. IPv6 RA Guard  Suggested Answer: A
Refer to the exhibit. An IPv6 ACL is applied to restrict PC1 from communicating with PC2 and allow all other traffic. Which configuration resolves the issue? A. R3(config-ipv6-acl)#no sequence 20R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B host 2001:DB8:A:A::19 sequence 10 B. R3(ccnfig-ipv6-acl)#no sequence 30R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B host 2001:DB8:A:A::19 sequence 10 C. R3(config-lpv6-acl)#no sequence 20R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B any sequence 10 D. R3(config-ipv6-acl)#no sequence 30R3(config-ipv6-acl)#deny ipv6 host 2001:DB8:0:10::3B any sequence 10 Â Suggested Answer: B
Which control plane process allows the MPLS forwarding state to recover when a secondary RP takes over from a failed primary RP? A. LDP uses SSO to recover from disruption in control plane service. B. MP-BGP uses control plane services for label prefix bindings in the MPLS forwarding table. C. FEC uses a control plane service to distribute information between primary and secondary processors. D. LSP uses NSF to recover from disruption in control plane service. Â Suggested Answer: A
Refer to the exhibit. An engineer recently modified the configuration for area 3 to accept only type 1, 2, and 3 LSAs. Immediately after the changes, users connected to router R6 began to report connectivity issues. Which configuration restores connectivity to R6 and meets the requirement? A. B. C. D. Â Suggested Answer: B
Refer to the exhibit. Jitter on the link between R101 and R201 was tested for voice traffic over port 16384 without the control communication on port 1967. Which command enables R201 to receive RTT for the configured IP SLA? A. ip sla responder tcp-connect port 1967 B. ip sla responder udp-echo ipaddress 2.2.2.2 port 16384 C. ip sla responder udp-echo ipaddress 1.1.1.1 port 16384 D. ip sla responder auto-register 1.1.1.1 Â Suggested Answer: C
SIMULATION - Guidelines - This is a lab item in which tasks will be performed on virtual devices. • Refer to the Tasks tab to view the tasks for this lab item. • Refer to the Topology tab to access the device console(s) and perform the tasks. • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window. • All necessary preconfigurations have been applied. • Do not change the enable password or hostname for any device. • Save your configurations to NVRAM before moving to the next item. • Click Next at the bottom of the screen to submit this lab and move to the next question. • When Next is clicked, the lab closes and cannot be reopened. Topology - Tasks - Configure HUB and SPOKE routers according to the topology to achieve these goals: 1. Configure mGRE neighborship by using physical interface IP addresses to provide end-to-end reachability. Verify all router’s tunnel interfaces accordingly. 2. Configure NHRP on HUB router as multipoint dynamic IP to NBMA mapping. SPOKE1 and SPOKE2 routers should be configured by using static NHS and multicast mapping for HUB. Use network-id 10 for NHRP. Verify NHRP neighborship between routers and verify results using ping from PC1 to PC2 and PC3 accordingly.  Suggested Answer:
Which tag is used by the PE router to forward the packet to the correct customer? A. RD B. extended-community C. RT D. VNI Â Suggested Answer: A
Refer to the exhibit. The engineer configured route redistribution in the network but soon received reports that R2 cannot access 192.168.7.0/24 and 192.168.15.0/24 subnets. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: B
Which routing protocol is used by the PE router to advertise routes to a CE router without redistribution or static after removing the RD tag from the P router? A. OSPF B. BGP IPv4 C. IS-IS D. MP-BGP Â Suggested Answer: B
Refer to the exhibit. The default route is not advertised to the neighboring router. Which action resolves the issue? A. Configure the default-information originate command under OSPF B. Configure OSPF on the Dialer0 interface. C. Configure the redistribute static metric 200 subnets command under OSPF. D. Configure the network 0.0.0.0 255.255.255.255 area 0 command under OSPF Â Suggested Answer: A
Refer to the exhibit. An engineer must ensure that R3 sees only type 1 and 2 LSAs in area 1. Which command must the engineer apply on R2? A. area 1 nssa no-summary B. area 1 stub C. area 1 stub nssa D. area 1 stub no-summary  Suggested Answer: D
Users report web connectivity problems on the server (10.1.1.10). Which IP SLA configuration captures the failure details through the network to resolve the issue? A. B. C. D. Â Suggested Answer: B
DRAG DROP - Drag and drop the terminology from the left onto the corresponding definitions on the right. Â Suggested Answer:
Refer to the exhibit. An engineer configures router A to mark all inside to outside traffic from network 192.168.1.0. except from host 192.168.1.1. with critical IP precedence. The policy did not work as expected. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: B
Which two label distribution methods are used by routers in MPLS? (Choose two.) A. LDP discovery hello message B. LDP session protection message C. downstream unsolicited D. downstream on demand E. targeted hello message  Suggested Answer: CD
Refer to the exhibit. HostA and HostB cannot receive IP addresses from the DHCP server. The switches are configured with the DHCP snooping. Which configuration on SW3 resolves the issue? A. ip dhcp relay information option-insert B. no ip dhcp snooping information option C. ip dhcp server use subscriber-id client-id D. ip helper-address 1.0.0.2 Â Suggested Answer: D
What is a MPLS PHP label operation? A. Downstream node signals to remove the label. B. It uses implicit-NULL for traffic congestion from source to destination forwarding. C. PE removes the outer label before sending to the P router. D. It improves P router performance by not performing multiple label lookup. Â Suggested Answer: A
Refer to the exhibit. EIGRP adjacency between router A and router C is not working as expected. Which two configurations resolve the issue? (Choose two.) A. B. C. D. E. Â Suggested Answer: CD
Refer to the exhibit. Branch 2 hosts cannot receive dynamic IP addresses. Which action resolves the issue? A. Configure the ip helper command on the Layer 2 switch SW2 interfaces. B. Configure the ip helper command on the Interface GigabltEthernet 0/0 of the DHCP router. C. Configure the ip helper command on the Interface GigabltEthernet 0/2 of the DHCP router. D. Configure the ip helper command on the interface GigabltEthernet 0/2 of the R2 router. Â Suggested Answer: D
Which feature filters the IPv6 traffic on Layer 2 untrusted ports? A. IPv6 Source Guard B. Binding Table Recovery C. IPv6 RA Guard D. DHCPv6 Guard  Suggested Answer: A
Refer to the exhibit. A network engineer configured routers R1 and R2 with MP-BGP. The engineer noticed that the routers cannot exchange any IPv6 routes; however, the IPv4 neighbor relationship is working fine. Which configuration must the engineer apply to router R2 to exchange IPv6 routes? A. ipv6 unicast-routingipv6 cef!interface Loopback100ipv6 address 2001:DB8:128::2/128!interface GigabitEthernet1/0ipv6 address 2001:DB8:1::2/64!router bgp 65002no bgp default ipv4-unicastneighbor 2001:DB8:1::1 remote-as 65001!address-family ipv4network 2001:DB8:128::2/128 B. ipv6 unicast-routingipv6 cef!interface Loopback100ipv6 address 2001:DB8:128::2/128!interface GigabitEthernet1/0ipv6 address 2001:DB8:1::2/64!router bgp 65002no bgp default ipv4-unicastneighbor 2001:DB8:1::1 remote-as 65001!address-family ipv6network 2001:DB8:128::2/128 C. ipv6 unicast-routingipv6 cef!interface Loopback100ipv6 address 2001:DB8:128::2/128!interface GigabitEthernet1/0ipv6 address 2001:DB8:1::2/64description AS65001 ID B468^AD03G907::1!router bgp 65002no bgp default ipv4-unicastneighbor 2001:DB8:1::1 remote-as 65001!address-family ipv6network 2001:DB8:128::2/128neighbor 2001:DB8:1::1 activate D. ipv6 cef!interface Loopback100ipv6 address 2001:DB8:128::2/128!interface GigabitEthernet1/0ipv6 address 2001:DB8:1::2/64!router bgp 65002no bgp default ipv4-unicastneighbor 2001:DB8:1::1 remote-as 65001!address-family ipv6network 2001:DB8:128::2/128neighbor 2001:DB8:1::1 activate  Suggested Answer: C
Refer to the exhibit. Which configuration command establishes an EIGRP neighbor adjacency between the hub and spoke? A. network 10.1.2.192 command on spoke router B. network 10.1.2.192 command on hub router C. eigrp-peer 10.1.2.192 command on hub router D. connected 10.1.2.192 command on spoke router  Suggested Answer: B
What is the failure detection time with BFD? A. 3 seconds B. less than a second C. 2 seconds D. 1 second  Suggested Answer: B
Refer to the exhibit. A network administrator is trying to switch to the privileged EXEC level on R1 but failed. Which configuration resolves the issue? A. enable password Cisco@123 B. tacacs-server enable-password Cisco@123 C. tacacs server enable-password Cisco@123 D. enable-password Cisco@123 Â Suggested Answer: A
Refer to the exhibit. The R1 OSPF neighbor is not receiving type 5 external LSAs for 132.108.2.0/24 and 132.108.3.0/24 networks. Which configuration command resolves the issue? A. access-list 1 permit 132.108.0.0 0.0.3.255 B. access-list 1 permit 132.108.0.0 0.0.1.255 C. access-list 1 permit 132.108.4.0 0.0.3.255 D. access-list 1 permit 132.108.2.0 0.0.0.255 Â Suggested Answer: C
Which two technologies optimize MPLS infrastructure using bandwidth protection services when experiencing slow response? (Choose two.) A. IP LFA B. MPLS OAM C. Fast-Reroute D. VPLS E. SD-MPLS Â Suggested Answer: AC
What is the function of penultimate hop popping? A. The last P router in the path pops off the transport label before traffic is forwarded toward the PE. B. The VPN label is popped off at the egress LSR, and unlabeled traffic is forwarded toward the CE. C. The transport label is popped off at the egress LSR, and unlabeled traffic is forwarded toward the CE. D. The second to last P router in the path pops off the VPN label before traffic is forwarded to the last P router. Â Suggested Answer: A
Refer to the exhibit. Spoke routers do not learn about each other's routes in the DMVPN Phase2 network. Which action resolves the issue? A. Disable EIGRP split horizon on the Tunnel0 interface of the hub router. B. Rectify incorrect wildcard mask configured on the hub router network command. C. Configure a static route in each spoke to establish a spoke-to-spoke tunnel. D. Remove default route from spoke routers to establish a spoke-to-spoke tunnel. Â Suggested Answer: A
What is a characteristic of an MPLS LSP tunnel? A. bidirectional tunnel B. secured bidirectional tunnel C. hop-by-hop tunnel D. unidirectional tunnel  Suggested Answer: D
Which two reasons would cause an LSP to break between two PE routers? (Choose two.) A. lost LDP adjacency B. matching labels C. prefix mismatch D. IGP hello adjacency E. MPLS not enabled  Suggested Answer: AC
Refer to the exhibit. The security department recently installed a monitoring device between routers R3 and R5, which caused a loss of network connectivity for users connected to R5. Troubleshooting revealed that the monitoring device cannot forward multicast packets. The team already updated R5 with the correct configuration. Which configuration must be implemented on R3 to resolve the problem by ensuring R3 as the DR for the R3-R5 segment? A. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 100!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 89 host 10.99.53.2 host 10.99.53.1access-list 122 deny 89 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any B. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 0!router ospf 10router-id 10.10.3.255neighbor 10.99.53.2!access-list 122 permit 88 host 10.99.53.2 host 10.99.53.1access-list 122 deny 88 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any C. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network non-broadcastip ospf priority 0!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 89 host 10.99.53.2 host 10.99.53.1access-list 122 deny 89 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any D. interface FastEthernet0/0ip address 10.99.53.1 255.255.255.252ip access-group 122 inip ospf network point-to-pointip ospf priority 0!router ospf 10router-id 10.10.3.255network 10.99.53.0 0.0.0.3 area 0neighbor 10.99.53.2!access-list 122 permit 88 host 10.99.53.2 host 10.99.53.1access-list 122 deny 88 any anyaccess-list 122 permit tcp any anyaccess-list 122 permit udp any anyaccess-list 122 permit icmp any any  Suggested Answer: A
Which protocol must be secured with MD-5 authentication across the MPLS cloud to prevent hackers from introducing bogus routers? A. RSVP B. LSP C. LDP D. MP-BGP Â Suggested Answer: C
SIMULATION - Guidelines - This is a lab item in which tasks will be performed on virtual devices. • Refer to the Tasks tab to view the tasks for this lab item. • Refer to the Topology tab to access the device console(s) and perform the tasks. • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window. • All necessary preconfigurations have been applied. • Do not change the enable password or hostname for any device. • Save your configurations to NVRAM before moving to the next item. • Click Next at the bottom of the screen to submit this lab and move to the next question. • When Next is clicked, the lab closes and cannot be reopened. Topology - Tasks - Troubleshoot and resolve the issues to achieve these goals: 1. Ensure that R1 reaches the prefix 10.6.66.6 without any single point of failure in the path. Do not use a static route or policy-based routing to accomplish this. 2. Ensure that R1 loopback 1 reaches to R6’s loopback 1 by following the path through R1, R3, R5 to R6 and vice versa. Use metric values K1 = 100000, K2=1, K3=255, K4=10, K5=1500 to modify the default metric in EIGRP if required. Do not use a route-map. 3. Ensure that on R3, prefix 10.0.56.6/32 uses the SP1 to route to the Internet, whereas prefix 172.16.12.2/32 uses the SP2 to route to the Internet. Do not use BGP to accomplish this. Use the pre-configured route-maps SP1 and SP2 and modify to accomplish the task if required. Use the ping and trace commands from R6 and R2 to prefixes 209.165.202.132 and 209.165.202.128, respectively to verify the results.  Suggested Answer:
Refer to the exhibit. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: B
Refer to the exhibit. Which configuration resolves the route filtering issue on R1 to redistribute all the routes except 172.16.2.48/28? A. B. C. D. Â Suggested Answer: B
Refer to the exhibit. An engineer troubleshoots a connectivity problem that is impacting the communication from the users at segment 172.16.3.16 /28 to the server farm at 192.168.5.16/ 28. Which configuration resolves the issue on router R1? A. router ripredistribute ospf 1 metric 16 B. router ospf 1redistribute rip metric 14 C. router ripredistribute ospf 1 metric 14 D. router ospf 1redistribute rip metric 16 Â Suggested Answer: C
SIMULATION - Guidelines - This is a lab item in which tasks will be performed on virtual devices. • Refer to the Tasks tab to view the tasks for this lab item. • Refer to the Topology tab to access the device console(s) and perform the tasks. • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window. • All necessary preconfigurations have been applied. • Do not change the enable password or hostname for any device. • Save your configurations to NVRAM before moving to the next item. • Click Next at the bottom of the screen to submit this lab and move to the next question. • When Next is clicked, the lab closes and cannot be reopened. Topology - Tasks - Troubleshoot R-WEST to achieve the desired results: 1. All the commands should be locally saved to the router as well as sent to the Syslog server except passwords. 2. All the Cisco OSPF LSA traps should be sent to the SNMP server.  Suggested Answer:
Refer to the exhibit. Router R1 (head office) is not always preferred for all users to access hosting services R1 should be primary, and the DR site should only be used if router R1 or its uplink fails. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: A
Refer to the exhibit. A network administrator configured NetFlow data but the data is not visible at the NetFlow collector. Which configuration allows the router to send the records? A. Configure a different interface to send the records. B. Configure the management interface in the global routing table to send the records. C. Configure the NetFlow collector to listen at export-protocol netflow-v5. D. Rectify NetFlow collector reachability from the management interface. Â Suggested Answer: A
Refer to the exhibit. An engineer is troubleshooting a routing loop on the network to reach the 172.16 3.0/16 from the OSPF domain. Which configuration on router R1 resolves the issue? A. B. C. D. Â Suggested Answer: A
Refer to the exhibit. The 130.130.130.0/24 route shows in the R2 routing table but is getting filtering toward R3. Which action resolves the issue? A. Automatic route summarization must be enabled on R2. B. The outgoing filter list for all interfaces must be set on R2. C. The incoming filter list for all interfaces must be set on R2. D. IGP synchronization must be disabled on R2. Â Suggested Answer: A
How are LDP neighbors discovered? A. Broadcasts hellos are sent to the 255.255.255.255 broadcast address. B. Multicast hellos are sent to the 224.0.0.2 group address. C. Unicast hellos are sent to directly connected neighbors IP addresses. D. Multicast hellos are sent to the 224.0.0.5 group address. Â Suggested Answer: B
Refer to the exhibit. Router R4 is configured correctly with default OSPF values. A network engineer configured R7 for OSPF. R7 must not be elected as a DR for the segment between R4-R7. The adjacency between R4 and R7 failed to form. Which configuration resolves the issue? A. B. C. D. Â Suggested Answer: C
Refer to the exhibit. While troubleshooting an issue on the network, an engineer notices that a TCP Connect operation failed on port 3000 between R101 and R201. Which command must be configured on R201 to respond to the R101 IP SLA configurations with a control connection on UDP port 1967? A. ip sla responder tcp-connect ipaddress 2.2.2.2 port 3001 B. ip sla responder C. ip sla responder tcp-connect ipaddress 1.1.1.1 port 3000 D. ip sla responder udp-echo ipaddress 1.1.1.1 port 1967 Â Suggested Answer: C
Refer to the exhibit. Which configuration is required for R2 to get the IP address from the DHCP server. A. ip access-list extended R2WANpermit tcp any any eq 68 B. ip access-list extended R2WANpermit udp any any eq 67 C. interface GigabitEthernet0/0ip access-group R2WAN out D. ip access-list extended R2WANpermit udp any any eq 68 Â Suggested Answer: B
What are the two major components of an MPLS-based VPN? (Choose two.) A. VPN route distinguisher B. MP-BGP peering of VPN community CE devices C. MP-BGP peering of VPN community P devices D. MP-BGP peering of VPN community PE devices E. VPN route target communities F. VPN route reflectors  Suggested Answer: AE
Refer to the exhibit. The authentication is not working as desired and the user drops into user-exec mode. Which configuration resolves the issue? A. aaa new-modelaaa authentication common-id default localaaa authorization exec default local!line vty 0 4login authentication defaultauthorization exec default B. aaa new-modelaaa authentication login default localaaa authorization priv default 15!line vty 0 4login authentication defaultauthorization exec priv15 C. aaa new-modelaaa authentication login localaaa authorization exec local!line vty 0 4login authentication localauthorization exec default D. aaa new-modelaaa authentication login default localaaa authorization exec default local!line vty 0 4login authentication defaultauthorization exec default  Suggested Answer: A
Refer to the exhibit. An engineer is investigating an OSPF issue reported by the Cisco DNA Assurance Center. Which action resolves the issue? A. One of the interfaces is using the wrong MTU. Match interface MTU on both links. B. One of the interfaces is using the wrong authentication. Match interface authentication on both links. C. One of the neighbor links is down. Bring the interface up by running shut and no shut. D. An ACL entry blocking multicast on the interfaces. Allow multicast through the interface ACL. Â Suggested Answer: A
Which router translates the customer routing information into VPNv4 routes to exchange VPNv4 routes with other devices through MP-BGP? A. VPNv4 RR B. P C. CE D. PE Â Suggested Answer: D
An engineer received a ticket about a router that has reloaded. The monitoring system graphs show different traffic patterns between logical and physical interfaces when the router is rebooted. Which action resolves the issue? A. Configure the snmp ifindex persist command on the physical interfaces. B. Clear the logical interfaces with snmp ifindex clear command. C. Trigger a new snmpwalk from the monitoring system to synchronize interface OIDs. D. Configure the snmp ifindex persist command globally. Â Suggested Answer: D
Refer to the exhibit. After the network administrator rebuilds the IPv6 DHCP server, clients are not getting the IPv6 address lease. Which action resolves the issue? A. Add ipv6 dhcp server MY_POOL under the interface ethernet 0/0 on H1. B. Remove FE80::A8BB:CCFF:FE00:5000 assigned by the IPv6 DHCP server. C. Configure FF02::1:2 to discover all IPv6 DHCP clients. D. Add ipv6 dhcp server MY_POOL under the interface ethernet 0/0 on R1. Â Suggested Answer: D
Refer to the exhibit. The SNMP server with IP address 172.16.4.4 cannot access host router A. Which configuration command on router A resolves the issue? A. access-list 4 permit 172.16.4.0 0.0.0.3 B. access-list 4 permit host 172.16.4.4 C. snmp-server host 172.16.4.4 ccnp D. snmp-server community ccnp  Suggested Answer: A
What must a network architect consider for RTs when planning for a single customer full-mesh VPN in an MPLS Layer 3 network? A. Each RT value must be identical to an RD value within the same VPN. B. RT must be globally identical within the same VPN. C. RT values must be different from the RD values in the same VPN. D. RT must be globally unique within the same VPN. Â Suggested Answer: B
Refer to the exhibit. In Cisco DNA Center, a network engineer identifies that BGP-learned networks are repeatedly withdrawn from peers. Which configuration must the engineer apply to resolve the issue? A. router bgp 100bgp dampening B. router bgp 100bgp graceful-restart C. route-map Dampening permit 10set dampening 15 750 2000 60router bgp 100neighbor 10.140.212.5 route-map Dampening out D. route-map Dampening permit 10set dampening 15 750 2000 60router bgp 100neighbor 10.140.212.5 route-map Dampening in  Suggested Answer: D
Refer to the exhibit. Which configuration allows the operation level 1 team of 10 engineers to log in at least three at a time to router R3 using network credentials over HTTP? A. R3(config)#ip http authentication enableR3(config)#no access-list 20 permit 172.16.10.48 0.0.0.15R3(config)#access-list 20 permit 172.16.10.48 0.0.0.7 B. R3(config)#ip http max-connections 3R3(config)#ip http accounting commands 3 default C. R3(config)#ip http authentication aaaR3(config)#ip http max-connections 3 D. R3(config)#ip http authentication aaaR3(config)#no access-list 20 permit 172.16.10.48 0.0.0.15R3(config)#access-list 20 permit 172.16.10.48 0.0.0.7 Â Suggested Answer: A
Which router takes an active role between two LDP neighbors when initiating LDP session negotiation and LDP TCP connection establishment? A. with one interface in the MPLS backbone B. with the higher IP address C. with the lowest IP address D. with the larger number of LDP TCP neighbors  Suggested Answer: B
Refer to the exhibit. An enterprise operations team must monitor all application server traffic in the data center. The team finds that traffic coming from the hub site from R3 and R6 is monitored successfully, but traffic destined to the application server is not monitored. Which action resolves the issue? A. R4(config)#int gigabitEthernet 1/0R4(config-if)#ip flow ingress B. R3(config)#int gigabitEthernet 0/0R3(config-if)#ip flow egress C. R4(config)#int gigabitEthernet 2/0R4(config-if)#ip flow egress D. R1(config)#int gigabitEthernet 0/0R1(config-if)#ip flow egress  Suggested Answer: C
Which router attaches the VPN label to incoming packets from CE routing? A. P router B. PE router C. CE router D. core router  Suggested Answer: B
Refer to the exhibit. Which action adds the 10.1.7.6/32 route to the BGP table? A. Add a static route for the 10.1.7.6/32 network. B. Add summary-address 10.1.7.6 255.255.255.0. C. Add the network 10.1.7.6 mask 255.255.255.255 backdoor command. D. Add the network 10.1.7.6 mask 255.255.255.255 command. Â Suggested Answer: D
A network engineer must configure an EIGRP stub router at a site that advertises only connected and summary routes. Which configuration performs this task? A. router eigrp 100eigrp stub redistribute B. router eigrp 100eigrp stub C. router eigrp 100eigrp stub connected D. router eigrp 100eigrp stub summary  Suggested Answer: B
Drag and drop the OSPF adjacency states from the left onto the correct descriptions on the right. Select and Place: Correct Answer:
Drag and drop the actions from the left into the correct order on the right to configure a policy to avoid following packet forwarding based on the normal routing path. Select and Place: Correct Answer:
Drag and drop the MPLS terms from the left onto the correct definitions on the right. Select and Place: Correct Answer:
Drag and drop the LDP features from the left onto the descriptions on the right. Select and Place: Correct Answer:
Drag and drop the operations from the left onto the locations where the operations are performed on the right. Select and Place: Correct Answer:
Drag and drop the MPLS VPN device types from the left onto the definitions on the right. Select and Place: Correct Answer:
Drag and drop the packet types from the left onto the correct descriptions on the right. Select and Place: Correct Answer:
Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right. Select and Place: Correct Answer:
Refer to the exhibit. Drag and drop the credentials from the left onto the remote login information on the right to resolve a failed login attempt to vtys. Not all credentials are used. Select and Place: Correct Answer:
Drag and drop the IPv6 first hop security device roles from the left onto the corresponding descriptions on the right. Select and Place: Correct Answer: x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX- OS_Security_configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_configuration_Guide_7x_chapter_011011.pdf
Drag and drop the DHCP messages from the left onto the correct uses on the right. Select and Place: Correct Answer:
Drag and drop the SNMP attributes in Cisco IOS devices from the left onto the correct SNMPv2c or SNMPv3 categories on the right. Select and Place: Correct Answer:
Drag and drop the MPLS concepts from the left onto the descriptions on the right. Select and Place: Correct Answer:
Drag and drop the MPLS VPN concepts from the left onto the correct descriptions on the right. Select and Place: Correct Answer:
Arrange the below as per the recommended steps: Select and Place: Correct Answer:
The steps for configuring BGP on Cisco IOS Router: Select and Place: Correct Answer:
You are logged in to the DNA Center Client Health Dashboard. Under the client health, you see some color-coded fields that reflects the health status of the client devices. Drag the health scores on the left to their respective colors in the right. Select and Place: Correct Answer:
Drag and drop the ICMPv6 neighbor discovery messages from the left onto the correct packet types on the right. Select and Place: Correct Answer:
Drag and drop the descriptions from the left onto the corresponding MPLS components on the right. Select and Place: Correct Answer:
Drag and drop the IPv6 First-Hop Security features from the left onto the definitions on the right. Select and Place: Correct Answer:
Refer to the exhibit. R3 is learning the 1.0.0.0/24 route through OSPF instead of EIGRP. Which action causes R3 to choose EIGRP to reach the 1.0.0.0/24 network? A. configure EIGRP administrative distance to 120. B. configure EIGRP administrative distance to 110. C. configure OSPF administrative distance to 120. D. configure OSPF administrative distance to 200. Correct Answer: D
Refer to the exhibit. A network engineer cannot remote access R3 using Telnet from switch S1. Which action resolves the issue? A. Allow to use the ssh -| admin 10.0.0.1 command on the switch. B. Add the login admin command on the switch. C. Add the transport input telnet command on R3. D. Allow the inbound connection via the exec command on R3. Correct Answer: D
Refer to the exhibit. The client received the IPv6 address from the IPv6 DHCP server but the show command does not show the IPv6 DHCP bindings on the server. Which action resolves the issue? A. Extend the DHCP lease time because R1 removed the IPv6 address earlier after the lease expired. B. configure H1 as the DHCP client that manually assigns the IPv6 address on interface e0/0. C. configure authorized DHCP servers to avoid IPv6 addresses from a rogue DHCP server. D. Use the 2001:DBB:BAD:CODE::/64 prefix for the DHCP pool on R1. Correct Answer: D
Refer to the exhibit. It was noticed that after NetFlow is configured in the router, the collector stopped receiving flow information. Which action resolves the issue? A. Apply the ip flow egress command to the loopback2 interface. B. Modify the source through the ip flow-export source loopback1 command. C. configure an IP address on the loopback2 interface to use as a source. D. Change the IP address of the loopback 2 interface to a public IP address. Correct Answer: D
What is LDP used for in an LSR? A. to allow for a system-wide exchange of labels across MPLS network B. to create a label across the PE routers for end-to-end path assignment C. to communicate the routes known for a specific interface D. to create a database of label bindings that allow for hop-by-hop forwarding D Correct Answer:
What are the two goals of micro BFD sessions? (Choose two.) A. The high bandwidth member link of a link aggregation group must run BF B. Any member link on a link aggregation group must run BF C. Continuity for each member link of a link aggregation group must be verified. D. Run the BFD session with 3x3 ms hello timer. E. Each member link of a link aggregation group must run BF F. Correct Answer: CE
Refer to the exhibit. R1 should receive 10.16.2.0/24 from R2. Which action resolves the issue? A. Add prefix-list seq 1 on R1 to permit 10.16.0.0/22. B. Add prefix-list seq 1 on R1 to permit 10.16.2.0/24. C. Modify prefix-list seq 5 on R2 to permit 10.16.0.0/22. D. Modify prefix-list seq 5 on R2 to permit 10.16.0.0/23. Correct Answer: C
Which characteristic is representative of a hub-and-spoke topology between PE routers in a Layer 3 MPLS VPN network? A. The PE routers use different RDs for each VRF to import and export M-BGP prefixes. B. Each PE router uses a different RD to identify all branches. C. The PE routers use different RTs to import and export M-BGP prefixes. D. The PE routers are configured with multiple VRFs for all branches. Correct Answer: C
Refer to the exhibit. The primary link between R1 and R2 went down, but R3 is still advertising the 192.168.200.0/24 network to R1 and the 192.168.100.0/24 network to R2, which creates a loop. Which action resolves the issue? A. configure the eigrp stub command under the EIGRP process on R2. B. configure the summary-address 192.168.0.0 255.255.0.0 100 command on R3. C. configure the eigrp stub command under the EIGRP process on R3. D. configure the eigrp stub leak-map command under the EIGRP process on R1. Correct Answer: C
How does MPLS Layer 3 VPN function? A. When an EIGRP internal route is redistributed into BGP by one PE and then back into EIGRP by another PE, the originating router ID for the route is changed to the router ID of the first P B. When a destination PE device receives a labeled packet, it pops the label and uses it to forward the packet to the correct CE device. C. When a PE device forwards a packet received from a CE device across the provider network, it labels the packet with the label learned from the source PE device. D. When a VPN route is learned from a CE device and injected into IGP, a VPN route distinguisher attribute is associated with it. Correct Answer: B
What action is performed for untagged outgoing labels in an MPLS router? A. Convert the incoming MPLS packet to an untagged packet and then do a RIB lookup. B. Convert the incoming MPLS packet to an untagged packet and then do a FIB lookup. C. Convert the incoming MPLS packet to an IP packet and forward it to the next router. D. Convert the untagged packet to a labeled packet and forward it to the next router. Correct Answer: C
An engineer configured a router with this configuration: The router console starts receiving log message "%SEC-6-IPACCESSLOGP: list DENY_TELNET denied tcp192.168.1.10(10222) (FastEthernet1/0 D508.89gb.003f) ->192.168.2.20(23), 1 packet". Which action stops messages on the console while still denying Telnet? A. Remove log-input keyword from the access list. B. configure a 20 permit ip any any log-input command. C. configure a 20 permit ip any any command. D. Replace log-input keyword with the log keyword in the access list. Correct Answer: A
Refer to the exhibit. R1 is not forming adjacency on a point-to-point interface. Which action resolves the issue? A. The area numbers must be configured the same on each router. B. The area types must be configured the same on each router. C. The no-summary command must be included in the area configuration on R2. D. The no-summary command must be included in the area configuration on R1. Correct Answer: B
Refer to the exhibit. The 130.130.130.0/24 route shows in the R2 routing table but is getting filtering toward R3. Which action resolves the issue? A. Automatic route summarization must be enabled on R2. B. The outgoing filter list for all interfaces must be set on R2. C. The incoming filter list for all interfaces must be set on R2. D. IGP synchronization must be disabled on R2. Correct Answer: A
How are LDP neighbors discovered? A. Broadcasts hellos are sent to the 255.255.255.255 broadcast address. B. Multicast hellos are sent to the 224.0.0.2 group address. C. Unicast hellos are sent to directly connected neighbors IP addresses. D. Multicast hellos are sent to the 224.0.0.5 group address. Correct Answer: B
Refer to the exhibit. Router R4 is configured correctly with default OSPF values. A network engineer configured R7 for OSP A. R7 must not be elected as a DR for the segment between R4-R7. The adjacency between R4 and R7 failed to form. Which configuration resolves the issue? B. C. D. E. C Correct Answer:
Refer to the exhibit. While troubleshooting an issue on the network, an engineer notices that a TCP Connect operation failed on port 3000 between R101 and R201. Which command must be configured on R201 to respond to the R101 IP SLA configurations with a control connection on UDP port 1967? A. ip sla responder tcp-connect ipaddress 2.2.2.2 port 3001 B. ip sla responder C. ip sla responder tcp-connect ipaddress 1.1.1.1 port 3000 D. ip sla responder udp-echo ipaddress 1.1.1.1 port 1967 Correct Answer: C
Refer to the exhibit. Which configuration is required for R2 to get the IP address from the DHCP server. A. ip access-list extended R2WAN permit tcp any any eq 68 B. ip access-list extended R2WAN permit udp any any eq 67 C. interface GigabitEthernet0/0 ip access-group R2WAN out D. ip access-list extended R2WAN permit udp any any eq 68 Correct Answer: B
What are the two major components of an MPLS-based VPN? (Choose two.) A. VPN route distinguisher B. MP-BGP peering of VPN community CE devices C. MP-BGP peering of VPN community P devices D. MP-BGP peering of VPN community PE devices E. VPN route target communities F. VPN route reflectors Correct Answer: AE
Which Layer 3 VPN attribute installs customer routes in the VRF? A. RD B. RT C. extended-community D. MPLS label Correct Answer: B
Refer to the exhibit. Which action restores OSPF adjacency between R1 and R2? A. Change the IP MTU of R2 Fa0/0 to 1300. B. Change the IP MTU of R1 Fa1/0 to 1500. C. Change the IP MTU of R2 Fa0/0 to 1500. D. Change the IP MTU of R1 Fa1/0 to 1300. Correct Answer: C
Refer to the exhibit. Which action resolves the IP SLA for the UDP jitter problem between R4 and R3 Ethernet 0/1 IP addresses? A. Delete and configure the ip sla 6500 command with R3 e0/1 IP address. B. configure the ip sla 6500 command with R3 e0/1 IP address. C. configure the ip sla responder command with R4 E0/1 IP address. D. Delete and configure the ip sla responder command with R4 E0/1 IP address. Correct Answer: A
Refer to the exhibit. An engineer configured user login based on authentication database on the router, but no one can log into the router. Which configuration resolves the issue? A. aaa authentication login default local B. aaa authorization network default local C. aaa authentication login default enable D. aaa authorization exec default local Correct Answer: A
Refer to the exhibit. Which action allows the engineer to successfully copy running-config to the TFTP server? A. Add a route in the switch to the TFTP server. B. Add the TFTP server configuration in the switch. C. Use TFTP server IP address 10.0.1.1. D. Use file name Switch-confg.txt. Correct Answer: C
Refer to the exhibit. UserPC receives the IP address but does not register to the call manager. Which command in ip dhcp pool VLAN200_USER_VOICE resolves the issue? A. option 150 ip 10.221.10.10 B. option 15 ip 10.221.10.10 C. option 160 ip 10.221.10.10 D. option 117 ip 10.221.10.10 Correct Answer: A
Refer to the exhibit. The router is redistributing a prefix 172.16.10.0/24 that should have been ltered. Which action resolves the issue? A. Add the route in access-list 10. B. Match the tag 666 for the route in the route map. C. Remove route-map sequence 20. D. Permit the route in route-map sequence 20. Correct Answer:
Refer to the exhibit. SW101 could not transfer its startup configuration to a TFTP server. No ACL is configured on the switch, and it can successfully ping the host. Which action resolves the issue? A. Open UDP port 69 on the TFTP server. B. Open UDP port 179 on the TFTP server. C. configure a FW in the middle to allow bidirectional communication for TFTP. D. Start the TFTP server on the host. Correct Answer: D
Refer to the exhibit. A network engineer configured routers R1 and R2 with MP-BGP. The engineer noticed that the routers cannot exchange any IPv6 routes; however, the IPv4 neighbor relationship is working ne. Which configuration must the engineer apply to router R2 to exchange IPv6 routes? A. B. C. D. B Correct Answer:
What is an advantage of MPLS Layer 3 VPN deployment? A. Planning and modifications are required for the customer intranet before migrating to Layer 3 VPN. B. Scalable VPNs are created using connection-oriented, point-to-point, or multipoint overlay connections. C. QoS provides performance with policy and support for a best-effort service level in an MPLS VPN. D. Security is provided at the edge of the provider network through encryption. Correct Answer: A
Refer to the exhibit. traffic from R3 to the central site does not use alternate paths when R3 cannot reach 10.10.10.2. traffic on R3 destined to R4 takes an alternate route via 10.10.10.6 when 10.10.10.4 is not accessible from R3. Which configuration switches traffic destined to 10.10.10.2 from R3 on the alternate path? A. R3(config)#ip route 192.168.10.1 255.255.255.255 10.10.10.2 track 20 B. R6(config)#ip route 10.10.10.3 255.255.255.255 10.0.0.30 C. R3(config)#track 20 ip sla 20 reachability D. R2(config)#ip route 10.10.10.3 255.255.255.255 10.0.0.6 Correct Answer: A
A newly installed router starts establishing an LDP session from another MPLS router to which it is not directly connected. Which LDP message type responds by target router to the initiating router using UDP protocol? A. notification message B. session message C. advertisement message D. extended discovery message Correct Answer: D
Refer to the exhibit. Router R2 VLAN 10 users cannot get dynamic IP addresses from R1. Which action resolves the issue? A. Eliminate the port security feature on the ports of switch SW2. B. Identify the host with the duplicate IP address. C. configure the IP helper feature on the Interface GigabitEthernet 0/2 of router R2. D. Expand the address scope of VLAN 10. Correct Answer: D
Refer to the exhibit. A PC is configured to obtain an IP address automatically, but it receives an IP address only from the 169.254.0.0 subnet. The DHCP server logs contained no DHCPDISCOVER message from the MAC address of the P A. Which action resolves the issue? B. configure a DHCP reservation on the server for the P C. configure an ip helper-address on the router to forward DHCP messages to the server. D. configure DHCP Snooping on the switch to forward DHCP messages to the server. E. configure a static IP address on the PC and exclude it from the DHCP pool. Correct Answer: B
Refer to the exhibit. R1 lost its directly connected EIGRP peer 172.16.33.2 (SW1). Which configuration resolves the issue? A. B. C. D. C Correct Answer:
How are CE advertised routes segmented from other CE routers on an MPLS PE router? A. with a combination of VRF-Lite and MP-BGP B. by pushing MPLS labels advertised by LDP on customer routes C. by enabling multiple instances of BGP, one for each CE router D. by assigning CE-facing interfaces to different VRFs Correct Answer: A
Refer to the exhibit. A network engineer notices that the configured track option is down. Which configuration resolves the issue? A. ip sla schedule 10 start-time pending life forever B. ip sla schedule 10 no timeout C. ip sla schedule 10 start-time now D. ip sla schedule 10 no threshold Correct Answer: C
Which technique removes the outermost label of an MPLS-tagged packet before the packet is forwarded to an adjacent LER? A. explicit-null B. PHP C. label swap D. label imposition Correct Answer: B
Refer to the exhibit. An administrator wanted to make R1 always elected as DR, R2 as BDR, and R3 as DROTHER but could not achieve the desired results. Which two configurations resolve the issue? (Choose two.) A. On the R3 F0/0 interface, configure OSPFpriority to 201. B. On the R1 F0/0 interface, configure OSPFpriority to 202. C. On the R2 F0/0 interface, configure OSPFpriority to 200. D. On the R1 F0/0 interface, configure OSPFpriority to 255. E. On the R2 F0/0 interface, configure OSPFpriority to 201. Correct Answer: BE
Refer to the exhibit. A network engineer lost remote access to the router due to a network problem. The engineer used the console to access the router and noticed continuous logs on the console terminal. Which configuration limits the number of log messages on the console to critical and higher severity level messages? A. logging console 2 B. logging console 5 C. no logging console D. term no monitor Correct Answer: A
Which feature is used by LDP in the forwarding path within the MPLS cloud? A. TDP B. TTL C. LSP D. IP forwarding Correct Answer: B
Refer to the exhibit. An engineer observes that every time the ICMP packet is lost at a polling interval, track 1 goes down, which causes unnecessary disruption and instability in the network. The engineer does not want the traffic to be rerouted if the loss of ICMP packets is negligible. If the packet loss is persistent for a longer duration, the track must go down and the traffic must be rerouted. Which action resolves the issue? A. Change the IP SLA schedule to run only at certain intervals. B. Increase the timeout value from 1000 to 1500. C. define a delay timer under track 1. D. Increase the threshold value from 1000 to 1500. Correct Answer: C
Refer to the exhibit. An engineer is troubleshooting a prefix advertisement issue from R3, which is not directly connected to R1. Which configuration resolves the issue? A. R2(config)#router bgp 64512 - R2(config-router)#neighbor 192.168.20.10 next-hop-self B. R1(config)#router bgp 64512 - R1(config-router)#neighbor 192.168.10.20 next-hop-self C. R1(config)#router bgp 64512 - R1(config-router)#neighbor 192.168.20.20 next-hop-self D. R2(config)#router bgp 64512 - R2(config-router)#neighbor 192.168.10.20 next-hop-self Correct Answer: C
Refer to the exhibit. Which policy configuration on R1 forwards any traffic that is sourced from the 192.168.130.0/24 network to R2? A. B. C. D. C Correct Answer:
Refer to the exhibit. Which action resolves the issue? A. Establish connectivity between the NTP server and the switch. B. configure the local time on the SW1 device. C. configure the local time on Cisco DNA Center. D. Establish connectivity between the NTP server and Cisco DNA Center. Correct Answer: A
What does IPv6 Source Guard utilize to determine if IPv6 source addresses should be forwarded? A. ACLs B. ACE C. DHCP D. Binding Table Correct Answer: D
Refer to the exhibit. While troubleshooting an EIGRP neighbor adjacency problem, the network engineer notices that the interface connected to the neighboring router is not participating in the EIGRP process. Which action resolves the issue? A. configure EIGRP metrics on interface FastEthemet0/3. B. configure the network command under EIGRP address family vrf CLIENT1. C. configure the network command under EIGRP address family ipv4. D. configure the network command to network 172.16.0.1 0.0.0.0. Correct Answer: B
What are two characteristics of a VRF instance? (Choose two.) A. A customer site can be associated to different VRFs. B. Each VRF has a different set of routing and CEF tables. C. It is defined by the VPN membership of a customer site attached to a P device. D. All VRFs share customers routing and CEF tables. E. An interface must be associated to one VR F. Correct Answer: BE
How is the LDP router ID used in an MPLS network? A. The force keyword changes the router ID to the speci ed address without causing any impact. B. The loopback with the highest IP address is selected as the router I C. The MPLS LDP router ID must match the IGP router I D. If not configured, the operational physical interface is chosen as the router ID even if a loopback is configured. Correct Answer: B
Refer to the exhibit. A network engineer troubleshooting a packet drop problem for the host 172.16.100.5 notices that only one link is used and installed on the routing table, which saturates the bandwidth. Which action must the engineer take to resolve the high bandwidth utilization problem and share the traffic toward this host between the two available links? A. Disable the eigrp split horizon loop protection mechanism. B. Set the eigrp variance equal to 3 to install a second route with a metric not larger than 3 times of the best metric. C. Change the EIGRP delay metric to meet the feasibility condition. D. Set the eigrp variance equal to 4 to install a second route with a metric not larger than 4 times of the best metric. Correct Answer: D
Refer to the exhibit. An OSPF neighbor relationship between R2 and R3 is showing stuck in EXCHANGE/EXSTART state. The neighbor is established between R1 and R2. The network engineer can ping from R2 to R3 and vice versa, but the neighbor is still down. Which action resolves the issue? A. Administrative "shut then no shut" both router interfaces. B. Enable OSPF on the interface, which is required. C. Restore the Layer 2/Layer 3 connectivity issue in the ISP network. D. Match MTU on both router interfaces or ignore MTU. Correct Answer: D
Refer to the exhibit. R1 cannot establish a neighbor relationship with R2. Which action resolves the issue? A. configure the mtu ignore command on the interfaces of R1 and R2. B. configure the ip ospf network point-to-point command on the interfaces of R1 and R2. C. configure the neighbor 2.2.2.2 command on R1 under the OSPF process. D. configure the ip ospf network broadcast command on the interfaces of R1 and R2. Correct Answer: A
Refer to the exhibit. R2 can reach Loopback222, but R1, SW1, and PC1 cannot communicate with 172.16.222.254. R1 and R2 configurations are shown here: Which EIGRP configuration command resolves the issue? A. R1(config-router)# redistribute static B. R2(config-router)# redistribute static C. R1(config-router)# network 172.16.222.254 0.0.0.0 D. R1(config-router)# network 172.16.222.254 255.255.255.255 Correct Answer: C
How does BFD protocol work? A. When BFD declares a failure on the primary IGP path, the router on the peer router chooses to use the secondary path. B. BFD operates on the route processor module and impacts the route processor CPU utilization. C. BFD control packets are sent via UDP port 3784 to the destination router. D. BFD echo packets are sent to the same source IP and different destination IP with TCP port of 3786. Correct Answer: C
Refer to the exhibit. An engineer implements uRPF to increase security and stop incoming spoofed IP packets. Same asymmetrically routed packets are also blocked after the configuration. Which command resolves the issue? A. ip verify unicast source reachable-via any B. ip verify unicast source reachable-via rx C. ip verify unicast reverse-path D. ip verify unicast reverse-path any Correct Answer: A
Refer to the exhibit. After an engineer modified the configuration for area 7 to permit type 1, 2, and 7 LSAs only, users connected to router R9 reported that they could no longer access the internet. Which configuration restores internet access to users on R9 and permits only LSA type 1, 2, and 7? A. R4# router ospf 1 area 0 nssa default-information-originate network 10.5.1.0 0.0.0.3 area 0 network 10.8.2.0 0.0.0.3 area 7 router ospf 1 area 7 nssa redistribute eigrp 10 subnets network 10.8.2.0 0.0.0.3 area 7 B. R4# router ospf 1 area 7 nssa no-summary network 10.5.1.0 0.0.0.3 area 0 network 10.8.2.0 0.0.0.3 area 7 router ospf 1 area 7 nssa redistribute eigrp 10 subnets network 10.8.2.0 0.0.0.3 area 7 C. R4# router ospf 1 area 7 nssa network 10.5.1.0 0.0.0.3 area 0 network 10.8.2.0 0.0.0.3 area 7 router ospf 1 area 7 nssa redistribute eigrp 10 subnets network 10.8.2.0 0.0.0.3 area 7 D. R4# router ospf 1 area 0 area 7 stub no-summary network 10.5.1.0 0.0.0.3 area 0 network 10.8.2.0 0.0.0.3 area 7 router ospf 1 area 7 stub redistribute eigrp 10 subnets network 10.8.2.0 0.0.0.3 area 7 Correct Answer: A
Refer to the exhibit. An engineer recently implemented uRPF by configuring the ip verify unicast source reachable-via rx command on interface gi0/3. The engineer noticed right after implementing uRPF that an inbound packet on the gi0/3 interface with a source address of 172.16.3.251 was dropped. Which action resolves the issue? A. configure uRPF loose mode to forward the packet. B. Permit the 172.16.3.251 in the inbound ACL on interface gi0/3. C. Remove inbound ACL from the interface gi0/3 to allow 172.16.3.251. D. configure uRPF strict mode to forward the packet. Correct Answer: A
Which IPv6 feature enables a device to reject traffic when it is originated from an address that is not stored in the device binding table? A. IPv6 Source Guard B. IPv6 DAD Proxy C. IPv6 RA Guard D. IPv6 Snooping Correct Answer: A
Which two protocols are used by a P router to transfer VPN traffic between PE routers in an MPLS network? (Choose two.) A. LDP B. RSVP C. MP-BGP D. BGP E. OSPF Correct Answer: AE
Which two features are required for MPLS forwarding on which types of routers? (Choose two.) A. MPLS on PE and core routers B. LDP on PE and core routers C. MPLS on CE and core routers D. LDP on PE and CE routers E. CEF on PE and CE routers Correct Answer: AB
What is a function of BFD? A. failure detection independent of routing protocols and media types B. peer recovery after a Layer 2 adjacency failure C. peer recovery after a Layer 3 protocol adjacency failure D. failure detection dependent on routing protocols and media types Correct Answer: A
Refer to the exhibit. An engineer configured NetFlow but cannot receive the ows from R1. Which two configurations resolve the issue? (Choose two.) A. R3(config)#ip access-list extended DDOS R3(config-ext-nacl)#5 permit udp any host 10.66.66.66 eq 1090 B. R4(config)# flow exporter FlowExporter1 R4(config- flow-exporter)#destination 10.66.66.66 C. R3(config)# flow exporter FlowExporter1 R3(config- flow-exporter)#destination 10.66.66.66 D. R1(config)# flow exporter FlowExporter1 R1(config- flow-exporter)#destination 10.66.60.66 E. R4(config)#ip access-list extended DDOS R4(config-ext-naci)#5 permit udp any host 10.66.66.66 eq 1090 Correct Answer: AE
Refer to the exhibit. R1 cannot authenticate via TACACS. Which configuration resolves the issue? A. aaa group server tacacs+ DC1_TACACS server name DC_TACACS B. tacacs server DC1_TACACS address ipv4 10.66.66.66 key D@t@c3nter1TACACS C. tacacs server DC1_TACACS address ipv4 10.60.66.66 key D@t@c3nter1TACACS D. aaa group server tacacs+ DC_TACACS server name DC_TACACS Correct Answer: B
Refer to the exhibit. R1 cannot receive the R2 interfaces with individual prefixes. What must be reconfigured to advertise R2 interfaces to R1? A. EIGRP process on R2 with the command stub summary receive-only B. EIGRP process on R2 with the command stub summary connected C. EIGRP process on R2 by removing the stub command keyword summary D. interface FastEthernet0/1 on R2 with an EIGRP summary for all three loopback prefixes Correct Answer: B
Refer to the exhibit. The Customer Edge router wants to use AS 100 as the preferred ISP for all external routes and SP2 as a backup. Customer-Edge - route-map SETAS set as-path prepend 111 router bgp 64555 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.2.2 remote-as 200 neighbor 192.168.2.2 route-map SETAS in After this configuration, all the backup routes have disappeared from the BGP table on the Customer Edge router. Which set of configurations resolves the issue on the Customer Edge router? A. route-map SETAS set as-path prepend 200 router bgp 64555 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.2.2 remote-as 200 neighbor 192.168.2.2 route-map SETAS in B. route-map SETAS set as-path prepend 111 router bgp 64555 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.2.2 remote-as 200 neighbor 192.168.2.2 route-map SETAS out C. route-map SETAS set as-path prepend 200 router bgp 64555 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.2.2 remote-as 200 neighbor 192.168.2.2 route-map SETAS out D. route-map SETAS set as-path prepend 111 router bgp 64555 neighbor 192.168.2.2 remote-as 100 neighbor 192.168.1.1 remote-as 200 neighbor 192.168.1.1 route-map SETAS in Correct Answer: A
Refer to the exhibit. An engineer applied an IPv6 traffic filter on R1. The interface apped between R1 and R2 and clearing the BGP session did not restore the BGP session and failed. Which action must the engineer take to restore the BGP session from R2 to R1? A. ICMPv6 must be permitted by the IPv6 traffic filter. B. Swap the source and destination IP addresses in the IPv6 traffic filter. C. Enable the BGP session, which went down when the session was cleared. D. Apply the IPv6 traffic filter in the outbound direction on the interface. Correct Answer: A
Refer to the exhibit. The administrator successfully logs into R1 but cannot access privileged mode commands. What should be configured to resolve the issue? A. aaa authorization reverse-access B. matching password on vty lines as cisco123! C. secret cisco123! at the end of the username command instead of password cisco123! D. enable secret or enable password commands to enter into privileged mode Correct Answer: D
Refer to the exhibit. Which configuration must the engineer apply on CSR103 to resolve the problem? A. B. C. D. Correct Answer: B
During the maintenance window, an administrator accidentally deleted the Telnet-related configuration that permits a Telnet connection from the insidefinetwork (Eth0/0) to the outside of the network between Friday - Sunday night hours only. Which configuration resolves the issue? A. B. C. D. Correct Answer: B
Refer to the exhibit. The IT manager received reports from users about slow applications through network x. Which action resolves the issue? A. Upgrade the IOS on router B. Move the servers into the users subnet. C. Increase the bandwidth from the service provider. D. Use the variance 2 command to enable load balancing. Correct Answer: D
Refer to the exhibit. Router R1 peers with two ISPs using static routes to get to the internet. The requirement is that R1 must prefer ISP-A under normal circumstances and failover to ISP-B if the connectivity to ISP-A is lost. The engineer observes that R1 is load balancing traffic across the two ISPs. Which action resolves the issue by sending traffic to ISP-A only with failover to ISP-B? A. configure two static routes on R1, one pointing to ISP-B with more specific routes and another pointing to ISP-A with summary routes. B. configure OSPF between R1, ISP-A, and ISP-B for dynamic failover if any ISP link to R1 fails. C. Change the bandwidth of the interface on R1 so that interface to ISP-A has a higher value than the interface to ISP- D. configure two static routes on R1, one pointing to ISP-A and another pointing to ISP- B with 222 admin distance. Correct Answer: D
Refer to the exhibit. A network engineer notices that R1 and R2 cannot establish an eBGP peering. The following messages appear in the log: Which configuration must the engineer apply to R1 to restore the eBGP peering? A. B. C. D. D Correct Answer:
What is the downstream unsolicited distribution method in MPLS? A. It advertises labels to peers only when the peer requests. B. It sends a unicast hello message to a specific LSR. C. It sends a unicast hello message to a specific LER. D. It advertises labels to peers without peer request. Correct Answer: D
Refer to the exhibit. An engineer must configure router R101 for SSH access on ports 2001 through 2011. After the configuration, some expected ports were inaccessible. Which command resolves the issue? A. ip ssh port 2001 rotary 11 line vty 0 4 transport input telnet B. ip ssh port 2000 rotary 11 line vty 0 4 transport input ssh C. ip ssh port 2000 rotary 1 11 line vty 0 4 transport input all D. ip ssh port 2001 rotary 1 11 line vty 0 4 transport input ssh Correct Answer: D
Refer to the exhibit. After a RADIUS server fails AAA authentication, an engineer is trying to reestablish console access to a switch using the local password. Which configuration reestablishes the console access to switch SW1 via AAA? A. B. C. D. A Correct Answer:
Refer to the exhibit. EIGRP peering was lost. Which configuration resolves the issue? A. B. C. D. A Correct Answer:
Refer to the exhibit. An organization is installing a new L3 MPLS link to establish DMVPN Phase 2 tunnels between the hub and two spoke routers. Which additional configuration should the engineer implement on each device to achieve optimal routing between the spokes? A. B. C. D. Correct Answer: D
Refer to the exhibit. An engineer must configure the hub router to add new offices in the same infrastructure without performing any further configurations at the hub router. Which tunnel mode configuration on the hub router meets this requirement? A. B. C. D. B Correct Answer:
Which two NLRI attributes are used by an MPLS Layer 3 VPN network to exchange VPNv4 routes between MPLS routers via MP-BGP? (Choose two.) A. VPNv4 prefix B. Next Hop C. Extended-Community D. IPv4 prefix E. RT Correct Answer: BD
Refer to the exhibit. The remote branch locations have a static neighbor relationship configured to R1 only. R1 has successful neighbor relationships with the remote locations of R2 and R3, but the end users cannot communicate with each other. Which configuration resolves the issue? A. B. C. D. D Correct Answer:
Which protocol supports labeled paths between PE routers in an MPLS network? A. LDP B. RSVP C. MP-BGP D. IGP Correct Answer: A
Refer to the exhibit. R1 is configured with uRPF, and ping to R1 is failing from a source present in the R1 routing table via the GigabitEthernet 0/0 interface. Which action resolves the issue? A. Enable Cisco Express Forwarding to ensure that uRPF is functioning correctly. B. Modify the uRPF mode from strict to loose. C. Add a floating static route to the source on R1 to the GigabitEthernet0/1 interface. D. Remove the access list from the interface GigabitEthernet 0/0. Correct Answer: B
Refer to the exhibit. A bank ATM site has difficulty connecting with the bank server. A network engineer troubleshoots the issue and finds that R4 has no active route to the bank ATM site. Which action resolves the issue? A. EIGRP peering between R1 and R2 to be fixed. B. Advertise 10.10.30.0/24 subnet in R3 EIGRP AS. C. Advertise 10.10.30.0/24 subnet in R1 EIGRP AS. D. EIGRP peering between R3 and R4 to be fixed. Correct Answer: B
Refer to the exhibit. The BGP neighbor is not coming up. Which action resolves the issue? A. configure the ebgp-multihop 2 command on R1 toward the neighbor. B. configure a valid router ID on the neighbor that shows an invalid router ID of 0.0.0.0. C. The route map on eBGP sessions must allow the prefixes from the neighbor. D. Enable synchronization between the neighbors to bring the neighborship up. Correct Answer: A
Refer to the exhibit. After recovering from a power failure, Ethernet0/1 stayed down while Ethernet0/0 returned to the up/up state. The default route through ISP1 was not reinstated in the routing table until Ethernet0/1 also came up. Which action resolves the issue? A. Add a static route to the 8.8.8.8/32 destination through the next hop 203.0.113.1. B. Remove the references to the interface names from both static default routes. C. Reference the track object 1 in both static default routes. D. configure the default route through ISP1 with a higher administrative distance than 2. Correct Answer: C
Refer to the exhibit. Which action resolves the issue? A. configure host IP address in access-list 16. B. configure SNMPv3 on the router. C. configure SNMP authentication on the router. D. configure a valid SNMP community string. Correct Answer: D
Refer to the exhibit. An administrator is attempting to disable the automatic logout after a period of inactivity. After logging out, the console stopped responding to all keyboard inputs. Remote access through SSH still works. Which action resolves the issue? A. configure the no exec-timeout command on line con 0. B. configure the absolute-timeout command on line con 0. C. configure the exec command on line con 0. D. configure the default exec-timeout command on line con 0 Correct Answer: A
Refer to the exhibit. Routers R1 and R2 have established a network adjacency using EIGRP, and both routers are advertising subnets to its neighbor. After issuing the show ip EIGRP topology all-links command in R1, some prefixes are not showing R2 as a successor. Which action resolves the issue? A. configure the network statement on the neighbor. B. Rectify the incorrect router ID in R2. C. Resolve the incorrect metric on the link. D. Enable split-horizon. Correct Answer: C
An engineer configures PBR on R5 and wants to create a policy that matches traffic destined toward 10.10.10.0/24 and forwards it toward 10.1.1.1. This traffic must also have its IP precedence set to 5. All other traffic should be forwarded toward 10.1.1.2 and have its IP precedence set to 0. Which configuration meets the requirements? A. access-list 100 permit ip any 10.10.10.0 0.0.0.255 route-map CCNP permit 10 match ip address 100 set ip next-hop 10.1.1.1 set ip precedence 5 route-map CCNP permit 20 set ip next-hop 10.1.1.2 set ip precedence 0 B. access-list 100 permit ip any 10.10.10.0 0.0.0.255 route-map CCNP permit 10 match ip address 100 set ip next-hop 10.1.1.1 set ip precedence 0 route-map CCNP permit 20 set ip next-hop 10.1.1.2 set ip precedence 5 route-map CCNP permit 30 C. access-list 1 permit 10.10.10.0 0.0.0.255 route-map CCNP permit 10 match ip address 1 set ip next-hop 10.1.1.1 set ip precedence 5 route-map CCNP permit 20 set ip next-hop 10.1.1.2 set ip precedence 0 D. access-list 1 permit 10.10.10.0 0.0.0.255 access-list 2 permit any route-map CCNP permit 10 match ip address 1 set ip next-hop 10.1.1.1 set ip precedence 5 route-map CCNP permit 20 match ip address 2 set ip next-hop 10.1.1.2 set ip precedence 0 route-map CCNP permit 30 Correct Answer: A
Refer to the exhibit. An engineer is troubleshooting a failed Telnet session from PC to the DHCP server. Which action resolves the issue? A. Remove sequence 30 and add it back to the IPv6 traffic filter as sequence 5. B. Remove sequence 20 for sequence 40 in the access list to allow Telnet. C. Remove sequence 10 to add the PC source IP address and add it back as sequence 10. D. Remove sequence 20 and add it back to the IPv6 traffic filter as sequence 5. Correct Answer: D
Refer to the exhibit. traffic from the branch network should route through HQ_R1 unless the path is unavailable. An engineer tests this functionality by shutting down interface on the BRANCH router toward HQ_R1 router, but 192.168.20.0/24 is no longer reachable from the branch router. Which set of configurations resolves the issue? A. HQ_R1(config)# ip sla responder - HQ_R1(config)# ip sla responder icmp-echo 172.16.35.2 B. BRANCH(config)# ip sla 1 - BRANCH(config-ip-sla)# icmp-echo 172.16.35.1 C. HQ_R2(config)# ip sla responder - HQ_R2(config)# ip sla responder icmp-echo 172.16.35.5 D. BRANCH(config)# ip sla 1 - BRANCH(config-ip-sla)# icmp-echo 172.16.35.2 Correct Answer: D
Refer to the exhibit. An engineer configures router B to direct all traffic from host 192.168.1.3 to router A. All other traffic must be routed through normal routing-protocol operations. Which configuration accomplishes the task? B. interface g0/0/0 ip address 192.168.1.254 255.255.255.0 access-list 101 permit ip host 192.168.1.3 any access-list 101 permit ip any any route-map CCNP permit 10 match ip address 101 set ip next-hop 10.0.1.2 C. interface g0/0/0 ip address 192.168.1.254 255.255.255.0 ip policy route-map CCNP access-list 101 permit ip host 192.168.1.3 any route-map CCNP permit 10 match ip address 101 set ip next-hop 10.0.2.1 D. interface g0/0/0 ip address 192.168.1.254 255.255.255.0 ip policy route-map CCNP access-list 101 permit ip any host 192.168.1.3 route-map CCNP permit 10 match ip address 101 set ip next-hop 10.0.1.2 E. interface g0/0/0 ip address 192.168.1.254 255.255.255.0 ip policy route-map CCNP access-list 101 permit ip host 192.168.1.3 any route-map CCNP permit 10 match ip address 101 set ip next-hop 10.0.1.2 Correct Answer: D
Refer to the exhibit. The administrator is troubleshooting a BGP peering between PE1 and PE3 that is unable to establish. Which action resolves the issue? A. Disable sending ICMP unreachables on P2 to allow PE1 to establish a session with PE3. B. P2 must have a route to PE3 to establish a BGP session to PE1. C. Remove the traffic filtering rules on P2 blocking the BGP communication between PE1 and PE3. D. Ensure that the PE3 loopback address is used as a source for BGP peering to PE1. Correct Answer: C
Refer to the exhibit. Users on a call center report that they cannot browse the internet on Saturdays during the afternoon. Which configuration resolves the issue? A. time-range timer no periodic weekend 9:00 to 17:00 periodic weekend 17:00 to 23:59 B. no time-range timer C. interface gig0/0 ip access-group NO_Internet out D. ip access-list extended NO_Internet 15 permit tcp any any eq www Correct Answer: A
Refer to the exhibit. The IT router is connected with the Sales and Marketing departments. The interfaces have been assigned to their respective VRFs to keep the two department routes isolated. Which configuration set must the IT router use for BGP to distribute routes for each department that maintains their own routing table for network isolation? A. router bgp 111 address-family ipv4 unicast neighbor 172.16.1.2 remote-as 111 neighbor 172.16.2.2 remote-as 111 neighbor 172.16.11.2 remote-as 111 neighbor 172.16.12.2 remote-as 111 B. router bgp 111 address-family ipv4 vrf Marketing neighbor 172.16.1.2 remote-as 111 neighbor 172.16.2.2 remote-as 111 address-family ipv4 vrf Sales neighbor 172.16.11.2 remote-as 111 neighbor 172.16.12.2 remote-as 111 C. router bgp 111 neighbor 172.16.1.2 remote-as 111 neighbor 172.16.2.2 remote-as 111 neighbor 172.16.11.2 remote-as 111 neighbor 172.16.12.2 remote-as 111 D. router bgp 111 address-family ipv4 vrf Marketing neighbor 172.16.1.2 remote-as 111 neighbor 172.16.1.2 Route-reflector-client neighbor 172.16.2.2 remote-as 111 neighbor 172.16.2.2 Route-reflector-client address-family ipv4 vrf Sales neighbor 172.16.11.2 remote-as 111 neighbor 172.16.11.2 Route-reflector-client neighbor 172.16.12.2 remote-as 111 neighbor 172.16.12.2 Route-reflector-client Correct Answer: B
Refer to the exhibit. An administrator is configuring a GRE tunnel to establish an EIGRP neighbor to a remote router. The other tunnel endpoint is already configured. After applying the configuration as shown, the tunnel started apping. Which action resolves the issue? A. Modify the network command to use the Tunnel0 interface netmask. B. Stop sending a route matching the tunnel destination across the tunnel. C. Advertise the Loopback0 interface from R2 across the tunnel. D. Readdress the IP network on the Tunnel0 on both routers using the /31 netmask. Correct Answer: B
An engineer must override the normal routing behavior of a router. The engineer must send HTTP traffic that is destined to 10.100.100.100 from 10.1.1.0/24 via a next hop of 10.2.2.2, two hops away from the router that is connected to the 10.1.1.0/24 subnet. Which configuration reroutes traffic according to this requirement? A. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.2.2.2 B. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http route-map POLICY deny 10 match ip address 100 set ip next-hop recursive 10.2.2.2 route-map POLICY permit 20 C. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2 route-map POLICY permit 20 D. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2 Correct Answer: A
Refer to the exhibit. Two routers are connected back to back via Gigabit Ethernet 0/0 interfaces. Which configuration provides VRF-Lite connectivity for two separate VRFs using the prefixes 10.1.1.0/24 for one VRF and 10.2.2.0/24 for the other VRF? A. ip vrf 1 rd 65001:1 ip vrf 2 rd 65001:2 int GigabitEthernet0/0 no shut int GigabitEthernet0/0.1 encapsulation dot1Q 1 ip vrf forwarding ip address 10.1.1.1 255.255.255.0 int GigabitEthernet0/0.2 encapsulation dot1Q 2 ip vrf forwarding ip address 10.2.2.1 255.255.255.0 B. ip vrf 1 rd 65001:1 ip vrf 2 rd 65001:1 int GigabitEthernet0/0 no shut int GigabitEthernet0/0.1 encapsulation dot1Q 1 ip vrf forwarding 1 ip address 10.1.1.1 255.255.255.0 int GigabitEthernet0/0.2 encapsulation dot1Q 2 ip vrf forwarding 2 ip address 10.2.2.1 255.255.255.0 C. ip vrf 1 ip vrf 2 int GigabitEthernet0/0 no shut int GigabitEthernet0/0.1 encapsulation dot1Q 1 ip vrf forwarding 1 ip address 10.1.1.1 255.255.255.0 int GigabitEthernet0/0.2 encapsulation dot1Q 2 ip vrf forwarding 2 ip address 10.2.2.1 255.255.255.0 D. ip vrf 1 ip vrf 2 int GigabitEthernet0/0 no shut int GigabitEthernet0/0.1 encapsulation dot1Q 1 ip address 10.1.1.1 255.255.255.0 ip vrf forwarding 1 int GigabitEthernet0/0.2 encapsulation dot1Q 2 ip address 10.2.2.1 255.255.255.0 ip vrf forwarding 2 Correct Answer: C
Refer to the exhibit. The network administrator configures the Chicago router to mutually redistribute the LA and New York routes with EIGRP routes to be summarized as a single route in OSPF: router eigrp 100 redistribute ospf 1 metric 10 10 10 10 10 router ospf 1 redistribute eigrp 100 subnets area 0 range 192.168.4.0 255. 255.252.0 After the configuration, the LA router receives all the specific New York routes except the summary route. Which set of configurations resolve the issue on the Chicago router? A. interface E 0/0 ip summary-address eigrp 100 192.168.4.0 255.255.252.0 B. router ospf 1 summary-address 192.168.4.0 255.255.252.0 C. interface E 0/0 summary-address 192.168.4.0 255.255.252.0 D. router ospf 1 area 0 range 192.168.0.0 255.255.0.0 Correct Answer: B
Refer to the exhibit. The company implemented uRPF to address an antispoofing attack. A network engineer received a call from the IT security department that the regional data center is under an IP spoofing attack. Which configuration must be implemented on R1 to resolve this issue? A. interface ethernet0/0 ip verify unicast reverse-path B. interface ethernet0/1 ip verify unicast reverse-path C. interface ethernet0/0 ip unicast RPF check reachable-via any allow-default allow-self-ping D. interface ethernet0/1 ip unicast RPF check reachable-via any allow-default allow-self-ping Correct Answer: B
Refer to the exhibit. A network administrator configured name resolution for IPv6 traffic to be allowed through an inbound access list. After the access list is applied to resolve the issue, name resolution still did not work. Which action does the network administrator take to resolve the name resolution problem? A. Add permit udp any eq domain 53 any log in the access list B. Remove ipv6 inspect ipv6- firewall in from interface gi0/1 C. Add permit udp any eq domain any log in the access list D. Inspect ipv6 inspect name ipv6- firewall udp 53 in global config Correct Answer: C
Refer to the exhibit. PC2 is directly connected to R1. A user at PC2 cannot Telnet to 2001:db8:a:b::10. The user can ping 2001:db8:a:b::10 and receive DHCP-related information from the DHCP server. Which action resolves the issue? A. Remove sequence 30 and put it back as sequence 5. B. Remove sequence 10 and put it back as sequence 25. C. Remove sequence 40 and put it back as sequence 15. D. Remove sequence 20 and put it back as sequence 45. Correct Answer: B
What is an advantage of implementing BFD? A. BFD is deployed without the need to run any routing protocol. B. BFD provides faster updates for any apping route. C. BFD provides millisecond failure detection. D. BFD provides better capabilities to maintain the routing table. Correct Answer: C
Refer to the exhibit. A network engineer finds that PC1 is accessing the hotel website to do the booking but fails to make payment. Which action resolves the issue? A. Increase the AD to 200 of static route 192.168.94.0 on R3. B. configure a reverse route on R1 for PC1 172.16.1.0/24. C. Decrease the AD to 5 of OSPF route 192.168.94.0 on R1. D. Allow stub network 10.10.202.168/30 on router R3 OSP E. Correct Answer: B
Refer to the exhibit. The administrator can see the traps for the failed login attempts, but cannot see the traps of successful login attempts. Which action xes this issue? A. configure logging history 4. B. configure logging history 3. C. configure logging history 2. D. configure logging history 5. Correct Answer: D
An engineer creates a default static route on a router with a next hop of 10.1.1.1. On inspection, the engineer finds the router has two VRFs, Red and Blue. The next hop is valid for both VRFs and exists in each assigned VR A. Which configuration achieves connectivity? B. ip route vrf Red 0.0.0.0 0.0.0.0 10.1.1.1 ip route vrf Blue 0.0.0.0 0.0.0.0 10.1.1.1 C. ip route vrf BLUE 0.0.0.0 255.255.255.255 10.1.1.1 ip route vrf RED 0.0.0.0 255.255.255.255 10.1.1.1 D. ip route vrf Red 0.0.0.0 255.255.255.255 10.1.1.1 E. ip route vrf Blue 0.0.0.0 255.255 Correct Answer: A
Refer to the exhibit. Bangkok is using ECMP to reach to the 192.168.5.0/24 network. The administrator must configure Bangkok in such a way that Telnet traffic from 192.168.3.0/24 and 192.168.4.0/24 networks use the Hong Kong router as the preferred route. Which set of configurations accomplishes this task? A. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23 access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.18.1.2 interface Ethernet0/1 ip policy route-map PBR1 B. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23 access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.18.1.2 interface Ethernet0/3 ip policy route-map PBR1 C. access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.18.1.2 interface Ethernet0/3 ip policy route-map PBR1 D. access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.18.1.2 interface Ethernet0/1 ip policy route-map PBR1 Correct Answer: B
Refer to the exhibit. An engineer configured route exchange between two different companies for a migration project. EIGRP routes were learned in router C, but no OSPF routes were learned in router A. Which configuration allows router A to receive OSPF routes? B. (config-router-af-topology)#no redistribute ospf 10 match external 1 external 2 metric 1000000 10 255 1 1500 C. (config-router-af)#redistribute ospf 10 1000000 10 255 1 1500 D. (config-router-af-topology)#redistribute connected E. (config-router-af-topology)#redistribute ospf 10 metric 1000000 10 255 1 1500 Correct Answer: D
Refer to the exhibit. An engineer must filter incoming EIGRP updates to allow only a set of specific prefixes. The distribute list is tested, and it lters out all routes except network 10.10.10.0/24. How should the engineer temporarily allow all prefixes to be learned by the router again without adjusting the existing access list? A. A permit any statement should be added before completing the ACL with the required prefixes, and then the permit any statement can be removed. B. A permit 20 statement should be added before completing the ACL with the required prefixes, and then the permit 20 statement can be removed. C. A continue statement should be added within the permit 10 statement before completing the ACL with the required prefixes, and then the continue statement can be removed. D. An extended access list must be used instead of a standard access list to accomplish the task. Correct Answer: B
What is a function of the IPv6 DHCP Guard feature for DHCP messages? A. If the device is configured as a DHCP server, no message is switched. B. All client messages are always switched regardless of the device role. C. It blocks only DHCP request messages. D. Only access lists are supported for matching traffic. Correct Answer: B
Refer to the exhibit. An administrator is troubleshooting a time synchronization problem for the router's time to another Cisco IOS XE-based device that has recently undergone security hardening. Which action resolves the issue? A. NTP service is disabled and must be enabled on 10.1.255.40. B. Ensure that the CPE router has a valid route to 10.1.255.40 for NTP and rectify if not reachable. C. Allow NTP in the ingress ACL on 10.1.255.40 by permitting UDP destined to port 123. D. Allow NTP in the ingress ACL on 10.1.255.40 by permitting TCP destined to port 123. Correct Answer: A
Refer to the exhibit. The traffic from spoke to hub is dropping. The operations team observes: · R2-R3 link is down due to the fiber cut. · R2 and R5 receive traffic from R1 in AS 65101. · R3 and R6 receive traffic from R4 in AS 65201. Which configuration resolves the issue? A. R5(config)#router bgp 65101 - R5(config-router)#neighbor 10.10.10.6 remote-as 65201 R5(config-router)#neighbor 10.10.10.6 update-source Loopback0 R5(config-router)#neighbor 10.10.10.6 ebgp-multihop 3 B. R5(config)#router bgp 65101 - R5(config-router)#no neighbor 10.0.0.18 update-source Loopback0 C. R6(config)#router bgp 65101 - R6(config-router)#no neighbor 10.0.0.17 update-source Loopback0 D. R6(config)#router bgp 65201 - R6(config-router)#neighbor 10.10.10.5 remote-as 65101 R6(config-router)#neighbor 10.10.10.5 update-source Loopback0 R6(config-router)#neighbor 10.10.10.5 ebgp-multihop 3 Correct Answer: B
What is a function of an end device configured with DHCPv6 guard? A. If it is configured as a client, messages are switched regardless of the assigned role. B. If it is configured as a client, only DHCP requests are permitted. C. If it is configured as a relay agent, only prefix assignments are permitted. D. If it is configured as a server, only prefix assignments are permitted. Correct Answer: A
The network administrator configured CoPP so that all SNMP traffic from Cisco Prime located at 192.168.1.11 toward the router CPU is limited to 1000 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit udp any any eq 161 class-map CM-SNMP match access-group 100 policy-map PM-COPP class CM-SNMP police 1000 conform-action transmit control-plane service-policy input PM-COPP The network administrator is not getting the desired result for the SNMP traffic and SNMP traffic is getting dropped frequently. Which set of configurations resolves the issue? A. no access-list 100 access-list 100 permit tcp host 192.168.1.11 any eq 161 B. no access-list 100 access-list 100 permit udp host 192.168.1.11 any eq 161 policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit control-plane no service-policy input PM-COPP interface E 0/0 service-policy input PM-COPP interface E 0/1 service-policy input PM-COPP C. no access-list 100 access-list 100 permit udp host 192.168.1.11 any eq 161 policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit D. policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit Correct Answer: C
Which protocol must be secured with MD-5 authentication across the MPLS cloud to prevent hackers from introducing bogus routers? A. RSVP B. ALSO C. LDP D. MP-BGP Correct Answer: C
Refer to the exhibit R3 cannot authenticate via TACACS. Which configuration resolves the issue? A. tacacs server SITE6_TACACS key C!sc0TACACS B. tacacs server SITE6_TACACS key C!scoTACACS C. tacacs server SITE6_TACACS address ipv4 10.60.66.66 key C!scoTACACS D. tacacs server SITE6_TACACS address ipv4 10.66.66.66 key CiscoTACACS Correct Answer: D
A customer is running an mGRE DMVPN tunnel over WAN infrastructure between hub and spoke sites. The existing configuration allows NHRP to add spoke routers automatically to the multicast NHRP mappings. The customer is migrating the network from IPv4 to the IPv6 addressing scheme for those spokes' routers that support IPv6 and can run DMVPN tunnel over the IPv6 network. Which configuration must be applied to support IPv4 and IPv6 DMVPN tunnels on spoke routers? A. tunnel mode ipv6ip 6to4 B. tunnel mode ipv6ip auto-tunnel C. tunnel mode ipv6ip 6rd D. tunnel mode ipv6ip isatap Correct Answer: B
Refer to the exhibit. Which action ensures that 10.10.10.0/24 reaches 10.10.20.0/24 through the direct link between R1 and R2? A. configure R1 and R2 LAN links as nonpassive. B. configure R1 and R2 links under area 1. C. configure OSPF link cost to 1 between R1 and R2. D. configure OSPF path cost to 3 between R1 and R2. Correct Answer: B
The summary route is not shown in the Router_B routing table after this below configuration on Router_A: interface ethernet 0 description location ID:S4318T3E77F02 ip address 192.168.3.1 255.255.255.0 ip summary-address eigrp 1 172.16.80.0 255.255.240.0 Which Router_A configuration resolves the issue by advertising the summary route to Router_B? A. interface loopback 0 ip address 172.18.81.1 255.255.255.0 interface Ethernet 0 ip address 192.168.3.1 255.255.255.0 ip summary-address eigrp 1 172.16.80.0 255.255.240.0 B. interface loopback 0 ip address 172.16.79.1 255.255.255.0 interface Ethernet 0 ip address 192.168.3.1 255.255.255.0 ip summary-address eigrp 1 172.16.80.0 255.255.240.0 C. interface loopback 0 ip address 172.16.81.1 255.255.255.0 interface Ethernet 0 ip address 192.168.3.1 255.255.255.0 ip summary-address eigrp 1 172.16.80.0 255.255.240.0 D. interface loopback 0 ip address 172.16.96.1 255.255.255.0 interface Ethernet 0 ip address 192.168.3.1 255.255.255.0 ip summary-address eigrp 1 172.16.80.0 255.255.240.0 Correct Answer: C
Refer to the exhibit. Which action resolves the authentication problem? A. configure the same password between the TACACS+ server and router. B. configure the TCP port 49 to be reachable by the router. C. configure the UDP port 1812 to be allowed on the TACACS+ server. D. configure the user name on the TACACS+ server. Correct Answer: A
What is considered the primary advantage of running BFD? A. reduction in time needed to detect Layer 3 routing neighbor failures B. reduction in CPU needed to detect Layer 3 routing neighbor failures C. reduction in time needed to detect Layer 2 switched neighbor failures D. reduction in CPU needed to detect Layer 2 switch neighbor failures Correct Answer: A
Refer to the exhibit. R2 can access content on the server successfully. A network engineer finds packet drops on PC1 for traffic destined to network 2.2.2.2/32. Which action resolves the issue? A. Redistribute the connected metric in EIGRP. B. Add the eigrp stub connected static command. C. Redistribute the static metric in EIGRP. D. Remove the eigrp stub connected command. Correct Answer: B
Refer to the exhibit. An IP SLA is configured to use the backup default route when the primary is down, but it is not working as desired. Which command xes the issue? A. R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 10 track 1 B. R1(config}# ip route 0.0.0.0 0.0.0.0 2.2.2.2 C. R1(config)# ip sla track 1 D. R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 1 Correct Answer: D
Refer to the exhibit. The route to 192.168.200.0 is apping between R1 and R2. Which set of configuration changes resolves the apping route? A. R2(config)#router ospf 100 - R2(config-router)#no redistribute eigrp 100 R2(config-router)#redistribute eigrp 100 metric 1 subnets B. R1(config)#no router rip - R1(config)#ip route 192.168.200.0 255.255.255.0 10.40.0.2 C. R2(config)#router eigrp 100 - R2(config-router)#no redistribute ospf 100 R2(config-router)#redistribute rip D. R1(config)#router ospf 100 - R1(config-router)#redistribute rip metric 1 metric-type 1 subnets Correct Answer: D
Refer to the exhibit. Which action installs route 192.168.2.2/32 in the routing table? A. Redistribute connected networks into BGP on the local router. B. configure NAT on the local router to translate private IP addresses. C. configure the next-hop-self attribute for the peering on the local router. D. configure the next-hop-self attribute for the peering on the peer router. Correct Answer: D
Refer to the exhibit. An engineer is trying to log in to R1 via R3 loopback address. Which action resolves the issue? A. Add transport input SCP. B. Remove the IPv6 traffic filter from R1, which is blocking the SS C. Remove the IPv6 traffic filter from R1, which is blocking the Telnet. D. Add transport input none. Correct Answer: C
Refer to the exhibit. Which action restores the routes from neighbors while still filtering 1.1.1.0/24? A. Add a second line in the access list to permit any. B. Modify the route map to permit the access list instead of deny it. C. Modify the access list to deny instead of permit it. D. Add a second sequence in the route map permit 20. Correct Answer: D
Refer to the exhibit. An administrator must upload the packages.conf file to an FTP server. However, the FTP server rejected anonymous service and required users to authenticate. What are the two ways to resolve the issue? (Choose two.) A. Use the copy flash:packages.conf scp: command instead, and enter the FTP server credentials when prompted. B. Use the copy flash:packages.conf ftp: command instead, and enter the FTP server credentials when prompted. C. Enter the FTP server credentials directly in the FTP URL using the ftp://username:password@192.0.2.40/ syntax. D. Create a user on the router matching the username and password on the FTP server and log in before attempting the copy. E. Use ip ftp username and ip ftp password configuration commands to specify valid FTP server credentials. Correct Answer: CD
An engineer configured VRF-Lite on a router for VRF blue and VRF red. OSPF must be enabled on each VRF to peer to a directly connected router in each VR A. Which configuration forms OSPF neighbors over the network 10.10.10.0/28 for VRF blue and 192.168.0.0/30 for VRF red? B. router ospf 1 vrf blue network 10.10.10.0 0.0.0.252 area 0 router ospf 2 vrf red network 192.168.0.0 0.0.0.240 area 0 C. router ospf 1 vrf blue network 10.10.10.0 0.0.0.15 area 0 router ospf 2 vrf red network 192.168.0.0 0.0.0.3 area 0 D. router ospf 1 vrf blue network 10.10.10.0 0.0.0.240 area 0 router ospf 2 vrf red network 192.168.0.0 0.0.0.252 area 0 E. router ospf 1 vrf blue network 10.10.10.0 0.0.0.3 area 0 router ospf 2 vrf red network 192 168.0.0 0.0.0.15 are 0 Correct Answer: B
The network administrator must implement IPv6 in the network to allow only devices that not only have registered IP addresses but are also connecting from assigned locations. Which security feature must be implemented? A. IPv6 Snooping B. IPv6 Destination Guard C. IPv6 Router Advertisement Guard D. IPv6 prefix Guard Correct Answer: D
Refer to the exhibit. An administrator can log in to the device using Telnet, but the attempts to log in to the same device using SSH with the same credentials fail. Which action resolves this issue? A. configure the VTY lines with login local. B. configure transport input all on the VTY lines to allow SS C. configure SSH service on the router. D. configure to use the Telnet user database for SSH as well. Correct Answer: D
Refer to the exhibit. Which action limits access to R2 from 192.168.12.1? A. Modify sequence 20 to permit tcp host 192.168.12.1 eq 22 any to access-list 100. B. Swap sequence 10 with sequence 20 in access-list 100. C. Swap sequence 20 with sequence 10 in access-list 100. D. Modify sequence 10 to deny tcp any eq 22 any to access-list 100. Correct Answer: B
Refer to the exhibit. The ACL is placed on the inbound Gigabit 0/1 interface of the router. Host 192.168.10.10 cannot SSH to host 192.168.100.10 even though the flow is permitted. Which action resolves the issue without opening full access to this router? A. Temporarily move the permit ip any any line to the beginning of the ACL to see if the flow works B. Temporarily remove the ACL from the interface to see if the flow works. C. Move the SSH entry to the beginning of the ACL. D. Run the show access-list FILTER command to view if the SSH entry has any hit statistics associated with it. Correct Answer: C
Refer to the exhibit. A CoPP policy is implemented to allow specific control traffic, but the traffic is not matching as expected and is getting unexpected behavior of control traffic. Which action resolves the issue? A. Use match-any instruction in class-map. B. Create a separate class map against each ACL. C. Create a separate class map for ICMP traffic. D. Use default-class to match ICMP traffic. Correct Answer: A
Refer to the exhibit. An engineer sets up a DMVPN connection to connect branch 1 and branch 2 to HQ. Branch 1 and branch 2 cannot communicate with each other. Which change must be made to resolve this issue? A. R1(config)#int eth1/1 - R1(config-if)#no ip split-horizon eigrp 100 B. R2(config)#router eigrp 100 - R2(config-router)#tneighbor 172.16.1.3 C. R3(config)#router eigrp 100 - R3(config-router)#neighbor 172.16.1.2 D. R1(config)#int tunnel 1 - R1(config-if)#no ip split-horizon eigrp 100 Correct Answer: D
The network administrator is tasked to configure R1 to authenticate telnet connections based on Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing towards R1 (192.168.1.1) with a shared secret password of Cisco123. If ISE is down, the administrator should be able to connect using the local database with a username and password combination of admin/cisco123. The administrator has configured the following on R1: aaa new-model username admin password cisco123 radius server ISE1 address ipv4 192.168.1.5 key Cisco123 aaa group server tacacs+ RAD-SERV server name ISE1 aaa authentication login RAD-LOCAL group RAD-SERV ISE has gone down. The Network Administrator is not able to Telnet to R1 when ISE went down. Which two configuration changes will x the issue? (Choose two.) A. aaa authentication login RAD-SERV group RAD-LOCAL local B. aaa authentication login RAD-LOCAL group RAD-SERV local C. line vty 0 4 login authentication RAD-LOCAL D. line vty 0 4 login authentication default E. line vty 0 4 login authentication RAD-SERV Correct Answer: BC
The network administrator deployed the Binding Table Recovery feature. Which two devices recover the missing binding table entries? (Choose two.) A. DHCP client B. destination host C. DHCP relay agent D. source host E. DHCP server Correct Answer: BE
Which two components are needed for a service provider to utilize the L3VPN MPLS application? (Choose two.) A. The P routers must be configured with RSVP. B. The PE routers must be configured for MP-eBGP to connect toffices. C. The P routers must be configured for MP-iBGP toward the PE routers. D. The PE routers must be configured for MP-iBGP with other PE routers. E. The P and PE routers must be configured with LDP or RSVP. Correct Answer: DE
Refer to the exhibit. A network is configured for EIGRP equal-cost load balancing, but the traffic destined to the servers is not load balanced. Link metrics from router R2 to R3 and R4 are the same. Which delay value must be configured to resolve the issue? A. 2200 on R4 E0/1 B. 200 on R3 E0/1 C. 120 on R3 E0/1 D. 120 on R4 E0/1 Correct Answer: B
Refer to the exhibit. An engineer notices a connectivity problem between routers R1 and R2. The frequency of this problem is high during peak business hours. Which action resolves the issue? A. Increase the available bandwidth between R1 and R2. B. Decrease the EIGRP keepalive and hold down timers on R1 and R2. C. Increase the MTU on the interfaces that connect R1 and R2. D. Set static EIGRP neighborship between R1 and R2. Correct Answer: A
Which label operations are performed by a label edge router? A. SWAP and POP B. PUSH and POP C. SWAP and PUSH D. PUSH and PHP Correct Answer: B
Which failure detection mechanism is used for BFD? A. consistent rate B. Layer 2 protocol failure C. variable rate D. routing protocol failure Correct Answer: A
Refer to the exhibit. A network engineer received a call from the vendor for a failed attempt to remotely log in to their managed router loopback interface from 192.168.40.15. Which action must the network engineer take to resolve the issue? A. The source IP summarization must be updated to include the vendor source IP address. B. The time-range configuration must be changed to use absolute instead of periodic. C. The EIGRP configuration must be updated to include a network statement for loopback 100. D. The IP access list VENDOR must be applied to interface loopback 100. Correct Answer: A
Network operations report issues with receiving too many external routes, which caused CPU spike on routers with smaller memories. Which action resolves the issue? A. configure the area range command when redistributing on ASBR. B. configure the summary-address command when redistributing on ABR. C. configure the area range command when redistributing on ABR. D. configure the summary-address command when redistributing on ASBR. Correct Answer: C
Refer to the exhibit. An engineer must configure OSPF with R9 and R10 and configure redistribution between OSPF and RIP, causing a routing loop. Which configuration on R9 and R10 meets this objective? A. router ospf 1 redistribute rip subnets tag 20 route-map deny_tag20 deny 10 match tag 20 route-map deny_tag20 permit 20 router ospf 1 distribute-list route-map deny_tag20 in B. router ospf 1 redistribute rip subnets tag 20 route-map deny_tag20 deny 10 match tag 20 route-map deny_tag20 deny 20 router ospf 1 distribute-list route-map deny_tag20 in C. router ospf 1 redistribute rip subnets tag 20 route-map deny_tag20 deny 10 match tag 20 route-map deny_tag20 permit 20 router rip 1 distribute-list route-map deny _tag20 in D. router ospf 1 redistribute rip subnets tag 20 route-map deny_tag20 permit 10 match tag 20 route-map deny_tag20 permit 20 router ospf 1 distribute-list route-map deny_tag20 in Correct Answer: C
Refer to the exhibit. Bangkok is using ECMP to reach the 172.20.2.0/24 network. The network administrator must configure it in such a way that traffic from 172.16.2.0/24 network uses the Singapore router as the preferred route. Which set of configurations accomplishes this task? A. Bangkok - access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.19.1.2 interface Ethernet0/1 ip policy route-map PBR1 B. Dubai - access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.19.1.2 set ip next-hop peer-address interface Ethernet0/0 ip policy route-map PBR1 C. Bangkok - access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.19.1.2 interface Ethernet0/2 ip policy route-map PBR1 D. Dubai - access-list 101 permit ip 172.16.2.0 0.0.0.255 172.20.2.0 0.0.0.255 route-map PBR1 permit 10 match ip address 101 set ip next-hop 172.19.1.2 interface Ethernet0/0 ip policy route-map PBR1 Correct Answer: C
Refer to the exhibits. London must reach Rome using a faster path via EIGRP if all the links are up, but it failed to take this path. Which action resolves the issue? A. Change the administrative distance of RIP to 150. B. Increase the bandwidth of the link between London and Barcelona. C. Use the network statement on London to inject the 172.16.X.0/24 networks into EIGRP. D. Use the network statement on Rome to inject the 172.16.X.0/24 networks into EIGRP. Correct Answer: D
The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks. access-list 100 permit ip 10.10.10.0 0.0.0.255 any access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23 class-map CLASS-SSH match access-group 100 policy-map PM-COPP class CLASS-SSH police 500000 conform-action transmit interface E0/0 service-policy input PM-COPP interface E0/1 service-policy input PM-COPP The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue? A. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 B. interface E0/0 no service-policy input PM-COPP interface E0/1 no service-policy input PM-COPP control-plane service-policy input PM-COPP C. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 policy-map PM-COPP class CLASS-SSH no police 500000 conform-action transmit police 500000 conform-action transmit exceed-action drop D. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 interface E0/0 no service-policy input PM-COPP interface E0/1 no service-policy input PM-COPP control-plane service-policy input PM-COPP Correct Answer: D
Refer to the exhibit. With the partial configuration of a router-on-a-stick, clients in VLAN 10 on Gi2 cannot obtain IP configuration from the central DHCP server. The DHCP server is reachable by a successful ping from the router. Which action resolves the issue? A. configure the ip helper-address 192.168.255.3 command on the Gi2.10 subinterface. B. configure a valid IP address on the Gi2 interface so that DHCP requests can be forwarded. C. configure the ip dhcp pool 1 and network 192.168.210.0 255.255.255.0 commands. D. configure the ip dhcp excluded-address 192.168.255.3 command on the Gi2.10 subinterface. Correct Answer: A
The IPv6 network is under attack by an unknown source that is neither in the binding table nor learned through neighbor discovery. Which feature helps prevent the attack? A. IPv6 Destination Guard B. IPv6 prefix Guard C. IPv6 Router Advertisement Guard D. IPv6 Snooping Correct Answer: B
The network administrator configured CoPP so that all routing protocol traffic toward the router CPU is limited to 1 mbps. All traffic that exceeds this limit must be dropped. The router is running BGP and OSP A. Management traffic for Telnet and SSH must be limited to 500 kbps. access-list 100 permit tcp any any eq 179 access-list 100 permit tcp any any range 22 23 access-list 100 permit ospf any any class-map CM-ROUTING match access-group 100 class-map CM-MGMT match access-group 100 policy-map PM-COPP class CM-ROUTING police 1000000 conform-action transmit class CM-MGMT police 500000 conform-action transmit control-plane service-policy output PM-COPP No traffic is filtering through CoPP, which is resulting in high CPU utilization. Which configuration resolves the issue? B. control-plane no service-policy output PM-COPP service-policy input PM-COPP C. no access-list 100 access-list 100 permit tcp any any eq 179 access-list 100 permit ospf any any access-list 101 permit tcp any any range 22 23 class-map CM-MGMT no match access-group 100 match access-group 101 D. no access-list 100 access-list 100 permit tcp any any eq 179 access-list 100 permit ospf any any access-list 101 permit tcp any any range 22 23 class-map CM-MGMT no match access-group 100 match access-group 101 control-plane no service-policy output PM-COPP service-policy input PM-COPP E. No access-list 100 - access-list 100 permit tcp any any eq 179 access-list 100 permit tcp any any range eq 22 access-list 100 permit tcp any any range eq 23 access-list 100 permit ospf any any Correct Answer: C
Refer to the exhibit. The network administrator configured BGP as the backup route for 10.0.0.0/8 and it should work only when EIGRP 10.0.0.0/8 failed to install for site S4248T5E130F6. Which configuration resolves the issue? A. configure terminal router eigrp 1 distance eigrp 90 170 B. configure terminal router eigrp 1 redistribute bgp metric 10000 1 255 1 1500 C. configure terminal ip route 10.0.0.0 255.0.0.0 192.168.90.2 D. configure terminal router eigrp 1 distance eigrp 10 170 Correct Answer: D
Refer to the exhibit. The administrator configured the network devices for end-to-end reachability, but the ASBRs are not propagating routes to each other. Which set of configurations resolves this issue? A. router bgp 100 neighbor 10.1.1.1 next-hop-self neighbor 10.1.2.2 next-hop-self neighbor 10.1.3.3 next-hop-self B. router bgp 100 neighbor 10.1.1.1 update-source Loopback0 neighbor 10.1.2.2 update-source Loopback0 neighbor 10.1.3.3 update-source Loopback0 C. router bgp 100 neighbor 10.1.1.1 route-reflector-client neighbor 10.1.2.2 route-reflector-client neighbor 10.1.3.3 route-reflector-client D. router bgp 100 neighbor 10.1.1.1 ebgp-multihop neighbor 10.1.2.2 ebgp-multihop neighbor 10.1.3.3 ebgp-muttihop Correct Answer: C
Refer to the exhibit. The Customer Edge router (AS 65500) wants to use AS 100 as the preferred ISP for all external routes. Customer Edge - route-map SETLP set local-preference 111 router bgp 65500 neighbor 192.168.111.1 remote-as 100 neighbor 192.168.111.1 route-map SETLP out neighbor 192.168.112.2 remote-as 200 This configuration failed to send routes to AS 100 as the preferred path. Which set of configurations resolves the issue? A. route-map SETLP set local-preference 111 router bgp 65500 neighbor 192.168.111.1 remote-as 100 neighbor 192.168.111.1 route-map SETLP in B. route-map SETPP set as-path prepend 100 100 router bgp 65500 neighbor 192.168.111.1 remote-as 100 neighbor 192.168.111.1 route-map SETPP in C. route-map SETPP set as-path prepend 111 111 router bgp 65500 neighbor 192.168.111.1 remote-as 100 neighbor 192.168.111.1 route-map SETPP out D. route-map SETLP set local-preference 111 router bgp 65500 neighbor 192.168.111.1 remote-as 100 neighbor 192.168.111.1 route-map SETLP out Correct Answer: A
Refer to the exhibit. The administrator noticed that the connection was apping between the two ISPs instead of switching to ISP2 when the ISP1 failed. Which action resolves the issue? A. Include a valid source-interface keyword in the icmp-echo statement. B. Reference the track object 1 on the default route through ISP2 instead of ISP1. C. Modify the static routes to refer both to the next hop and the outgoing interface. D. Modify the threshold to match the administrative distance of the ISP2 route. Correct Answer: D
Refer to the exhibit. An administrator must harden a router, but the administrator failed to test the SSH access successfully to the router. Which action resolves the issue? A. SSH must be allowed with the transport output ssh command. B. configure enable secret to log in to the device. C. SSH syntax must be ssh -l user ip to log in to the remote device. D. configure SSH on the remote device to log in using SS E. Correct Answer: C
Which MPLS value is combined with the IP prefix to convert to a VPNv4 prefix? A. 8-byte Route Distinguisher B. 8-byte Route Target C. 16-byte Route Target D. 16-byte Route Distinguisher Correct Answer: A
What are the two reasons for RD and VPNv4 addresses in an MPLS Layer 3 VPN? (Choose two.) A. VPN RT communities are used to identify customer unique routes. B. When the PE redistributes customer routes into MP-BGP, they must be unique. C. They are on a CE device to use for static configuration. D. They are used for a BGP session with the CE device. E. RD is prepended to each prefix to make routes unique. Correct Answer: BE
An engineer configured a leak-map command to summarize EIGRP routes and advertise specifically loopback 0 with an IP of 10.1.1.1 255.255.255.252 along with the summary route. After nishing configuration, the customer complained about not receiving the summary route with the specific loopback address. Which two configurations will x this issue? (Choose two.) router eigrp 1 route-map Leak-Route deny 10 interface Serial 0/0 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 leak-map Leak-Route A. access-list 1 permit 10.1.1.0 0.0.0.3 B. access-list 1 permit 10.1.1.1 0.0.0.252 C. access-list 1 and match under route-map Leak-Route D. route-map Leak-Route permit 10 and match access-list 1 E. route-map Leak-Route permit 20 Correct Answer: AD
Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS 111. Which configuration stops Customer AS from being used as a transit path on ISP-1? A. ip as-path access-list 1 permit.* B. ip as-path access-list 1 permit_111_ C. ip as-path access-list 1 permit ^$ D. ip as-path access-list 1 permit ^111$ Correct Answer: C
A network engineer must configure a DMVPN network so that a spoke establishes a direct path to another spoke if the two must send traffic to each other. A spoke must send traffic directly to the hub if required. Which configuration meets this requirement? A. At the hub router: interface tunnel10 ip nhrp nhs dynamic multipoint ip nhrp nhs shortcut tunnel mode gre multicast On the spokes router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs redirect tunnel mode gre multicast B. At the hub router: interface tunnel10 ip nhrp map dynamic multipoint ip nhrp redirect tunnel mode gre multicast On the spokes router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp shortcut tunnel mode gre multicast C. At the hub router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs shortcut tunnel mode gre multipoint On the spokes router: interface tunnel10 ip nhrp nhs multicast dynamic ip nhrp nhs redirect tunnel mode gre multipoint D. At the hub router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp redirect tunnel mode gre multipoint On the spokes router: interface tunnel10 ip nhrp map multicast dynamic ip nhrp shortcut tunnel mode gre multipoint Correct Answer: D
The network administrator configured R1 to authenticate Telnet connections based on Cisco ISE using TACACS+. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123. The administrator has configured this on R1: aaa new-model tacacs server ISE1 address ipv4 192.168.1.5 key Cisco123 aaa group server tacacs+ TAC-SERV server name ISE1 aaa authentication login telnet group TAC-SERV The network administrator cannot authenticate to R1 based on IS A. Which configuration xes the issue? B. line vty 0 4 login authentication TAC-SERV C. tacacs-server host 192.168.1.5 key Cisco123 D. ip tacacs-server host 192.168.1.5 key Cisco123 E. line vty 0 4 login authentication telnet Correct Answer: A
The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123. The administrator has configured this on R1: aaa new-model radius server ISE1 address ipv4 192.168.1.5 key Cisco123 aaa group server tacacs+ RAD-SERV server name ISE1 aaa authentication login default group RAD-SERV The network administrator cannot authenticate to access R1 based on IS A. Which set of configurations xes the issue? B. line vty 0 4 login authentication RAD-SERV C. aaa group server tacacs+ ISE1 server name RAD-SERV D. aaa group server radius RAD-SERV server name ISE1 E. line vty 0 4 login authentication default Correct Answer: A
Which IPv6 first-hop security feature helps to minimize denial of service attacks? A. IPv6 Router Advertisement Guard B. IPv6 Destination Guard C. DHCPv6 Guard D. IPv6 MAC address filtering Correct Answer: B
Refer to the exhibit. A network engineer is troubleshooting a failed link between R2 and R3. No traffic loss is reported from router R5 to HQ. Which command xes the separated backbone? A. R3(config-router)#area 21 virtual-link 192.168.125.5 B. R2(config-router)#area 21 virtual-link 192.168.125.5 C. R3(config-router)#no area 21 stub D. R2(config-router)#no area 21 stub Correct Answer: B
A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321 router. However, the SSH response from the router is abnormal and stuck during the high link utilization. The problem is identified as SSH traffic does not match in the ACL. Which action resolves the issue? A. Apply CoPP on the control plane interface. B. Apply CoPP on the WAN interface inbound direction. C. Rate-limit SSH traffic to ensure dedicated bandwidth. D. Increase the IP precedence value of SSH traffic to 6. Correct Answer: A
Refer to the exhibit. The network administrator must configure Cape Town to reach Dubai via Tokyo based on the speeds provided by the service provider. It was noticed that Cape Town is reaching Dubai directly and failed to meet the requirement. Which configuration xes the issue? A. CapeTown - router eigrp 100 variance 2 B. CapeTown - interface E 0/0 bandwidth 5000 interface E 0/1 bandwidth 10000 C. CapeTown - interface E 0/0 bandwidth 5000 interface E 0/1 bandwidth 10000 Dubai - interface E 0/0 bandwidth 50000 interface E 0/1 bandwidth 5000 Tokyo - interface E 0/0 bandwidth 50000 interface E 0/1 bandwidth 10000 D. Dubai - router eigrp 100 variance 2 Correct Answer: B
Refer to the exhibit. An engineer must configure a LAN-to-LAN IPsec VPN between R1 and the remote router. Which IPsec Phase 1 configuration must the engineer use for the local router? A. crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 crypto isakmp key cisco123 address 200.1.1.3 B. crypto isakmp policy 5 authentication pre-share encryption 3des hash md5 group 2 crypto isakmp key cisco123! address 199.1.1.1 C. crypto isakmp policy 5 authentication pre-share encryption 3des hash md5 group 2 crypto isakmp key cisco123 address 199.1.1.1 D. crypto isakmp policy 5 authentication pre-share encryption 3des hash md5 group 2 crypto isakmp key cisco123 address 200.1.1.3 Correct Answer: D
Refer to the exhibit. A shoe retail company implemented the uRPF solution for an antispoofing attack. A network engineer received the call that the branch A server is under an IP spoofing attack. Which configuration must be implemented to resolve the attack? A. R4 - interface ethernet0/1 ip verify unicast source reachable-via any allow-default allow-self-ping B. R4 - interface ethernet0/1 ip unicast RPF check reachable-via any allow-default allow-self-ping C. R3 - interface ethernet0/1 ip verify unicast source reachable-via any allow-default allow-self-ping D. R3 - interface ethernet0/1 ip unicast RPF check reachable-via any allow-default allow-self-ping Correct Answer: C
Refer to the exhibit. An engineer configures two ASBRs, 10.4.17.6 and 10.4.15.5, in an OSPF network to redistribute routes from EIGRP. However, both ASBRs show the EIGRP routes as equal costs even though the next-hop router 10.4.17.6 is closer to R1. How should the network traffic to the EIGRP prefixes be sent via 10.4.17.6? A. The administrative distance should be raised to 120 from the ASBR 10.4.17.6. B. The redistributed prefixes should be advertised as Type 1. C. The ASBR 10.4.17.6 should assign a tag to match and assign a lower metric on R1. D. The administrative distance should be raised to 120 from the ASBR 10.4.15.5. Correct Answer: B
Which component of MPLS VPNs is used to extend the IP address so that an engineer is able to identify to which VPN it belongs? A. RT B. RD C. LDP D. VPNv4 address family Correct Answer: B
Refer to the exhibit. An engineer noticed that the router log messages do not have any information about when the event occurred. Which action should the engineer take when enabling service time stamps to improve the logging functionality at a granular level? A. configure the debug uptime option. B. configure the msec option. C. configure the timezone option. D. configure the log uptime option. Correct Answer: B
Refer to the exhibit. An engineer configured SNMP Communities on UserSW2 switch, but the SNMP server cannot upload modified configurations to the switch. Which configuration resolves this issue? A. snmp-server community CiscoUs3r RW 11 B. snmp-server community Ciscowruser RW 11 C. snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 22 D. snmp-server group NETVIEW v2c priv read NETVIEW access 11 Correct Answer: B
Refer to the exhibit. An engineer must extend VRF-Lite over a trunk to another switch for VLAN 70 (10.70.70.0/24) on port GigabitEtheret0/0 and VLAN 80 (10.80.80.0/24) on port GigabitEthernet0/1. Which configuration accomplishes this objective? A. interface GigabitEthernet0/0 no switchport ip vrf forwarding 70 ip address 10.70.70.1 255.255.255.0 interface GigabitEthernet0/1 no switchport ip vrf forwarding 80 ip address 10.80.80.1 255.255.255.0 B. interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 70 interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk allowed vlan 80 C. interface GigabitEthernet0/0 switchport mode access switchport access vlan 70 ip vrf forwarding 70 interface GigabitEthernet0/1 switchport mode access switchport access vlan 80 ip vrf forwarding 80 D. interface GigabitEthernet0/0 switchport mode access switchport access vlan 70 interface GigabitEthernet0/1 switchport mode access switchport access vlan 80 ! Correct Answer: A
Refer to the exhibit. An administrator must configure the router with OSPF for IPv4 and IPv6 networks under a single process. The OSPF adjacencies are not established and did not meet the requirement. Which action resolves the issue? A. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv4 address, and remove process 10 from the global configuration. B. Replace OSPF process 10 on the interfaces with OSPF process 1, and configure an additional router ID with IPv6 address. C. Replace OSPF process 10 on the interfaces with OSPF process 1, and remove process 10 from the global configuration. D. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv6 address, and remove process 10 from the global configuration. Correct Answer: D
What is the purpose of an OSPF sham-link? A. to allow inter-area routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network B. to allow intra-area routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network C. to correct OSPF backdoor routing when OSPF is used as the PE-CE connection protocol in an MPLS VPN network D. to correct OSPF backdoor routing when OSPF is used as the PE-PE connection protocol in an MPLS VPN network C Correct Answer:
Refer to the exhibit. An engineer configured NetFlow on R1, but the ows do not reach the NMS server from R1. Which configuration resolves this issue? A. R1(config)# flow monitor FlowMonitort1 R1(config- flow-monitor)#destination 10.66.66.66 B. R1(config)#interface Ethernet0/0 R1(config-if)#ip flow monitor Flowmonitor1 input R1(config-if)#ip flow monitor Flowmonitor1 output C. R1(config)#interface Ethernet0/1 R1(config-if)#ip flow monitor Flowmonitor1 input R1(config-if)#ip flow monitor Flowmonitor1 output D. R1(config)# flow exporter FlowExporter1 R1(config- flow-exporter)#destination 10.66.66.66 Correct Answer: D
Refer to the exhibit. A network administrator is tasked to permit http and https traffic only toward the internet from the User1 laptop to adhere to company's security policy. The administrator can still ping to www.cisco.com. Which interface should the access list 101 be applied to resolve this issue? A. Interface G0/0 in the outgoing direction. B. Interface G0/0 in the incoming direction. C. Interface S1/0 in the outgoing direction. D. Interface G0/48 in the incoming direction. Correct Answer: B
An engineer configured routing between multiple OSPF domains and introduced a routing loop that caused network instability. Which action resolves the problem? A. Set a tag using the redistribute command toward a domain and deny inbound in the other domain by a matching tag. B. Set a tag using the redistribute command toward a different domain and deny the matching tag when exiting from that domain. C. Set a tag using the network command in a domain and use the route-map command to deny the matching tag when exiting toward a different domain. D. Set a tag using the network command in a domain and use the route-map command to deny the matching tag when entering into a different domain. Correct Answer: A
An administrator wants to implement security on his company's router. Please select three options that you will use on your router to secure it. (Choose three.) A. Control Access to the router B. Restrict all traffic through the router C. Restrict SNMP D. Enable all unused services E. Encrypt all passwords F. Disable logging Correct Answer: ACE
An administrator is setting up a DMVPN tunnel between their offices and he is getting below output when he is running the command "show crypto isakmp sa": What command will you run to identify the issue? A. Debug ip icmp B. Debug crypto isakmp C. Debug crypto ipsec sa D. Debug ssh Correct Answer: B
A company is looking to implement VPN between their Head Quarter and over 100+ Branch offices. They are looking for a solution that: 1. Reduces deployment complexity 2. Simpli es branch communications 3. Offers branch to branch connectivity. 4. Is cost effective 5. Offers strong encryption Select the best option from the below options that you would recommend to implement. A. MPLS B. IPSEC C. DMVPN D. GRE Correct Answer: C
You have a DNA center deployed in your environment. Which feature of the DNA Center will you use for system-guided as well as self-guided troubleshooting. A. Assurance B. Automation C. Zero Trust D. Discovery Correct Answer: A
Out of the below options regarding DMVPN & FLEXVPN, select the correct one. A. FlexVPN uses a new key management protocol  IKEv2, while most traditional DMVPN networks use IKEv1 B. FlexVPN uses a new key management protocol  IKEv1, while most traditional DMVPN networks use IKEv2 C. With FlexVPN there's multiple standard way of NHRP and routing protocols operations as opposed to 1 phase of DMVPN D. Flex VPN & DMVPN both are supported only on Firewalls. Correct Answer: A
Refer to the exhibit. A network engineer is provisioning end-to-end traffic service for two different enterprise networks with these requirements: · The OSPF process must differ between customers on HQ and Branch office routers, and adjacencies should come up instantly. · The enterprise networks are connected with overtapping networks between HQ and a Branch office. Which configuration meets the requirements for a customer site? A. ISP(config-if)#int f1/0 - ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA2_Branch ISP(config-if)#ip add 172.16.200.2 255.255.255.0 ISP(config-if)#no shut - B. ISP(config-vrf)#int f0/0 - ISP(config-if)#ip vrf forwarding EB ISP(config-if)#description TO->EB1_Branch ISP(config-if)#ip add 172.16.100.2 255.255.255.0 ISP(config-if)#no shut - C. ISP(config)#int f2/0 - ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA1_HQ ISP(config-if)#ip address 172.16.100.2 255.255.255.0 ISP(config-if)#no shut - D. ISP(config-if)#int f3/0 - ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA2_Branch ISP(config-if)#ip address 172.16.200.2 255.255.255.0 ISP(config-if)#no shut Correct Answer: A
Refer to the exhibit. A company is evaluating multiple network management system tools. Trending graphs generated by SNMP data are returned by the NMS and appear to have multiple gaps. While troubleshooting the issue, an engineer noticed the relevant output. Which action resolves the gaps in the graphs? A. Remove the class map NMS from being part of control plane policing. B. configure the CIR rate to a lower value that accommodates all the NMS tools. C. Remove the exceed-rate command in the class map. D. Separate the NMS class map in multiple class maps based on the specific protocols with appropriate CoPP actions. Correct Answer: D
Refer to the exhibit. The network engineer configured the summarization of the RIP routes into the OSPF domain on R5 but still sees four different 172.16.0.0/24 networks on R4. Which action resolves the issue? A. R5(config)#router ospf 99 - R5(config-router)#network 172.16.0.0 0.255.255.255 area 56 R5(config-router)#area 56 range 172.16.0.0 255.255.255.0 B. R5(config)#router ospf 1 - R5(config-router)#no area - R5(config-router)#summary-address 172.16.0.0 255.255.252.0 C. R4(config)#router ospf 1 - R4(config-router)#no area - R4(config-router)#summary-address 172.16.0.0 255.255.252.0 D. R4(config)#router ospf 99 - R4(config-router)#network 172.16.0.0 0.255.255.255 area 56 R4(config-router)#area 56 range 172.16.0.0 255.255.255.0 Correct Answer: B
What is the minimum time gap required by the local system before putting a BFD control packet on the wire? A. Desired Min TX Interval B. Detect Mult C. Required Min RX Interval D. Required Min Echo RX Interval Correct Answer: A
What must be configured by the network engineer to circumvent AS_PATH loop prevention mechanism in IP/VPN Hub and Spoke deployment scenarios? A. Use allowas-in at the PE_Hub. B. Use allowas-in and as-override at all PEs. C. Use allowas-in and as-override at the PE_Hub. D. Use as-override at the PE_Hub. Correct Answer: D
Refer to the exhibit. Which action makes 10.1.3.2 the feasible successor to reach 10.200.1.0/24 for location S42T431E64F51? A. Increase path bandwidth higher than 10.1.1.2 and lower than 10.1.2.2 between RtrA and the destination. B. Increase path bandwidth lower than 10.1.1.2 and lower than 10.1.2.2 between RtrA and the destination. C. Increase path bandwidth higher than 10.1.2.2 and lower than 10.1.1.2 between RtrA and the destination. D. Increase path bandwidth higher than 10.1.2.2 and higher than 10.1.1.2 between RtrA and the destination. Correct Answer: D
Refer to the exhibit A junior engineer updated a branch router configuration. Immediately after the change, the engineer receives calls from the help desk that branch personnel cannot reach any network destinations. Which configuration restores service and continues to block 10.1.1.100/32? A. route-map FILTER-IN deny 5 B. ip prefix-list 102 seq 15 permit 0.0.0.0/32 file 32 C. route-map FILTER-IN permit 20 D. ip prefix-list 102 seq 5 permit 0.0.0.0/32 file 32 Correct Answer: C
What does the MP-BGP OPEN message contain? A. the version number and the AS number to which the router belongs B. IP routing information and the AS number to which the router belongs C. NLRI, path attributes, and IP addresses of the sending and receiving routers D. MPLS labels and the IP address of the router that receives the message Correct Answer: A
Refer to the exhibit. An engineer applies a prefix-list filter that lters most of the network 10 prefixes instead of allowing them. Which action resolves the issue? A. Modify the ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 command. B. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 file 9 command. C. Modify the ip prefix-list EIGRP seq 20 permit 0.0.0.0/0 file 32 command. D. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 file 32 command. Correct Answer: D
How is a preshared key "Test" for all the remote VPN routers configured in a DMVPN using GRE over IPsec set up? A. authentication pre-share Test address 0.0.0.0 0.0.0.0 B. set pre-share Test address 0.0.0.0 0.0.0.0 C. crypto ipsec key Test address 0.0.0.0 0.0.0.0 D. crypto isakmp key Test address 0.0.0.0 0.0.0.0 Correct Answer: D
Refer to the exhibit. An engineer is trying to get 192.168.32.100 forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action forwards the packets through 10.1.1.1? A. configure EIGRP to receive 192.168.32.0 route with lower metric. B. configure EIGRP to receive 192.168.32.0 route with lower admin distance. C. configure EIGRP to receive 192.168.32.0 route with longer prefix than /19. D. configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24. Correct Answer: D
What is a characteristic of IPv6 RA Guard? A. It lters rogue RA broadcasts from connected hosts. B. It is supported on the egress direction of the switch. C. RA messages are allowed from the host port to the switch. D. It is unable to protect tunneled traffic. Correct Answer: A
A network administrator is troubleshooting a failed AAA login issue on a Cisco Catalyst c3560 switch. When the network administrator tries to log in with SSH using TACACS+ username and password credentials, the switch is no longer authenticating and is failing back to the local account. Which action resolves this issue? A. configure ip tacacs-server source-interface GigabitEthernet 1/1. B. configure ip tacacs source-ip 192.168.100.55. C. configure ip tacacs source-interface GigabitEthernet 1/1. D. configure ip tacacs-server source-ip 192.168.100.55. Correct Answer: B
Which two solutions are used to overcome a apping link that causes a frequent label binding exchange between MPLS routers? (Choose two.) A. Increase input queue on links to protect the session. B. Increase a hold-timer to protect the session. C. Increase a session delay to protect the session. D. Create link dampening on links to protect the session. E. Create targeted hellos to protect the session. Correct Answer: CD
Refer to the exhibit. An engineer must filter EIGRP updates that are received to block all 10.10.10.0/24 prefixes. The engineer tests the distribute list and finds one associated prefix. Which action resolves the issue? A. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 255.255.255.0. B. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 0.0.0.255. C. There is a permit in the route map that allows this prefix. A deny 20 statement is required with a match condition to match a new ACL that denies all prefixes. D. There is a permit in the route map that allows this prefix. A deny 20 statement is required with no match condition to block the prefix. Correct Answer: B
You want to implement AAA on router R1 for a more robust authentication and authorization system. What is typically the first global command used to do this? A. aaa new-model B. aaa enable C. aaa server-group D. aaa authentication login Correct Answer: A
A time based access list has been configured on R1 to allow SSH access to the device only on weekdays. Which of the following are valid options when using the time range command? (Choose two.) A. relative B. recurring C. absolute D. periodic Correct Answer: CD
First-Hop Security (FHS) is a set of features to optimize IPv6 link operation, and help with scale in large L2 domains. Which of the following are valid First-Hop Security features supported by Cisco? (Choose three.) A. IPv6 RA Guard B. IPv6 Source Guard C. DHCPv6 Guard D. IPv6 Snooping E. DHCPv6 Snooping Correct Answer: ACD
What are the four stages of obtaining an IP address from a DHCP server that corresponds to the acronym DORA? A. Discover, Offer, Release, Addressing B. Discover, Obtain, Request, Acknowledge C. Determine, Offer, Release, Acknowledge D. Discover, Offer, Request, Acknowledge Correct Answer: D
SNMPv2 has been used throughout a network to manage all of the network devices. You have been asked to migrate to an SNMPv3 solution instead. What is the biggest advantage to migrating from SNMPv2 to SNMPv3? A. Enhanced security, including encryption of passwords B. Enhanced performance, supporting more messages per minute. C. Enhanced scaling, supporting thousands more devices per network segment than SNMPv2. D. Using a push model instead of pull. SNMPv3 uses telemetry to push data to SNMP management stations in real time. Correct Answer: A
You are configuring Net flow on various network elements in order to gain visibility into the traffic types used. How many export destinations can this Network data be sent to? A. Up to 2 B. Up to 4 C. Up to 8 D. There is no limitation on the number of flow data export destinations. Correct Answer: A
A Cisco router has just been configured for NTP and is synchronized with the configured NTP server. However, log messages still show an incorrect time. What else should be done to match the log messages time stamps with the NTP based time? A. Wait a bit longer for the synchronized time to get applied to new log messages. B. configure the "service timestamps log datetime localtime" command in global mode. C. configure the "service timestamps log datetime synchronize" command globally D. configure the "service timestamps log ntp" command in global config mode. Correct Answer: B
There is an issue between two nodes within your network, and you are using Cisco DNA Center Path Trace to help troubleshoot the problem. Which of the following statements are true regarding the Path Trace tool? A. Overlapping IP addresses are supported. B. Path trace between a fabric client and a non-fabric client is supported C. Path trace between a wired client and a wireless client is supported D. Only TCP traffic is supported. Correct Answer: C
Which of the following are valid DHCP options that DHCP servers can be configured to use with DHCP clients when offering a lease? (Choose two.) A. DHCP Option 1: subnet mask B. DHCP Option 3: Lease Duration C. DHCP Option 4: Client host name D. DHCP Option 6: DNS servers Correct Answer: AD
Which feature of the Cisco DNA Center allows you to run diagnostic CLI commands to the devices that are managed by DNA Center for troubleshooting purposes? A. Command Runner B. DNA Spaces C. DNA Advantage D. Intelligent Capture Correct Answer: A
You want to change the Administrative Distance of external EIGRP routes from the default of 170 to 130 instead on router R1 while leaving the default AD value for internal EIGRP routes. Which set of command will accomplish this? A. R1(config)#router eigrp - R1(config-router)#distance 170 - B. R1(config)#router eigrp 1 - R1(config-router)#distance eigrp 90 130 C. R1(config)#router eigrp 1 - R1(config-router)#distance eigrp 130 90 D. R1(config)#router eigrp 1 - R1(config-router)#distance 90 130 Correct Answer: B
Which of the following are valid TFTP error codes? (Choose two.) A. Error Code 1 Â File not found B. Error Code 2 Â Unknown error C. Error code 3 Â Invalid user D. Error code 6 Â File already exists E. Error code 8 Â Undefined error Correct Answer: AD
What are the two prerequisites of setting up DMVPN tunnel? (Choose two.) A. Before a multipoint GRE (mGRE) and IPsec tunnel can be established, define an Internet Key Exchange (IKE) policy by using the crypto isakmp policy command. B. The Public IP's of the routers should be able to ping each other. C. To enable 2547oDMPVN - traffic Segmentation Within DMVPN configure multiprotocol label switching (MPLS) by using the mpls ip command D. It is mandatory to use wildcard preshared keys to build the DMVPN tunnel E. DMVPN can work on all OEM devices that support IK F. Correct Answer: AC
Refer to the exhibit. An administrator is setting up above shown routers to enable MVPN with mGRE mode. What would be the recommended interface configuration that must be done by the engineer to make it to work? A. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode IPSec multipoint B. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode gre multipoint C. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp network-id 1 tunnel source 172.17.0.1 tunnel mode IPsec multipoint D. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel destination 172.17.0.2 tunnel mode IPsec multipoint Correct Answer: B
Select three benefits of setting up a MPLS Network from the below options. (Choose three.) A. Connection less Service B. Security as good as connection-oriented VPNs C. Provides IPS level intelligence to filter packets. D. Integrated QoS support E. All variations of Static routes are supported Correct Answer: ABD
Refer to the Exhibit. The access-lists are configured on the network device. There is a server behind the network device. User are trying to access the server securely however they are not able to access it. What changes would you recommend to the above configuration? A. Permit tcp port 465 B. Permit tcp port 3389 C. Permit tcp port 443 D. Permit tcp any any Correct Answer: C
Which of the following is true regarding IPsec Pre-fragmentation (Look-Ahead Fragmentation)? (Choose two.) A. Operates in tunnel mode only B. Operates in transport mode only C. Is used to help in the overall IPsec throughput since the end host is able to avoid packet reassembly after packet decryption. D. Is not dependent on the MTU of the physical interface used for IPsec. E. Does not support Path MTU Discovery Correct Answer: AC
Which of the following correctly describes the concept of split horizon with IP routing? (Choose two.) A. Split horizon is a valid routing loop prevention mechanism B. Split horizon is used to filter customer routes in an ISP network. C. When enabled, split horizons informs the router to not advertise routes back out the same interface from where that route was originally received. D. Split horizons cannot be disabled on WAN interfaces E. Split horizon is not applicable to EIGRP networks Correct Answer: AC
A network administrator is reloading a router and during the bootup, he is getting the error message "%Error opening tftp://255.255.255.255/network-confg (Socket error)". What command need to be applied on Cisco Router to fix this issue. A. No service config B. Write erase reload C. Reload noconfirm D. Copy run start Correct Answer: A
What is the term used when it causes the packets to lose their MPLS labels including the VPN in-formation that lies in the inner MPLS Label i.e. if a packet goes through an untagged interface, the VPN information is lost and VPN sites lose connectivity? A. Pseudowire B. Black Hole C. traffic Engineering D. Active Network Abstraction Correct Answer: B
What is the total length of an MPLS header? A. 16 bits B. 20 bits C. 28 bits D. 32 bits Correct Answer: D
What TCP port is used by LDP to provide for reliable transport connections? A. 646 B. 648 C. 752 D. 712 Correct Answer: A
At which layer of the OSI model is an MPLS label imposed? A. Layer 2 B. Layer 3 C. Between layers 2 and 3 D. Between layers 3 and 4 Correct Answer: C
Which of the following statements are true regarding two OSPF routers to become neighbors? (Choose two.) A. Must use the same ASN B. Must have identical hello and dead timers C. Must have matching MTU's on the physical network links that connect the routers. D. Need not be on the same subnet. Correct Answer: BC
A new site has been added to an OPSF network using area 2. Area 2 is connected only to area 1 of this OSPF network. Area 1 is used to connect area 1 to the backbone area 0. Should you expect full connectivity to the networks located in area 2 from area 0 in this scenario? A. Yes, by default there will be full connectivity. B. No, you will need to redistribute the area 2 routes into area 0. C. No, a virtual link is needed to logically connect area 2 info area 0. D. Yes, but area 2 will need to be configured as a stub area. Correct Answer: C
Router R1 is configured using VRF's to support customer VPN's. Some customers are using the same private IP address space. Which of the following is used to ensure that these routes are unique when advertised throughout the VPN? A. Route Distinguisher B. Route Targets C. MP-BGP D. LDP Correct Answer: A
Two MPLS routers, R1 and R2, are not directly connected and have an established LDP session running between them. What type of LDP session is this? A. Remote LDP session B. Direct LDP session C. Tunneled LDP session D. Targeted LDP session Correct Answer: D
Which of the following are valid fields in an MPLS header? (Choose four.) A. Label B. Sequence Number C. Experimental (Exp) D. Bottom of Stack (BoS) E. Time to Live (TTL) F. Checksum , C, D, E Correct Answer: A
Which of the following are control plane protocols used within a service provider MPLS network? (Choose two.) A. OAM B. RSVP C. Targeted LDP D. SNMP E. LDP Correct Answer: BE
In a typical MPLS VPN, which routers act as the MPLS label imposition and disposition points in the network? A. CE Router B. P router C. PE Router D. Core router Correct Answer: C
In an MPLS network, which of the following describes the role of the Provider (P) router? A. To connect to customer edge (CE) devices B. To connect to PE routers and act as transit routers C. To impose MPLS labels D. To filter VPN routes in the core Correct Answer: B
The MPLS LDP autoconfiguration feature allows you to enable LDP on every interface that is associated with an IGP instance. Which of the following Interior Gateway Protocols support this? (Choose two.) A. OSPF B. IS-IS C. BGP D. RIP E. EIGRP Correct Answer: AB
In an MPLS VPN network, how are customer routes controlled and distributed? A. Through the use of GRE tunnels B. Customer routes are redistributed into the IGP that the service provider is using C. Customer routes are redistributed into BGP within the service provider D. It is distributed through the use of route targets Correct Answer: D
Which of the following are valid IPv6 Router Advertisement (RA) Guard modes? (Choose two.) A. Guard mode B. Host mode C. Router mode D. Open mode E. Closed mode Correct Answer: BC
Which of the following statements are true regarding the e IPv6 RA Guard feature? A. This feature is support on LAG bundles interfaces B. This feature is supported on private VLANs C. Packets dropped by the IPv6 RA Guard feature cannot be spanned. D. This feature offers protection in networks where IPv6 traffic is tunneled. Correct Answer: B
Unicast Reverse Path Forwarding (uRPF) has been configured on a service provider network to protect itself from spoofed based attacks. Which of the following are valid uRPF modes? (Choose two.) A. Strict mode B. Open mode C. Closed mode D. Block mode E. Loose mode Correct Answer: AE
Which of the following are commonly used ports when implementing RADIUS based authentication and accounting? (Choose two.) A. UDP port 1644 for authentication B. UDP port 1812 for authentication C. TCP port 1812 for authentication D. UDP port 1813 for accounting E. TCP port 1813 for accounting F. UDP port 1644 for accounting Correct Answer: BD
Which of the following are valid restrictions when configuring Control Plane Policing (CoPP) on Cisco devices? (Choose two.) A. You cannot use the "log" keyword with CoPP on the access list entries B. CEF must be disabled C. The only match types supported with CoPP is ip precedence, ip dscp, and access-group D. Only standard access-lists are supported. Correct Answer: AC
Which of the following are used to validate the source of IPv6 traffic and are considered IPv6 layer 2 snooping features? (Choose two.) A. DHCPv6 Guard B. DHCPv6 Root Guard C. IPv6 Source Guard D. IPv6 prefix Guard Correct Answer: CD
Refer to the exhibit. Which two configurations allow clients to get dynamic IP addresses assigned? (Choose two.) A. configure access-list 100 permit udp any any eq 68 as the first line B. configure access-list 100 permit udp any any eq 69 as the first line C. configure access-list 100 permit udp any any eq 61 as the first line D. configure access-list 100 permit udp any any eq 66 as the first line E. configure access-list 100 permit udp any any eq 67 as the first line Correct Answer: AE
Refer to the exhibit. The IT router has been configured with the Science VRF and the interfaces have been assigned to the VR A. Which set of configurations advertises Science-1 and Science-2 routes using EIGRP AS 111? B. router eigrp 111 address-family ipv4 vrf Science autonomous-system 1 network 192.168.1.0 network 192.168.2.0 C. router eigrp 111 address-family ipv4 vrf Science network 192.168.1.0 network 192.168.2.0 D. router eigrp 111 network 192.168.1.0 network 192.168.2.0 E. router eigrp 1 address-family ipv4 vrf Science autonomous-system 111 network 192.168.1.0 network 192.168.2.0 Correct Answer: A
An engineer must override the normal routing behavior of a router for Telnet traffic that is destined to 10.10.10.10 from 10.10.1.0/24 via a next hop of 10.4.4.4, which is directly connected to the router that is connected to the 10.1.1.0/24 subnet. Which configuration reroutes traffic according to this requirement? A. access-list 100 deny tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.4.4.4 route-map POLICY permit 20 B. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.4.4.4 route-map POLICY permit 20 C. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.4.4.4 route-map POLICY permit 20 D. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.4.4.4 Correct Answer: C
Refer to the exhibit. An engineer must configure DMVPN Phase 3 hub-and-spoke topology to enable a spoke-to-spoke tunnel. Which NHRP configuration meets the requirement on R6? A. interface Tunnel1 ip nhrp authentication Cisco123 ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp redirect B. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e 0/1 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp map 192.168.1.2 192.1.20.2 C. interface Tunnel1 ip nhrp authentication Cisco123 ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp holdtime 300 ip nhrp shortcut D. Interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e 0/0 tunnel mode gre multipoint ip nhrp network-id 1 Correct Answer: A
Refer to the exhibit. An engineer implemented CoPP but did not see OSPF traffic going through it. Which configuration resolves the issue? A. control-plane service-policy input COPP B. policy-map COPP class OSFP police 8000 conform-action transmit exceed-action transmit violate-action drop C. ip access-list extended OSFP permit ospf any any D. class-map match-all OSFP match access-group name OSFP Correct Answer: C
Refer to the exhibit. Site1 must perform unequal cost load balancing toward the segments behind Site2 and Site3. Some of the routes are getting load balanced but others are not. Which configuration allows Site1 to load balance toward all the LAN segments of the remote routers? A. Site3 router eigrp 100 variance 2 B. Site2 router eigrp 100 variance 2 C. Site2 router eigrp 100 variance 3 D. Site1 router eigrp 100 variance 3 Correct Answer: D
Refer to the exhibit. R1 and R2 use IGP protocol to route traffic between AS 100 and AS 200 despite being configured to use BGP. Which action resolves the issue and ensures the use of BGP? A. configure distance to 100 under the OSPF process of R1 and R2 B. Remove distance commands under BGP AS 100 C. Remove distance commands under BGP AS 100 and AS 200. D. configure distance to 100 under the EIGRP process of R1 and R2 Correct Answer: B
Which table is used to map the packets in an MPLS LSP that exit from the same interface, via the same next hop, and have the same queuing policies? A. LDP B. FEC C. CEF D. RIB Correct Answer: B
You have configured router R1 with multiple VRF's in order to support multiple customer VPN networks. If you wanted to see the best path for the 10.1.1.0.24 route in VRF Blue, what command would you use? A. show ip route vrf Blue 10.1.1.0 B. show ip route 10.1.1.0 vrf Blue C. show route all 10.1.1.0 D. show ip route all 10.1.1.0 Correct Answer: A
Which of the following OSPF Link State Advertisements (LSA's) were created for IPV6 and do not apply to IPv4 OSPF networks? (Choose two.) A. Link LSA (Type 8) B. Summary LSA (Type 3) C. Router LSA (Type 2) D. Intra-Area prefix LSA (Type 9) E. Opaque LSA (Type 9) Correct Answer: AD
Router R1 has been configured with a default route like this: R1#(config) ip route 0.0.0.0 0.0.0.0 10.2.3.1 You want to redistribute this route into OSPF but when you configure the redistribute static command under the OSPF process the default route is not present. What will create a default route in the OSPF routing process? A. Use the redistribute static subnets command. B. Create a default metric for the static default route. C. Use the default-information originate command under the OSPF process. D. Change the static default route to use an Administrative Distance (AD) greater than 110. Correct Answer: C
Which one of the following statements regarding Bidirectional Forwarding Detection (BFD) is correct? A. BFD echo mode is the default mode of operation. B. BFD is not supported for HSRP. C. CEF must be disabled for BFD to work. D. BFD is not supported when using static routes. Correct Answer: A
Which of the following OSPF neighbor adjacency states is applicable only to manually configured OSPF neighbors in a Non Broadcast Multi- Access network? A. Attempt B. Init C. 2-Way D. Exstart E. Exchange Correct Answer: A
With Internal BGP, there is a requirement for all peers to be logically fully meshed, where all IBGP routers must peer with all other IBGP routers. For scaling purposes, there are two mechanisms that were developed to bypass this requirement. What are they? (Choose two.) A. Confederations B. IBGP to EBGP route redistribution C. BGP peer filtering D. Route reflectors. Correct Answer: AD
You have configured policy-based routing on router R1 to force some traffic to go over an alternate link. In order to verify the configuration, which debug command should be used to verify that the specific traffic is taking the intended path? A. Debug policy routing B. Debug ip routing C. Debug ip policy D. Debug policy map Correct Answer: C
Which BGP attribute can be used to influence the path that incoming traffic takes into your AS from other Autonomous Systems? A. Metric manipulation B. AS_Path C. Weight D. Local Preference Correct Answer: B
Routers R1 and R2 have been configured to use Bidirectional Forwarding Detection? What is the advantage of doing this? A. It is able to discover local link failures at layer 1 and provide automatic re-routing B. It is able to discover local link failures at layer 1 and provide automatic re-routing C. It is able to discover local link failures at layer 1 only and provides detection for this in less than one second. D. It is able to discover local link failures at layers 1 and 2 and provides detection for this in less than one second. Correct Answer: D
Which BGP attribute can be used to influence the path that outgoing traffic takes from your AS to other Autonomous Systems? (Choose two.) A. MED B. AS_Path C. Weight D. Local Preference Correct Answer: CD
In order to connect between disparate OSPF and EIGRP portions of a network, mutual route redistribution has been configured. What are two disadvantages of doing this? (Choose two.) A. Prone to routing loops if not done correctly B. Differing metrics between the routing protocols could result in sub-optimal routing. C. Route redistribution is not supported on most Cisco router platforms. D. Increased convergence times. Correct Answer: AB
Which of the following statements are true regarding two EIGRP routers to become neighbors? A. Must have identical hello and dead timers B. Must utilize unique router ID's C. Must have matching MTU's on the physical network links that connect the routers. D. Must use the same ASN. Correct Answer: D
What is LDP label binding? A. destination prefix with label B. two routers with label distribution session C. source prefix with label D. neighboring router with label Correct Answer: A
Refer to the exhibit. A network engineer must establish communication between three different customer sites with these requirements: * Site-A: must be restricted to access to any users at Site-B or Site- A. * Site-B and Site-C: must be able to communicate between sites and share routes using OSP B. PE interface configuration: interface FastEthernet0/0 ip vrf forwarding Site-A interface FastEthernet0/1 ip vrf forwarding SharedSites interface FastEthernet0/2 ip vrf forwarding SharedSites Which configuration meets the requirements? C. PE(config)#router ospf 10 vrf Site-A PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 PE(config)#router ospf 10 vrf SharedSites PE(config-router)#network 0.0.0.0 255.255.255.255 area 1 D. PE(config)#router ospf 10 vrf Site-A PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 PE(config)#router ospf 20 vrf SharedSites PE(config-router)#network 0.0.0.0 255.255.255.255 area 1 E. PE(config)#router ospf 10 vrf Site-A PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 PE(config)#router ospf 10 vrf SharedSites PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 F. PE(config)#router ospf 10 vrf Site-A PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 PE(config)#router ospf 20 vrf SharedSites PE(config-router)#network 0.0.0.0 255.255.255.255 area 0 Correct Answer: C
Refer to the exhibit. An administrator configures a router to stop using a particular default route if the DNS server 8.8.8.8 is not reachable through that route. However, this configuration did not work as desired and the default route still works even if the DNS server 8.8.8.8 is unreachable. Which two configuration changes resolve the issue? (Choose two.) A. Use a separate track object to reference the existing IP SLA 1 probe for every static route. B. Use a separate IP SLA probe and track object for every static route. C. Associate every IP SLA probe with the proper WAN address of the router. D. Reference the proper exit interfaces along with the next hops in both static default routes. E. configure two static routes for the 8.8.8.8/32 destination to match the IP SLA probe for each ISP. Correct Answer: BE
Refer to the exhibit. The network administrator configured the Chicago router to mutually redistribute the LA and NewYork routes with OSPF routes to be summarized as a single route in EIGRP using the longest summary mask: router eigrp 100 redistribute ospf 1 metric 10 10 10 10 10 router ospf 1 redistribute eigrp 100 subnets interface E 0/0 ip summary-address eigrp 100 172.16.0.0 255.255.0.0 After the configuration, the New York router receives all the specific LA routes but the summary route. Which set of configurations resolves the issue on the Chicago router? A. router eigrp 100 summary-address 172.16.8.0 255.255.252.0 B. interface E 0/1 ip summary-address eigrp 100 172.16.8.0 255.255.252.0 C. router eigrp 100 summary-address 172.16.0.0 255.255.0.0 D. interface E 0/1 ip summary-address eigrp 100 172.16.0.0 255.255.0.0 Correct Answer: B
Refer to the exhibit. An engineer must configure PBR on R1 to reach to 10.2.2.0/24 via R3 AS64513 as the primary path and a backup route through default route via R2 AS64513. All BGP routes are in the routing table of R1, but a static default route overrides BGP routes. Which PBR configuration achieves the objective? A. access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ! route-map PBR permit 10 match ip address 100 set ip next-hop recursive 10.3.3.1 B. access-list 100 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0 ! route-map PBR permit 10 match ip address 100 set ip next-hop recursive 10.3.3.1 C. access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ! route-map PBR permit 10 match ip address 100 set ip next-hop 10.3.3.1 D. access-list 100 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0 ! route-map PBR permit 10 match ip address 100 set ip next-hop 10.3.3.1 Correct Answer: A
What is the function of BFD? A. It creates high CPU utilization on hardware deployments B. It provides uniform failure detection on the same media type C. It provides uniform failure detection regardless of media type D. It negotiates to the highest version if the neighbor version differs Correct Answer: C
Refer to the exhibit. When an FTP client attempts to use passive FTP to connect to the FTP server, the file transfers fail. Which action resolves the issue? A. Modify traffic filter FTP-SERVER in to the outbound direction. B. configure active FTP traffic. C. configure to permit TCP ports higher than 1023. D. Modify FTP-SERVER access list to remove established at the end. Correct Answer: C
Refer to the exhibit. An administrator configured a Cisco router for TACACS authentication, but the router is using the local enable password instead. Which action resolves the issue? A. configure the aaa authentication login default group admin local if-authenticated command instead. B. configure the aaa authentication login admin group tacacs+ local enable none command instead. C. configure the aaa authentication login admin group tacacs+ local if-authenticated command instead. D. configure the aaa authentication login admin group admin local enable command instead. Correct Answer: D
An administrator attempts to download the .pack NBAR2 file using TFTP from the CPE router to another device over the Gi0/0 interface. The CPE is configured as below: hostname CPE ip access-list extended WAN <`¦> remark => All UDP rules below for WAN ID: S421T18E58F90 permit udp any eq domain any permit udp any any eq tftp deny udp any any interface GigabitEthernet0/0 <`¦> ip access-group WAN in <`¦> tftp-server flash:pp-adv-csr1000v-1612.1a-37-53.0.0.pack The transfer fails. Which action resolves this issue? A. Make the permit udp any eq tftp any entry the last entry in the WAN ACL B. Shorten the file name to the 8+3 naming convention C. Change the WAN ACL to permit the entire UDP destination port range D. Change the WAN ACL to permit the UDP port 69 to allow TFTP Correct Answer: C
A network administrator must optimize the segment size of the TCP packet on the DMVPN IPsec protected tunnel interface, which carries application traffic from the head office to a designated branch. The TCP segment size must not overwhelm the MTU of the outbound link. Which configuration must be applied to the router to improve the application performance? A. interface tunnel30 ip mtu 1400 ip tcp payload-size 1360 ! crypto ipsec fragmentation before-encryption B. interface tunnel30 ip mtu 1400 ip tcp adjust-mss 1360 ! crypto ipsec fragmentation after-encryption C. interface tunnel30 ip mtu 1400 ip tcp max-segment 1360 ! crypto ipsec fragmentation before-encryption D. interface tunnel30 ip mtu 1400 ip tcp packet-size 1360 ! crypto ipsec fragmentation after-encryption B Correct Answer:
In a DMVPN network, the Spoke1 user observed that the voice traffic is coming to Spoke2 users via the hub router. Which command is required on both spoke routers to communicate directly to one another? A. ip nhrp nhs multicast B. ip nhrp shortcut C. ip nhrp map dynamic D. ip nhrp redirect Correct Answer: B
Refer to the exhibit. RR configuration: router bgp 100 neighbor IBGP peer-group neighbor IBGP route-reflector-client neighbor 10.1.1.1 remote-as 100 neighbor 10.1.2.2 remote-as 100 neighbor 10.1.3.3 remote-as 100 The network administrator configured the network to establish connectivity between all devices and notices that the ASBRs do not have routes for each other. Which set of configurations resolves this issue? A. router bgp 100 neighbor IBGP update-source Loopback0 B. router bgp 100 neighbor IBGP next-hop-self C. router bgp 100 neighbor 10.1.1.1 next-hop-self neighbor 10.1.2.2 next-hop-self neighbor 10.1.3.3 next-hop-self D. router bgp 100 neighbor 10.1.1.1 peer-group IBGP neighbor 10.1.2.2 peer-group IBGP neighbor 10.1.3.3 peer-group IBGP Correct Answer: D
Refer to the exhibit. A prefix list is created to filter routes inbound to an EIGRP process except for network 10 prefixes. After the prefix list is applied, no network 10 prefixes are visible in the routing table from EIGRP. Which configuration resolves the issue? A. ip prefix-list EIGRP seq 10 permit 0.0.0.0/0 file 32 B. ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 ip prefix-list EIGRP seq 10 permit 0.0.0.0/0 file 32 C. ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 D. ip prefix-list EIGRP seq 5 permit 10.0.0.0/8 ge 9 no ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 Correct Answer: D
Refer to the exhibit. An engineer configured SNMP traps to record spoofed packets drop of more than 48000 a minute on the ethernet0/0 interface. During an IP spoofing attack, the engineer noticed that no notifications have been received by the SNMP server. Which configuration resolves the issue on R1? A. ip verify unicast notification threshold 800 B. ip verify unicast notification threshold 8000 C. ip verify unicast notification threshold 48000 D. ip verify unicast notification threshold 80 Correct Answer: A
Refer to the exhibit. An engineer implemented an access list on R1 to allow anyone to Telnet except R2 Loopback0 to R1 Loopback4. How must sequence 20 be replaced on the R1 access list to resolve the issue? A. sequence 20 permit tcp host 1001:ABC:2011:7::1 host 400A:0:400C::1 eq telnet B. sequence 20 deny tcp host 400A:0:400C::1 host 1001:ABC:2011:7::1 eq telnet C. sequence 20 permit tcp host 400A:0:400C::1 host 1001:ABC:2011:7::1 eq telnet D. sequence 20 deny tcp host 1001:ABC:2011:7::1 host 400A:0:400C::1 eq telnet Correct Answer: D
Refer to the exhibit. An engineer implemented CoPP to limit Telnet traffic to protect the router CPU. It was noticed that the Telnet traffic did not pass through CoPP. Which configuration resolves the issue? A. ip access-list extended TELNET permit tcp host 10.2.2.1 host 10.2.2.4 eq telnet permit tcp host 10.1.1.1 host 10.1.1.3 eq telnet B. policy-map COPP class TELNET police 8000 conform-action transmit exceed-action transmit C. ip access-list extended TELNET permit tcp host 10.2.2.4 host 10.2.2.1 eq telnet permit tcp host 10.1.1.3 host 10.1.1.1 eq telnet D. policy-map COPP class TELNET police 8000 conform-action transmit exceed-action transmit violate-action drop Correct Answer: C
Refer to the exhibit. After configuring OSPF in R1, some external destinations in the network became unreachable. Which action resolves the issue? A. Disconnect the router with the OSPF router ID 0.0.0 0 from the network. B. Increase the SPF delay interval on R1 to synchronize routes. C. Change the R1 router ID from 10.255.255.1 to a unique value and clear the process. D. Clear the OSPF process on R1 to ush stale LSAs sent by other routers. Correct Answer: C
Refer to the exhibit. A network engineer receives a report that Spoke 1 users can perform bank transactions with the server located at the Center site, but Spoke 2 users cannot. Which action resolves the issue? A. configure the Spoke 2 users IP on the router B OSPF domain B. configure IPv6 on the routers B and C interfaces C. configure OSPFv2 on the routers B and C interfaces D. configure encapsulation dot1q 78 on the router C interface Correct Answer: B
What is an MPLS LDP targeted session? A. LDP session established by exchanging multicast hello packets B. LDP session established between LSRs by exchanging TCP hello packets C. session between neighbors that are connected no more than one hop away D. label distribution session between non-directly connected neighbors Correct Answer: D
Refer to the exhibit. An engineer configures DMVPN and receives the hub location prefix of 10.1.1.0/24 on R2 and R3. The R3 prefix of 10.1.3.0/24 is not received on R2, and the R2 prefix 10.1.2.0/24 is not received on R3. Which action resolves the issue? A. Split horizon prevents the routes from being advertised between spoke routers. It should be disabled with the no ip split-horizon eigrp 10 command on the Gi0/0 interface of R1. B. There is no spoke-to-spoke connection. DMVPN configuration should be modified with a manual neighbor relationship configured between R2 and R3 and confirmed by use of the show ip eigrp neighbor command. C. There is no spoke-to-spoke connection. DMVPN configuration should be modified to enable a tunnel connection between R2 and R3 and neighbor relationship confirmed by use of the show ip eigrp neighbor command. D. Split horizon prevents the routes from being advertised between spoke routers. It should be disabled with the command no ip split-horizon eigrp 10 on the tunnel interface of R1. Correct Answer: D
Which method provides failure detection in BFD? A. long duration, low overhead B. short duration, low overhead C. long duration, high overhead D. short duration, high overhead Correct Answer: B
Which feature minimizes DoS attacks on an IPv6 network? A. IPv6 Binding Security Table B. IPv6 Router Advertisement Guard C. IPv6 prefix Guard D. IPv6 Destination Guard Correct Answer: D
Refer to the exhibit. R1 and R2 are configured for EIGRP peering using authentication and the neighbors failed to come up. Which action resolves the issue? A. configure a matching lowest key-id on both routers. B. configure a matching authentication type on both routers. C. configure a matching key-id number on both routers. D. configure a matching key-chain name on both routers. Correct Answer: A
Refer to the exhibit. Mutual redistribution is enabled between RIP and EIGRP on R2 and R5. Which configuration resolves the routing loop for the 192.168.1.0/24 network? A. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any R5: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any B. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any R5: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any C. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192. 168.1.0 access-list 1 permit any R5: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any D. R2: router eigrp 7 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip network 178.1.0.0 redistribute eigrp 7 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any R5: router eigrp 7 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip network 178.1.0.0 redistribute eigrp 7 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any D Correct Answer:
Refer to the exhibit. R4 is experiencing packet drop when trying to reach 172.16.2.7 behind R2. Which action resolves the issue? A. Insert a /24 floating static route on R2 toward R3 with metric 254. B. Disable auto summarization on R2. C. Enable auto summarization on all three routers R1, R2, and R3. D. Insert a /16 floating static route on R2 toward R3 with metric 254. Correct Answer: B
Refer to the exhibit. An engineer must advertise routes into IPv6 MP-BGP and failed. Which configuration resolves the issue on R1? A. router bgp 64900 no bgp default ipv4-unicast address-family ipv6 unicast redistribute ospf network 2001:DB9::/64 B. router bgp 64900 no bgp default ipv4-unicast address-family ipv6 multicast neighbor 2001:DB8:7000::2 translate-update ipv6 multicast C. router bgp 65000 no bgp default ipv4-unicast address-family ipv6 unicast network 2001:DB8::/64 D. router bgp 65000 no bgp default ipv4-unicast address-family ipv6 multicast network 2001:DB8::/64 C Correct Answer:
Refer to the exhibit. The administrator is trying to overwrite an existing file on the TFTP server that was previously uploaded by another router. However, the attempt to update the file fails. Which action resolves this issue? A. Make the TFTP folder writable by all on the TFTP server. B. Make the package.conf file writable by all on the TFTP server. C. Make the package.conf file executable by all on the TFTP server. D. Make sure to run the TFTP service on the TFTP server. Correct Answer: B
Refer to the exhibit. A network engineer applied a filter for ISA traffic on OSPFv3 inter area routes on the area 5 ABR to protect advertising the internal routes of area 5 to the business partner network. All other areas should receive the area 5 internal routes. After the respective route filtering configuration is applied on the ABR, area 5 routes are not visible on any of the areas. How must the filter list be applied on the ABR to resolve this issue? A. in the "in" direction for area 5 on router R1 B. in the "in" direction for area 20 on router R2 C. in the "out" direction for area 20 on router R2 D. in the "out" direction for area 5 on router R1 Correct Answer: D
Refer to the exhibit. The R2 loopback interface is advertised with RIP and EIGRP using default values. Which configuration changes make R1 reach the R2 loopback using RIP? A. R1(config)#router rip R1(config-router)#distance 90 B. R1(config)#router eigrp 1 R1(config-router)#distance eigrp 130 120 C. R1(config)#router rip R1(config-router)#distance 100 D. R1(config)#router eigrp 1 R1(config-router)#distance eigrp 120 120 Correct Answer: B
Refer to the exhibit. A network administrator notices these console messages from host 10.11.110.12 originating from interface E1/0. The administrator considers this an unauthorized attempt to access SNMP on R1. Which action prevents the attempts to reach R1 E1/0? A. configure IOS control plane protection using ACL 90 on interface E1/0. B. Create an inbound ACL on interface E1/0 to deny SNMP from host 10.11.110.12. C. Add a permit statement including the host 10.11.110.12 into ACL 90. D. configure IOS management plane protection using ACL 90 on interface E1/0. Correct Answer: B
Refer to the exhibit. R6 should reach R1 via R5>R2>R1. Which action resolves the issue? A. Decrease the cost to 2 between R6-R5-R2. B. Increase the cost to 61 between R2-R3-R1. C. Increase the cost to 61 between R2 and R3. D. Decrease the cost to 41 between R2 and R1. Correct Answer: C
An engineer failed to run diagnostic commands on devices using Cisco DNA Center. Which action in Cisco DNA Center resolves the issue? A. Enable Secure Shell. B. Enable APIs. C. Enable CDP. D. Enable Command Runner. Correct Answer: D
Refer to the exhibit. The static route is not present in the routing table of an adjacent OSPF neighbor router. Which action resolves the issue? A. configure a permit 20 statement to the route map to redistribute the static route. B. configure the next-hop interface at the end of the static route for it to get redistributed. C. configure the next hop of 10.20.20.1 in the prefix list DMZ-STATI D. configure the subnets keyword in the redistribution command. Correct Answer: D
Refer to the exhibit. Packets arriving from source 209.165.200.215 must be sent with the precedence bit set to 1, and packets arriving from source 209.165.200.216 must be sent with the precedence bit set to 5. Which action resolves the issue? A. set ip precedence critical in route-map Texas permit 20 B. set ip precedence critical in route-map Texas permit 10 C. set ip precedence priority in route-map Texas permit 20 D. set ip precedence immediate in route-map Texas permit 10 Correct Answer: A
Refer to the exhibit. An engineer must redistribute networks 192.168.10.0/24 and 192.168.20.0/24 into OSPF from EIGRP, where the metric must be added when traversing through multiple hops to start an external route of 20. The engineer notices that the external metric is fixed and does not add at each hop. Which configuration resolves the issue? A. R2(config)#access-list 10 permit 192.168.10.0 0.0.0.255 R2(config)#access-list 10 permit 192.168.20.0 0.0.0.255 ! R2(config)#route-map RD permit 10 R2(config-route-map)#match ip address 10 R2(config-route-map)#set metric 20 R2(config-route-map)#set metric-type type-2 ! R2(config)#router ospf 10 R2(confjg-router)#redistribute eigrp 10 subnets route-map RD B. R2(config)#access-list 10 permit 192.168.10.0 0.0.0.255 R2(config)#access-list 10 permit 192.168.20.0 0.0.0.255 ! R2(config)#route-map RD permit 10 R2(config-route-map)#match ip address 10 R2(config-route-map)#set metric 20 R2(config-route-map)#set metric-type type-1 ! R2(config)#router ospf 10 R2(config-router)#redistribute eigrp 10 subnets route-map RD C. R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255 R1(config)#access-list 10 permit 192.168.20.0 0.0.0.255 ! R1(config)#route-map RD permit 10 R1(config-route-map)#match ip address 10 R1(config-route-map)#set metric 20 R1(config-route-map)#set metric-type type-1 ! R1(config)#router ospf 10 R1(config-router)#redistribute eigrp 10 subnets route-map RD D. R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255 R1(config)#access-list 10 permit 192.168.20.0 0.0.0.255 ! R1(config)#route-map RD permit 10 R1(config-route-map)#match ip address 10 R1(config-route-map)#set metric 20 R1(config-route-map)#set metric-type type-2 ! R1(config)#router ospf 10 R1(config-router)#redistribute eigrp 10 subnets route-map RD B Correct Answer:
An engineer notices that R1 does not hold enough log messages to identify the root cause during troubleshooting. Which command resolves this issue? A. #logging buffered 4096 critical B. #logging buffered 16000 critical C. (config)#logging buffered 16000 informational D. (config)#logging buffered 4096 informational Correct Answer: C
Refer to the exhibit. A network administrator must block ping from user 3 to the App Server only. An inbound standard access list is applied to R1 interface G0/0 to block ping. The network administrator was noti ed that user 3 cannot even ping user 9 anymore. Where must the access list be applied in the outgoing direction to resolve the issue? A. R2 interface G0/0 B. SW1 interface G1/10 C. R2 interface G1/0 D. SW1 interface G2/21 Correct Answer: B
Refer to the exhibit. Clients on ALS2 receive IPv4 and IPv6 addresses, but clients on ALS1 receive only IPv4 addresses and not IPv6 addresses. Which action on DSW1 allows clients on ALS1 to receive IPv6 addresses? A. configure DSW1(dhcp-config)#default-router 2002:A04:A01::A04:A01 B. configure DSW1(config-if)#ipv6 dhcp relay destination 2002:404:404::404:404 GigabitEthernet1/2 C. configure DSW1(config)#ipv6 route 2002:404:404::404:404/128 FastEthernet1/0 D. configure DSW1(config-if)#ipv6 helper address 2002:404:404::404:404 Correct Answer: B
Refer to the exhibit. An engineer configured BGP and wants to select the path from 10.77.255.57 as the best path instead of current best path. Which action resolves the issue? A. configure higher MED to select as the best path. B. configure AS_PATH prepend for the current best path. C. configure AS_PATH prepend for the desired best path. D. configure lower LOCAL_PREF to select as the best path. Correct Answer: B
What is a function of IPv6 Source Guard? A. It inspects find and DHCP packets to build an address binding table. B. It works with address glean or find to find existing addresses. C. It noti es the find protocol to inform hosts if the traffic is denied by it. D. It denies traffic from known sources and allocated addresses. Correct Answer: B
Refer to the exhibit. The AP status from Cisco DNA Center Assurance Dashboard shows some physical connectivity issues from access switch interface G1/0/14. Which command generates the diagnostic data to resolve the physical connectivity issues? A. check cable-diagnostics tdr interface GigabitEthernet1/0/14 B. verify cable-diagnostics tdr interface GigabitEthernet1/0/14 C. show cable-diagnostics tdr interface GigabitEthernet1/0/14 D. test cable-diagnostics tdr interface GigabitEthernet1/0/14 Correct Answer: C
Refer to the exhibit. An engineer configured NetFlow on R1, but the NMS server cannot see the flow from R1. Which configuration resolves the issue? A. interface Ethernet0/1 flow-destination 10.221.10.11 B. interface Ethernet0/0 flow-destination 10.221.10.11 C. flow exporter FlowAnalyzer1 destination 10.221.10.11 D. flow monitor Flowmonitor1 destination 10.221.10.11 Correct Answer: C
Refer to the exhibit. An engineer cannot copy the IOS.bin file from the FTP server to the switch. Which action resolves the issue? A. Allow file permissions to download the file from the FTP server. B. Add the IOS.bin file, which does not exist on FTP server. C. Make memory space on the switch flash or USB drive to download the file. D. Use the copy flash:/ ftp://cisco@10.0.0.2/IOS.bin command. Correct Answer: B
Refer to the exhibit. After reloading the router, an administrator discovered that the interface utilization graphs displayed inconsistencies with their previous history in the NMS. Which action prevents this issue from occurring after another router reload in the future? A. configure SNMP interface index persistence on the router. B. Save the router configuration to startup-config before reloading the router. C. Rediscover all the router interfaces through SNMP after the router is reloaded. D. configure SNMP to use static OIDs referring to individual router interfaces. Correct Answer: A
Refer to the exhibit. In an attempt to increase the network security, the administrator applied the Gi3-in ACL to the Gi3 interface. After the ACL was applied, clients in the network connected to Gi3 lost their ability to obtain IP settings from DHCP. Which two configuration commands must be added to the Gi3-in ACL to reinstate the DHCP service for the clients? (Choose two.) A. 74 permit udp 192.168.30.0 0.0.0.255 eq bootpc host 192.168.255.3 eq bootps B. 71 permit udp host 0.0.0.0 eq bootps host 255.255.255.255 eq bootpc C. 73 permit udp host 0.0.0.0 eq bootpc host 192.168.255.3 eq bootps D. 72 permit udp host 192.168.255.3 eq bootps 192.168.30.0 0.0.0.255 eq bootpc E. 75 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps Correct Answer: B
Refer to the exhibit. Router R2 should be learning the route for 10.123.187.0/24 via EIGRP. Which action resolves the issue without introducing more issues? A. Redistribute the route in EIGRP with metric, delay, and reliability. B. Use distribute-list to modify the route as an internal EIGRP route. C. Use distribute-list to filter the external routes in OSP D. Remove route redistribution in R2 for this route in OSP E. Correct Answer: C
Refer to the exhibit. The control plane is heavily impacted after the CoPP configuration is applied to the router. Which command removal lessens the impact on the control plane? A. access-list 120 permit tcp any gt 1024 eq bgp log B. access-list 120 permit ospf any C. access-list 120 permit udp any any eq pim-auto-rp D. access-list 120 permit eigrp any host 224.0.0.10 Correct Answer: A
Refer to the exhibit. An engineer is trying to add an encrypted user password that should not be visible in the router configuration. Which two configuration commands resolve the issue? (Choose two.) A. username Admin password Cisco@123 B. service password-encryption C. username Admin secret Cisco@123 D. password encryption aes E. no service password-encryption F. username Admin password 5 Cisco@123 Correct Answer: BC
A customer reports that traffic is not passing on an EIGRP enabled multipoint interface on a router configured as below: Which action resolves the issue? A. Enable poison reverse. B. Disable split horizon. C. Disable poison reverse. D. Enable split horizon. Correct Answer: B
Refer to the exhibit. A loop occurs between R1, R2, and R3 while EIGRP is run with poison reverse enabled. Which action prevents the loop between R1, R2, and A. Enable split horizon. B. configure R3 as stub receive-only. C. configure route tagging. D. configure route filtering. Correct Answer: A
Refer to the exhibit. An error message "an OSPF-4-FLOOD_WAR" is received on SW2 from SW1. SW2 is repeatedly receiving its own link-state advertisement and ushes it from the network. Which action resolves the issue? A. Change area 5 to a normal area from a nonstub area. B. Resolve different subnet mask issue on the link. C. configure Layer 3 port channel on interfaces between switches. D. Resolve duplicate IP address issue in the network. Correct Answer: D
Which two components are required for MPLS Layer 3 VPN configuration? (Choose two.) A. Use LDP for customer routes. B. Use pseudowire for Layer 2 routes. C. Use a unique RD per customer VR D. Use OSPF between PE and C E. Use MP-BGP for customer routes. Correct Answer: CD
Refer to the exhibit. Which configuration resolves the IP SLA issue from R1 to the server? A. R6(config)#ip sla responder B. R6(config)#ip sla 650 R6(config-ip-sla)#udp-jitter 10.60.60.6 C. R6(config)#ip sla responder udp-echo ipaddress 10.60.60.6 po 5000 D. R6(config)#ip sla schedule 10 life forever start-time now Correct Answer: C
A network administrator added a new spoke site with dynamic IP on the DMVPN network. Which configuration command passes traffic on the DMVPN tunnel from the spoke router? A. ip nhrp registration no-registration B. ip nhrp registration dynamic C. ip nhrp registration no-unique D. ip nhrp registration ignore Correct Answer: C
Refer to the exhibit. Which configuration enables OSPF for area 0 interfaces to establish adjacency with a neighboring router with the same VRF? A. router ospf 1 vrf CCNP network 10.1.1.1 0.0.0.0 area 0 network 10.2.2.2 0.0.0.0 area 0 B. router ospf 1 interface Ethernet1 ip ospf 1 area 0.0.0.0 interface Ethernet2 ip ospf 1 area 0.0.0.0 C. router ospf 1 vrf CCNP interface Ethernet1 ip ospf 1 area 0.0.0.0 interface Ethernet2 ip ospf 1 area 0.0.0.0 D. router ospf 1 vrf CCNP network 10.0.0.0 0.0.255.255 area 0 Correct Answer: C
Refer to the exhibit. TCP traffic should be reaching host 10.10.10.10/24 via R2. Which action resolves the issue? A. Allow TCP in the access list with no changes to the route map. B. Add a permit 20 statement in the route map to allow TCP traffic. C. TCP traffic will reach the destination via R2 without any changes. D. Set IP next-hop to 10.10.12.2 under the route-map permit 10 to allow TCP traffic. Correct Answer: A
A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command. Which configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU over GRE? A. ip tcp adjust-mss 1360 crypto ipsec fragmentation mtu-discovery B. ip tcp adjust-mss 1360 crypto ipsec fragmentation after-encryption C. ip tcp payload-mtu 1360 crypto ipsec fragmentation after-encryption D. ip tcp payload-mtu 1360 crypto ipsec fragmentation mtu-discovery Correct Answer: B
Refer to the exhibit. During ISP router maintenance, the network produced many alerts because of the apping interface. Which configuration on R1 resolves the issue? A. ip verify drop-rate notify hold-down 60 B. snmp trap link-status down C. snmp trap ip verify drop-rate D. no snmp trap link-status Correct Answer: D
Refer to the exhibit. Reachability between servers in a network deployed with DHCPv6 is unstable. Which command must be removed from the configuration to make DHCPv6 function? A. ipv6 find ra suppress B. address prefix 2001:0:1:4::/64 lifetime in nite in nite C. ipv6 dhcp server DHCP POOL D. ipv6 address 2001:0:1:4::1/64 Correct Answer: A
A customer requested a GRE tunnel through the provider network between two customer sites using loopback to hide internal networks. Which configuration on R2 establishes the tunnel with R1? A. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu 1400 R2(config-if)#ip tcp adjust-mss 1360 R2(config-if)#tunnel source 192.168.20.1 R2(config-if)#tunnel destination 192.168.10.1 B. R2(config)#interface Tunnel1 R2(config-if#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu 1400 R2(config-if)#ip tcp adjust-mss 1360 R2(config-if)#tunnel source 10.10.2.2 R2(config-if)#tunnel destination 10.10.1.1 C. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu 1500 R2(config-if)#ip tcp adjust-mss 1360 R2(config-if)#tunnel source 10.10.2.2 R2(config-if)#tunnel destination 10.10.1.1 D. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu 1500 R2(config-if)#ip tcp adjust-mss 1360 R2(config-if)#tunnel source 192.168.20.1 R2(config-if)#tunnel destination 10.10.1.1 B Correct Answer:
An engineer configured a Cisco router to send reliable and encrypted notifications for any events to the management server. It was noticed that the notification messages are reliable but not encrypted. Which action resolves the issue? A. configure all devices for SNMPv3 informs with auth. B. configure all devices for SNMPv3 informs with priv. C. configure all devices for SNMPv3 traps with auth. D. configure all devices for SNMPv3 traps with priv. Correct Answer: B
Refer to the exhibit. An engineer is monitoring reachability of the configured default routes to ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved? A. Use the icmp-echo command to track both default routes. B. Use the same AD for both default routes. C. Start IP SLA by matching numbers for track and ip sla commands. D. Start IP SLA by de ning frequency and scheduling it. Correct Answer: D
Refer to the exhibits. An engineer identified a Layer 2 loop using DNA A. Which command xes the problem in the SF-D9300-1 switch? B. spanning-tree portfast bpduguard C. no spanning-tree uplinkfast D. spanning-tree backbonefast E. spanning-tree loopguard default Correct Answer: A
Refer to the exhibit. An engineer receives this error message when trying to access another router in-band from the serial interface connected to the console of Which configuration is needed on R1 to resolve this issue? A. R1(config)#line vty 0 R1(config-line)# transport output ssh B. R1(config)#line console 0 R1(config-line)# transport output ssh C. R1(config)#line console 0 R1(config-line)# transport preferred ssh D. R1(config)#line vty 0 R1(config-line)# transport output ssh R1(config-line)# transport preferred ssh Correct Answer: D
Refer to the exhibit. The server for the finance department is not reachable consistently on the 200.30.40.0/24 network and after every second month it gets a new IP address. What two actions must be taken to resolve this issue? (Choose two.) A. configure the server to use DHCP on the network with default gateway 200.30.40.100. B. configure the server with a static IP address and default gateway. C. configure the router to exclude a server IP address. D. configure the server to use DHCP on the network with default gateway 200.30.30.100. E. configure the router to exclude a server IP address and default gateway. Correct Answer: BC
Refer to the exhibit. A user has set up an IP SLA probe to test if a non SLA host web server on IP address 10.1.1.1 accepts HTTP sessions prior to deployment. The probe is failing. Which action should the network administrator recommend for the probe to succeed? A. Re-issue the ip sla schedule command. B. Add the control disable option to the tcp connect. C. Modify the ip sla schedule frequency to forever. D. Add icmp-echo command for the host. Correct Answer: A
Refer to the exhibit. A network administrator is using the DNA Assurance Dashboard panel to troubleshoot an OSPF adjacency that failed between Edge_NYC Interface GigabitEthernet1/3 with Neighbor Edge_SNJ. The administrator observes that the neighborship is stuck in the exstart state. How does the administrator x this issue? A. configure to match the OSPF interface network types on both routers. B. configure to match the OSPF interface speed and duplex settings on both routers. C. configure to match the OSPF interface MTU settings on both routers. D. configure to match the OSPF interface unique IP address and subnet mask on both routers. Correct Answer: C
Refer to the exhibit. A network administrator is troubleshooting OSPF adjacency issue by going through the console logs in the router, but due to an overwhelming log messages stream, it is impossible to capture the problem. Which two commands reduce console log messages to relevant OSPF neighbor problem details so that the issue can be resolved? (Choose two.) A. debug condition ospf neighbor B. debug condition interface C. debug condition session-id ADJCHG D. debug condition all Correct Answer: AB
Refer to the exhibit. A network is under a cyberattack. A network engineer connected to R1 by SSH and enabled the terminal monitor via SSH session to find the source and destination of the attack. The session was flooded with messages, which made it impossible for the engineer to troubleshoot the issue. Which command resolves this issue on R1? A. (config)#terminal no monitor B. (config)#no terminal monitor C. #no terminal monitor D. #terminal no monitor Correct Answer: D
Refer to the exhibit. A network administrator has developed a Python script on the local Linux machine and is trying to transfer it to the router. However, the transfer fails. Which action resolves this issue? A. The Python interpreter must first be enabled with the guestshell enable command. B. The SSH access must be allowed on the VTY lines using the transport input ssh command. C. The SSH service must be enabled with the crypto key generate rsa command. D. The SCP service must be enabled with the ip scp server enable command. Correct Answer: D
Refer to the exhibit. An engineer configured SNMP communities on the Core_Sw1, but the SNMP server cannot obtain information from Core_Sw1. Which configuration resolves this issue? A. access-list 20 permit 10.221.10.11 B. snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 22 C. snmp-server group NETVIEW v2c priv read NETVIEW access 20 D. access-list 20 permit 10.221.10.12 The SNMP server configuration ties ACL 20 to the list of allowed SNMP servers that can pull data from the switch. The IP address of the NMS server needs to be added to this ACL. Correct Answer: A
Refer to the exhibit. Which two commands provide the administrator with the information needed to resolve the issue? (Choose two.) A. debug snmpv3 engine-id B. show snmp user C. debug snmp packet D. debug snmp engine-id E. show snmpv3 user Correct Answer: BC
Refer to the exhibit. The network administrator can see the DHCP discovery packet in R1, but R2 is not replying to the DHCP request. The R1 related interface is configured with the DHCP helper address. If the PC is directly connected to the Fa0/1 interface on R2, the DHCP server assigns as IP address from the DHCP pool to the P A. Which two commands resolve this issue? (Choose two.) B. service dhcp-relay command on R1 C. ip dhcp relay information enable command on R1 D. ip dhcp option 82 command on R2 E. service dhcp command on R1 F. ip dhcp relay information trust-all command on R2 Correct Answer: CD
A network administrator performed a Compact Flash Memory upgrade on a Cisco Catalyst 6509 Switch. Everything is functioning normally except SNMP, which was configured to monitor the bandwidth of key interfaces but the interface indexes are changed. Which global configuration resolves the issue? A. snmp-server i ndex persist B. snmp-server i ndex permanent C. snmp i ndex persist D. snmp i ndex permanent Correct Answer: A
Refer to the exhibit. R1 is configured with IP SLA to check the availability of the server behind R6 but it kept failing. Which configuration resolves the issue? A. R6(config)#ip sla responder udp-echo ip address 10.10.10.1 port 5000 B. R6(config)#ip access-list extended DDOS R6(config-ext-nacl)#5 permit icmp host 10.10.10.1 host 10.66.66.66 C. R6(config)#ip sla responder D. R6(config)#ip access-list extended DDOS R6(config-ext-nacl)#5 permit icmp host 10.66.66.66 host 10.10.10.1 B Correct Answer:
Refer to the exhibit. An engineer configured IP SLA on R1 to avoid the ISP link apping problem, but it is not working as designed. IP SLA should wait 30 seconds before switching traffic to a secondary connection and then revert to the primary link after waiting 20 seconds, when the primary link is available and stabilized. Which configuration resolves the issue? A. R1(config)#track 700 ip sla 700 R1 (config-track)#delay down 30 up 20 B. R1 (config)#ip sla 700 R1(config-ip-sla)#delay down 30 up 20 C. R1 (config)#ip sla 700 R1(config-ip-sla)#delay down 20 up 30 D. R1(config)#track 700 ip sla 700 R1(config-track)#delay down 20 up 30 Correct Answer: A
Refer to the exhibit. An engineer must block access to the console ports for all corporate remote Cisco devices based on the recent corporate security policy but the security team still can connect through the console port. Which configuration on the console port resolves the issue? A. login and password B. exec 0 0 C. transport input telnet D. no exec Correct Answer: D
Refer to the exhibit. A network administrator is troubleshooting IPv6 address assignment for a DHCP client that is not getting an IPv6 address from the server. Which configuration retrieves the client IPv6 address from the DHCP server? A. ipv6 address autoconfig command on the interface B. ipv6 dhcp server automatic command on DHCP server C. ipv6 dhcp relay-agent command on the interface D. service dhcp command on DHCP server Correct Answer: A
Refer to the exhibit. A junior engineer configured SNMP to network devices. Malicious users have uploaded different configurations to the network devices using SNMP and TFTP servers. Which configuration prevents changes from unauthorized NMS and TFTP servers? A. access-list 20 permit 10.221.10.11 access-list 20 deny any log ! snmp-server group NETVIEW v3 priv read NETVIEW access 20 snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20 snmp-server community Cisc0Us3r RO 20 snmp-server community Cisc0wrus3r RW 20 snmp-server tftp-server-list 20 B. access-list 20 permit 10.221.10.11 access-list 20 deny any log ! snmp-server group NETVIEW v3 priv read NETVIEW access 20 snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20 snmp-server community Cisc0wrus3r RO 20 snmp-server community Cisc0Us3r RW 20 snmp-server tftp-server-list 20 C. access-list 20 permit 10.221.10.11 access-list 20 deny any log D. access-list 20 permit 10.221.10.11 Correct Answer: A
An engineer creates a Cisco DNA Center cluster with three nodes, but all the services are running on one host node. Which action resolves this issue? A. Restore the link on the switch interface that is connected to a cluster link on the Cisco DNA Center. B. Click system updates, and upgrade to the latest version of Cisco DNA Center. C. Enable service distribution from the Systems 360 page. D. Click the master host node with all the services and select services to be moved to other hosts. Correct Answer: C
While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading? A. The device must be resynced to Cisco DNA Center. B. The software image for the device is in install mode. C. The device has lost connectivity to Cisco DNA Center. D. The software image for the device is in bundle mode Correct Answer: B
An engineer configured the wrong default gateway for the Cisco DNA Center enterprise interface during the install. Which command must the engineer run to correct the configuration? A. sudo maglev-config update B. sudo maglev install config update C. sudo maglev reinstall D. sudo update config install Correct Answer: A
Refer to the exhibit. An administrator that is connected to the console does not see debug messages when remote users log in. Which action ensures that debug messages are displayed for remote logins? A. Enter the transport input ssh configuration command. B. Enter the terminal monitor exec command. C. Enter the logging console debugging configuration command. D. Enter the aaa new-model configuration command. Correct Answer: C
Refer to the exhibit. Network operations cannot read or write any configuration on the device with this configuration from the operations subnet. Which two configurations x the issue? (Choose two.) A. configure SNMP rw permission in addition to community ciscotest. B. Modify access list 1 and allow operations subnet in the access list. C. Modify access list 1 and allow SNMP in the access list. D. configure SNMP rw permission in addition to version 1. E. configure SNMP rw permission in addition to community ciscotest 1. Correct Answer: AB
Refer to the exhibit. Why is the remote NetFlow server failing to receive the NetFlow data? A. The flow exporter is configured but is not used. B. The flow monitor is applied in the wrong direction. C. The flow monitor is applied to the wrong interface. D. The destination of the flow exporter is not reachable. Correct Answer: D
Refer to the exhibit. An engineer has successfully set up a floating static route from the BRANCH router to the HQ network using HQ_R1 as the primary default gateway. When the g0/0 goes down on HQ_R1, the branch network cannot reach the HQ network 192.168.20.0/24. Which configuration resolves the issue? A. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.1 B. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.2 C. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.5 D. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.1 Correct Answer: D
An engineer configured a DHCP server for Cisco IP phones to download its configuration from a TFTP server, but the IP phones failed to load the configuration. What must be configured to resolve the issue? A. BOOTP port 67 B. DHCP option 66 C. BOOTP port 68 D. DHCP option 69 Correct Answer: B
Refer to the exhibit. The remote server is failing to receive the NetFlow data. Which action resolves the issue? A. Modify the flow transport command transport udp 2055 to move under flow monitor profile. B. Modify the interface command to ip flow monitor FLOW-MONITOR-1 input. C. Modify the udp port under flow exporter profile to ip transport udp 4739. D. Modify the flow record command record v4_r1 to move under flow exporter profile. Correct Answer: B
Refer to the exhibit. A network administrator configured NTP on a Cisco router to get synchronized time for system and logs from a unified time source. The configuration did not work as desired. Which service must be enabled to resolve the issue? A. Enter the service timestamps log datetime clock-period global command. B. Enter the service timestamps log datetime synchronize global command. C. Enter the service timestamps log datetime console global command. D. Enter the service timestamps log datetime localtime global command. Correct Answer: D
Refer to the exhibits. An engineer ltered messages based on severity to minimize log messages. After applying the filter, the engineer noticed that it ltered required messages as well. Which action must the engineer take to resolve the issue? A. configure syslog level 2. B. configure syslog level 3. C. configure syslog level 4. D. configure syslog level 5. Correct Answer: D
An engineer is troubleshooting on the console session of a router and turns on multiple debug commands. The console screen is lled with scrolling debug messages that none of the commands can be verified if entered correctly or display any output. Which action allows the engineer to see entered console commands while still continuing the analysis of the debug messages? A. configure the term no mon command globally. B. configure the logging synchronous level all command. C. configure the logging synchronous command. D. configure the no logging console debugging command globally. Correct Answer: C
Refer to the exhibit. The DHCP client is unable to receive an IP address from the DHCP server. RouterB is configured as follows: Which command is required on the fastethernet 0/0 interface of RouterB to resolve this issue? A. RouterB(config-if)#ip helper-address 172.16.1.1 B. RouterB(config-if)#ip helper-address 255.255.255.255 C. RouterB(config-if)#ip helper-address 172.16.1.2 D. RouterB(config-if)#ip helper-address 172.31.1.1 Correct Answer: C
Refer to the exhibit. A network administrator added one router in the Cisco DNA Center and checked its discovery and health from the Network Health Dashboard. The network administrator observed that the router is still showing up as unmonitored. What must be configured on the router to mount it in the Cisco DNA Center? A. configure router with SNMPv2c or SNMPv3 traps B. configure router with the telemetry data C. configure router with routing to reach Cisco DNA Center D. configure router with NetFlow data Correct Answer: B
Refer to the exhibit. NTP is configured across the network infrastructure and Cisco DNA Center. An NTP issue was reported on the Cisco DNA Center at 17:15. Which action resolves the issue? A. Reset the NTP server to resolve any synchronization issues for all devices B. Check and resolve reachability between Cisco DNA Center and the NTP server C. Check and resolve reachability between the WLC and the NTP server D. Check and configure NTP on the WLC and synchronize with Cisco DNA Center Correct Answer: D
Refer to the exhibit. PC-2 failed to establish a Telnet connection to the terminal server. Which configuration resolves the issue? A. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 25 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet B. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#no sequence 20 Gateway-Router(config-ipv6- acl)#sequence 5 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet C. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet D. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence 15 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet Correct Answer: D
Refer to the exhibit. A network administrator enables DHCP snooping on the Cisco Catalyst 3750-X switch and configures the uplink port (Port- channel2) as a trusted port. Clients are not receiving an IP address, but when DHCP snooping is disabled, clients start receiving IP addresses. Which global command resolves the issue? A. ip dhcp relay information trust portchannel2 B. ip dhcp snooping C. ip dhcp snooping trust D. no ip dhcp snooping information option Correct Answer: D
A customer reports to the support desk that they cannot print from their PC to the local printer id:123456789. Which tool must be used to diagnose the issue using Cisco DNA Center Assurance? A. device trace B. ACL trace C. path trace D. application trace Correct Answer: C
An engineer configured SNMP notifications sent to the management server using authentication and encrypting data with DES. An error in the response PDU is received as "UNKNOWNUSERNAME, WRONGDIGEST". Which action resolves the issue? A. configure the correct authentication password using SNMPv3 authNoPriv. B. configure correct authentication and privacy passwords using SNMPv3 authPriv. C. configure correct authentication and privacy passwords using SNMPv3 authNoPriv. D. configure the correct authentication password using SNMPv3 authPriv. Correct Answer: B
Refer to the exhibit. A network administrator is discovering a Cisco Catalyst 9300 and a Cisco WLC 3504 in Cisco DNA Center. The Catalyst 9300 is added successfully. However, the WLC is showing the error "uncontactable" when the administrator tries to add it in Cisco DNA Center. Which action discovers WLC in Cisco DNA Center successfully? A. Delete the WLC 3504 from Cisco DNA Center and add it to Cisco DNA Center again. B. Add the WLC 3504 under the hierarchy of the Catalyst 9300 connected devices. C. Copy the .cert file from the Cisco DNA Center on the USB and upload it to the WLC 3504. D. Copy the .pem file from the Cisco DNA Center on the USB and upload it to the WLC 3504. Correct Answer: D
Refer to the exhibit. A user cannot SSH to the router. What action must be taken to resolve this issue? A. configure transport input ssh B. configure transport output ssh C. configure ip ssh version 2 D. configure ip ssh source-interface loopback0 Correct Answer: A
Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.) A. Remove class-map ANY from service-policy CoPP. B. configure transport output ssh on line vty and remove sequence 20 from access list 100. C. configure transport input ssh on line vty and remove sequence 30 from access list 100. D. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access list 199. E. configure transport output ssh on line vty and remove sequence 10 from access list 199. Correct Answer: AC
Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP trap rackets? A. Decrease the committed burst size of the mgmt class map. B. Increase the CIR of the mgmt class map. C. Add one new entry in the ACL 120 to permit the UDP port 161. D. Add a new class map to match TCP traffic. Correct Answer: B
Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is blocked and there is no access to the Internet at any time. Which action resolves the issue? A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-conn command in the access list. B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the access list. C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list. D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-conn command in the access list. Correct Answer: B
Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk reports that R3 cannot SSH to the R2s Loopback interface. Which action resolves the issue? A. Modify line 10 of the access list to permit instead of deny. B. Remove line 60 from the access list. C. Modify line 30 of the access list to permit instead of deny. D. Remove line 70 from the access list. Correct Answer: C
Refer to the exhibit. An IT staff member comes into the office during normal office hours and cannot access devices through SS A. Which action should be taken to resolve this issue? B. Modify the access list to use the correct IP address. C. configure the correct time range. D. Modify the access list to correct the subnet mask. E. configure the access list in the outbound direction. Correct Answer: C
Refer to the exhibit. A network administrator is trying to access a branch router using TACACS+ username and password credentials, but the administrator cannot log in to the router because the WAN connectivity is down. The branch router has following AAA configuration: aaa new-model aaa authorization commands 15 default group tacacs+ aaa accounting commands 1 default stop-only group tacacs+ aaa accounting commands 15 default stop- only group tacacs+ tacacs-server host 10.100.50.99 tacacs-server key Ci$co123 Which command will resolve this problem when WAN connectivity is down? A. aaa authentication login console group tacacs+ enable B. aaa authentication login default group tacacs+ local C. aaa authentication login default group tacacs+ enable D. aaa authentication login default group tacacs+ console Correct Answer: B
Refer to the exhibit. An engineer is troubleshooting failed access by contractors to the business application server via Telnet or HTTP during the weekend. Which configuration resolves the issue? A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30 C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30 D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor Correct Answer: B
What are two characteristics of IPv6 Source Guard? (Choose two.) A. requires the user to configure a static binding B. used in service provider deployments to protect DDoS attacks C. requires that validate prefix be enabled D. requires IPv6 snooping on Layer 2 access or trunk ports E. recovers missing binding table entries Correct Answer: AD
The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23 class-map CoPP-TELNET match access-group 101 policy-map PM-CoPP class CoPP-TELNET police 100000 conform transmit exceed drop control-plane service-policy input PM-CoPP The network administrator is not getting the desired results. Which set of configurations resolves this issue? A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP Correct Answer: A
Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS server. When the network administrator uses a console port to access the switch, the RADIUS server returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is entered, it gets rejected. Which command set is used to troubleshoot and resolve this issue? A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec B. line con 0 aaa authorization console ! line vty 0 4 authorization exec C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh D Correct Answer:
Refer to the exhibit. An engineer is troubleshooting a TACACS problem. Which action resolves the issue? A. configure a matching TACACS server IP. B. configure a matching preshared key. C. Generate authentication from a relative source interface. D. Apply a configured AAA profile to the VTY. Correct Answer: B
The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this limit must be dropped. access-list 100 permit ip host 172.16.1.99 any ! class-map CM-ADMIN match access-group 100 policy-map PM-COPP class CM-ADMIN police 500000 conform-action transmit interface E0/0 service-policy input PM-COPP CoPP failed to capture the desired traffic and the CPU load is getting higher. Which two configurations resolve the issue? (Choose two.) A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit ! control-plane service-policy input PM-COPP C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp host 172.16.1.99 any eq 443 E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-action transmit A Correct Answer:
Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the router does not have any filter and anyone can access the router with username and password even though an ACL is configured. Which command resolves this issue? A. access-class INTERNET in B. ip access-group INTERNET in C. ipv6 traffic- filter INTERNET in D. ipv6 access-class INTERNET in Correct Answer: D
Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success. Which configuration resolves the issue? A. tacacs server prod address ipv4 10.221.10.10 exit B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1 C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1 D. tacacs server prod address ipv4 10.221.10.11 exit Correct Answer: C
An engineer is trying to copy an IOS file from one router to another router by using TFTP. Which two actions are needed to allow the file to copy? (Choose two.) A. Copy the file to the destination router with the copy tftp: flash: command B. Enable the TFTP server on the source router with the tftp-server flash: < lename> command C. TFTP is not supported in recent IOS versions, so an alternative method must be used D. configure a user on the source router with the username tftp password tftp command E. configure the TFTP authentication on the source router with the tftp-server authentication local command AB Correct Answer:
Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none of them are active for more than two hours per day. Which action xes the issue within the current resources? A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool B. configure the DHCP lease time to a smaller value C. configure the DHCP lease time to a bigger value D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool Correct Answer: B
Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both ISP links to achieve redundancy and cannot see the Cisco IOS IP SLA tracking output on the router console. Which command is missing from the IP SLA configuration? A. Start-time 00:00 B. Start-time 0 C. Start-time immediately D. Start-time now Correct Answer: D
Refer to the exhibit. An administrator noticed that after a change was made on R1, the timestamps on the system logs did not match the clock. What is the reason for this error? A. An authentication error with the NTP server results in an incorrect timestamp. B. The keyword localtime is not defined on the timestamp service command. C. The NTP server is in a different time zone. D. The system clock is set incorrectly to summer-time hours. Correct Answer: A
A network engineer is investigating a apping (up/down) interface issue on a core switch that is synchronized to an NTP server. Log output currently does not show the time of the ap. Which command allows the logging on the switch to show the time of the ap according to the clock on the device? A. service timestamps log uptime B. clock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00 C. service timestamps log datetime localtime show-timezone D. clock calendar-valid Correct Answer: C
When provisioning a device in Cisco DNA Center, the engineer sees the error message `Cannot select the device. Not compatible with template`. What is the reason for the error? A. The template has an incorrect configuration. B. The software version of the template is different from the software version of the device. C. The changes to the template were not committed. D. The tag that was used to filter the templates does not match the device tag. Correct Answer: D
Which statement about IPv6 find inspection is true? A. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables. B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables. C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables. D. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables. Correct Answer: B
While troubleshooting connectivity issues to a router, these details are noticed: Standard pings to all router interfaces, including loopbacks, are successful. Data traffic is unaffected. SNMP connectivity is intermittent. SSH is either slow or disconnects frequently. Which command must be configured first to troubleshoot this issue? A. show policy-map control-plane B. show policy-map C. show interface | inc drop D. show ip route Correct Answer: A
Refer to the exhibit. Why is user authentication being rejected? A. The TACACS+ server expects user , but the NT client sends domain/user . B. The TACACS+ server refuses the user because the user is set up for CHAP. C. The TACACS+ server is down, and the user is in the local database. D. The TACACS+ server is down, and the user is not in the local database. Correct Answer: D
Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate? A. policy-map SHAPE_BGP B. policy-map LIMIT_BGP C. policy-map POLICE_BGP D. policy-map COPP Correct Answer: D
Which statement about IPv6 RA Guard is true? A. It does not offer protection in environments where IPv6 traffic is tunneled. B. It cannot be configured on a switch port interface in the ingress direction. C. Packets that are dropped by IPv6 RA Guard cannot be spanned. D. It is not supported in hardware when TCAM is programmed. Correct Answer: A
An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing. Which two actions resolve the issue? (Choose two.) A. configure transport input ssh command on the console. B. configure a domain name. C. configure a crypto key to be generated. D. configure a source port for the SSH connection to initiate. E. configure a TACACS+ server and enable it. Correct Answer: BC
When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start apping on that device. Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective? A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction. B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction. C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction. D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction. Correct Answer: B
In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.) A. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways B. by various IPv6 guard features to validate the data link layer address C. by the recovery mechanism to recover the binding table in the event of a device reboot D. by IPv6 routing protocols to securely build neighborships without the need of authentication E. by storing hashed keys for IPsec tunnels for the built-in IPsec features Correct Answer: BC
Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1. Which configuration allows Router2 to establish a Telnet connection to Router1? A. ipv6 unicast-routing B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address C. permit ip any any on access list EGRESS2 on Router1 D. IPv6 address on GigabitEthernet0/0 Correct Answer: C
An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table. Which interface configuration resolves the issue? A. ip verify unicast source reachable-via l2-src B. ip verify unicast source reachable-via allow-default C. ip verify unicast source reachable-via any D. ip verify unicast source reachable-via rx Correct Answer: C
Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary traffic through the interface Which command must be configured to resolve the issue? A. ip access-group INTERNET in B. ipv6 traffic- filter INTERNET in C. ipv6 access-class INTERNET in D. access-class INTERNET in Correct Answer: C
Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature? A. VACL blocking broadcast frames from nonauthorized hosts B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes C. PVLANs with community ports associated to route advertisements and isolated ports for nodes D. IPv4 ACL blocking route advertisements from nonauthorized hosts Correct Answer: B
Refer to the exhibit. Which action resolves the failed authentication attempt to the router? A. configure aaa authorization console global command B. configure aaa authorization console command on line vty 0 4 C. configure aaa authorization login command on line console 0 D. configure aaa authorization login command on line vty 0 4 Correct Answer: A
Refer to the exhibit. A network administrator logs into the router using TACACS+ username and password credentials, but the administrator cannot run any privileged commands. Which action resolves the issue? A. configure the username from a local database B. configure TACACS+ synchronization with the Active Directory admin group C. configure an authorized IP address for this user to access this router D. configure full access for the username from TACACS+ server Correct Answer: D
Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the switch cannot communicate with the server. Which action resolves this issue? A. Correct the timeout value. B. Match the authentication port. C. Correct the shared secret. D. Match the accounting port. Correct Answer: B
Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only partial information. What action should be taken to resolve this issue? A. Modify the CoPP policy to increase the configured exceeded limit for SNMP. B. Modify the access list to include snmptrap. C. Modify the CoPP policy to increase the configured CIR limit for SNMP. D. Modify the access list to add a second line to allow udp any any eq snmp. Correct Answer: B
Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log config all. Which router configuration is needed to resolve this issue? A. MASS-RTR(config)#aaa authentication arap B. MASS-RTR(config-archive-log-cfg)#password encryption aes C. MASS-RTR(config)#service password-encryption D. MASS-RTR(config-archive-log-cfg)#hidekeys Correct Answer: D
Refer to the exhibit. BGP is apping after the CoPP policy is applied. What are the two solutions to fix the issue? (Choose two.) A. configure a higher value for CIR under the Class COPP-CRITICAL-7600. B. configure a higher value for CIR under the default class to allow more packets during peak traffic. C. configure BGP in the COPP-CRITICAL-7600 ACL. D. configure IP CEF for CoPP policy and BGP to work. E. configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600. Correct Answer: BC
Refer to the exhibit. A network administrator configured an IPv6 access list to allow TCP return traffic only, but it is not working as expected. Which changes resolve this issue? A. B. C. D. Correct Answer: A
What are two functions of IPv6 Source Guard? (Choose two.) A. It works independent from IPv6 neighbor discovery. B. It denies traffic from unknown sources or unallocated addresses. C. It uses the populated binding table to allow legitimate traffic. D. It denies traffic by inspecting neighbor discovery packets for specific patterns. E. It blocks certain traffic by inspecting DHCP packets for specific sources. Correct Answer: BC
Which protocol does MPLS use to support traffic engineering? A. TDP B. RSVP C. LDP D. BGP Correct Answer: B
Which IGPs are supported by the MPLS LDP autoconfiguration feature? A. IS-IS and RIPv2 B. RIPv2 and OSPF C. OSPF and EIGRP D. OSPF and IS-IS Correct Answer: D
Which OSI model is used to insert an MPLS label? A. between Layer 2 and Layer 3 B. between Layer 5 and Layer 6 C. between Layer 1 and Layer 2 D. between Layer 3 and Layer 4 Correct Answer: A
Which mechanism provides traffic segmentation within a DMVPN network? A. BGP B. IPsec C. MPLS D. RSVP Correct Answer: C
An engineer configured a company's multiple area OSPF Head office router and Site A Cisco routers with VRF lite. Each site router is connected to a PE router of an MPLS backbone: Head office & Site A - ip cef ip vrf abc rd 101:101 interface FastEthernet0/0 ip vrf forwarding abc ip address 172.16.16.X 255.255.255.252 router ospf 1 vrf abc log-adjacency-changes network 172.16.16.0 0.0.0.255 area 1 After nishing both site router configurations, none of the LSA 3, 4, 5, and 7 are installed at Site A router. Which configuration resolves this issue? A. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf abc B. configure capability vrf-lite on both PE routers connected to Head office and Site A routers under router ospf 1 vrf abc C. configure capability vrf-lite on Head office and its connected PE router under router ospf 1 abc D. configure capability vrf-lite on Head office and Site A routers under router ospf 1 vrf abc Correct Answer: D
Refer to the exhibit. The Los Angeles and New York routers are receiving routers from Chicago but not from each other. Which configuration xes the issue? A. interface Tunnel1 no ip split-horizon eigrp 111 B. interface Tunnel1 ip next-hop-self eigrp 111 C. interface Tunnel1 tunnel mode ipsec ipv4 D. interface Tunnel1 tunnel protection ipsec profile IPSec-PROFILE Correct Answer: A
Refer to the exhibit. The network administrator configured VRF lite for customer A. The technician at the remote site misconfigured VRF on the router. Which configuration will resolve connectivity for both sites of customer_a? B. C. D. E. Correct Answer: D
What does the PE router convert the IPv4 prefix to within an MPLS VPN? A. eBGP path association between the PE and CE sessions B. prefix that combines the ASN, PE router-id, and IP prefix C. 48-bit route combining the IP and PE router-id D. VPN-IPv4 prefix combined with the 64-bit route distinguisher Correct Answer: D
Refer to the exhibit. Which interface configuration must be configured on the HUB router to enable MVPN with mGRE mode? A. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.1.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 172.17.0.1 ip nhrp map 10.0.0.11 172.17.0.2 ip nhrp map 10.0.0.12 172.17.0.3 tunnel mode gre B. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode gre multipoint C. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp network-id 1 tunnel source 172.17.0.1 tunnel mode gre multipoint D. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel destination 172.17.0.2 tunnel mode gre multipoint B Correct Answer:
How are MPLS Layer 3 VPN services deployed? A. The RD and RT values must match under the VR B. The import and export RT values under a VRF must always be the same. C. The label switch path must be available between the local and remote PE routers. D. The RD and RT values under a VRF must match on the remote PE router. Correct Answer: C
Refer to the exhibit. An engineer must establish multipoint GRE tunnels between hub router R6 and branch routers R1, R2, and R3. Which configuration accomplishes this task on R1? A. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre multipoint ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3 B. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/1 tunnel mode gre multipoint ip nhrp nhs 192.168.1.6 ip nhrp map 192. 168.1.6 192.1.10.6 C. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.6 D. interface Tunnel 1 ip address 192.168.1.1 255. 255.255.0 tunnel source e0/1 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.1 ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3 C Correct Answer:
How is VPN routing information distributed in an MPLS network? A. The top level of the customer data packet directs it to the correct CE device. B. It is established using VPN IPsec peers. C. It is controlled through the use of R D. It is controlled using of VPN target communities. Correct Answer: D
IPv6 is enabled in the infrastructure to support customers with an IPv6 network over WAN and to connect the head office to branch offices in the local network. One of the customers is already running IPv6 and wants to enable IPv6 over the DMVPN network infrastructure between the headend and branch sites. Which configuration command must be applied to establish an mGRE IPv6 tunnel neighborship? A. ipv6 nhrp holdtime 30 B. tunnel mode gre multipoint ipv6 C. ipv6 unicast-routing D. tunnel protection mode ipv6 Correct Answer: B
What is a characteristic of Layer 3 MPLS VPNs? A. traffic engineering capabilities provide QoS and SLAs. B. traffic engineering supports multiple IGP instances. C. LSP signaling requires the use of unnumbered IP links for traffic engineering. D. Authentication is performed by using digital certificates or preshared keys. Correct Answer: A
How does an MPLS Layer 3 VPN differentiate the IP address space used between each VPN? A. by RT B. by address family C. by RD D. by MP-BGP Correct Answer: C
Which function does LDP provide in an MPLS topology? A. It enables a MPLS topology to connect multiple VPNs to P routers. B. It provides hop-by-hop forwarding in an MPLS topology for LSRs. C. It exchanges routes for MPLS VPNs across different VRFs. D. It provides a means for LSRs to exchange IP routes. Correct Answer: B
Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64? A. B. C. D. Correct Answer: A
Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable using a secure web browser. What is needed to fix the problem? A. permit tcp port 443 B. permit udp port 465 C. permit tcp port 465 D. permit tcp port 22 Correct Answer: A
Refer to the exhibit. An engineer is trying to configure local authentication on the console line, but the device is trying to authenticate using TACACS+. Which action produces the desired configuration? A. Add the aaa authentication login default none command to the global configuration. B. Replace the capital C with a lowercase c in the aaa authentication login Console local command. C. Add the aaa authentication login default group tacacs+ local-case command to the global configuration. D. Add the login authentication Console command to the line configuration Correct Answer: D
Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect. The engineer connects by using the console and finds the displayed output when troubleshooting. Which command must be used in configuration mode to enable SSH on the device? A. no ip ssh disable B. ip ssh enable C. ip ssh version 2 D. crypto key generate rsa Correct Answer: D
Which transport layer protocol is used to form LDP sessions? A. UDP B. SCTP C. TCP D. RDP Correct Answer: C
Refer to the exhibits. An engineer investigates a routing issue on R1 and finds that traffic destined to 5.5.5.0/24 does not take all of the paths. Which action resolves the issue? A. Increase the variance value in EIGRP. B. Decrease the variance value in EIGRP. C. Remove the adjacency of R3 from EIGRP. D. Stop advertising 192.168.13.0/24 in EIGRP. 20mechanism%20to,means%20equal%2Dcost%20load%20balancing Correct Answer: A
Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in DMVPN. Which two commands are missing? (Choose two.) A. The ip nhrp redirect command is missing on the spoke routers. B. The ip nhrp shortcut command is missing on the spoke routers. C. The ip nhrp redirect command is missing on the hub router. D. The ip nhrp shortcut command is missing on the hub router. E. The ip nhrp map command is missing on the hub router. Correct Answer: BC
Which protocol is used to determine the NBMA address on the other end of a tunnel when mGRE is used? A. NHRP B. IPsec C. MP-BGP D. OSPF Correct Answer: A
A DMVPN single hub topology is using IPsec + mGRE with OSP A. What should be configured on the hub to ensure it will be the designated router? B. route map to set the metrics of learned routes to 110 C. tunnel interface of the hub with ip nhrp ospf dr D. OSPF priority to 0 E. OSPF priority greater than 1 Correct Answer: D
What are two purposes of using IPv4 and VPNv4 address-family configurations in a Layer 3 MPLS VPN? (Choose two.) A. RD is prepended to the IPv4 route to make it unique. B. The VPNv4 address consists of a 64-bit route distinguisher that is prepended to the IPv4 prefix. C. MP-BGP is used to allow overlapping IPv4 addresses between customers to advertise through the network. D. The IPv4 address is needed to tag the MPLS label. E. The VPNv4 address is used to advertise the MPLS VPN label. Correct Answer: AB
What are two functions of MPLS Layer 3 VPNs? (Choose two.) A. It is used for transparent point-to-multipoint connectivity between Ethernet links/sites. B. A packet with node segment ID is forwarded along with shortest path to destination. C. Customer traffic is encapsulated in a VPN label when it is forwarded in MPLS network. D. BGP is used for signaling customer VPNv4 routes between PE nodes. E. LDP and BGP can be used for Pseudowire signaling. Correct Answer: CD
What are two MPLS label characteristics? (Choose two.) A. The label edge router swaps labels on the received packets. B. Labels are imposed in packets after the Layer 3 header. C. LDP uses TCP for reliable delivery of information. D. An MPLS label is a short identifier that identifies a forwarding equivalence class. E. A maximum of two labels can be imposed on an MPLS packet. Correct Answer: CD
Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration? A. multi-paths eibgp 2 B. maximum-paths 2 C. maximum-paths ibgp 2 D. multi-paths 2 Correct Answer: C
Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and both spoke-to-spoke and hub were not establishing. Which two actions resolve the issue? (Choose two.) A. Change the mode from mode tunnel to mode transport on R3. B. Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3. C. configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3. D. configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3. E. Change the mode from mode transport to mode tunnel on R2. Correct Answer: AD
Which statement about route distinguishers in an MPLS network is true? A. Route distinguishers allow multiple instances of a routing table to coexist within the edge router. B. Route distinguishers are used for label bindings. C. Route distinguishers make a unique VPNv4 address across the MPLS network. D. Route distinguishers define which prefixes are imported and exported on the edge router. Correct Answer: C
Which statement about MPLS LDP router ID is true? A. If not configured, the operational physical interface is chosen as the router ID even if a loopback is configured. B. The loopback with the highest IP address is selected as the router I C. The MPLS LDP router ID must match the IGP router I D. The force keyword changes the router ID to the speci ed address without causing any impact. Correct Answer: B
Refer to the exhibit. Which interface configuration must be configured on the spoke A router to enable a dynamic DMVPN tunnel with the spoke B router? A. B. C. D. Correct Answer: B
Which list defines the contents of an MPLS label? A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL B. 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL C. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit D. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit Correct Answer: A
Refer to the exhibit. What does the imp-null tag represent in the MPLS VPN cloud? A. Pop the label B. Impose the label C. Include the EXP bit D. Exclude the EXP bit Correct Answer: A
Refer to the exhibits. Which configuration allows spoke-to-spoke communication using loopback as a tunnel source? A. configure crypto isakmp key cisco address 0.0.0.0 on the hub B. configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the hub C. configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the spokes D. configure crypto isakmp key cisco address 0.0.0.0 on the spokes Correct Answer: D
How does an MPLS Layer 3 VPN function? A. multiple customer sites interconnect through service provider network to create secure tunnels between customer edge devices B. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity C. set of sites interconnect privately over the Internet for security D. set of sites use multiprotocol BGP at the customer site for aggregation Correct Answer: B
Which two protocols work in the control plane of P routers across the MPLS cloud? (Choose two.) A. ECMP B. LDP C. RSVP D. MPLS OAM E. LSP Correct Answer: BC
Refer to the exhibit. An engineer has configured DMVPN on a spoke router. What is the WAN IP address of another spoke router within the DMVPN network? A. 172.18.46.2 B. 172.18.16.2 C. 192.168.1.1 D. 192.168.1.4 Correct Answer: D
What are two functions of LDP? (Choose two.) A. It advertises labels per Forwarding Equivalence Class. B. It uses Forwarding Equivalence Class. C. It is defined in RFC 3038 and 3039. D. It requires MPLS traffic Engineering. E. It must use Resource Reservation Protocol. Correct Answer: AB
Refer to the exhibit. BGP and EIGRP are mutually redistributed on R3, and EIGRP and OSPF are mutually redistributed on R1. Users report packet loss and interruption of service to applications hosted on the 10.1.1.0/24 prefix. An engineer tested the link from R3 to R4 with no packet loss present but has noticed frequent routing changes on R3 when running the debug ip route command. Which action stabilizes the service? A. Reduce frequent OSPF SPF calculations on R3 that cause a high CPU and packet loss on traffic traversing R3. B. Tag the 10.1.1.0/24 prefix and deny the prefix from being redistributed into OSPF on R1. C. Place an OSPF distribute-list outbound on R3 to block the 10.1.1.0/24 prefix from being advertised back to R3. D. Repeat the test from R4 using ICMP ping on the local 10.1.1.0/24 prefix, and x any Layer 2 errors on the host or switch side of the subnet. Correct Answer: B
Refer to the exhibit. An engineer has configured policy-based routing and applied the configuration to the correct interface. How is the configuration applied to the traffic that matches the access list? A. It is forwarded using the routing table lookup. B. It is sent to 209.165.202.129. C. It is dropped. D. It is sent to 209.165.202.131. Correct Answer: D
Refer to the exhibit. A network administrator reviews the branch router console log to troubleshoot the OSPF adjacency issue with the DR router. Which action resolves this issue? A. Stabilize the DR site apping link to establish OSPF adjacency. B. Advertise the branch WAN interface matching subnet for the DR site. C. configure the WAN interface for DR site in the related OSPF area. D. configure matching hello and dead intervals between sites. Correct Answer: B
Refer to the exhibit. When the FastEthernet0/1 goes down, the route to 172.29.0.0/16 via 192.168.253.2 is not installed in the RI A. Which action resolves the issue? B. configure feasible distance greater than the reported distance. C. configure feasible distance greater than the successor's feasible distance. D. configure reported distance greater than the successor's feasible distance. E. configure reported distance greater than the feasible distance. Correct Answer: A
Refer to the exhibit. AS111 is receiving its own routes from AS200 causing a loop in the network. Which configuration provides loop prevention? A. router bgp 111 neighbor 195.1.1.1 as-override no neighbor 195.1.2.2 allowas-in B. router bgp 111 no neighbor 195.1.1.1 allowas-in no neighbor 195.1.2.2 allowas-in C. router bgp 111 neighbor 195.1.2.2 as-override no neighbor 195.1.1.1 allowas-in D. router bgp 111 neighbor 195.1.1.1 as-overridefineighbor 195.1.2.2 as-override B Correct Answer:
Refer to the exhibit. AS65510 iBGP is configured for directly connected neighbors. R4 cannot ping or traceroute network 192.168.100.0/24. Which action resolves this issue? A. configure R1 as a route reflector server and configure R2 and R3 as route reflector clients. B. configure R4 as a route reflector server and configure R2 and R3 as route reflector clients. C. configure R4 as a route reflector server and configure R1 as a route reflector client. D. configure R1 as a route reflector server and configure R4 as a route reflector client. Correct Answer: D
Users report issues with reachability between areas as soon as an engineer configured summary routes between areas in a multiple area OSPF autonomous system. Which action resolves the issue? A. configure the area range command on the ASBR. B. configure the summary-address command on the ASBR. C. configure the summary-address command on the ABR. D. configure the area range command on the ABR. Correct Answer: D
Refer to the exhibit. Which set of commands restore reachability to loopback0? A. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf network point-to-point B. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf interface area 10 C. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf network broadcast D. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf interface type network A Correct Answer:
AS 111 wanted to use AS 200 as the preferred path for 172.20.5.0/24 and AS 100 as the backup. After the configuration, AS 100 is not used for any other routes. Which configuration resolves the issue? A. route-map SETLP permit 10 match ip address prefix-list PLIST1 set local-preference 99 route-map SETLP permit 20 B. router bgp 111 no neighbor 192.168.10.1 route-map SETLP in neighbor 192.168.20.2 route-map SETLP in C. route-map SETLP permit 10 match ip address prefix-list PLIST1 set local-preference 110 route-map SETLP permit 20 D. router bgp 111 no neighbor 192.168.10.1 route-map SETLP in neighbor 192.168.10.1 route-map SETLP out A here is an implicit deny all at the end of any route-map so all other traffic that does not match 172.20.5.0/24 would be dropped. Therefore, we have to add a permit sequence at the end of the route-map to allow other traffic. The default value of Local Preference is 100 and higher value is preferred so we have to set the local preference of AS100 lower than that of AS200. Correct Answer: T
Refer to the exhibit. The ISP router is fully configured for customer A and customer B using the VRF-Lite feature. What is the minimum configuration required for customer A to communicate between routers A1 and A2? A. A1 interface fa0/0 description To->ISP ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 net 172.31.100.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip add 172.31.200.1 255.255.255.0 no shut ! router ospf 100 net 172.31.200.1 0.0.0.255 area 0 B. A1 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 vrf A net 172.31.200.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 vrf A net 172.31.200.1 0.0.0.255 area 0 C. A1 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 net 172.31.100.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.200.1 255.255.255.0 no shut ! router ospf 100 net 172.31.200.1 0.0.0.255 area 0 D. A1 interface fa0/0 description To->ISP ip add 172.31.200.1 255.255.255.0 no shut ! router ospf 100 net 172.31.200.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 net 172.31.100.1 0.0.0.255 area 0 A Correct Answer:
An engineer is implementing a coordinated change with a server team. As part of the change, the engineer must configure interface GigabitEthernet2 in an existing VRF "RED" then move the interface to an existing VRF "BLUE" when the server team is ready. The engineer configured interface GigabitEthernet2 in VRF "RED": interface GigabitEthernet2 description Migration ID: B410A82D0935G35 vrf forwarding RED ip address 10.0.0.0 255.255.255.254 negotiation auto Which configuration completes the change? A. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE ip address 10.0.0.0 255.255.255.254 B. interface GigabitEthernet2 no ip address vrf forwarding BLUE C. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE D. interface GigabitEthernet2 no ip address ip address 10.0.0.0 255.255.255.254 vrf forwarding BLUE Correct Answer: A
Refer to the exhibit. R5 should not receive any routes originated in the EIGRP domain. Which set of configuration changes removes the EIGRP routes from the R5 routing table to fix the issue? A. R4 route-map O2R deny 10 match tag 111 route-map O2R permit 20 ! router rip redistribute ospf 1 route-map O2R metric 1 B. R2 route-map E20 deny 20 R4 route-map O2R deny 10 match tag 111 ! router rip redistribute ospf 1 route-map O2R metric 1 C. R4 route-map O2R permit 10 match tag 111 route-map O2R deny 20 ! router rip redistribute ospf 1 route-map O2R metric 1 D. R4 route-map O2R deny 10 match tag 111 ! router rip redistribute ospf 1 route-map O2R metric 1 A Correct Answer:
Refer to the exhibit. The network administrator configured the network to connect two disjointed networks and all the connectivity is up except the virtual link, which causes area 250 to be unreachable. Which two configurations resolve this issue? (Choose two.) A. R2 router ospf 1 no area 234 virtual-link 10.34.34.4 area 234 virtual-link 0.0.0.44 B. R2 router ospf 1 no area 234 virtual-link 10.34.34.4 area 0 virtual-link 0.0.0.44 C. R4 router ospf 1 no area 234 virtual-link 10.23.23.2 area 0 virtual-link 0.0.0.22 D. R2 router ospf 1 router-id 10.23.23.2 E. R4 router ospf 1 no area 234 virtual-link 10.23.23.2 area 234 virtual-link 0.0.0.22 Correct Answer: AE
Refer to the exhibit. A network administrator sets up an OSPF routing protocol for a DMVPN network on the hub router. Which configuration command is required to establish a DMVPN tunnel with multiple spokes? A. ip ospf network point-to-point on the hub router B. ip ospf network point-to-multipoint on one spoke router C. ip ospf network point-to-multipoint on both spoke routers D. ip ospf network point-to-point on both spoke routers Correct Answer: C
Refer to the exhibit. The Internet traffic should always prefer Site-A ISP-1 if the link and BGP connection are up; otherwise, all Internet traffic should go to ISP-2. Redistribution is configured between BGP and OSPF routing protocols, and it is not working as expected. What action resolves the issue? A. Set OSPF Cost 200 at Site-A RTR1, and set OSPF Cost 100 at Site-B RTR2. B. Set metric-type 2 at Site-A RTR1, and set metric-type 1 at Site-B RTR2. C. Set metric-type 1 at Site-A RTR1, and set metric-type 2 at Site-B RTR2. D. Set OSPF Cost 100 at Site-A RTR1, and set OSPF Cost 200 at Site-B RTR2. Correct Answer: C
Refer to the exhibit. An engineer has configured R1 as EIGRP stub router. After the configuration, router R3 failed to reach to R2 loopback address. Which action advertises R2 loopback back into the R3 routing table? A. Add a static route for R2 loopback address in R1 and redistribute it to advertise to R3. B. Use a leak map on R1 that matches the required prefix and apply it with the distribute list command toward R3. C. Use a leak map on R3 that matches the required prefix and apply it with the EIGRP stub feature. D. Add a static null route for R2 loopback address in R1 and redistribute it to advertise to R3. Correct Answer: B
Refer to the exhibit. The branch router is configured with a default route toward the Internet and has no routes configured for the HQ site that is connected through interface G2/0. The HQ router is fully configured and does not require changes. Which configuration on the branch router makes the intranet website (TCP port 80) available to the branch office users? A. access-list 101 permit tcp any any eq 80 access-list 102 permit tcp any host intranet-webserver-ip ! route-map pbr permit 10 match ip address 101 set ip next-hop 192.168.2.2 route-map pbr permit 20 match ip address 102 set ip next-hop 192.168.2.2 ! interface G2/0 ip policy route-map pbr B. access-list 100 permit tcp host intranet-webserver-ip eq 80 any ! route-map pbr permit 10 match ip address 100 set ip next-hop 192.168.2.2 ! interface G1/0 ip policy route-map pbr C. access-list 100 permit tcp any host intranet-webserver-ip eq 80 ! route-map pbr permit 10 match ip address 100 set ip next-hop 192.168.2.2 ! interface G2/0 ip policy route-map pbr D. access-list 101 permit tcp any any eq 80 access-list 102 permit tcp any host intranet-webserver-ip ! route-map pbr permit 10 match ip address 101 102 set ip next-hop 192.168.2.2 ! interface G1/0 ip policy route-map pbr D Correct Answer:
R1 and R2 are configured as eBGP neighbors. R1 is in AS100 and R2 is in AS200. R2 is advertising these networks to R1: 172.16.16.0/20 172.16.3.0/24 172.16.4.0/24 192.168.1.0/24 192.168.2.0/24 172.16.0.0/16 The network administrator on R1 must improve convergence by blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in. Which set of configurations accomplishes the task on R1? A. ip prefix-list PL-1 deny 172.16.0.0/16 ge 23 ip prefix-list PL-1 permit 0.0.0.0/0 file 32 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in B. ip prefix-list PL-1 deny 172.16.0.0/16 file 23 ip prefix-list PL-1 permit 0.0.0.0/0 file 32 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in C. ip prefix-list PL-1 deny 172.16.0.0/16 ip prefix-list PL-1 permit 0.0.0.0/0 ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in D. access-list 1 deny 172.16.0.0 0.0.254.255 access-list 1 permit any ! router bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 distribute-list 1 in Correct Answer: B
Refer to the exhibit. An engineer configures the router 10.1.100.10 for EIGRP autosummarization so that R1 should receive the summary route of 10.0.0.0/8. However, R1 receives more specific /24 routes. Which action resolves this issue? A. Router R1 should configure ip summary address eigrp (AS number) 10.0.0.0 255.0.0.0 for the R1 Fast Ethernet 0/0 connected interface. B. Router R1 should configure ip route 10.0.0.0 255.0.0.0 null 0 for the routes that are received on R1. C. Router 10.1.100.10 should configure ip route 10.0.0.0 255.0.0.0 null 0 for the routes that are summarized toward R1. D. Router 10.1.100.10 should configure ip summary address eigrp (AS number) 10.0.0.0 255.0.0.0 for the R1 Fast Ethernet 0/0 connected interface. Correct Answer: D
Refer to the exhibit. Which command must be configured to make VRF CCNP work? A. interface Loopback0 ip address 10.1.1.1 255.255.255.0 vrf forwarding CCNP B. interface Loopback0 ip address 10.1.1.1 255.255.255.0 C. interface Loopback0 vrf forwarding CCNP D. interface Loopback0 ip address 10.1.1.1 255.255.255.0 ip vrf forwarding CCNP B Correct Answer:
When determining if a system is capable of support, what is the minimum time spacing required for a BFD control packet to receive once a control packet is arrived? A. Desired Min TX Interval B. Detect Mult C. Required Min RX Interval D. Required Min Echo RX Interval Correct Answer: C
An engineer is configuring a network and needs packets to be forwarded to an interface for any destination address that is not in the routing table. What should be configured to accomplish this task? A. set ip next-hop B. set ip default next-hop C. set ip next-hop recursive D. set ip next-hop verify-availability Correct Answer: B
What is an advantage of using BFD? A. It detects local link failure at layer 1 and updates the routing table. B. It detects local link failure at layer 3 and updates the routing protocols. C. It has sub-second failure detection for layer 1 and layer 3 problems. D. It has sub-second failure detection for layer 1 and layer 2 problems. Correct Answer: D
An engineer needs dynamic routing between two routers and is unable to establish OSPF adjacency. The output of the show ip ospf neighbor command shows that the neighbor state is EXSTART/EXCHANG A. Which action should be taken to resolve this issue? B. match the passwords C. match the hello timers D. match the MTUs E. match the network types Correct Answer: C
Refer to the exhibit. R1 is connected with R2 via GigabitEthernet0/0, and R2 cannot ping R1. What action will x the issue? A. Fix route dampening configured on the router. B. Replace the SFP module because it is not supported. C. Fix IP Event Dampening configured on the interface. D. Correct the IP SLA probe that failed. Correct Answer: C
Refer to the exhibits. A user on the 192.168.1.0/24 network can successfully ping 192.168.3.1, but the administrator cannot ping 192.168.3.1 from the LA router. Which set of configurations xes the issue? A. B. C. D. Correct Answer: D
Refer to the exhibit. A network administrator configured mutual redistribution on R1 and R2 routers, which caused instability in the network. Which action resolves the issue? A. Set a tag in the route map when redistributing EIGRP into OSPF on R1, and match the same tag on R2 to deny when redistributing OSPF into EIGRP. B. Set a tag in the route map when redistributing EIGRP into OSPF on R1, and match the same tag on R2 to allow when redistributing OSPF into EIGRP. C. Apply a prefix list of EIGRP network routes in OSPF domain on R1 to propagate back into the EIGRP routing domain. D. Advertise summary routes of EIGRP to OSPF and deny specific EIGRP routes when redistributing into OSP E. Correct Answer: A
Refer to the exhibit. A network engineer for AS64512 must remove the inbound and outbound traffic from link A during maintenance without closing the BGP session so that there is still a backup link over link A toward the ASN. Which BGP configuration on R1 accomplishes this goal? A. B. C. D. Correct Answer: C
An engineer configured access list NON-CISCO in a policy to influence routes. What are the two effects of this route map configuration? (Choose two.) A. Packets are forwarded using normal route lookup. B. Packets are forwarded to the default gateway. C. Packets are dropped by the access list. D. Packets are evaluated by sequence 10. E. Packets are not evaluated by sequence 10. Correct Answer: BD
Refer to the exhibits. To provide reachability to network 10.1.1.0/24 from R5, the network administrator redistributes EIGRP into OSPF on R3 but notices that R4 is now taking a suboptimal path through R5 to reach 10.1.1.0/24 network. Which action xes the issue while keeping the reachability from R5 to 10.1.1.0/24 network? A. Change the administrative distance of the external EIGRP to 90. B. Apply the outbound distribution list on R5 toward R4 in OSP C. Change the administrative distance of OSPF to 200 on R5. D. Redistribute OSPF into EIGRP on R4. Correct Answer: A
Refer to the exhibits. All the serial links between R1, R2, and R3 have the same bandwidth. Users on the 192.168.1.0/24 network report slow response times while they access resources on network 192.168.3.0/24. When a traceroute is run on the path, it shows that the packet is getting forwarded via R2 to R3 although the link between R1 and R3 is still up. What must the network administrator do to fix the slowness? A. Add a static route on R1 using the next hop of R3. B. Remove the static route on R1. C. Change the Administrative Distance of EIGRP to 5. D. Redistribute the R1 static route to EIGRP. Correct Answer: B
Refer to the exhibit. The R1 and R2 configurations are: The neighbor relationship is not coming up. Which two sets of configurations bring the neighbors up? (Choose two.) A. B. C. D. E. Correct Answer: DE
Refer to the exhibit. The network administrator must mutually redistribute routes at the Chicago router to the LA and NewYork routers. The configuration of the Chicago router is this: After the configuration, the LA router receives all the NewYork routes, but the NewYork router does not receive any LA routes. Which set of configurations xes the problem on the Chicago router? A. B. C. D. Correct Answer: B
Refer to the exhibit. An engineer wanted to set a tag of 30 to route 10.1.80.65/32 but it failed. How is the issue fixed? A. Modify route-map ospf-to-eigrp permit10 and match prefix-list ccnp2. B. Modify prefix-list ccnp3 to add 10.1.64.0/20 ge 32. C. Modify prefix-list ccnp3 to add 10.1.64.0/20 file 24. D. Modify route-map ospf-to-eigrp permit 30 and match prefix-list ccnp2. Correct Answer: D
Refer to the exhibits. A company with autonomous system number AS65401 has obtained IP address block 209.165.200.224/27 from ARIN. The company needed more IP addresses and was assigned block 209.165.202.128/27 from ISP2. An engineer in ISP1 reports that they are receiving ISP2 routes from AS65401. Which configuration on R1 resolves the issue? A. B. C. D. Correct Answer: A
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used as a transit AS router for several service providers. Which configuration ensures that the branch router in AS 45123 advertises only the local networks to all SP neighbors? A. B. C. D. Correct Answer: C
A network administrator is troubleshooting a high utilization issue on the route processor of a router that was reported by NMS. The administrator logged into the router to check the control plane policing and observed that the BGP process is dropping a high number of routing packets and causing thousands of routes to recalculate frequently. Which solution resolves this issue? A. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action set-frde-transmit. B. Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp-transmit. C. Shape the cir for BGP, conform-action transmit, and exceed action transmit. D. Police the cir for BGP, conform-action transmit, and exceed action transmit. Correct Answer: D
Which mechanism must be chosen to optimize the reconvergence time for OSPF at company location 408817202 that is less CPU-intensive than reducing the hello and dead timers? A. sso B. BFD C. Dead Peer Detection keepalives D. OSPF demand circuit Correct Answer: B
Refer to the exhibit. An engineer configured BGP between routers R1 and R3. The BGP peers cannot establish neighbor adjacency to be able to exchange routes. Which configuration resolves this issue? A. R1 router bgp 6501 address-family ipv6 neighbor AB01:2011:7:100::3 activate B. R3 router bgp 6502 address-family ipv6 neighbor AB01:2011:7:100::1 activate C. R1 router bgp 6501 neighbor AB01:2011:7:100::3 ebgp-multihop 255 D. R3 router bgp 6502 neighbor AB01:2011:7:100::1 ebgp-multihop 255 Correct Answer: B
Refer to the exhibit. Which action resolves the adjacency issue? A. configure the same autonomous system numbers. B. Match the hello interval timers. C. Match the authentication keys. D. configure the same EIGRP process IDs. Correct Answer: A
Which configuration enables the VRF that is labeled `Inet` on FastEthernet0/0? A. R1(config)# ip vrf Inet R1(config-vrf)#ip vrf FastEthernet0/0 B. R1(config)#ip vrf Inet FastEthernet0/0 C. R1(config)# ip vrf Inet R1(config-vrf)#interface FastEthernet0/0 R1(config-if)#ip vrf forwarding Inet D. R1(config)#router ospf 1 vrf Inet R1(config-router)#ip vrf forwarding FastEthernet0/0 Correct Answer: C
Refer to the exhibit. After redistribution is enabled between the routing protocols; PC2, PC3, and PC4 cannot reach PC1. Which action can the engineer take to solve the issue so that all the PCs are reachable? A. Set the administrative distance 100 under the RIP process on R2. B. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP. C. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP. D. Redistribute the directly connected interfaces on R2. Correct Answer: B
Refer to the exhibit. A router is receiving BGP routing updates from multiple neighbors for routes in AS 690. What is the reason that the router still sends traffic that is destined to AS 690 to a neighbor other than 10.222.1.1? A. The local preference value in another neighbor statement is higher than 250. B. The local preference value should be set to the same value as the weight in the route map. C. The route map is applied in the wrong direction. D. The weight value in another neighbor statement is higher than 200. Correct Answer: D
Refer to the exhibit. R1 and R2 cannot establish an EIGRP adjacency. Which action establishes EIGRP adjacency? A. Remove the current autonomous system number on one of the routers and change to a different value. B. Add the passive-interface command to the R1 configuration so that it matches the R2 configuration. C. Remove the passive-interface command from the R2 configuration so that it matches the R1 configuration. D. Add the no auto-summary command to the R2 configuration so that it matches the R1 configuration. Correct Answer: C
An engineer configured policy-based routing for a destination IP address that does not exist in the routing table. How is the packet treated through the policy for configuring the set ip default next-hop command? A. Packets are not forwarded to the specific next hop. B. Packets are forwarded based on the routing table. C. Packets are forwarded based on a static route. D. Packets are forwarded to the specific next hop. Correct Answer: A
Refer to the exhibit. The administrator configured route advertisement to a remote low resources router to use only the default route to reach any network but failed. Which action resolves this issue? A. Remove the prefix keyword from the distribute-list command. B. Remove the line with the sequence number 10 from the prefix list. C. Change the direction of the distribute-list command from out to in. D. Remove the line with the sequence number 5 from the prefix list. Correct Answer: D
Refer to the exhibit. The network administrator configured the branch router for IPv6 on the E 0/0 interface. The neighboring router is fully configured to meet requirements, but the neighbor relationship is not coming up. Which action xes the problem on the branch router to bring the IPv6 neighbors up? A. Disable OSPF for IPv4 using the no ospfv3 4 area 0 ipv4 command under the E 0/0 interface. B. Enable the IPv4 address family under the router ospfv3 4 process by using the address-family ipv4 unicast command. C. Disable IPv6 on the E 0/0 interface using the no ipv6 enable command. D. Enable the IPv4 address family under the E 0/0 interface by using the address-family ipv4 unicast command. Correct Answer: B
Refer to the exhibit. The network administrator has configured the Customer Edge router (AS 64511) to send only summarized routes toward ISP-1 (AS 100) and ISP-2 (AS 200). After this configuration, ISP-1 and ISP-2 continue to receive the specific routes and the summary route. Which configuration resolves the issue? A. B. C. D. Correct Answer: A
Refer to the exhibit. R2 has two paths to reach 192.168.13.0/24, but traffic is sent only through R3. Which action allows traffic to use both paths? A. configure the variance 4 command under the EIGRP process on R2. B. configure the bandwidth 2000 command under interface FastEthernet0/0 on R2. C. configure the delay 1 command under interface FastEthernet0/0 on R2. D. configure the variance 2 command under the EIGRP process on R2. Correct Answer: A
Refer to the exhibit. The OSPF neighbor relationship is not coming up. What must be configured to restore OSPF neighbor adjacency? A. matching hello timers B. OSPF on the remote router C. use router ID D. matching mtu values Correct Answer: D
An engineer configured two routers connected to two different service providers using BGP with default attributes. One of the links is presenting high delay, which causes slowness in the network. Which BGP attribute must the engineer configure to avoid using the high-delay ISP link if the second ISP link is up? A. AS-PATH B. WEIGHT C. MED D. LOCAL_PREF Correct Answer: D
Refer to the exhibit. A network administrator redistributed the default static route into OSPF toward all internal routers to reach to Internet. Which set of commands restores reachability to the Internet by internal routers? A. router ospf 1 redistribute static subnets B. router ospf 1 network 0.0.0.0 0.0.0.0 area 0 C. router ospf 1 redistribute connected 0.0.0.0 D. router ospf 1 default-information originate Correct Answer: D
Refer to the exhibit. The Math and Science departments connect through the corporate IT router, but users in the Math department must not be able to reach the Science department and vice versa. Which configuration accomplishes this task? A. vrf definition Science address-family ipv4 ! interface E 0/2 ip address 192.168.1.1 255.255.255.0 no shut ! interface E 0/3 ip address 192.168.2.1 255.255.255.0 no shut B. vrf definition Science address-family ipv4 ! interface E 0/2 vrf forwarding Science ip address 192.168.1.1 255.255.255.0 no shut ! interface E 0/3 vrf forwarding Science ip address 192.168.2.1 255.255.255.0 no shut C. vrf definition Science address-family ipv4 ! interface E 0/2 ip address 192.168.1.1 255.255.255.0 vrf forwarding Science no shut ! interface E 0/3 ip address 192.168.2.1 255.255.255.0 vrf forwarding Science no shut D. vrf definition Science ! interface E 0/2 ip address 192.168.1.1 255.255.255.0 no shut ! interface E 0/3 ip address 192.168.2.1 255.255.255.0 no shut Correct Answer: B
Refer to the exhibit. The neighbor relationship is not coming up. Which two configurations bring the adjacency up? (Choose two.) A. LA interface E 0/0 ip ospf authentication-key Cisco123 B. NY interface E 0/0 no ip ospf message-digest-key 1 md5 Cisco123 ip ospf authentication-key Cisco123 C. LA interface E 0/0 ip ospf message-digest-key 1 md5 Cisco123 D. LA router ospf 1 area 0 authentication message-digest E. NY router ospf 1 area 0 authentication message-digest Correct Answer: CD
Refer to the exhibit. The network administrator configured redistribution on an ASBR to reach to all WAN networks but failed. Which action resolves the issue? A. The route map EIGRP->OSPF must have the 10.0.106.0/24 entry to exist in one of the three prefix lists to pass B. EIGRP must redistribute the 10.0.106.0/24 route instead of using the network statement C. The OSPF process must have a metric when redistributing prefixes from EIGRP D. The route map must have the keyword prefix-list to evaluate the prefix list entries D Correct Answer:
Refer to the exhibit. An engineer configured R2 and R5 as route reflectors and noticed that not all routes are sent to R1 to advertise to the eBGP peers. Which iBGP routers must be configured as route reflectors to advertise all routes to restore reachability across all networks? A. R1 and R4 B. R1 and R5 C. R4 and R5 D. R2 and R5 Correct Answer: C
Refer to the exhibits. SanFrancisco and Boston routers are choosing slower links to reach each other despite the direct links being up. Which configuration xes the issue? A. All Routers router ospf 1 auto-cost reference-bandwidth 100 B. SanFrancisco Router router ospf 1 auto-cost reference-bandwidth 1000 C. Boston Router router ospf 1 auto-cost reference-bandwidth 1000 D. All Routers router ospf 1 auto-cost reference-bandwidth 1000 Correct Answer: D
Refer to the exhibit. Troubleshoot and ensure that branch ' only ever uses the MPLS ' network to reach HQ. Which action achieves this requirement? A. Introduce AS path prepending on the branch A MPLS ' network connection so that any HQ advertisements from branch A toward the MPLS ' network are prepended three times B. Modify the weight of all HQ prefixes received at branch ' from the MPLS ' network to be higher than the weights used on the MPLS A network C. Increase the local preference for all HQ prefixes received at branch ' from the MPLS ' network to be higher than the local preferences used on the MPLS A network D. Introduce an AS path filter on branch A routers so that only local prefixes are advertised into BGP B Correct Answer:
Refer to the exhibit. The OSPF routing protocol is redistributed into the BGP routing protocol, but not all the OSPF routes are distributed into BGP. Which action resolves the issue? A. Include the word external in the redistribute command B. Use a route-map command to redistribute OSPF external routes defined in an access list C. Include the word internal external in the redistribute command D. Use a route-map command to redistribute OSPF external routes defined in a prefix list C Correct Answer:
Refer to the exhibit. Routing protocols are mutually redistributed on R3 and R1. Users report intermittent connectivity to services hosted on the 10.1.1.0/24 prefix. significant routing update changes are noticed on R3 when the show ip route profile command is run. How must the services be stabilized? A. The routing loop must be fixed by reducing the admin distance of OSPF from 110 to 80 on R3 B. The routing loop must be fixed by reducing the admin distance of iBGP from 200 to 100 on R3 C. The issue with using BGP must be resolved by using another protocol and redistributing it into EIGRP on R3 D. The issue with using iBGP must be fixed by running eBGP between R3 and R4 Correct Answer: B
Refer to the exhibit. Users in the branch network of 2001:db8:0:4::/64 report that they cannot access the Internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this issue? A. Issue the eigrp stub command on R1. B. Issue the no eigrp stub command on R1. C. Issue the eigrp stub command on R2. D. Issue the no eigrp stub command on R2. Correct Answer: B
Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that is sourced from the 192.168.130.0/24 network to R2? A. B. C. D. Correct Answer: D
R2 has a locally originated prefix 192.168.130.0/24 and has these configurations: What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1.1) by using the neighbor 1.1.1.1 route-map OUT out command? A. R1 sees 192.168.130.0/24 as two AS hops away instead of one AS hop away. B. R1 does not accept any routes other than 192.168.130.0/24 C. R1 does not forward traffic that is destined for 192.168.30.0/24 D. Network 192.168.130.0/24 is not allowed in the R1 table Correct Answer: A
Which method changes the forwarding decision that a router makes without first changing the routing table or influencing the IP data plane? A. nonbroadcast multiaccess B. packet switching C. policy-based routing D. forwarding information base Correct Answer: C
Refer to the exhibits. The output of the trace route from R5 shows a loop in the network. Which configuration prevents this loop? A. B. C. D. Correct Answer: B
Refer to the exhibit. An engineer configures a static route on a router, but when the engineer checks the route to the destination, a different next hop is chosen. What is the reason for this? A. Dynamic routing protocols always have priority over static routes. B. The metric of the OSPF route is lower than the metric of the static route. C. The configured AD for the static route is higher than the AD of OSP D. The syntax of the static route is not valid, so the route is not considered. Correct Answer: C
Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network 10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary route missing? A. The summary-address command is used only for summarizing prefixes between areas. B. The summary route is visible only in the OSPF database, not in the routing table. C. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated. D. The summary route is not visible on this router, but it is visible on other OSPF routers in the same area. Correct Answer: C
Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table by using the configuration that is shown. The route is still present in the routing table as an OSPF route. Which action blocks the route? A. Use an extended access list instead of a standard access list. B. Change sequence 10 in the route-map command from permit to deny. C. Use a prefix list instead of an access list in the route map. D. Add this statement to the route map: route-map RM-OSPF-DL deny 20. Correct Answer: C
What is a prerequisite for configuring BFD? A. Jumbo frame support must be configured on the router that is using BF B. All routers in the path between two BFD endpoints must have BFD enabled. C. Cisco Express Forwarding must be enabled on all participating BFD endpoints. D. To use BFD with BGP, the timers 3 9 command must first be configured in the BGP routing process. Correct Answer: C
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route reflector learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3. What is the reason the route is not advertised? A. R2 does not have a route to the next hop, so R2 does not advertise the prefix to other clients. B. Route reflector setup requires full IBGP mesh between the routers. C. In route reflector setup, only classful prefixes are advertised to other clients. D. In route reflector setups, prefixes are not advertised from one client to another. Correct Answer: A
Refer to the exhibit. An engineer is trying to redistribute OSPF to BGP, but not all of the routes are redistributed. What is the reason for this issue? A. By default, only internal routes and external type 1 routes are redistributed into BGP B. Only classful networks are redistributed from OSPF to BGP C. BGP convergence is slow, so the route will eventually be present in the BGP table D. By default, only internal OSPF routes are redistributed into BGP Correct Answer: D
Refer to the exhibit. In which circumstance does the BGP neighbor remain in the idle condition? A. if prefixes are not received from the BGP peer B. if prefixes reach the maximum limit C. if a prefix list is applied on the inbound direction D. if prefixes exceed the maximum limit Correct Answer: D
Which attribute eliminates LFAs that belong to protected paths in situations where links in a network are connected through a common fiber? A. shared risk link group-disjoint B. linecard-disjoint C. lowest-repair-path-metric D. interface-disjoint Correct Answer: B
Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the clock on the device does not correspond to the time stamp of the log entries. Which action ensures consistency between the two times? A. configure the service timestamps log uptime command in global configuration mode. B. configure the logging clock synchronize command in global configuration mode. C. configure the service timestamps log datetime localtime command in global configuration mode. D. Make sure that the clock on the device is synchronized with an NTP server. Correct Answer: D
Refer to the exhibit. What is the result of applying this configuration? A. The router can form BGP neighborships with any other device. B. The router cannot form BGP neighborships with any other device. C. The router cannot form BGP neighborships with any device that is matched by the access list named BGP . D. The router can form BGP neighborships with any device that is matched by the access list named BGP . Correct Answer: A
Which command displays the IP routing table information that is associated with VRF-Lite? A. show ip vrf B. show ip route vrf C. show run vrf D. show ip protocols vrf Correct Answer: B
Refer to the exhibit. Which subnet is redistributed from EIGRP to OSPF routing protocols? A. 10.2.2.0/24 B. 10.1.4.0/26 C. 10.1.2.0/24 D. 10.2.3.0/26 Correct Answer: A
Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family configuration? A. router ospfv3 1 address-family ipv4 B. Router(config-router)#ospfv3 1 ipv4 area 0 C. Router(config-if)#ospfv3 1 ipv4 area 0 D. router ospfv3 1 address-family ipv4 unicast Correct Answer: D
Refer to the exhibit. Which statement about R1 is true? A. OSPF redistributes RIP routes only if they have a tag of one. B. RIP learned routes are distributed to OSPF with a tag value of one. C. R1 adds one to the metric for RIP learned routes before redistributing to OSP D. RIP routes are redistributed to OSPF without any changes. Correct Answer: B
Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface. The route has changed to flow through router R2. Which debug command is used to troubleshoot this issue? A. debug ip flow B. debug ip sla error C. debug ip routing D. debug ip packet Correct Answer: C