300-410: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) Part 6
Question #: 301
Topic #: 1
Which of the following are used to validate the source of IPv6 traffic and are considered IPv6 layer 2 snooping features? (Choose two.)
A. DHCPv6 Guard
B. DHCPv6 Root Guard
C. IPv6 Source Guard
D. IPv6 Prefix Guard
Selected Answer: CD
Question #: 302
Topic #: 1
You want to implement AAA on router R1 for a more robust authentication and authorization system. What is typically the first global command used to do this?
A. aaa new-model
B. aaa enable
C. aaa server-group
D. aaa authentication login
Selected Answer: A
Question #: 303
Topic #: 1
A time based access list has been configured on R1 to allow SSH access to the device only on weekdays. Which of the following are valid options when using the time range command? (Choose two.)
A. relative
B. recurring
C. absolute
D. periodic
Selected Answer: CD
Question #: 304
Topic #: 1
First-Hop Security (FHS) is a set of features to optimize IPv6 link operation, and help with scale in large L2 domains. Which of the following are valid First-Hop Security features supported by Cisco? (Choose three.)
A. IPv6 RA Guard
B. IPv6 Source Guard
C. DHCPv6 Guard
D. IPv6 Snooping
E. DHCPv6 Snooping
Selected Answer: ACD
Question #: 305
Topic #: 1
What are the four stages of obtaining an IP address from a DHCP server that corresponds to the acronym DORA?
A. Discover, Offer, Release, Addressing
B. Discover, Obtain, Request, Acknowledge
C. Determine, Offer, Release, Acknowledge
D. Discover, Offer, Request, Acknowledge
Selected Answer: D
Question #: 306
Topic #: 1
SNMPv2 has been used throughout a network to manage all of the network devices. You have been asked to migrate to an SNMPv3 solution instead. What is the biggest advantage to migrating from SNMPv2 to SNMPv3?
A. Enhanced security, including encryption of passwords
B. Enhanced performance, supporting more messages per minute.
C. Enhanced scaling, supporting thousands more devices per network segment than SNMPv2.
D. Using a push model instead of pull. SNMPv3 uses telemetry to push data to SNMP management stations in real time.
Selected Answer: A
Question #: 307
Topic #: 1
You are configuring Netflow on various network elements in order to gain visibility into the traffic types used. How many export destinations can this Network data be sent to?
A. Up to 2
B. Up to 4
C. Up to 8
D. There is no limitation on the number of flow data export destinations.
Selected Answer: D
Question #: 308
Topic #: 1
A Cisco router has just been configured for NTP and is synchronized with the configured NTP server. However, log messages still show an incorrect time. What else should be done to match the log messages time stamps with the NTP based time?
A. Wait a bit longer for the synchronized time to get applied to new log messages.
B. Configure the “service timestamps log datetime localtime” command in global mode.
C. Configure the “service timestamps log datetime synchronize” command globally
D. Configure the “service timestamps log ntp” command in global config mode.
Selected Answer: B
Question #: 309
Topic #: 1
There is an issue between two nodes within your network, and you are using Cisco DNA Center Path Trace to help troubleshoot the problem. Which of the following statements are true regarding the Path Trace tool?
A. Overlapping IP addresses are supported.
B. Path trace between a fabric client and a non-fabric client is supported
C. Path trace between a wired client and a wireless client is supported
D. Only TCP traffic is supported.
Selected Answer: C
Question #: 310
Topic #: 1
Which of the following are valid DHCP options that DHCP servers can be configured to use with DHCP clients when offering a lease? (Choose two.)
A. DHCP Option 1: subnet mask
B. DHCP Option 3: Lease Duration
C. DHCP Option 4: Client host name
D. DHCP Option 6: DNS servers
Selected Answer: AD
Question #: 311
Topic #: 1
Which feature of the Cisco DNA Center allows you to run diagnostic CLI commands to the devices that are managed by DNA Center for troubleshooting purposes?
A. Command Runner
B. DNA Spaces
C. DNA Advantage
D. Intelligent Capture
Selected Answer: A
Question #: 312
Topic #: 1
You want to change the Administrative Distance of external EIGRP routes from the default of 170 to 130 instead on router R1 while leaving the default AD value for internal EIGRP routes. Which set of command will accomplish this?
A. R1(config)#router eigrp –
R1(config-router)#distance 170 –
B. R1(config)#router eigrp 1 –
R1(config-router)#distance eigrp 90 130
C. R1(config)#router eigrp 1 –
R1(config-router)#distance eigrp 130 90
D. R1(config)#router eigrp 1 –
R1(config-router)#distance 90 130
Selected Answer: B
Question #: 313
Topic #: 1
Which of the following are valid TFTP error codes? (Choose two.)
A. Error Code 1 – File not found
B. Error Code 2 – Unknown error
C. Error code 3 – Invalid user
D. Error code 6 – File already exists
E. Error code 8 – Undefined error
Selected Answer: AD
Question #: 314
Topic #: 1
What are the two prerequisites of setting up DMVPN tunnel? (Choose two.)
A. Before a multipoint GRE (mGRE) and IPsec tunnel can be established, define an Internet Key Exchange (IKE) policy by using the crypto isakmp policy command.
B. The Public IP’s of the routers should be able to ping each other.
C. To enable 2547oDMPVN – Traffic Segmentation Within DMVPN configure multiprotocol label switching (MPLS) by using the mpls ip command
D. It is mandatory to use wildcard preshared keys to build the DMVPN tunnel
E. DMVPN can work on all OEM devices that support IKE.
Selected Answer: AC
Question #: 315
Topic #: 1
Refer to the exhibit. An administrator is setting up above shown routers to enable MVPN with mGRE mode. What would be the recommended interface configuration that must be done by the engineer to make it to work?
A. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel mode IPSec multipoint
B. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel mode gre multipoint
C. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp network-id 1
tunnel source 172.17.0.1
tunnel mode IPsec multipoint
D. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel destination 172.17.0.2
tunnel mode IPsec multipoint
Selected Answer: C
Question #: 316
Topic #: 1
Select three benefits of setting up a MPLS Network from the below options. (Choose three.)
A. Connection less Service
B. Security as good as connection-oriented VPNs
C. Provides IPS level intelligence to filter packets.
D. Integrated QoS support
E. All variations of Static routes are supported
Selected Answer: ABD
Question #: 317
Topic #: 1
Refer to the Exhibit. The access-lists are configured on the network device. There is a server behind the network device. User are trying to access the server securely however they are not able to access it. What changes would you recommend to the above configuration?
A. Permit tcp port 465
B. Permit tcp port 3389
C. Permit tcp port 443
D. Permit tcp any any
Selected Answer: C
Question #: 318
Topic #: 1
Which of the following is true regarding IPsec Pre-fragmentation (Look-Ahead Fragmentation)? (Choose two.)
A. Operates in tunnel mode only
B. Operates in transport mode only
C. Is used to help in the overall IPsec throughput since the end host is able to avoid packet reassembly after packet decryption.
D. Is not dependent on the MTU of the physical interface used for IPsec.
E. Does not support Path MTU Discovery
Selected Answer: CE
Question #: 319
Topic #: 1
Which of the following correctly describes the concept of split horizon with IP routing? (Choose two.)
A. Split horizon is a valid routing loop prevention mechanism
B. Split horizon is used to filter customer routes in an ISP network.
C. When enabled, split horizons informs the router to not advertise routes back out the same interface from where that route was originally received.
D. Split horizons cannot be disabled on WAN interfaces
E. Split horizon is not applicable to EIGRP networks
Selected Answer: AC
Question #: 320
Topic #: 1
DRAG DROP
–
Arrange the below as per the recommended steps:
Suggestion Answer:
Question #: 321
Topic #: 1
A network administrator is reloading a router and during the bootup, he is getting the error message “%Error opening tftp://255.255.255.255/network-confg (Socket error)”. What command need to be applied on Cisco Router to fix this issue.
A. No service config
B. Write erase reload
C. Reload noconfirm
D. Copy run start
Selected Answer: A
Question #: 322
Topic #: 1
DRAG DROP
–
The steps for configuring BGP on Cisco IOS Router:
Suggestion Answer:
Question #: 323
Topic #: 1
What is the term used when it causes the packets to lose their MPLS labels including the VPN in-formation that lies in the inner MPLS Label i.e. if a packet goes through an untagged interface, the VPN information is lost and VPN sites lose connectivity?
A. Pseudowire
B. Black Hole
C. Traffic Engineering
D. Active Network Abstraction
Selected Answer: B
Question #: 324
Topic #: 1
An administrator wants to implement security on his company’s router. Please select three options that you will use on your router to secure it. (Choose three.)
A. Control Access to the router
B. Restrict all traffic through the router
C. Restrict SNMP
D. Enable all unused services
E. Encrypt all passwords
F. Disable logging
Selected Answer: ACE
Question #: 325
Topic #: 1
An administrator is setting up a DMVPN tunnel between their offices and he is getting below output when he is running the command “show crypto isakmp sa”:
What command will you run to identify the issue?
A. Debug ip icmp
B. Debug crypto isakmp
C. Debug crypto ipsec sa
D. Debug ssh
Selected Answer: B
Question #: 326
Topic #: 1
A company is looking to implement VPN between their Head Quarter and over 100+ Branch Offices. They are looking for a solution that:
1. Reduces deployment complexity
2. Simplifies branch communications
3. Offers branch to branch connectivity.
4. Is cost effective
5. Offers strong encryption
Select the best option from the below options that you would recommend to implement.
A. MPLS
B. IPSEC
C. DMVPN
D. GRE
Selected Answer: C
Question #: 327
Topic #: 1
You have a DNA center deployed in your environment. Which feature of the DNA Center will you use for system-guided as well as self-guided troubleshooting.
A. Assurance
B. Automation
C. Zero Trust
D. Discovery
Selected Answer: A
Question #: 328
Topic #: 1
DRAG DROP
–
You are logged in to the DNA Center Client Health Dashboard. Under the client health, you see some color-coded fields that reflects the health status of the client devices. Drag the health scores on the left to their respective colors in the right.
Suggestion Answer:
Question #: 329
Topic #: 1
Out of the below options regarding DMVPN & FLEXVPN, select the correct one.
A. FlexVPN uses a new key management protocol – IKEv2, while most traditional DMVPN networks use IKEv1
B. FlexVPN uses a new key management protocol – IKEv1, while most traditional DMVPN networks use IKEv2
C. With FlexVPN there’s multiple standard way of NHRP and routing protocols operations as opposed to 1 phase of DMVPN
D. Flex VPN & DMVPN both are supported only on Firewalls.
Selected Answer: A
Question #: 330
Topic #: 1
Refer to the exhibit. A network engineer is provisioning end-to-end traffic service for two different enterprise networks with these requirements:
• The OSPF process must differ between customers on HQ and Branch office routers, and adjacencies should come up instantly.
• The enterprise networks are connected with overtapping networks between HQ and a Branch office.
Which configuration meets the requirements for a customer site?
A. ISP(config-if)#int f1/0 –
ISP(config-if)#ip vrf forwarding EA
ISP(config-if)#description TO->EA2_Branch
ISP(config-if)#ip add 172.16.200.2 255.255.255.0
ISP(config-if)#no shut –
B. ISP(config-vrf)#int f0/0 –
ISP(config-if)#ip vrf forwarding EB
ISP(config-if)#description TO->EB1_Branch
ISP(config-if)#ip add 172.16.100.2 255.255.255.0
ISP(config-if)#no shut –
C. ISP(config)#int f2/0 –
ISP(config-if)#ip vrf forwarding EA
ISP(config-if)#description TO->EA1_HQ
ISP(config-if)#ip address 172.16.100.2 255.255.255.0
ISP(config-if)#no shut –
D. ISP(config-if)#int f3/0 –
ISP(config-if)#ip vrf forwarding EA
ISP(config-if)#description TO->EA2_Branch
ISP(config-if)#ip address 172.16.200.2 255.255.255.0
ISP(config-if)#no shut
Selected Answer: A
Question #: 331
Topic #: 1
Refer to the exhibit. A company is evaluating multiple network management system tools. Trending graphs generated by SNMP data are returned by the NMS and appear to have multiple gaps. While troubleshooting the issue, an engineer noticed the relevant output. Which action resolves the gaps in the graphs?
A. Remove the class map NMS from being part of control plane policing.
B. Configure the CIR rate to a lower value that accommodates all the NMS tools.
C. Remove the exceed-rate command in the class map.
D. Separate the NMS class map in multiple class maps based on the specific protocols with appropriate CoPP actions.
Selected Answer: D
Question #: 332
Topic #: 1
Refer to the exhibit. The network engineer configured the summarization of the RIP routes into the OSPF domain on R5 but still sees four different 172.16.0.0/24 networks on R4. Which action resolves the issue?
A. R5(config)#router ospf 99 –
R5(config-router)#network 172.16.0.0 0.255.255.255 area 56
R5(config-router)#area 56 range 172.16.0.0 255.255.255.0
B. R5(config)#router ospf 1 –
R5(config-router)#no area –
R5(config-router)#summary-address 172.16.0.0 255.255.252.0
C. R4(config)#router ospf 1 –
R4(config-router)#no area –
R4(config-router)#summary-address 172.16.0.0 255.255.252.0
D. R4(config)#router ospf 99 –
R4(config-router)#network 172.16.0.0 0.255.255.255 area 56
R4(config-router)#area 56 range 172.16.0.0 255.255.255.0
Selected Answer: B
Question #: 333
Topic #: 1
What is the minimum time gap required by the local system before putting a BFD control packet on the wire?
A. Desired Min TX Interval
B. Detect Mult
C. Required Min RX Interval
D. Required Min Echo RX Interval
Selected Answer: A
Question #: 334
Topic #: 1
What must be configured by the network engineer to circumvent AS_PATH loop prevention mechanism in IP/VPN Hub and Spoke deployment scenarios?
A. Use allowas-in at the PE_Hub.
B. Use allowas-in and as-override at all PEs.
C. Use allowas-in and as-override at the PE_Hub.
D. Use as-override at the PE_Hub.
Selected Answer: D
Question #: 335
Topic #: 1
Refer to the exhibit. Which action makes 10.1.3.2 the feasible successor to reach 10.200.1.0/24 for location S42T431E64F51?
A. Increase path bandwidth higher than 10.1.1.2 and lower than 10.1.2.2 between RtrA and the destination.
B. Increase path bandwidth lower than 10.1.1.2 and lower than 10.1.2.2 between RtrA and the destination.
C. Increase path bandwidth higher than 10.1.2.2 and lower than 10.1.1.2 between RtrA and the destination.
D. Increase path bandwidth higher than 10.1.2.2 and higher than 10.1.1.2 between RtrA and the destination.
Selected Answer: C
Question #: 336
Topic #: 1
Refer to the exhibit A junior engineer updated a branch router configuration. Immediately after the change, the engineer receives calls from the help desk that branch personnel cannot reach any network destinations. Which configuration restores service and continues to block 10.1.1.100/32?
A. route-map FILTER-IN deny 5
B. ip prefix-list 102 seq 15 permit 0.0.0.0/32 le 32
C. route-map FILTER-IN permit 20
D. ip prefix-list 102 seq 5 permit 0.0.0.0/32 le 32
Selected Answer: C
Question #: 337
Topic #: 1
What does the MP-BGP OPEN message contain?
A. the version number and the AS number to which the router belongs
B. IP routing information and the AS number to which the router belongs
C. NLRI, path attributes, and IP addresses of the sending and receiving routers
D. MPLS labels and the IP address of the router that receives the message
Selected Answer: A
Question #: 338
Topic #: 1
Refer to the exhibit. An engineer applies a prefix-list filter that filters most of the network 10 prefixes instead of allowing them. Which action resolves the issue?
A. Modify the ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 command.
B. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 le 9 command.
C. Modify the ip prefix-list EIGRP seq 20 permit 0.0.0.0/0 le 32 command.
D. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 le 32 command.
Selected Answer: D
Question #: 339
Topic #: 1
How is a preshared key “Test” for all the remote VPN routers configured in a DMVPN using GRE over IPsec set up?
A. authentication pre-share Test address 0.0.0.0 0.0.0.0
B. set pre-share Test address 0.0.0.0 0.0.0.0
C. crypto ipsec key Test address 0.0.0.0 0.0.0.0
D. crypto isakmp key Test address 0.0.0.0 0.0.0.0
Selected Answer: D
Question #: 340
Topic #: 1
Refer to the exhibit. An engineer is trying to get 192.168.32.100 forwarded through 10.1.1.1, but it was forwarded through 10.1.1.2. What action forwards the packets through 10.1.1.1?
A. Configure EIGRP to receive 192.168.32.0 route with lower metric.
B. Configure EIGRP to receive 192.168.32.0 route with lower admin distance.
C. Configure EIGRP to receive 192.168.32.0 route with longer prefix than /19.
D. Configure EIGRP to receive 192.168.32.0 route with equal or longer prefix than /24.
Selected Answer: D
Question #: 341
Topic #: 1
What is a characteristic of IPv6 RA Guard?
A. It filters rogue RA broadcasts from connected hosts.
B. It is supported on the egress direction of the switch.
C. RA messages are allowed from the host port to the switch.
D. It is unable to protect tunneled traffic.
Selected Answer: D
Question #: 342
Topic #: 1
A network administrator is troubleshooting a failed AAA login issue on a Cisco Catalyst c3560 switch. When the network administrator tries to log in with SSH using TACACS+ username and password credentials, the switch is no longer authenticating and is failing back to the local account. Which action resolves this issue?
A. Configure ip tacacs-server source-interface GigabitEthernet 1/1.
B. Configure ip tacacs source-ip 192.168.100.55.
C. Configure ip tacacs source-interface GigabitEthernet 1/1.
D. Configure ip tacacs-server source-ip 192.168.100.55.
Selected Answer: C
Question #: 343
Topic #: 1
Which two solutions are used to overcome a flapping link that causes a frequent label binding exchange between MPLS routers? (Choose two.)
A. Increase input queue on links to protect the session.
B. Increase a hold-timer to protect the session.
C. Increase a session delay to protect the session.
D. Create link dampening on links to protect the session.
E. Create targeted hellos to protect the session.
Selected Answer: DE
Question #: 344
Topic #: 1
Refer to the exhibit. An engineer must filter EIGRP updates that are received to block all 10.10.10.0/24 prefixes. The engineer tests the distribute list and finds one associated prefix. Which action resolves the issue?
A. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 255.255.255.0.
B. There is a permit in the ACL that allows this prefix into EIGRP. The ACL should be modified to deny 10.10.10.0 0.0.0.255.
C. There is a permit in the route map that allows this prefix. A deny 20 statement is required with a match condition to match a new ACL that denies all prefixes.
D. There is a permit in the route map that allows this prefix. A deny 20 statement is required with no match condition to block the prefix.
Selected Answer: B
Question #: 345
Topic #: 1
A network engineer must configure a DMVPN network so that a spoke establishes a direct path to another spoke if the two must send traffic to each other. A spoke must send traffic directly to the hub if required. Which configuration meets this requirement?
A. At the hub router:
interface tunnel10
ip nhrp nhs dynamic multipoint
ip nhrp nhs shortcut
tunnel mode gre multicast
On the spokes router:
interface tunnel10
ip nhrp nhs multicast dynamic
ip nhrp nhs redirect
tunnel mode gre multicast
B. At the hub router:
interface tunnel10
ip nhrp map dynamic multipoint
ip nhrp redirect
tunnel mode gre multicast
On the spokes router:
interface tunnel10
ip nhrp map multicast dynamic
ip nhrp shortcut
tunnel mode gre multicast
C. At the hub router:
interface tunnel10
ip nhrp nhs multicast dynamic
ip nhrp nhs shortcut
tunnel mode gre multipoint
On the spokes router:
interface tunnel10
ip nhrp nhs multicast dynamic
ip nhrp nhs redirect
tunnel mode gre multipoint
D. At the hub router:
interface tunnel10
ip nhrp map multicast dynamic
ip nhrp redirect
tunnel mode gre multipoint
On the spokes router:
interface tunnel10
ip nhrp map multicast dynamic
ip nhrp shortcut
tunnel mode gre multipoint
Selected Answer: D
Question #: 346
Topic #: 1
The network administrator configured R1 to authenticate Telnet connections based on Cisco ISE using TACACS+. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.
The administrator has configured this on R1:
aaa new-model
!
tacacs server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ TAC-SERV
server name ISE1
!
aaa authentication login telnet group TAC-SERV
The network administrator cannot authenticate to R1 based on ISE. Which configuration fixes the issue?
A. line vty 0 4
login authentication TAC-SERV
B. tacacs-server host 192.168.1.5 key Cisco123
C. ip tacacs-server host 192.168.1.5 key Cisco123
D. line vty 0 4
login authentication telnet
Selected Answer: D
Question #: 347
Topic #: 1
The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.
The administrator has configured this on R1:
aaa new-model
!
radius server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ RAD-SERV
server name ISE1
!
aaa authentication login default group RAD-SERV
The network administrator cannot authenticate to access R1 based on ISE. Which set of configurations fixes the issue?
A. line vty 0 4
login authentication RAD-SERV
B. aaa group server tacacs+ ISE1
server name RAD-SERV
C. aaa group server radius RAD-SERV
server name ISE1
D. line vty 0 4
login authentication default
Selected Answer: C
Question #: 348
Topic #: 1
Which IPv6 first-hop security feature helps to minimize denial of service attacks?
A. IPv6 Router Advertisement Guard
B. IPv6 Destination Guard
C. DHCPv6 Guard
D. IPv6 MAC address filtering
Selected Answer: B
Question #: 349
Topic #: 1
Refer to the exhibit. A network engineer is troubleshooting a failed link between R2 and R3. No traffic loss is reported from router R5 to HQ. Which command fixes the separated backbone?
A. R3(config-router)#area 21 virtual-link 192.168.125.5
B. R2(config-router)#area 21 virtual-link 192.168.125.5
C. R3(config-router)#no area 21 stub
D. R2(config-router)#no area 21 stub
Selected Answer: C
Question #: 350
Topic #: 1
A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321 router. However, the SSH response from the router is abnormal and stuck during the high link utilization. The problem is identified as SSH traffic does not match in the ACL. Which action resolves the issue?
A. Apply CoPP on the control plane interface.
B. Apply CoPP on the WAN interface inbound direction.
C. Rate-limit SSH traffic to ensure dedicated bandwidth.
D. Increase the IP precedence value of SSH traffic to 6.
Selected Answer: A
Question #: 351
Topic #: 1
Refer to the exhibit. The network administrator must configure Cape Town to reach Dubai via Tokyo based on the speeds provided by the service provider. It was noticed that Cape Town is reaching Dubai directly and failed to meet the requirement. Which configuration fixes the issue?
A. CapeTown –
router eigrp 100
variance 2
B. CapeTown –
interface E 0/0
bandwidth 5000
interface E 0/1
bandwidth 10000
C. CapeTown –
interface E 0/0
bandwidth 5000
interface E 0/1
bandwidth 10000
Dubai –
interface E 0/0
bandwidth 50000
interface E 0/1
bandwidth 5000
Tokyo –
interface E 0/0
bandwidth 50000
interface E 0/1
bandwidth 10000
D. Dubai –
router eigrp 100
variance 2
Selected Answer: C
Question #: 352
Topic #: 1
DRAG DROP
–
Drag and drop the ICMPv6 neighbor discovery messages from the left onto the correct packet types on the right.
Suggestion Answer:
Question #: 353
Topic #: 1
Refer to the exhibit. An engineer must configure a LAN-to-LAN IPsec VPN between R1 and the remote router. Which IPsec Phase 1 configuration must the engineer use for the local router?
A. crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
!
crypto isakmp key cisco123 address 200.1.1.3
B. crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123! address 199.1.1.1
C. crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 199.1.1.1
D. crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123 address 200.1.1.3
Selected Answer: A
Question #: 354
Topic #: 1
Refer to the exhibit. A shoe retail company implemented the uRPF solution for an antispoofing attack. A network engineer received the call that the branch A server is under an IP spoofing attack. Which configuration must be implemented to resolve the attack?
A. R4 –
interface ethernet0/1
ip verify unicast source reachable-via any allow-default allow-self-ping
B. R4 –
interface ethernet0/1
ip unicast RPF check reachable-via any allow-default allow-self-ping
C. R3 –
interface ethernet0/1
ip verify unicast source reachable-via any allow-default allow-self-ping
D. R3 –
interface ethernet0/1
ip unicast RPF check reachable-via any allow-default allow-self-ping
Selected Answer: C
Question #: 355
Topic #: 1
Refer to the exhibit. An engineer configures two ASBRs, 10.4.17.6 and 10.4.15.5, in an OSPF network to redistribute routes from EIGRP. However, both ASBRs show the EIGRP routes as equal costs even though the next-hop router 10.4.17.6 is closer to R1. How should the network traffic to the EIGRP prefixes be sent via 10.4.17.6?
A. The administrative distance should be raised to 120 from the ASBR 10.4.17.6.
B. The redistributed prefixes should be advertised as Type 1.
C. The ASBR 10.4.17.6 should assign a tag to match and assign a lower metric on R1.
D. The administrative distance should be raised to 120 from the ASBR 10.4.15.5.
Selected Answer: B
Question #: 356
Topic #: 1
Which component of MPLS VPNs is used to extend the IP address so that an engineer is able to identify to which VPN it belongs?
A. RT
B. RD
C. LDP
D. VPNv4 address family
Selected Answer: B
Question #: 357
Topic #: 1
Refer to the exhibit. An engineer noticed that the router log messages do not have any information about when the event occurred. Which action should the engineer take when enabling service time stamps to improve the logging functionality at a granular level?
A. Configure the debug uptime option.
B. Configure the msec option.
C. Configure the timezone option.
D. Configure the log uptime option.
Selected Answer: B
Question #: 358
Topic #: 1
Refer to the exhibit. An engineer configured SNMP Communities on UserSW2 switch, but the SNMP server cannot upload modified configurations to the switch. Which configuration resolves this issue?
A. snmp-server community CiscoUs3r RW 11
B. snmp-server community Ciscowruser RW 11
C. snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 22
D. snmp-server group NETVIEW v2c priv read NETVIEW access 11
Selected Answer: B
Question #: 359
Topic #: 1
Refer to the exhibit. An engineer must extend VRF-Lite over a trunk to another switch for VLAN 70 (10.70.70.0/24) on port GigabitEtheret0/0 and VLAN 80 (10.80.80.0/24) on port GigabitEthernet0/1. Which configuration accomplishes this objective?
A. interface GigabitEthernet0/0
no switchport
ip vrf forwarding 70
ip address 10.70.70.1 255.255.255.0
!
interface GigabitEthernet0/1
no switchport
ip vrf forwarding 80
ip address 10.80.80.1 255.255.255.0
B. interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 70
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 80
C. interface GigabitEthernet0/0
switchport mode access
switchport access vlan 70
ip vrf forwarding 70
!
interface GigabitEthernet0/1
switchport mode access
switchport access vlan 80
ip vrf forwarding 80
D. interface GigabitEthernet0/0
switchport mode access
switchport access vlan 70
!
interface GigabitEthernet0/1
switchport mode access
switchport access vlan 80
!
Selected Answer: B
Question #: 360
Topic #: 1
Refer to the exhibit. An administrator must configure the router with OSPF for IPv4 and IPv6 networks under a single process. The OSPF adjacencies are not established and did not meet the requirement. Which action resolves the issue?
A. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv4 address, and remove process 10 from the global configuration.
B. Replace OSPF process 10 on the interfaces with OSPF process 1, and configure an additional router ID with IPv6 address.
C. Replace OSPF process 10 on the interfaces with OSPF process 1, and remove process 10 from the global configuration.
D. Replace OSPF process 10 on the interfaces with OSPF process 1 for the IPv6 address, and remove process 10 from the global configuration.
Selected Answer: C
