350-501: Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) Part 4
Question #: 181
Topic #: 1
Which module refers to the network automation using Ansible?
A. the iosxr_system module to collect facts from remote devices
B. the iosxr_command module to issue run commands on remote devices
C. the iosxr_user module to manage banners for users in the local database
D. the iosxr_logging module to run debugging for severity levels 2 to 5
Selected Answer: A
Question #: 182
Topic #: 1
Refer to the exhibit. An engineer applied a gRPC dial-in configuration on customer’s router to provide connection multiplexing and two-way streaming. What does this configuration accomplish in a gRPC?
A. It is used for encoding with the default protocol buffers
B. It is the encoding requested by the gRPC server
C. It is the encoding requested by the gRPC client
D. It is the encoding that is used for dial-in and dial-out
Selected Answer: A
Question #: 183
Topic #: 1
The administrator of a small company network notices that intermittent network issues occasionally cause inbound notifications to its SNMP servers to be lost.
Which configuration must the administrator apply so that the SNMP servers acknowledge the notifications that they receive?
A. snmp-server enable traps snmp
B. snmp-server enable traps bgp snmp-server host 192.168.2.1 informs
C. snmp-server host test.cisco.com public snmp-server community ciscotest rw 10
D. snmp-server community ciscotest rw 10
Selected Answer: B
Question #: 184
Topic #: 1
Refer to the exhibit. A network engineer is deploying SNMP configuration on client’s routers. Encrypted authentication must be included on router 1 to provide security and protect message confidentiality. Which action should the engineer perform on the routers to accomplish this task?
A. snmp-server community public
B. snmp-server group group1 v3 auth
C. snmp-server host 192.168.0.254 informs version 3 auth testuser config
D. snmp-server user testuser group1 remote 192.168.0.254 v3 auth md5 testpassword
Selected Answer: D
Question #: 185
Topic #: 1
After a possible security breach, the network administrator of an ISP must verify the times that several different users logged into the network. Which command must the administrator enter to display the login time of each user that activated a session?
A. show netconf-yang sessions detail
B. show netconf-yang sessions
C. show netconf-yang datastores
D. show platform software yang-management process
Selected Answer: C
Question #: 186
Topic #: 1
An engineer is developing a configuration script to enable dial-out telemetry streams using gRPC on several new devices. TLS must be disabled on the devices.
Which configuration must the engineer apply on the network?
A. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc tls-hostname ciscotest.com commit
B. telemetry model-driven destination-group DGroup1 address-family ipv4 172.0.0.0 port 5432 encoding self-describing-gpb protocol tcp commit
C. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc no-tls commit
D. telemetry model-driven destination-group ciscotest address-family ipv4 192.168.1.0 port 57500 encoding self-describing-gpb protocol grpc commit
Selected Answer: B
Question #: 187
Topic #: 1
Which additional configuration is required for NetFlow to provide traceback information?
A. A classification ACL must be configured to identity which type of traffic will be analyzed.
B. The BGP routing process must be started for any ingress or egress data to be reported when using NetFlow Version 5.
C. Cisco Express Forwarding must be configured for traffic that is egressing from the router to be property reported.
D. LLDP must be configured or the device will be unable to locate a NetFlow analyzer.
Selected Answer: C
Question #: 188
Topic #: 1
What do Chef and Puppet have in common?
A. use Ruby
B. require modules to be created from scratch
C. use a master server
D. manage agents referred to as minions
Selected Answer: A
Question #: 189
Topic #: 1
How do intent APIs make it easier for network engineers to deploy and manage networks?
A. They pull stored SNMP data from a single network location to multiple monitoring tools.
B. They allow the engineer to use a single interface as the entry point for control access to the entire device.
C. They streamline repetitive workflows and support more efficient implementation.
D. They extend the Layer 2 infrastructure and reduce the necessary number of virtual connections to Layer 3 devices.
Selected Answer: C
Question #: 190
Topic #: 1
Refer to the exhibit. What does this REST API script configure?
A. VRF
B. interface with IP address 192.168.0.1
C. application profile
D. public community string for SNMP
Selected Answer: B
Question #: 191
Topic #: 1
Refer to the exhibit. An Ethernet access provider is configuring routers PE-1 and PE-2 to provide E-Access EVPL service between UNI and ENNI. ENNI service multiplexing is based on 802.1ad tag 150, and service-multiplexed UNI is based on 802.1q tag 10. Which EFP configurations must the provider implement on PE-1 and PE-2 to establish end-to-end connectivity between CE-1 and CE-2?
A. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
B. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1q 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
C. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 dot1q 10 rewrite ingress tag pop 2 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10
D. On PE-1: interface GigabitEthernet2 service instance 100 ethernet encapsulation dot1ad 150 rewrite ingress tag pop 1 symmetric On PE-2: interface GigabitEthernet2 service instance 2 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric
Selected Answer: A
Question #: 192
Topic #: 1
Refer to the exhibit. An administrator working for large ISP must connect its two POP sites to provide internet connectivity to its customers. Which configuration must the administrator perform to establish an iBGP session between routers PE1 on POP site 1 and PE2 on POP site 2?
A. PE2#configure terminal PE2(config)#router bgp 65111 PE2(config-router)#no neighbor 172.18.10.1 shutdown PE2(config-router)#end
B. PE1#configure terminal PE1(config)#router bgp 65111 PE1(config-router)#no neighbor 172.19.10.10 shutdown PE1(config-router)#end
C. PE1#configure terminal PE1(config)#router bgp 65111 PE1(config-router)#address-family ipv4 unicast PE1(config-router-af)#neighbor 172.19.10.10 activate PE1(config-router-af)#end
D. PE2#configure terminal PE2(config)#router bgp 65111 PE2(config-router)#address-family ipv4 unicast PE2(config-router-af)#neighbor 172.18.10.1 activate PE2(config-router-af)#end
Selected Answer: A
Question #: 193
Topic #: 1
What are two features of stateful NAT64? (Choose two.)
A. It uses address overloading.
B. It provides 1:N translations, so it supports an unlimited number of endpoints.
C. It requires IPv4-translatable IPv6 address assignments.
D. It requires the IPv6 hosts to use either DHCPv6-based address assignments or manual address assignments.
E. It provides 1:1 translation, so it supports a limited number of endpoints.
Selected Answer: AB
Question #: 194
Topic #: 1
Refer to the exhibit. An engineer working for a private telecommunication company with an employee id: 3414:81:713 is implementing this network, in which:
✑ Routers R1A and R1B are eBGP neighbors.
✑ iBGP is configured within AS 65515 and AS 65516.
✑ Network 192.168.2.0/24 is shared with AS 65516.
✑ Router R3A has an iBGP relationship with router R2A only.
✑ Router R2A has an iBGP relationship with routers R1A and R3A.
Which additional task must the engineer perform to complete the configuration?
A. Configure router R2A to use the next-hop-self attribute when advertising the learned route to router R1A.
B. Configure router R3A to redistribute route 192.168.2.0/24 into the configured IGP to advertise the prefix to router R1A.
C. Configure router R2A as a route reflector to advertise the iBGP learned prefix from router R3A to R1A.
D. Configure router R1A with a static route to 192.168.2.0/24 that is redistributed into BGP.
Selected Answer: C
Question #: 195
Topic #: 1
Refer to the exhibit. The operations team is implementing an LDP-based configuration in the service provider core network with these requirements:
✑ R1 must establish LDP peering with the loopback IP address as its Router-ID.
✑ Session protection must be enabled on R2.
How must the team update the network configuration to successfully enable LDP peering between R1 and R2?
A. Change the LDP password on R2 to Cisco.
B. Configure mpls ldp router-id loopback0 on R1 and R2.
C. Configure LDP session protection on R1.
D. Change the discover hello hold time and interval to their default values.
Selected Answer: A
Question #: 196
Topic #: 1
A network engineer is testing an automation platform that interacts with Cisco networking devices via NETCONF over SSH. In accordance with internal security requirements:
✑ NETCONF sessions are permitted only from trusted sources in the 172.16.20.0/24 subnet.
✑ CLI SSH access is permitted from any source.
Which configuration must the engineer apply on R1?
A. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
B. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 1 permit any netconf ssh line vty 0 4 access-class 1 in transport input ssh end
C. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 1 access-list 1 permit 172.16.20.0 0.0.0.255 access-list 2 permit any netconf ssh line vty 0 4 access-class 2 in transport input ssh end
D. configure terminal hostname R1 ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 access-list 1 permit 172.16.20.0 0.0.0.255 netconf ssh acl 1 line vty 0 4 transport input ssh end
Selected Answer: D
Question #: 197
Topic #: 1
A network architect decides to expand the scope of the multicast deployment within the company network. The network is already using PIM-SM with a static RP that supports a high-bandwidth, video-based training application that is heavily used by the employees, but excessive bandwidth usage is a concern. How must the engineer update the network to provide a more efficient multicast implementation?
A. Configure IGMP to manage the multicast hosts on each LAN.
B. Deploy ICMP to improve multicast reachability across the network using static RP.
C. Implement BSR to support dynamic RP notification.
D. Implement STP to improve switching performance for multicast data.
Selected Answer: C
Question #: 198
Topic #: 1
What is the role of NSO?
A. Provides public cloud services for customers that need Internet access.
B. Controls the turn-up of a device.
C. Provides network monitoring services for Layer 3 devices.
D. Maintains data storage.
Selected Answer: B
Question #: 199
Topic #: 1
An engineer is moving all of an organization’s Cisco IOS XE BGP routers to the address-family identifier format. Which command should be used to perform this upgrade quickly with the minimum service disruption?
A. vrf upgrade-cli
B. bgp upgrade-cli
C. address-family ipv4
D. ip bgp-community new-format
Selected Answer: B
Question #: 200
Topic #: 1
What is the role of NFVI?
A. domain name service
B. intrusion detection
C. monitor
D. network address translation
Selected Answer: C
Question #: 201
Topic #: 1
A network engineer is implementing NetFlow to observe traffic patterns on the network. The engineer is planning to review the patterns to help plan future strategies for monitoring and preventing congestion as the network grows. If the captures must include BGP next-hop flows, which configuration must the engineer apply to the router?
A. ip cef ip flow-export version 5 bgp-nexthop ip flow-export destination 192.168.1.1 9995 interface gigabitethernet 1/0/1 ip flow egress
B. ip cef ip flow-export version 9 bgp-nexthop ip flow-export destination 192.168.1.1 9996 interface gigabitethernet 1/0/1 ip flow ingress
C. ip cef ip flow-export version 5 ip flow-export destination 192.168.1.1 9995 interface gigabitethernet 1/0/1 ip flow ingress cdp enable
D. no ip cef ip flow-export version 9 ip flow-export destination 192.168.1.1 9996 interface gigabitethernet 1/0/1 ip flow ingress ip flow egress
Selected Answer: B
Question #: 202
Topic #: 1
Refer to the exhibit. A network engineer is trying to retrieve SNMP MIBs with RESTCONF on the Cisco switch but fails. End-to-end routing is in place. Which configuration must the engineer implement on the switch to complete the task?
A. snmp-server community public RO
B. snmp-server community cisco RW
C. netconf-yang cisco-ia snmp-community-string Public
D. netconf-yang cisco-ia snmp-community-string Private
Selected Answer: B
Question #: 203
Topic #: 1
Refer to the exhibit. Users in AS 65010 are connected with the application server in AS 65050 with these requirements:
AS 65010 users are experiencing latency and congestion to connect with application server 172.16.50.10.
✑ AS 65030 must be restricted to become Transient Autonomous System for traffic flow.
✑ Links connected to AS 65020 and AS 65040 are underutilized and must be used efficiently for traffic.
Which two configurations must be implemented to meet these requirements? (Choose two.)
A. Apply the AS-Path route-map policy for traffic received from R3.
B. Configure the route map to prepend the AS-Path attribute for R5-R3 BGP peering.
C. Apply the MED route-map policy for traffic received from R4.
D. Configure a higher Local preference for R5-R4 BGP peering.
E. Configure the route map to set the MED 50 attribute for R5-R4 BGP peering.
Selected Answer: AB
Question #: 204
Topic #: 1
What is a characteristic of MVPN?
A. It bypasses the use of MPLS in the service provider core and transmits packets using IP only.
B. It uses pseudowires to route unicast and broadcast traffic over either a service provider MPLS or IP core.
C. It allows VRF traffic to use the service provider MPLS VPN to route multicast traffic.
D. It creates GRE tunnels to route multicast traffic over a service provider IP core.
Selected Answer: C
Question #: 205
Topic #: 1
Which action does the ingress VTEP perform on traffic between EVPN VXLAN overlays?
A. routing and bridging when doing asymmetric IRB
B. bridging when doing symmetric IRB
C. routing and tunneling when doing symmetric IRB
D. routing when doing asymmetric IRB
Selected Answer: A
Question #: 206
Topic #: 1
Refer to the exhibit. An engineer started to configure a router for OSPF. Which configuration must the engineer perform on the router without changing any interface configuration so that the router establishes an OSPF neighbor relationship with its peer?
A. router(config)# router ospf 11router(config-if)# no passive-interface ethernet 1/1
B. router(config)# interface ethernet 1/1router(config-if)# no shutdown
C. router(config)# interface ethernet 1/1router(config-if)# ip ospf hello-interval
D. router(config)# interface ethernet 1/1router(config-if)# ip ospf priority 0
Selected Answer: A
Question #: 207
Topic #: 1
Refer to the exhibit. What is the purpose of this JSON script?
A. It changes the existing password.
B. It updates a user authentication record.
C. It deletes a user’s authentication record.
D. It confirms a user’s login credentials.
Selected Answer: A
Question #: 208
Topic #: 1
A network engineer must implement SNMPv2 with these parameters:
✑ Enable SNMP community string c1sc0 with read-only permissions.
✑ Enable interface index persistence.
Restrict the SNMP community to only the monitoring server with IP address 198.18.19.100/32.
✑ Provide view-only access to ospfIfEntry and ospfNbrEntry.
Which configuration must the engineer apply?
A. configure terminal access-list 5 permit 198.18.19.100 0.0.0.0 snmp-server view BLOCKED_VIEW internet excluded snmp-server view BLOCKED_VIEW ospfIfEntry included snmp-server view BLOCKED_VIEW ospfNbrEntry included snmp-server community c1sc0 view BLOCKED_VIEW RO snmp ifmib ifindex persist end
B. configure terminal access-list 5 permit 198.18.19.100 0.0.0.0 snmp-server view BLOCKED_VIEW internet excluded snmp-server view BLOCKED_VIEW ospfIfEntry included snmp-server view BLOCKED_VIEW ospfNbrEntry included snmp-server community c1sc0 view BLOCKED_VIEW RO 5 snmp ifmib ifindex persist end
C. configure terminal access-list 5 permit 198.18.19.100 0.0.0.0 snmp-server view BLOCKED_VIEW internet included snmp-server view BLOCKED_VIEW ospfIfEntry included snmp-server view BLOCKED_VIEW ospfNbrEntry included snmp-server community c1sc0 view BLOCKED_VIEW RO snmp ifmib ifindex persist end
D. configure terminal access-list 5 permit 198.18.19.100 0.0.0.0 snmp-server view BLOCKED_VIEW internet excluded snmp-server view BLOCKED_VIEW ospfIfEntry included snmp-server view BLOCKED_VIEW ospfNbrEntry included snmp-server community c1sc0 view BLOCKED_VIEW RW 5 snmp ifmib ifindex persist end
Selected Answer: B
Question #: 209
Topic #: 1
A network administrator must monitor network usage to provide optimal performance to the network end users when the network is under heavy load. The administrator asked the engineer to install a new server to receive SNMP traps at destination 192.168.1.2. Which configuration must the engineer apply so that all traps are sent to the new server?
A. snmp-server enable traps entity snmp-server host 192.168.1.2 public
B. snmp-server enable traps bgp snmp-server host 192.168.1.2 public
C. snmp-server enable traps isdn snmp-server host 192.168.1.2 public
D. snmp-server enable traps snmp-server host 192.168.1.2 public
Selected Answer: D
Question #: 210
Topic #: 1
What must a network engineer consider when designing a Cisco MPLS TE solution with OSPF?
A. The OSPF extensions and RSVP-TE must be enabled on all routers in the network.
B. OSPF extensions for RSVP-TE are supported in Area 1.
C. The OSPF extensions and RSVP-TE must be enabled on the egress routers.
D. OSPF extensions for RSVP-TE are implemented in Type 6, 7, and 8 LSAs.
Selected Answer: B
Question #: 211
Topic #: 1
Which feature describes the adjacency SID?
A. It applies only to multipoint links.
B. It is globally unique.
C. It applies only to point-to-point links.
D. It is locally unique.
Selected Answer: D
Question #: 212
Topic #: 1
Refer to the exhibit. A network engineer is in the process of implementing IS -IS Area 1 and Area 2 on this network to segregate traffic between different segments of the network. The hosts in the two new areas must maintain the ability to communicate with one another in both directions. Which additional change must be applied?
A. Reconfigure routers R2 and R5 as Level 1/Level 2 routers.
B. Reconfigure routers R1, R2, R5, and R6 as Level 1/Level 2 routers.
C. Reconfigure routers R4, R5, and R6 as Level 1 routers.
D. Reconfigure either R3 or R4 as a Level 1/Level 2 router.
Selected Answer: A
Question #: 213
Topic #: 1
The network team is planning to implement IPv6 on the company’s existing IPv4 network infrastructure. The network currently uses IS-IS to share routes between peers. Which task must the team perform so that IS-IS will run in multitopology mode on the updated IPv6 network?
A. Configure the links between the network routers as point-to-point.
B. Configure the network routers to use metric-style wide.
C. Configure the network routers as Level 2 routers.
D. Configure the IS-IS IPv6 metric on the dual-stack links.
Selected Answer: B
Question #: 214
Topic #: 1
After a series of unexpected device failures on the network, a Cisco engineer is deploying NSF on the network devices so that packets continue to be forwarded during switchovers. The network devices reside in the same building, but they are physically separated into two different data centers. Which task must the engineer perform as part of the deployment?
A. Implement an L2VPN with the failover peer to share state information between the active and standby devices.
B. Implement OSPF to maintain the link-state database during failover.
C. Implement VRFs and specify the forwarding instances that must remain active during failover.
D. Implement Cisco Express Forwarding to provide forwarding during failover.
Selected Answer: D
Question #: 215
Topic #: 1
Which benefit is provided by FRR?
A. It provides fast forwarding path failure detection times for all media.
B. It provides rapid failure detection between forwarding engines.
C. It provides performance data for the service provider network.
D. It protects Cisco MPLS TE LSPs from link and node failures.
Selected Answer: D
Question #: 216
Topic #: 1
An engineer must implement QoS to prioritize traffic that requires better service throughout the network. The engineer started by configuring a class map to identify the high-priority traffic. Which additional tasks must the engineer perform to implement the new QoS policy?
A. Attach the class map to a policy map that sets the minimum bandwidth allocated to the classified traffic and designates the action to be taken on the traffic.
B. Attach the class map to a policy map that designates the action to be taken on the classified traffic and then attach the policy map to an interface using a service policy.
C. Attach the class map to a policy map within a VRF to segregate the high-priority traffic and then attach the policy map to an interface in another VRF.
D. Create a route map to manipulate the routes that are entered into the routing table and then attach the route map to an interface using a service policy.
Selected Answer: B
Question #: 217
Topic #: 1
Refer to the exhibit. An engineer configured R6 as the headend LSR of an RSVP-TE LSP to router XR2, with the dynamic path signaled as R6-R2-R5-XR2, and set the OSPF cost of all links to 1. MPLS autotunnel backup is enabled on all routers to protect the LSP. Which two NNHOP backup tunnels should the engineer use to complete the implementation? (Choose two.)
A. The R2 backup tunnel path R2-R1-R4-XR1-XR2.
B. The R2 backup tunnel path R2-R5 across the alternate link.
C. The R6 backup tunnel path R6-R2-R5.
D. The R6 backup tunnel path R6-R1-R4-R5.
E. The R6 backup tunnel path R6-R1-R2.
Selected Answer: AD
Question #: 218
Topic #: 1
An engineer is implementing NSR with OSPF on a large campus that requires high availability. Which task must an engineer perform to complete the process with minimal disruption to traffic?
A. Increase the keepalive interval on the OSPF neighbors so that traffic continues to pass during the switchover.
B. Ensure that the dual RP has synchronized their state information before performing the switchover operation.
C. Reset OSPF neighbor sessions to maintain state information during router switchover.
D. Configure the device to repopulate state information using routing updates received from the BDR.
Selected Answer: B
Question #: 219
Topic #: 1
A service provider requires continuous real-time network monitoring to provide reliable SLAs to its customers. To satisfy this requirement, a network administrator is implementing gRPC dial out on an ASR with TLS. Receiver 192.168.10.2 will be assigned one of the subscriptions, and it will manage the ASR. Which configuration must the engineer apply to the router as part of the configuration process?
A. snmp-server community public snmp-server enable traps snmp-server host 192.168.10.2 version 2c public.
B. telemetry model-driven destination-group DGroup1 address family ipv4 192.168.10.2 1 port 10 encoding self-describing-gpb
C. snmp-server community public snmp-server enable traps snmp-server enable traps snmp authentication snmp-server manager snmp-server manager session-timeout 1000
D. telemetry model-driven destination-group ciscotest address family ipv4 192.168.10.2 port 10 encoding self-describing-gpb protocol grpc tis-hostname ciscotest.com
Selected Answer: D
Question #: 220
Topic #: 1
An engineer must apply an 802.1ad-compliant configuration to a new switchport with these requirements:
✑ The switchport must tag all traffic when it enters the port.
✑ The switchport is expected to provide the same level of service to traffic from any customer VLAN.
Which configuration must the engineer use?
A. interface GigabitEthernet1/0/1 switchport mode trunk switchport trunk encapsulation dot1q encapsulation ISL bridge-domain 12
B. interface GigabitEthernet1/0/1 ethernet dot1ad uni c-port service instance 12 encapsulation dot1q rewrite ingress tag push dot1ad 21 symmetric bridge-domain 12
C. interface GigabitEthernet1/0/1 ethernet dot1ad uni s-port service instance 12 encapsulation default rewrite ingress tag push dot1ad 21 symmetric bridge-domain 12
D. interface GigabitEthernet1/0/1 ethernet dot1ad nni service instance 12 encapsulation dot1ad bridge-domain 12
Selected Answer: C
Question #: 221
Topic #: 1
Refer to the exhibit. A network operator working for a private telecommunication company with an employee id: 7138: 13:414 just added new users to the network, which resides in VLANs connected to routers R1 and R4. The engineer now must configure the network so that routers R1 and R4 share routes to the VLANs, but routers R2 and R3 are prevented from including the routes in their routing tables. Which configuration must the engineer apply to R4 to begin implementing the request?
A. pseudowire -class ciscotest encapsulation mpls interface gigabitethernet 1/0/1 connect neighbor 192.168.1.1 101 pw-class cisco
B. pseudowire -class ciscotest encapsulation mpls interface gigabitethernet 1/0/1 xconnect 192.168.1.1 101 pw-class ciscotest
C. pseudowire-class ciscotest encapsulation mpls service-policy output ciscotest
D. interface serial 2/0/0 frame-relay encapsulation ip address 192.168.1.4 255.255.255.0 service-policy output ciscotest
Selected Answer: B
Question #: 222
Topic #: 1
Refer to the exhibit. ISP A provides VPLS services and DDoS protection to Company XYZ to connect their branches across the North America and Europe regions. The uplink from the data center to the ISP is 100 Mbps. The Company XYZ security team asked the ISP to redirect ICMP echo requests, which are currently going to the web server, to a new local security appliance. Which configuration must an ISP engineer apply to router R2 to redirect the ICMP traffic?
A. class-map type traffic match-all B_210.10.65.1 match destination-address ipv4 210.10.65.1 match protocol 7 match ipv4 icmp-type 3
B. class-map type traffic match-all B_210.10.65.1 match destination-address ipv4 210.10.65.1 match protocol 1 match ipv4 icmp-type 8
C. class-map type traffic match-all B_210.10.65.1 match destination-address ipv4 210.10.65.1 match protocol 3 match ipv4 icmp-type 5
D. class-map type traffic match-all B_210.10.65.1 match destination-address ipv4 210.10.65.1 match protocol 6 match ipv4 icmp-type 9
Selected Answer: B
Question #: 223
Topic #: 1
Refer to the exhibit. A network engineer must configure XR-PE1 for uninterruptible failover from the active RP to the standby RP. Neither peer device C-GW1 nor the core network of ASN 64512 support grateful restart extensions. Which configuration must the engineer apply to XR-PE1 to complete the task?
A. nsr process-failures switchover router ospf 100 nsf cisco
B. router bgp 64512 nsr router ospf 100 nsr mpls ldp nsr
C. nsr process-failures switchover router bgp 64512 nsr router ospf 100 nsr mpls ldp nsr
D. nsr process-failures switchover router ospf 100 nsf letf
Selected Answer: C
Question #: 224
Topic #: 1
A customer has requested that the service provider use a Cisco MPLS TE tunnel to force the E-Line service to take a specific route. What is used to send the traffic over the tunnel?
A. forwarding adjacency
B. autoroute destination
C. preferred path
D. static route
Selected Answer: A
Question #: 225
Topic #: 1
When Cisco IOS XE REST API uses HTTP request methods, what is the purpose of a PUT request?
A. updates the specified resource with new information
B. creates a new resource
C. submits data to be processed to the specified resource
D. retrieves the specified resource or representation
Selected Answer: A
Question #: 226
Topic #: 1
Refer to the exhibit. A large organization is merging the network assets of a recently acquired competitor with one of its own satellite offices in the same geographic area. The newly acquired network is running a different routing protocol than the company’s primary network. As part of the merger, a network engineer implemented this route map. Which task must the engineer perform to complete the implementation?
A. Attach the route map to the redistribution command to manipulate the routes as they are shared.
B. Enable metric-style wide to allow the use of extended metrics from the protocols.
C. Configure an additional route map sequence to override the implicit deny at the end of the route map.
D. Attach the route map to an IS-IS network statement to advertise the routes learned on this interface to IS-IS.
Selected Answer: A
Question #: 227
Topic #: 1
A network engineer must configure a router for Flexible NetFlow IPFIX export. The IP address of the destination server is 172.17.12.1. The source address must be set to the Loopback0 IPv4 address and exported packets must be set to DSCP CS3. The TTL must be 64 and the transport protocol must be set to UDP with destination port 4739. Which configuration must the engineer apply to the router?
A. configure terminal flow exporter EXPORTER-1 destination 172.17.12.1 source Loopback0 dscp 3 ttl 64 export-protocol netflow-v9 transport udp 4739 end
B. configure terminal flow exporter EXPORTER-1 destination 172.17.12.1 source Loopback0 dscp 24 ttl 64 export-protocol ipfix end
C. configure terminal flow exporter EXPORTER-1 destination 172.17.12.1 source Loopback0 dscp 24 ttl 64 export-protocol netflow-v9 transport udp 4739 end
D. configure terminal flow exporter EXPORTER-1 destination 172.17.12.1 source Loopback0 dscp 3 ttl 64 export-protocol ipfix end
Selected Answer: D
Question #: 228
Topic #: 1
A network administrator is planning a new network with a segment-routing architecture using a distributed control plane. How is routing information distributed on such a network?
A. Each segment is signaled by a compatible routing protocol, and each segment makes its own steering decisions based on SR policy.
B. Each segment is signaled by MPLS, and each segment makes steering decisions based on the routing policy pushed by BGP.
C. Each segment is signaled by an SR controller, but each segment makes its own steering decisions based on SR policy.
D. Each segment is signaled by an SR controller that makes the steering decisions for each node.
Selected Answer: A
Question #: 229
Topic #: 1
Refer to the exhibit. The network team must implement MPLS LDP session protection with two requirements:
✑ Session protection is provided for core loopback IP addresses only.
✑ The LDP session must remain operational for one hour when the WAN link on PE-XR1 fails.
Which configuration must the team implement on PE-XR1?
A. configure terminal ipv4 access-list LDP-SESSION-PROTECTION permit ipv4 172.31.255.0 0.0.0.255 any ! mpls ldp session protection for LDP-SESSION-PROTECTION duration 60 end
B. configure terminal ipv4 access-list LDP-SESSION-PROTECTION permit ipv4 172.31.255.0 0.0.0.255 any ! mpls ldp session protection for LDP-SESSION-PROTECTION duration 3600 end
C. configure terminal ipv4 access-list LDP-SESSION-PROTECTION permit ipv4 172.31.255.0 0.0.0.255 any permit ipv4 10.0.0.0 0.0.255.255 any ! mpls ldp session protection for LDP-SESSION-PROTECTION duration 60 end
D. configure terminal ipv4 access-list LDP-SESSION-PROTECTION permit ipv4 172.31.255.0 0.0.0.255 any permit ipv4 10.0.0.0 0.0.255.255 any ! mpls ldp session protection for LDP-SESSION-PROTECTION duration 3600 end
Selected Answer: B
Question #: 230
Topic #: 1
Refer to the exhibit. A network support engineer for ASN 65502 receives a technical support ticket from a customer in ASN 65503 who reports that an eBGP session is down. The engineer determines that the peering failed after a recent change to the device at 192.168.26.2. EDGE-GW-1 must establish an eBGP session with the peering router 192.168.26.2. Which configuration establishes this session?
A. configure terminal no router bgp 65502 router bgp 65503 neighbor 192.168.26.2 remote-as 65503 address-family ipv4 neighbor 192.168.26.2 activate end
B. configure terminal router bgp 65502 address-family ipv4 neighbor 192.168.26.2 activate end
C. configure terminal no router bgp 65502 router bgp 65503 neighbor 192.168.26.2 remote-as 65123 address-family ipv4 neighbor 192.168.26.2 activate end
D. configure terminal router bgp 65502 no neighbor 192.168.26.2 remote-as 65503 neighbor 192.168.26.2 remote-as 65123 address-family ipv4 neighbor 192.168.26.2 activate end
Selected Answer: D
Question #: 231
Topic #: 1
DRAG DROP –
Drag and drop the characteristics from the left onto the automation tool on the right.
Select and Place:
Suggestion Answer:
Question #: 232
Topic #: 1
Refer to the exhibit. A network engineer configures CPE-1 for QoS with these requirements:
✑ IPv4 and IPv6 traffic originated by the CPE-1 WAN IP address must be marked with DSCP CS3.
✑ IPv4 LAN traffic must be marked with DSCP CS1.
IPv6 LAN traffic must be marked with DSCP default.
Which configuration must the engineer implement on CPE-1?
A. class-map match-any SELF_TRAFFIC match access-group name SELF_V4 match access-group name SELF_V6 class-map match-all V4_ TRAFFIC match protocol ip class-map match-all V6_TRAFFIC match protocol ipv6 class-map match-all QG_4 match qos-group 4 class-map match-all QG_6 match qos-group 6 ! policy-map LAN-INPUT class V4_TRAFFIC set qos-group 4 class V6_TRAFFIC set qos-group 6 ! policy-map WAN-OUTPUT class SELF_TRAFFIC set ip dscp cs3 class QG_4 set ip dscp cs1 class QG_6 set ip dscp default
B. class-map match-all SELF_TRAFFIC match access-group name SELF_V4 match access-group name SELF_V6 class-map match-all V4_ TRAFFIC match protocol ip class-map match-all V6_TRAFFIC match protocol ipv6 class-map match-all QG_4 match qos-group 4 class-map match-all QG_6 match qos-group 6 ! policy-map LAN-INPUT class V4_TRAFFIC set qos-group 4 class V6_TRAFFIC set qos-group 6 ! policy-map WAN-OUTPUT class SELF_TRAFFIC set dscp cs3 class QG_4 set ip dscp cs1 class QG_6 set dscp default
C. class-map match-all SELF_TRAFFIC match access-group name SELF_V4 match access-group name SELF_V6 class-map match-all V4_ TRAFFIC match protocol ip class-map match-all V6_TRAFFIC match protocol ipv6 class-map match-all QG_4 match qos-group 4 class-map match-all QG_6 match qos-group 6 ! policy-map LAN-INPUT class V4_TRAFFIC set qos-group 4 class V6_TRAFFIC set qos-group 6 ! policy-map WAN-OUTPUT class SELF_TRAFFIC set ip dscp cs3 class QG_4 set ip dscp cs1 class QG_6 set ip dscp default
D. class-map match-any SELF_TRAFFIC match access-group name SELF_V4 match access-group name SELF_V6 class-map match-all V4_ TRAFFIC match protocol ip class-map match-all V6_TRAFFIC match protocol ipv6 class-map match-all QG_4 match qos-group 4 class-map match-all QG_6 match qos-group 6 ! policy-map LAN-INPUT class V4_TRAFFIC set qos-group 4 class V6_TRAFFIC set qos-group 6 ! policy-map WAN-OUTPUT class SELF_TRAFFIC set dscp cs3 class QG_4 set ip dscp cs1 class QG_6 set dscp default
Selected Answer: D
Question #: 233
Topic #: 1
Refer to the exhibit. An engineer is configuring IS-IS on ISP network. Which IS-IS configuration must an engineer implement on router AGG1 so that it establishes connectivity to router AGG6 via the BB3 core router?
A. router isis 100 metric-style narrow interface GigabitEthernet 3 isis metric 10 level-2
B. router isis 100 metric-style wide interface GigabitEthernet 3 isis metric 1500 level-2
C. router isis 100 metric-style narrow interface GigabitEthernet 3 isis metric 10 level-1
D. router isis 100 metric-style wide interface GigabitEthernet 3 isis metric 1500 level-1
Selected Answer: D
Question #: 234
Topic #: 1
Refer to the exhibit. A network engineer notices PE-21 convergence degradation due to the growing LSDB size of Level 2 areas in the network. The engineer decides to migrate router PE-21 from an inter-area design to an intra-area implementation. Inter-area routing must be accomplished via an ATT-bit set by the
Level 1/Level 2 router. Which configuration must the engineer implement on PE-21 to complete the migration?
A. configure terminal router isis 1 no net 49.0200 net 49.5000 is-type level-1-2 end
B. configure terminal router isis 1 net 49.5000.0100.1202.0021.00 is-type level-1-2 end
C. configure terminal router isis 1 net 49.5000.0100.1222.0022.00 is-type level-1 end
D. configure terminal router isis 1 no net 49.0200.0100.1202.0021.00 net 49.5000.0100.1202.0021.00 is-type level-1 end
Selected Answer: D
Question #: 235
Topic #: 1
router(config)# route-map blackhole-trigger router(config-route-map)# match tag 777 router(config-route-map)# set ip next-hop 10.0.1.1 router(config-route-map)# set origin igp router{config-route-map)# set community no-export
Refer to the exhibit. EIGRP is running across the core to exchange internal routes, and each router maintains iBGP adjacency with the other routers on the network. An operator has configured static routes on the edge routers R1 and R2 for IP address 10.0.1.1, which is used as a black hole route as shown. Which configuration should the operator implement to the management router to create a route map that will redistribute tagged static routes into BGP and create a static route to blackhole traffic with tag 777 that is destined to the server at 192.168.10.100?
A. router(config)# router bgp 55100 router(config-router)# redistribute static route-map blackhole-trigger router(config)# ip route 10.0.1.1 255.255.255.255 Null0 tag 777
B. router(config)# router bgp 55100 router(config-router)# redistribute static route-map blackhole-trigger router(config)# ip route 192.168.10.100 255.255.255.255 Null0 tag 777
C. router(config)# router bgp 55100 router(config-router)# redistribute connected router(config)# ip route 192.168.10.100 255.255.255.255 tag 777
D. router(config)# router bgp 55100 router(config-router)# redistribute connected route-map blackhole-trigger router(config)# ip route 192.168.10.100 255.255.255.255 Null0 tag 777
Selected Answer: B
Question #: 236
Topic #: 1
Refer to the exhibit. ISP ASN 65100 provides Internet services to router CE-1 and receives customer prefix 198.18.18.0/24 via eBGP. An administrator for the ISP is now provisioning RTBH services to provide on-demand data-plane security for the customer’s IP space. Which route-map configuration must the administrator apply to router RTBH-1 to complete the implementation of RTBH services to CE-1?
A. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community no-export additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
B. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community local-as additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
C. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefixlist AS65001-PREFIXES match community 99 set local-preference 200 set community no-advertise additive set ip next-hop local-address route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
D. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community no-advertise additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
Selected Answer: A
Question #: 237
Topic #: 1
Refer to the exhibit. Routers P4 and P5 receive the 0.0.0.0/0 route from the ISP via eBGP peering. P4 is the primary Internet gateway router, and P5 is its backup.
P5 is already advertising a default route into the OSPF domain. Which configuration must be applied to P4 so that it advertises a default route into OSPF and becomes the primary Internet gateway for the network?
A. configure terminal router ospfv3 100 address-family ipv4 unicast default-information originate metric 40 metric-type 2 end
B. configure terminal router ospfv3 100 address-family ipv4 unicast default-information originate metric 40 metric-type 1 end
C. configure terminal router ospfv3 100 address-family ipv4 unicast redistribute bgp 65500 metric 40 metric-type 1 end
D. configure terminal router ospfv3 100 address-family ipv4 unicast default-information originate always metric 40 metric-type 1 end
Selected Answer: B
Question #: 238
Topic #: 1
Refer to the exhibit. An ISP provides shared VoIP Extranet services to a customer in VRF-100 with these settings:
✑ The VoIP services are hosted in the 198.19.100.0/24 space.
✑ The customer has been assigned the 198.18.1.0/29 IP address block.
✑ VRF-100 is assigned import and export route target 65010:100.
Which configuration must the engineer apply to PE-1 to provision VRF-100 and provide access to the shared services?
A. vrf definition VRF-100 rd 172.17.255.1:100 ! address-family ipv4 export map VRF-100-EXPORT import map VRF-100-IMPORT exit-address-family ! route-map VRF-100-EXPORT permit 10 match ip address prefix-list VRF-100-ALLOWED-EXPORT set extcommunity rt 65010:100 65010:2999 route-map VRF-100-EXPORT permit 20 set extcommunity rt 65010:100 ! route-map VRF-100-IMPORT permit 10 match extcommunity VRF-100-RT SHARED-SERVICES ! ip extcommunity-list standard SHARED-SERVICES permit rt 65010:1999 ip extcommunity-list standard VRF-100-RT permit rt 65010:100 ip prefix-list VRF-100-ALLOWED-EXPORT seq 5 permit 198.18.1.0/29
B. vrf definition VRF-100 rd 172.17.255.1:100 ! address-family ipv4 export map VRF-100-EXPORT route-target import 65010:100 route-target import 65010:2999 exit-address-family ! route-map VRF-100-EXPORT permit 10 match ip address prefix-list VRF-100-ALLOWED-EXPORT set extcommunity rt 65010:100 65010:1999 route-map VRF-100-EXPORT permit 20 set extcommunity rt 65010:100 ! ip prefix-list VRF-100-ALLOWED-EXPORT seq 5 permit 198.18.1.0/29
C. vrf definition VRF-100 rd 172.17.255.1:100 ! address-family ipv4 export map VRF-100-EXPORT route-target import 65010:100 route-target import 65010:1999 exit address-family ! route-map VRF-100-EXPORT permit 10 match ip address prefix-list VRF-100-ALLOWED-EXPORT set extcommunity rt 65010:100 65010:2999 route-map VRF-100-EXPORT permit 20 set extcommunity r 65010:100 ! ip prefix-list VRF-100-ALLOWED-EXPORT seq 5 permit 198.18.1.0/29
D. vrf definition VRF-100 rd 172.17.255.1:100 ! address-family ipv4 route-target export 65010:100 route-target export 65010:1999 route-target import 65010:100 route-target import 65010:2999 exit-address-family
Selected Answer: D
Question #: 239
Topic #: 1
Refer to the exhibit. The network engineer who manages ASN 65001 is troubleshooting suboptimal routing to the 198.18.15.0/24 prefix. According to the network requirements:
✑ Routing to IP destinations in the 198.18.15.0/25 block must be preferred via the EDGE-1 PE.
✑ Routing to IP destinations in the 198.18.15.128/25 block must be preferred via the EDGE-2 PE.
✑ More specific prefixes of the 198.18.15.0/24 block must not be advertised beyond the boundaries of ASN 64611.
✑ Routing to 198.18.15.0/24 must be redundant in case one of the uplinks on INT-R1 fails.
Which configuration must the network engineer implement on INT-R1 to correct the suboptimal routing and fix the issue?
A. configure terminal route-policy ASN65001-SPECIFIC-OUT if destination in (198.18.15.0/25) then set community (no-export, peeras:65001) done endif if destination in (198.18.15.0/24) then prepend as-path 65001 3 done endif drop end-policy ! router bgp 65001 neighbor 100.65.0.1 address-family ipv4 unicast route-policy ASN65001-SPECIFIC-OUT out end
B. configure terminal route-policy ASN65001-SPECIFIC-OUT if destination in (198.18.15.0/25) then set community (internal, peeras:65001) done endif if destination in (198.18.15.0/24) then done endif drop end-policy ! router bgp 65001 neighbor 100.65.0.1 address-family ipv4 unicast route-policy ASN65001-SPECIFIC-OUT out end
C. configure terminal route-policy ASN65001-SPECIFIC-OUT if destination in (198.18.15.0/25) then set community (no-advertise, peeras:65001) done endif if destination in (198.18.15.128/25) then prepend as-path 65001 3 done endif drop end-policy ! router bgp 65001 neighbor 100.65.0.1 address-family ipv4 unicast route-policy ASN65001-SPECIFIC-OUT out end
D. configure terminal route-policy ASN65001-SPECIFIC-OUT if destination in (198.18.15.0/25) then set community (no-export, peeras:65001) done endif if destination in (198.18.15.128/25) then prepend as-path 65001 3 done endif drop end-policy ! router bgp 65001 neighbor 100.65.0.1 address-family ipv4 unicast route-policy ASN65001-SPECIFIC-OUT in end
Selected Answer: A
Question #: 240
Topic #: 1
Refer to the exhibit. The USER that is connecting an application on an Internet connection in AS 100 is facing these issues:
✑ The USER lost the connection to the application during a failure between IG and R2.
✑ Router R2 configuration is lost due to a power outage.
✑ The application the USER is connecting to is hosted behind CE2.
What action resolves the issues on R3 and R4 routers?
A. Apply low Local Preference on R4 toward R2.
B. Apply high Local Preference on R3 toward R1.
C. Set R4 as a route reflector for R3 and CE2.
D. Set R3 as a route reflector for R4 and CE1.
Selected Answer: C
