Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← VRF-Lite practice sets

300-410 VRF-Lite • Complete Question Bank

300-410 VRF-Lite — All Questions With Answers

Complete 300-410 VRF-Lite question bank — all 0 questions with answers and detailed explanations.

76
Questions
Free
No signup
Certifications/300-410/Practice Test/VRF-Lite/All Questions
Question 1mediummultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a VRF-Lite setup where two customer VRFs (VRF_A and VRF_B) are configured on a router. The engineer notices that routes from VRF_A are appearing in the routing table of VRF_B, causing traffic misdirection. The router is running IOS-XE 17.3. What is the most likely cause of this issue?

Question 2mediummultiple choice
Review the full OSPF breakdown →

A network engineer is troubleshooting a VRF-Lite configuration on a Cisco router. The router has two VRFs (VRF_RED and VRF_BLUE) configured with OSPF as the routing protocol. The engineer notices that OSPF neighborships are not forming between routers in VRF_RED. The 'show ip ospf neighbor' command shows no neighbors. What is the most likely cause?

Question 3hardmultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting a VRF-Lite deployment where two routers are connected via a trunk link. Each router has two VRFs (VRF_A and VRF_B). The engineer configures subinterfaces on the trunk link, assigning each subinterface to a different VRF. However, traffic between the two routers for VRF_A is not working. The 'show vrf' command shows the VRFs are active. What is the most likely issue?

Question 4hardmultiple choice
Open the full BGP breakdown →

A network engineer is troubleshooting a VRF-Lite scenario where a router is configured with two VRFs (VRF_X and VRF_Y). The engineer notices that routes from VRF_X are not being advertised to the neighbor router via eBGP. The BGP configuration includes 'neighbor 10.1.1.2 remote-as 65002' under the VRF_X BGP address-family. The 'show bgp vpnv4 unicast all neighbors' command shows the BGP session is established. What is the most likely cause?

Question 5mediummultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a VRF-Lite setup where a router is configured with VRF_GREEN. The engineer pings the gateway IP of a host in VRF_GREEN from the router, but the ping fails. The 'show ip route vrf VRF_GREEN' command shows the connected network for the host's subnet. The 'show ip interface brief' shows the interface is up/up. What is the most likely cause?

Question 6mediummultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a VRF-Lite configuration where a router is using RIP as the routing protocol in VRF_BLUE. The engineer notices that RIP routes are not being learned from a neighbor router. The 'show ip rip database vrf VRF_BLUE' shows no entries. The 'show ip vrf interfaces VRF_BLUE' shows the correct interface. What is the most likely cause?

Question 7easymultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a VRF-Lite deployment where a router is configured with VRF_ORANGE. The engineer attempts to configure a static route in VRF_ORANGE using the command 'ip route vrf VRF_ORANGE 192.168.10.0 255.255.255.0 10.1.1.1', but the route does not appear in the routing table. The 'show ip route vrf VRF_ORANGE' does not show the static route. What is the most likely cause?

Question 8hardmultiple choice
Study the full EIGRP explanation →

A network engineer is troubleshooting a VRF-Lite setup where two routers are connected via a serial link. Each router has VRF_SALES configured. The engineer configures EIGRP in VRF_SALES. The 'show ip eigrp vrf VRF_SALES neighbors' shows no neighbors. The 'show ip eigrp vrf VRF_SALES interfaces' shows the serial interface is passive. What is the most likely cause?

Question 9hardmultiple choice
Read the full VRF explanation →

A network engineer is troubleshooting a VRF-Lite configuration on a Cisco router. The router has two VRFs (VRF_CUSTOMER_A and VRF_CUSTOMER_B). The engineer notices that traffic from VRF_CUSTOMER_A is being routed to the wrong next-hop, causing connectivity issues. The 'show ip route vrf VRF_CUSTOMER_A' shows a route to the destination via a next-hop that belongs to VRF_CUSTOMER_B. What is the most likely cause?

Question 10mediummultiple choice
Read the full VRF explanation →

A network engineer runs the following command on Router R1:

R1# show ip vrf interfaces
Interface   VRF          IP Address    Protocol

GigabitEthernet0/0 BLUE 10.1.1.1 up GigabitEthernet0/1 BLUE 10.1.2.1 up GigabitEthernet0/2 RED 192.168.1.1 up Loopback0 BLUE 10.0.0.1 up Loopback1 RED 192.168.0.1 up

Based on this output, which statement is correct?

Question 11hardmultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip route vrf BLUE

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.1.1.0/24 is directly connected, GigabitEthernet0/0
C        10.1.2.0/24 is directly connected, GigabitEthernet0/1
O        10.2.0.0/16 [110/20] via 10.1.1.2, 00:00:15, GigabitEthernet0/0

Based on this output, what is the problem?

Question 12mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show ip bgp vpnv4 vrf RED summary

BGP router identifier 192.168.0.1, local AS number 65001 BGP table version is 5, main routing table version 5 4 network entries using 576 bytes of memory 4 path entries using 320 bytes of memory 2/1 BGP path/bestpath attribute entries using 320 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1216 total bytes of memory BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4        65001      23      25        5    0    0 00:12:34        2
10.1.2.2        4        65002      18      20        5    0    0 00:10:15        1

Based on this output, which statement is correct?

Question 13hardmultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show ip eigrp vrf RED neighbors

EIGRP-IPv4 Neighbors for AS(100) VRF RED H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.2 Gi0/2 13 00:15:30 12 200 0 45 1 192.168.2.2 Gi0/3 12 00:14:20 15 200 0 32

Based on this output, what is the problem?

Question 14mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip ospf neighbor vrf BLUE

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.0.0.2          1   FULL/DR        00:00:32    10.1.1.2        GigabitEthernet0/0
10.0.0.3          1   2WAY/DROTHER   00:00:35    10.1.2.2        GigabitEthernet0/1

Based on this output, which statement is correct?

Question 15hardmultiple choice
Read the full VRF explanation →

A network engineer runs the following command on Router R1:

R1# show route-map VRF_RED_MAP

route-map VRF_RED_MAP, permit, sequence 10 Match clauses:

ip address prefix-list RED_PREFIXES

Set clauses: tag 100 Policy routing matches: 0 packets, 0 bytes

Based on this output, what is the problem?

Question 16mediummultiple choice
Study the full IPv6 explanation →

A network engineer runs the following command on Router R1:

R1# show ip vrf detail RED

VRF RED (VRF Id = 1); default RD <not set>

Interfaces:

GigabitEthernet0/2 Loopback1 Address family IPV4 (Table ID = 1):

No Export VPN route-target communities
      No Import VPN route-target communities
      No import route-map
      No export route-map

VRF label distribution protocol: not configured Address family IPV6 (Table ID = 0x1E000001):

No Export VPN route-target communities
      No Import VPN route-target communities
      No import route-map
      No export route-map

VRF label distribution protocol: not configured

Based on this output, which statement is correct?

Question 17hardmultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show ip bgp vpnv4 vrf RED neighbors 10.1.1.2 advertised-routes

BGP table version is 5, local router ID is 192.168.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0/24 0.0.0.0 0 32768 i *> 192.168.2.0/24 0.0.0.0 0 32768 i

Total number of prefixes 2

Based on this output, what is the problem?

Question 18easymultiple choice
Read the full VRF explanation →

A network engineer runs the following command on Router R1:

R1# show ip route vrf RED 192.168.1.0

Routing entry for 192.168.1.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via GigabitEthernet0/2 Route metric is 0, traffic share count is 1

Based on this output, which statement is correct?

Question 19mediummultiple choice
Read the full VRF explanation →

Given the following partial configuration on router R1: ```

interface GigabitEthernet0/0
 ip vrf forwarding CUSTOMER_A
 ip address 192.168.1.1 255.255.255.0

``` What is the effect of this configuration?

Question 20mediummultiple choice
Read the full VRF explanation →

Consider this partial configuration: ```

ip vrf CUSTOMER_B

rd 65000:1 route-target export 65000:1 route-target import 65000:1 ``` What statement is true about this VRF configuration?

Question 21mediummultiple choice
Read the full VRF explanation →

Examine the following configuration: ```

interface GigabitEthernet0/1
 ip vrf forwarding CUSTOMER_C
 ip address 10.1.1.1 255.255.255.0
 no shutdown

``` What is missing from this configuration to ensure that routes from VRF CUSTOMER_C are properly isolated?

Question 22mediummultiple choice
Review the full OSPF breakdown →

Given this configuration on router R2: ```

ip vrf CUSTOMER_D

rd 100:1 !

interface GigabitEthernet0/0
 ip vrf forwarding CUSTOMER_D
 ip address 192.168.2.1 255.255.255.0

!

router ospf 1 vrf CUSTOMER_D
 network 192.168.2.0 0.0.0.255 area 0

``` What will happen when this configuration is applied?

Question 23mediummultiple choice
Read the full VRF explanation →

Consider the following configuration: ```

ip vrf CUSTOMER_E

rd 200:1 route-target export 200:1 route-target import 200:1 !

interface GigabitEthernet0/0
 ip vrf forwarding CUSTOMER_E
 ip address 172.16.0.1 255.255.255.0

!

interface GigabitEthernet0/1
 ip vrf forwarding CUSTOMER_E
 ip address 172.16.1.1 255.255.255.0

``` What is the effect of the route-target commands in this VRF-Lite scenario?

Question 24mediummultiple choice
Read the full VRF explanation →

Examine this partial configuration: ```

interface GigabitEthernet0/0
 ip vrf forwarding CUSTOMER_F
 ip address 10.10.10.1 255.255.255.0

!

interface GigabitEthernet0/1
 ip vrf forwarding CUSTOMER_G
 ip address 10.10.20.1 255.255.255.0

``` What is required to enable communication between VRF CUSTOMER_F and VRF CUSTOMER_G?

Question 25easymultiple choice
Read the full VRF explanation →

What is the default route distinguisher (RD) format when using the 'ip vrf' command without specifying an RD?

Question 26mediummultiple choice
Read the full VRF explanation →

In VRF-Lite, which routing protocols can be used within a VRF?

Question 27easymultiple choice
Read the full VRF explanation →

What is the maximum number of VRFs that can be configured on a Cisco IOS router?

Question 28mediummulti select
Read the full VRF explanation →

Which TWO commands can be used to verify the VRF configuration and associated interfaces on a Cisco IOS-XE router running VRF-Lite? (Choose TWO.)

Question 29mediummulti select
Read the full VRF explanation →

Which TWO statements are true regarding the use of VRF-Lite in a Cisco Enterprise network? (Choose TWO.)

Question 30mediummulti select
Read the full VRF explanation →

Which TWO configuration steps are required to enable VRF-Lite on a Cisco IOS-XE router for a customer with two separate routing domains? (Choose TWO.)

Question 31hardmulti select
Open the full VLAN trunking answer →

Which THREE symptoms indicate a misconfiguration in a VRF-Lite deployment where two routers are connected via a trunk link and each VRF should have connectivity? (Choose THREE.)

Question 32hardmulti select
Read the full VRF explanation →

Which THREE commands are used to troubleshoot VRF-Lite connectivity issues on a Cisco IOS-XE router? (Choose THREE.)

Question 33hardmultiple choice
Read the full VRF explanation →

A large enterprise network is experiencing intermittent reachability between VRF-A on Router R1 and VRF-B on Router R2. R1 has the following relevant configuration: ip vrf VRF-A, rd 100:1, route-target export 100:1, route-target import 100:2. R2 shows: ip vrf VRF-B, rd 200:2, route-target export 200:2, route-target import 200:1. The link between R1 and R2 is configured with VRF forwarding VRF-A on R1 and VRF forwarding VRF-B on R2. What is the root cause?

Question 34hardmultiple choice
Read the full VRF explanation →

Router R1 is leaking a summary route 10.0.0.0/8 from VRF-A into the global routing table, but hosts in the global table cannot reach subnet 10.1.1.0/24 within VRF-A. R1 configuration: ip vrf VRF-A, rd 100:1, route-target export 100:1, route-target import 100:1. Interface Gig0/0 in VRF-A has ip address 10.1.1.1 255.255.255.0. The leaking is done via route-map: route-map LEAK permit 10, match ip address prefix-list SUMMARY, set global. Prefix-list SUMMARY permits 10.0.0.0/8. What is the root cause?

Question 35hardmultiple choice
Review the full OSPF breakdown →

In a VRF-Lite setup, Router R1 and R2 are running OSPF in VRF-A. R1 has interface Gig0/0 in VRF-A with ip ospf network point-to-point. R2 has interface Gig0/1 in VRF-A with default network type (broadcast). The link between them is a direct Ethernet connection. OSPF neighbors are not forming. What is the root cause?

Question 36hardmultiple choice
Study the full EIGRP explanation →

Router R1 is running EIGRP in VRF-A with two neighbors: R2 and R3. R2 is a directly connected router, R3 is reachable via R2. The network is experiencing EIGRP stuck-in-active (SIA) routes for prefixes learned from R3. R1 configuration: router eigrp 100, address-family ipv4 vrf VRF-A, network 10.0.0.0. R2 is configured similarly. The link between R1 and R2 is a serial link with low bandwidth. What is the root cause?

Question 37hardmultiple choice
Read the full VPN explanation →

In a DMVPN network with VRF-Lite, Router R1 (hub) and R2 (spoke) are configured for VRF-A. The DMVPN tunnel is up, but spoke-to-spoke traffic between R2 and R3 (another spoke) fails. R1 has configuration: interface Tunnel0, ip vrf forwarding VRF-A, ip address 172.16.0.1 255.255.255.0, tunnel source Gig0/0, tunnel mode gre multipoint. R2 has similar configuration with tunnel destination dynamic. The NHRP map for R3 is missing on R2. What is the root cause?

Question 38hardmultiple choice
Read the full MPLS explanation →

Router R1 is configured for VRF-Lite with MPLS. The interface Gig0/0 is in VRF-A and is running LDP. The LDP neighbor with R2 is not establishing. R1 configuration: mpls ip, mpls label protocol ldp, interface Gig0/0, ip vrf forwarding VRF-A, ip address 10.0.0.1 255.255.255.252. R2 has similar configuration without VRF. The LDP hello packets are sent but not received. What is the root cause?

Question 39hardmultiple choice
Read the full VRF explanation →

Router R1 is leaking routes from VRF-A to the global table using route-map LEAK. The global table receives the routes, but traffic from the global table to destinations in VRF-A is dropped. R1 configuration: ip vrf VRF-A, rd 100:1, route-target export 100:1, route-target import 100:1. The route-map LEAK is applied to the VRF export. The global table has a default route pointing to null0. What is the root cause?

Question 40hardmultiple choice
Study the full ACL explanation →
Router R1 has an ACL applied to interface Gig0/0 in VRF-A that permits only specific management traffic. The ACL is: access-list 100 permit udp any any eq snmp, access-list 
100 permit tcp any any eq ssh, access-list 
100 deny ip any any. The router's SNMP and SSH services are configured globally. Management stations in the global table cannot reach the router's VRF interface IP. What is the root cause?
Question 41hardmultiple choice
Read the full VRF explanation →

Router R1 is configured with VRF-A and VRF-B. Route leaking is configured between them using route-targets. However, routes from VRF-A are appearing in VRF-B with incorrect next-hop addresses, causing traffic to be black-holed. R1 configuration: ip vrf VRF-A, rd 100:1, route-target both 100:1. ip vrf VRF-B, rd 200:2, route-target both 200:2. Additionally, a route-map is applied to the VRF-A export: route-map LEAK, set global. The route-map does not modify the next-hop. What is the root cause?

Question 42mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a VRF-Lite issue:

R1# show ip route vrf CUSTOMER_A summary

Output:

IP routing table name: CUSTOMER_A (0x00000001)
IP routing table maximum-paths: 32

Route Source Networks Subnets Replicates Overhead Memory (bytes) connected 2 0 0 0 576 static 1 0 0 0 288 eigrp 100 3 0 0 0 864 Internal 3 0 0 0 864 External 0 0 0 0 0 ospf 200 0 0 0 0 0 Intra-area 0 0 0 0 0 Inter-area 0 0 0 0 0 External-1 0 0 0 0 0 External-2 0 0 0 0 0 NSSA-1 0 0 0 0 0 NSSA-2 0 0 0 0 0 bgp 65000 0 0 0 0 0 Internal 0 0 0 0 0 External 0 0 0 0 0 Total 6 0 0 0 1728

What does this output indicate?

Question 43mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command to troubleshoot a VRF-Lite issue:

R1# show ip eigrp vrf CUSTOMER_B topology 10.1.1.0/24

Output: IP-EIGRP (AS 100): Topology entry for 10.1.1.0/24 for VRF CUSTOMER_B State is Passive, Query origin flag is 1, 1 Successor(s), FD is 131072 Routing Descriptor Blocks:

10.1.1.1 (GigabitEthernet0/1), from 10.1.1.1, Send flag is 0x0

Composite metric is (131072/128256), Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1

What does this output indicate?

Question 44hardmultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a VRF-Lite OSPF adjacency issue:

R1# debug ip ospf adj vrf CUSTOMER_C

Output: OSPF: 2 Way state received from 10.1.1.2 on interface GigabitEthernet0/1, address 10.1.1.2 OSPF: Neighbor 10.1.1.2 is eligible for DR election on interface GigabitEthernet0/1 OSPF: DR election: 10.1.1.1 (pri 1) is DR, 10.1.1.2 (pri 1) is BDR OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq 0x80000001 OSPF: Neighbor 10.1.1.2 is FULL, state changed from LOADING to FULL

What does this output indicate?

Question 45mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command to troubleshoot a VRF-Lite BGP route advertisement issue:

R1# show bgp vpnv4 vrf CUSTOMER_D 10.2.2.0/24

Output: BGP routing table entry for 10.2.2.0/24, version 5 Paths: (1 available, best #1, table CUSTOMER_D) Advertised to update-groups: 1 Refresh Epoch 1 Local

10.1.1.2 (metric 20) from 10.1.1.2 (2.2.2.2)

Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:100:200 mpls labels in/out nolabel/20

What does this output indicate?

Question 46hardmultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a VRF-Lite redistribution issue:

R1# debug ip routing vrf CUSTOMER_E

Output: RT: add 10.3.3.0/24 via 10.1.1.2, ospf 200 metric [110/20] RT: add 10.3.3.0/24 via 10.1.1.2, eigrp 100 metric [90/131072] tag 0 RT: closer admin distance for 10.3.3.0/24, adding via eigrp 100 RT: add 10.3.3.0/24 to routing table, via eigrp 100

What does this output indicate?

Question 47mediummultiple choice
Read the full MPLS explanation →

A network engineer runs the following command to troubleshoot a VRF-Lite MPLS LDP issue:

R1# show mpls ldp bindings vrf CUSTOMER_F

Output: lib entry: 10.4.4.0/24, rev 2 local binding: label: 16 remote binding: lsr: 2.2.2.2:0, label: 20 lib entry: 10.5.5.0/24, rev 3 local binding: label: 17 remote binding: lsr: 2.2.2.2:0, label: 21

What does this output indicate?

Question 48hardmultiple choice
Read the full VPN explanation →

A network engineer runs the following command to troubleshoot a VRF-Lite DMVPN issue:

R1# show ip nhrp vrf CUSTOMER_G detail

Output:

10.6.6.1/32 via 10.6.6.1, Tunnel0 created 00:01:00, expire 01:59:00

Type: dynamic, Flags: used NBMA address: 192.168.1.1 (no-socket) Registration handle: 0x00000001 Cache entries: 1

What does this output indicate?

Question 49mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command to troubleshoot a VRF-Lite IPsec issue:

R1# show crypto ipsec transform-set vrf CUSTOMER_H

Output: Transform set combined: { esp-aes 256 esp-sha-hmac } will negotiate = { Tunnel, }

What does this output indicate?

Question 50hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command to troubleshoot a VRF-Lite CoPP issue:

R1# show policy-map control-plane input class CoPP-ACL vrf CUSTOMER_I

Output: Class-map: CoPP-ACL (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

What does this output indicate?

Question 51hardmultiple choice
Study the full EIGRP explanation →

In a VRF-Lite environment running EIGRP, what is the default hello timer value on a Frame Relay multipoint interface?

Question 52easymultiple choice
Review the full OSPF breakdown →

What is the default OSPF dead timer interval on a point-to-point interface within a VRF-Lite configuration?

Question 53mediummultiple choice
Read the full VRF explanation →

In a VRF-Lite setup using RIP, what is the default update timer value?

Question 54mediummultiple choice
Open the full BGP breakdown →

Which BGP attribute is used as the first tie-breaker when selecting the best path in a VRF-Lite environment?

Question 55easymultiple choice
Review the full OSPF breakdown →

In a VRF-Lite scenario with OSPF, what is the default network type on a physical Ethernet interface?

Question 56mediummultiple choice
Study the full EIGRP explanation →

Which EIGRP packet type is used to confirm receipt of an update during reliable transport in a VRF-Lite configuration?

Question 57easymultiple choice
Review the full OSPF breakdown →

What is the default administrative distance for OSPF routes in a VRF-Lite environment on Cisco IOS-XE?

Question 58hardmultiple choice
Study the full EIGRP explanation →

In a VRF-Lite environment running EIGRP, what is the default maximum hop count for routes?

Question 59mediummultiple choice
Read the full VRF explanation →

Which loop prevention mechanism is used by default in RIP within a VRF-Lite configuration?

Question 60mediumdrag order
Read the full VRF explanation →

Drag and drop the steps to configure inter-VRF route leaking using static routes in VRF-Lite into the correct order, from first to last.

Question 61harddrag order
Read the full VRF explanation →

Drag and drop the steps to troubleshoot VRF-Lite adjacency or connectivity failures into the correct order, from first to last.

Question 62mediumdrag order
Read the full VRF explanation →

Drag and drop the steps to verify and validate VRF-Lite operational state into the correct order, from first to last.

Question 63hardmulti select
Review the full OSPF breakdown →

Which TWO statements correctly describe the behavior of VRF-Lite when using OSPF as the IGP? (Choose TWO.)

Question 64hardmulti select
Read the full VRF explanation →

An engineer is troubleshooting a VRF-Lite setup where two VRFs (BLUE and RED) are configured on a router. Hosts in VRF BLUE cannot ping the default gateway of VRF RED. Which TWO statements correctly explain why this is expected behavior? (Choose TWO.)

Question 65hardmulti select
Read the full VRF explanation →

Which TWO configuration changes are required to enable inter-VRF route leaking between VRF A and VRF B using static routes? (Choose TWO.)

Question 66hardmulti select
Read the full VRF explanation →

Which THREE commands can be used to verify VRF-Lite configuration and operation on a Cisco IOS-XE router? (Choose THREE.)

Question 67hardmulti select
Read the full DHCP explanation →

Which TWO statements about VRF-Lite and DHCP are true? (Choose TWO.)

Question 68hardmultiple choice
Review the full OSPF breakdown →

A network engineer configures VRF-Lite with OSPF as the routing protocol. Two routers in the same VRF are directly connected, but the OSPF neighbor state remains stuck in EXSTART/EXCHANGE. The engineer verifies that the MTU on both interfaces is 1500. Which is the most likely explanation?

Question 69hardmultiple choice
Study the full EIGRP explanation →

In a VRF-Lite environment, EIGRP is configured between two routers. The engineer notices that the EIGRP neighbor relationship is flapping intermittently. Debug output shows 'dually' messages and the route is occasionally marked as 'stuck-in-active' (SIA). The link is Ethernet with no errors. Which is the most likely explanation?

Question 70hardmultiple choice
Review the full OSPF breakdown →

A network engineer configures iBGP within a VRF-Lite environment. The VRF has an IGP (OSPF) running, and BGP is used to exchange customer routes. The engineer notices that BGP routes are not being installed in the VRF routing table, even though they are present in the BGP table. The 'bgp redistribute-internal' command is not configured. Which is the most likely explanation?

Question 71hardmultiple choice
Review the full OSPF breakdown →

In a VRF-Lite network, redistribution is configured between OSPF and EIGRP. The engineer notices that some routes are being redistributed in a loop, causing instability. The network uses route tagging, but the loop persists. Which is the most likely explanation?

Question 72hardmultiple choice
Read the full VPN explanation →

A DMVPN Phase 2 network is configured with VRF-Lite. Spokes can communicate with the hub, but spoke-to-spoke traffic is not working. The engineer verifies that NHRP registrations are successful and that the spoke routers have the correct NHRP mappings for other spokes. Which is the most likely explanation?

Question 73hardmultiple choice
Study the full ACL explanation →

An engineer configures IPsec between two VRF-Lite routers using a site-to-site VPN. The tunnel is established, but no traffic is encrypted. The engineer verifies that the crypto map is applied to the correct interface and that the ACL for interesting traffic matches the VRF traffic. Which is the most likely explanation?

Question 74hardmultiple choice
Study the full ACL explanation →

A network engineer applies a CoPP (Control Plane Policing) policy to a router running VRF-Lite. The policy includes a class that matches SSH traffic and polices it to 1 Mbps. After applying the policy, the engineer cannot SSH into the router from any VRF. Which is the most likely explanation?

Question 75hardmultiple choice
Read the full VRF explanation →

A router is configured with uRPF (Unicast Reverse Path Forwarding) in strict mode on an interface that belongs to a VRF. The network uses asymmetric routing for load balancing. The engineer notices that legitimate traffic from a customer is being dropped. Which is the most likely explanation?

Question 76hardmultiple choice
Review the full OSPF breakdown →

In a VRF-Lite network, OSPF is configured with a distribute-list that filters routes from being installed in the routing table. The engineer notices that the distribute-list is working, but the filtered routes are still being advertised to OSPF neighbors. Which is the most likely explanation?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

300-410 Practice Test 1 — 10 Questions→300-410 Practice Test 2 — 10 Questions→300-410 Practice Test 3 — 10 Questions→300-410 Practice Test 4 — 10 Questions→300-410 Practice Test 5 — 10 Questions→300-410 Practice Exam 1 — 20 Questions→300-410 Practice Exam 2 — 20 Questions→300-410 Practice Exam 3 — 20 Questions→300-410 Practice Exam 4 — 20 Questions→Free 300-410 Practice Test 1 — 30 Questions→Free 300-410 Practice Test 2 — 30 Questions→Free 300-410 Practice Test 3 — 30 Questions→300-410 Practice Questions 1 — 50 Questions→300-410 Practice Questions 2 — 50 Questions→300-410 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All VRF-Lite setsAll VRF-Lite questions300-410 Practice Hub