CCNA IP Routing Questions

44 of 344 questions · Page 5/5 · IP Routing · Answers revealed

301
PBQhard

You are connected to R1 via the console. R1 and R2 are running HSRP for the VLAN 10 subnet 192.168.10.0/24. Currently both routers are active for group 10, causing instability. Configure R1 so that it becomes the active router when its G0/0 interface is up, and R2 takes over only if R1's G0/0 fails. Also correct the virtual IP address to 192.168.10.1. Verify with show standby brief.

Hints

  • Check the virtual IP address on R1; it does not match the required 192.168.10.1.
  • Both routers are active because preempt is missing on R2; ensure R1 can reclaim active role.
  • Use the track interface feature to reduce priority on R1 if its G0/0 goes down.
A.On R1: interface GigabitEthernet0/0, standby 10 ip 192.168.10.1, standby 10 preempt, standby 10 track GigabitEthernet0/0 decrement 60. On R2: standby 10 preempt.
B.On R1: interface GigabitEthernet0/0, standby 10 ip 192.168.10.1, standby 10 preempt, standby 10 track GigabitEthernet0/0 decrement 10. On R2: no additional configuration.
C.On R1: interface GigabitEthernet0/0, standby 10 ip 192.168.10.1, standby 10 preempt, standby 10 track GigabitEthernet0/0 decrement 60. On R2: no additional configuration.
D.On R1: interface GigabitEthernet0/0, standby 10 ip 192.168.10.254, standby 10 preempt, standby 10 track GigabitEthernet0/0 decrement 60. On R2: standby 10 preempt.
AnswerA
solution
! R1
configure terminal
interface GigabitEthernet0/0
no standby 10 ip 192.168.10.254
standby 10 ip 192.168.10.1
standby 10 track GigabitEthernet0/0 decrement 60
end

Why this answer

The dual-active state was caused by R1 having an incorrect virtual IP address (192.168.10.254 instead of 192.168.10.1), making it active for a different HSRP group. Correcting the VIP to 192.168.10.1 on R1 aligns both routers to the same group. Enabling preempt on R2 (and it should already be enabled on R1) allows R1 to reclaim the active role after the VIP correction.

Additionally, interface tracking with a decrement of 60 ensures that if R1's G0/0 fails, R1's priority drops below 100, allowing R2 to take over.

Exam trap

Remember that preempt must be enabled on both HSRP routers for proper failover and reclamation. Also, interface tracking decrement must be large enough to drop priority below the standby router's priority. Finally, always verify the virtual IP address matches the required gateway.

Why the other options are wrong

B

The decrement value of 10 does not cause R1's priority to drop below R2's default priority of 100 (assuming R1 starts at 100, it becomes 90, still above R2's 100? Actually 90 < 100, but without preempt on R2, R2 won't become active. The main error is missing preempt on R2 and insufficient decrement to ensure R2 takes over.

C

Missing preempt on R2 prevents R1 from becoming active again after a failure, which violates the requirement that R1 should be active when its interface is up.

D

The virtual IP is not corrected to 192.168.10.1; it stays at 192.168.10.254, which is not the correct gateway address for the subnet.

302
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure single‑area OSPFv2 on a router, advertise the 192.168.10.0/24 and 10.0.0.0/24 networks in area 0, and set the GigabitEthernet0/0 interface as passive.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct sequence is: (1) Enter global configuration mode with 'configure terminal' – this is required before any configuration commands. (2) Initiate the OSPF process with 'router ospf 1' – this places the CLI into OSPF router configuration mode where the remaining commands are issued. (3) Advertise the 192.168.10.0/24 network in area 0 – the 'network' command must be issued under OSPF router mode to inject the connected network into OSPF. (4) Advertise the 10.0.0.0/24 network – a second 'network' statement; the order of network commands is interchangeable but they must be configured before setting passive interfaces in a logical workflow. (5) Configure GigabitEthernet0/0 as a passive interface – this prevents OSPF Hello packets and neighbor adjacency on that interface while still advertising its subnet, and it is configured under OSPF router mode. (6) Return to privileged EXEC mode with 'end' – exits configuration mode and returns to the enable prompt. While setting a passive interface before the network statement does not break the configuration, Cisco documentation suggests adding networks first to clearly define which interfaces participate in OSPF before applying passive-interface restrictions.

303
Multi-Selectmedium

Which TWO statements accurately describe the behavior and configuration of floating static routes?

Select 2 answers
A.A floating static route is configured with a lower administrative distance than the primary dynamic route.
B.A floating static route uses an administrative distance greater than that of the primary dynamic route.
C.The administrative distance of a floating static route must be less than 1.
D.A floating static route becomes active only when the primary route is removed from the routing table.
E.Floating static routes automatically adjust their administrative distance based on network conditions.
AnswersB, D

The higher AD ensures the floating static route is less preferred and only used when the primary route fails.

Why this answer

A floating static route serves as a backup by being configured with an administrative distance (AD) greater than that of the primary dynamic route, making it less preferred (option B). It remains inactive until the primary route is removed from the routing table, at which point the floating static route is installed (option D). Option A is wrong because it reverses the AD logic—a floating static route uses a higher, not lower, AD.

Option C is incorrect because the AD of a floating static route is typically a value between 1 and 255, not necessarily less than 1. Option E is false because the AD of a floating static route is a fixed configured value and does not change automatically based on network conditions.

Exam trap

Cisco often tests the misconception that a floating static route uses a lower AD to 'float' above the primary route, when in fact it uses a higher AD to remain inactive until the primary route is lost.

Why the other options are wrong

A

A lower AD would make the static route preferred over the dynamic route, not floating.

C

AD values are integers; 0 is directly connected, and 1 is static. A floating static route must be >1 to be less preferred than a static default.

E

AD is a static value set at configuration time; it does not auto-adjust.

304
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure OSPFv3 for IPv6 on a Cisco IOS-XE router and verify the OSPFv3 neighbor adjacency and route installation.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct sequence ensures IPv6 routing is enabled first, then the OSPFv3 process is created, applied to the interface, and finally verified for adjacency and route installation.

Exam trap

Do not skip the 'ipv6 unicast-routing' command; without it, OSPFv3 will not function. Also, remember that OSPFv3 uses a router ID that must be configured manually or via an IPv4 address.

305
PBQhard

You are connected to R1 via console. R1 and R2 are connected via two serial links: Serial0/0/0 (10.0.0.1/30) and Serial0/0/1 (10.0.0.5/30). OSPF is configured on both links. However, the OSPF neighbor adjacency is stuck in EXSTART/EXCHANGE state. You suspect a mismatch in OSPF parameters. You need to identify and fix the issue.

Network Topology
S0/0/010.0.0.1/30S0/0/010.0.0.2/30R1R2

Hints

  • EXSTART/EXCHANGE state indicates a problem with the Database Descriptor (DBD) packet exchange.
  • Check the MTU on the interfaces; a mismatch can cause this issue.
  • Use show ip interface to verify the MTU value.
A.Check and adjust the MTU on the serial interfaces to match.
B.Check and adjust the OSPF hello and dead timers to match.
C.Check and adjust the OSPF network type on the interfaces to match.
D.Check and adjust the OSPF area ID on the interfaces to match.
AnswerA
solution
! R1
interface Serial0/0/0
ip mtu 1400

! R2
interface Serial0/0/0
ip mtu 1400

Why this answer

The adjacency stuck in EXSTART/EXCHANGE is often due to an MTU mismatch. If one interface has a lower MTU, the DBD packets may be fragmented or rejected, preventing the exchange of LSAs. Setting the same MTU on both sides resolves the issue.

Exam trap

Do not confuse the symptoms of MTU mismatch with other OSPF parameter mismatches. MTU mismatch specifically causes problems in EXSTART/EXCHANGE, while timer mismatches cause issues in INIT/2-WAY, and area ID mismatches prevent adjacency entirely.

Why the other options are wrong

B

The specific factual error is that timer mismatches affect the neighbor discovery phase, not the database exchange phase.

C

The specific factual error is that network type affects the election of DR/BDR and adjacency formation, but not the DBD exchange process.

D

The specific factual error is that area ID mismatches cause OSPF to ignore hello packets, so the adjacency never progresses beyond DOWN.

306
MCQhard

A network engineer is troubleshooting an OSPFv3 adjacency issue between two directly connected routers. Both routers are configured for OSPFv3 in area 0 on their GigabitEthernet0/0 interfaces. The engineer checks the OSPFv3 neighbor status on R1 and sees that the neighbor state is stuck in EXSTART. The engineer verifies that both interfaces are up and have IPv6 link-local addresses. What is the most likely cause of this problem?

A.Configure a global unicast IPv6 address on the interface.
B.Ensure that the MTU is the same on both sides of the link.
C.Change the router ID to be the same on both routers.
D.Change the network type to point-to-point.
AnswerB

An MTU mismatch can cause OSPFv3 to get stuck in EXSTART state because DBD packets exceed the MTU of one interface.

Why this answer

The EXSTART state in OSPF indicates that the routers have formed a bidirectional communication and are negotiating the master/slave relationship and the initial Database Description (DBD) packet exchange. A common cause for getting stuck in EXSTART is an MTU mismatch between the two interfaces, which prevents the DBD packets from being accepted by the neighbor, causing the process to stall.

Exam trap

Cisco often tests the MTU mismatch as a specific cause for OSPF adjacency being stuck in EXSTART, and candidates may mistakenly focus on router IDs or addressing instead of the packet size negotiation.

Why the other options are wrong

A

The problem is not due to missing global addresses; the adjacency is stuck at EXSTART, not at DOWN or INIT.

C

The show output shows different router IDs (192.168.1.1 and 192.168.1.2), so this is not the issue.

D

The adjacency is stuck in EXSTART, which is not typically resolved by changing network type; the issue is related to packet exchange.

307
MCQhard

A packet is destined for 192.168.40.130. The routing table contains 192.168.40.0/24, 192.168.40.128/25, and 0.0.0.0/0. Which route is used?

A.192.168.40.0/24
B.192.168.40.128/25
C.0.0.0.0/0
D.No route can be used because the entries overlap
AnswerB

This is correct because 192.168.40.130 falls within that more specific range.

Why this answer

The /25 route is used because it is the most specific matching prefix. In plain language, even though the /24 and the default route also technically match, the router prefers the entry that most precisely describes the destination range. Since 192.168.40.130 falls inside 192.168.40.128/25, that route wins under longest-prefix match.

This is a classic routing-table interpretation pattern. The router does not start with the default route when more specific routes exist, and it does not choose the /24 simply because it is familiar. Specificity comes first.

Exam trap

A common exam trap is assuming that the default route or a larger subnet like /24 will be chosen over a more specific subnet like /25. Candidates may incorrectly think the default route is preferred or that overlapping routes cause ambiguity. However, routers always use the longest prefix match rule, which means the route with the most specific subnet mask that includes the destination IP is selected.

Misunderstanding subnet mask lengths or ignoring longest prefix match leads to wrong answers in routing questions.

Why the other options are wrong

A

192.168.40.0/24 is a valid route but less specific than 192.168.40.128/25. Since the destination IP falls within both, the router prefers the more specific /25 route, so this option is incorrect.

C

0.0.0.0/0 is the default route and only used when no other route matches. Since more specific routes exist for the destination IP, this option is incorrect.

D

Overlapping routes like /24 and /25 are common and resolved by longest prefix match. The presence of overlapping entries does not prevent route selection, so this option is incorrect.

308
MCQhard

Two OSPF routers connected over Ethernet fail to become neighbors. Their interfaces are up/up and in the same IPv4 subnet. One router uses area 0 and the other uses area 1 on the connecting interfaces. What is the most likely cause?

A.Mismatched OSPF process IDs
B.Mismatched OSPF areas on the shared link
C.Missing default routes
D.Different router IDs
AnswerB

Correct. The area mismatch is a neighbor-forming failure condition.

Why this answer

OSPF neighbors on the same link must agree on key parameters, including the area assigned to that interface. A mismatch prevents the adjacency from forming.

Exam trap

A common exam trap is assuming that OSPF process IDs must match between neighbors for adjacency to form. Many candidates mistakenly focus on process ID alignment, but OSPF process IDs are locally significant and do not need to match. The real cause of adjacency failure in this scenario is the mismatch in OSPF area IDs on the shared link.

This subtle difference often leads to confusion, causing candidates to overlook the critical role of area consistency in neighbor formation and select incorrect answers related to process IDs or router IDs.

Why the other options are wrong

A

Mismatched OSPF process IDs do not prevent neighbor formation because process IDs are locally significant identifiers on each router. They do not need to match for adjacency to form, so this option is incorrect.

C

Missing default routes do not affect OSPF neighbor formation. Default routes influence routing decisions but are not required for establishing OSPF adjacencies, so this option is incorrect.

D

Different router IDs are necessary for OSPF neighbors to uniquely identify each router. Having different router IDs does not cause adjacency failure, so this option is incorrect.

309
MCQhard

An administrator configures a GRE tunnel interface on a router with the following: interface Tunnel0, tunnel source GigabitEthernet0/0, tunnel destination 192.168.2.2. What is the main purpose of this configured tunnel?

A.It creates a logical tunnel across another network.
B.It enables PPP authentication on a serial interface.
C.It configures WPA3 security for a wireless bridge.
D.It enables BGP between autonomous systems automatically.
AnswerA

This is correct because the tunnel source and destination define a virtual tunnel path.

Why this answer

GRE is a tunneling mechanism used to carry one type of traffic over another network path by encapsulating packets. In practical terms, the configuration creates a logical tunnel between endpoints so traffic can cross an underlying IP network as if a virtual path existed between them. The key point is that GRE is about tunneling, not encryption by itself.

This distinction matters because people often assume tunnels automatically imply encryption. GRE by itself does not provide that.

Exam trap

A frequent exam trap is confusing GRE tunnels with encryption or automatic routing protocol establishment. Candidates often assume that because GRE creates a tunnel, it also encrypts traffic or automatically enables protocols like BGP. However, GRE only encapsulates packets and does not provide confidentiality or integrity.

Encryption requires pairing GRE with IPsec. Additionally, routing protocols must be explicitly configured over the tunnel interface; the tunnel itself does not initiate or enable them. Misreading the tunnel configuration as PPP authentication or wireless security is another common pitfall, as GRE operates at Layer 3 and is unrelated to those technologies.

Why the other options are wrong

B

Incorrect. PPP authentication applies to serial interfaces and point-to-point links, but the exhibit shows a GRE tunnel configuration, not PPP on a serial link.

C

Incorrect. WPA3 is a wireless security protocol unrelated to GRE tunnels, which operate at Layer 3 and do not configure wireless security settings.

D

Incorrect. GRE tunnels do not automatically enable BGP or any routing protocol; routing protocols must be explicitly configured over the tunnel interface.

310
Multi-Selectmedium

Which TWO statements correctly describe OSPFv2 DR/BDR election behavior in a multi-access network?

Select 2 answers
A.The router with the highest OSPF interface priority is elected as the DR.
B.A router with OSPF priority 0 can become the BDR if no other router has a higher priority.
C.If two routers have equal priority, the router with the highest router ID (RID) is elected as the DR.
D.The DR election is preemptive; a new router with a higher priority will immediately take over as DR.
E.All routers on a multi-access network form full adjacencies with the DR and BDR only.
AnswersA, C

The DR is elected based on the highest interface priority (0-255, default 1).

Why this answer

Options A and C are correct: OSPFv2 DR election first compares interface priority (highest wins), and if equal, the highest Router ID (RID) wins. Option B is incorrect because a priority of 0 prevents a router from ever becoming DR or BDR. Option D is incorrect because the election is non‑preemptive; a router with higher priority won't take over until the current DR/BDR fails.

Option E is incorrect because DR and BDR form full adjacencies with all routers on the segment, not just with each other.

Exam trap

Cisco often tests the misconception that a priority 0 router can become BDR if no other router has a higher priority, but in reality, priority 0 means the router is never elected as DR or BDR.

Why the other options are wrong

B

Priority 0 excludes the router from DR/BDR election entirely; it can only become a DROTHER.

D

A new router with a higher priority does not trigger a new election unless the existing DR or BDR goes down.

E

DROTHERs do not form full adjacencies among themselves; they only exchange LSAs via the DR/BDR.

311
PBQhard

You are connected to R1 via console. The network administrator has attempted to configure OSPFv2 between R1, R2, and R3 but OSPF neighbor adjacencies are failing. Configure R1 to correct all issues so that R1 becomes FULL neighbors with both R2 and R3. Do not modify any other device's configuration.

Hints

  • Check if OSPF is sending hello packets on the interfaces.
  • Review the passive-interface configuration on R1.
  • The network statements are correct; the issue is with hello suppression.
A.Remove the 'passive-interface default' command and remove the 'passive-interface GigabitEthernet0/0' and 'passive-interface GigabitEthernet0/1' commands under OSPF configuration.
B.Add 'no passive-interface GigabitEthernet0/0' and 'no passive-interface GigabitEthernet0/1' under OSPF configuration, but keep 'passive-interface default'.
C.Change the network statements to include the correct wildcard masks for the subnets on GigabitEthernet0/0 and GigabitEthernet0/1.
D.Add 'ip ospf network point-to-point' on both GigabitEthernet0/0 and GigabitEthernet0/1 interfaces.
AnswerB
solution
! R1
configure terminal
router ospf 1
no passive-interface GigabitEthernet0/0
no passive-interface GigabitEthernet0/1
end

Why this answer

The core issue is that R1 has 'passive-interface default' under the OSPF process, which prevents all interfaces from sending or receiving OSPF hello packets, breaking neighbor formation. The correct fix is to override this default with 'no passive-interface' on the interfaces that connect to neighbors (GigabitEthernet0/0 and GigabitEthernet0/1), allowing OSPF to form adjacencies while keeping other interfaces passive for security. Option B matches the solution commands and is the intended approach.

Option A would also work but removes the default entirely, potentially enabling OSPF on all interfaces, which is not the recommended best practice in this scenario.

Exam trap

When 'passive-interface default' is configured, you must explicitly enable OSPF on neighbor-facing interfaces with 'no passive-interface'; simply removing the default (Option A) is not the intended solution and may expose unintended interfaces to OSPF.

Why the other options are wrong

A

Although removing 'passive-interface default' would also restore OSPF on these interfaces, the solution commands show the preferred method of overriding the default selectively, making this option incorrect for the given scenario.

C

The network statements on R1 already correctly include the /30 subnets, so there is no need to change wildcard masks.

D

The OSPF network type defaults to broadcast, which is appropriate for Ethernet links; changing to point-to-point does not resolve the passive-interface issue and would not fix hello suppression.

312
Drag & Dropmedium

Drag and drop the following OSPFv2 neighbor state transitions into the correct order, starting from the initial state when no neighbor information has been received.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

OSPF neighbor states begin at Down, then Init after receiving Hello, 2-Way after seeing own router ID, ExStart for master/slave negotiation, and Exchange for exchanging database descriptors.

Exam trap

Do not confuse the order of ExStart and Exchange; ExStart always precedes Exchange. Also, remember that 2-Way comes after Init, not before.

313
MCQhard

Why is traffic to 10.10.10.200 using the EIGRP route instead of the OSPF route, given that both routes have the same prefix length?

A.Because EIGRP has a lower administrative distance than OSPF for the same prefix length.
B.Because OSPF routes are never installed when EIGRP is present.
C.Because OSPF can be used only for IPv6 routes.
D.Because EIGRP routes always have a smaller subnet mask than OSPF routes.
AnswerA

This is correct because both routes are /24, so administrative distance becomes decisive and EIGRP wins.

Why this answer

When two routes have the same prefix length, the router uses administrative distance to choose the route with the lowest value. EIGRP has a default administrative distance of 90, while OSPF uses 110. Therefore, the EIGRP route is preferred.

Exam trap

A common mistake is to assume that OSPF routes always have a lower administrative distance than EIGRP routes.

Why the other options are wrong

B

OSPF routes are installed when EIGRP is present; routing protocols coexist and the route with the lowest AD is selected.

C

OSPF supports both IPv4 and IPv6; it is not limited to IPv6.

D

EIGRP routes do not always have a smaller subnet mask; prefix length is determined by the network design, not the routing protocol.

314
Multi-Selectmedium

Which TWO statements about IPv4/IPv6 static routing are true?

Select 2 answers
A.A floating static route is configured with a lower administrative distance than the primary route.
B.An IPv6 default static route can be configured using the destination prefix ::/0.
C.A static route with an administrative distance of 1 is preferred over a directly connected route.
D.A floating static route becomes active in the routing table only when the primary route is removed or fails.
E.IPv4 and IPv6 static routes are configured using the same command syntax.
AnswersB, D

The IPv6 default route is ::/0, similar to 0.0.0.0/0 for IPv4.

Why this answer

Option B is correct because the IPv6 default static route uses the destination prefix ::/0, which matches all IPv6 addresses, similar to 0.0.0.0/0 in IPv4. Option D is correct because a floating static route is configured with a higher administrative distance and only becomes active when the primary route (with a lower AD) is removed or fails. Option A is wrong: a floating static route is configured with a higher administrative distance, not lower.

Option C is wrong: a directly connected route has an administrative distance of 0, which is always preferred over a static route (even with AD 1). Option E is wrong: IPv4 static routes use the 'ip route' command, while IPv6 static routes use the 'ipv6 route' command; the syntax is different.

Exam trap

Cisco often tests the inverse relationship between administrative distance and route preference, trapping candidates who think a lower AD makes a route less preferred rather than more preferred.

Why the other options are wrong

A

A floating static route is configured with a higher administrative distance than the primary route, not lower.

C

A directly connected route has an administrative distance of 0, which is preferred over a static route with AD 1.

E

IPv4 static routes use the 'ip route' command, while IPv6 static routes use the 'ipv6 route' command; the syntax is different.

315
MCQhard

Based on the exhibit, what is the most likely reason the PPP link is failing to authenticate?

A.The PPP authentication credentials do not match between the two sides.
B.The interfaces must use HDLC instead of PPP before authentication can work.
C.CHAP requires the routers to be in different IPv4 subnets.
D.PPP authentication works only over GRE tunnels.
AnswerA

This is correct because the CHAP passwords shown are different.

Why this answer

The most likely reason is a credentials mismatch between the two sides of the PPP authentication setup. In practical terms, PPP authentication requires the peers to agree on the relevant identity and secret information. If those values do not align, the link may come up physically but authentication fails and the logical connection does not establish properly.

This is a very exam-relevant WAN troubleshooting scenario because it focuses on a realistic failure after the transport is already present.

Exam trap

Be careful not to confuse physical link issues with authentication problems. Just because the link is up doesn't mean authentication is successful.

Why the other options are wrong

B

This option is incorrect because PPP (Point-to-Point Protocol) does not require HDLC (High-Level Data Link Control) for authentication; PPP can authenticate independently of the encapsulation method used.

C

This option is incorrect because CHAP (Challenge Handshake Authentication Protocol) does not require routers to be in different IPv4 subnets for authentication to function. CHAP can authenticate devices regardless of their subnet configuration as long as they can reach each other over the network.

D

This option is incorrect because PPP (Point-to-Point Protocol) can operate independently of GRE (Generic Routing Encapsulation) tunnels; authentication can occur directly over a PPP link without requiring GRE.

316
MCQhard

An engineer is troubleshooting a first-hop redundancy issue on a subnet where two routers, R1 and R2, are configured with HSRP. Hosts on the VLAN are intermittently losing connectivity to the default gateway. The engineer runs the `show standby` command on R1 and sees this output: ``` Vlan1 - Group 10 State is Active 2 state changes, last state change 00:00:45 Virtual IP address is 192.168.1.254 Active virtual MAC address is 0000.0c07.ac0a Local virtual MAC address is 0000.0c07.ac0a (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 1.2 secs Preemption enabled Active router is local Standby router is 192.168.1.1, priority 200 (configured 200) Priority 150 (configured 150) Group name is "hsrp-Vlan1-10" (default) ``` What is the most likely root cause of the problem?

A.Increase the priority on R1 above 150.
B.Change the HSRP group number on R1 to 20.
C.Disable preemption on R1.
D.Increase the hello timer on R1 to 10 seconds.
AnswerA

R1's priority of 100 is lower than the active router's 150. With preemption enabled, R1 will only become active if its priority is higher. Raising R1's priority above 150 allows it to preempt and become the active router, resolving the instability.

Why this answer

The output shows R1 is in the 'Active' state with priority 150, but the 'Standby' router (R2) has a higher priority of 200. With preemption enabled (as indicated by 'Preempt' in the output), R2 will preempt R1 and become the active router, causing intermittent connectivity as the active gateway flips. Increasing R1's priority above 150 (e.g., to 210) ensures R1 remains the active router, stabilizing the default gateway.

Exam trap

Cisco often tests the misconception that increasing the hello timer or disabling preemption on the local router solves a preemption issue caused by a higher-priority remote router, when in fact the fix is to either raise the local priority or disable preemption on the higher-priority neighbor.

Why the other options are wrong

B

This would break the HSRP relationship entirely, not fix the priority issue.

C

Preemption is not the cause; it is actually desired to allow a higher-priority router to take over.

D

This does not address the priority mismatch and could worsen convergence time.

317
PBQhard

You are connected to R1. The network uses HSRP to provide first-hop redundancy for VLAN 10 clients. R1 should be the active router with a priority of 150, preempt enabled, and should track interface GigabitEthernet0/1 (decrement priority by 20 if it goes down). The virtual IP is 192.168.10.254. Currently, both routers are active for the same group. Fix the configuration on R1 so that it becomes the active router and preempts when possible.

Network Topology
Gi0/0192.168.10.1/24Gi0/0192.168.10.2/24Gi0/110.0.0.1/30R2switchR1WANISP

Hints

  • Both routers show as active because preempt is missing and priority is equal (default 100).
  • You need to increase the priority and enable preempt on R1.
  • Use the 'track' command to decrement priority if the uplink fails.
A.interface Vlan10\n standby 10 ip 192.168.10.254\n standby 10 priority 150\n standby 10 preempt\n standby 10 track GigabitEthernet0/1 20
B.interface Vlan10\n standby 10 ip 192.168.10.254\n standby 10 priority 150\n standby 10 preempt\n standby 10 track GigabitEthernet0/1 20 decrement
C.interface Vlan10\n standby 10 ip 192.168.10.254\n standby 10 priority 150\n standby 10 preempt delay 20\n standby 10 track GigabitEthernet0/1
D.interface Vlan10\n standby 10 ip 192.168.10.254\n standby 10 priority 150\n standby 10 preempt\n standby 10 track GigabitEthernet0/1 20 priority
AnswerA
solution
! R1
interface GigabitEthernet0/0
standby 10 priority 150
standby 10 preempt
standby 10 track GigabitEthernet0/1 20

Why this answer

Both routers are active for HSRP group 10 because the virtual IP address is not configured or is mismatched, causing a split-brain scenario. The correct fix must include setting the virtual IP with 'standby 10 ip 192.168.10.254', raising R1's priority to 150, enabling preempt, and tracking GigabitEthernet0/1 with a decrement of 20. Option A supplies all required commands with proper syntax.

Other options either omit the vital IP configuration or have invalid keywords like 'decrement' or 'preempt delay'.

Exam trap

Be careful with the exact syntax of HSRP commands. The 'standby track' command does not include the words 'decrement' or 'priority'. Also, 'preempt delay' is for delaying preemption, not for tracking.

Ensure you specify the decrement value correctly.

Why the other options are wrong

B

The specific factual error is that 'decrement' is not a valid keyword in the standby track command. The decrement value is specified directly after the interface.

C

The specific factual error is that 'preempt delay' is not the correct way to configure tracking. Tracking is done with the 'standby track' command, and the decrement value must be specified.

D

The specific factual error is that 'priority' is not a valid keyword in the standby track command. The decrement value is specified directly after the interface.

318
MCQhard

A router has the following routes in its table: 172.16.0.0/16, 172.16.20.0/24, and 172.16.20.128/25. Which route is used for traffic to 172.16.20.200?

A.172.16.0.0/16
B.172.16.20.0/24
C.172.16.20.128/25
D.The default route
AnswerC

This is correct because .200 falls inside the 172.16.20.128/25 range.

Why this answer

The /25 route is used because it is the most specific match. In plain language, the router looks for the narrowest route that still contains the destination address. Since 172.16.20.200 falls inside 172.16.20.128/25, that route wins over the broader /24 and /16 entries.

This is a direct longest-prefix-match question. It is meant to reinforce that specificity comes first in routing-table lookup. Broader routes remain useful, but they are not chosen when a more precise matching entry exists.

Exam trap

A frequent exam trap is selecting a broader subnet route such as 172.16.20.0/24 or 172.16.0.0/16 instead of the more specific 172.16.20.128/25. Candidates may mistakenly believe that any matching route is acceptable or that larger subnets are preferred. This misunderstanding ignores the fundamental longest prefix match rule used by Cisco routers, which always prioritizes the most specific route.

Falling for this trap leads to incorrect routing decisions and exam errors.

Why the other options are wrong

A

172.16.0.0/16 is the least specific route covering a large address range. Although it matches the destination IP, it is overridden by more specific routes with longer subnet masks, so it is not used.

B

172.16.20.0/24 is more specific than the /16 but less specific than the /25 route. Since the destination IP falls within the /25 subnet, the router prefers the /25 route over this /24.

D

The default route is only used when no other routes match the destination IP. Since multiple specific routes exist that match the destination, the default route is not selected.

319
MCQhard

A router has a directly connected route to 10.1.1.0/24 and a static default route. Which route is used for traffic to 10.1.1.200?

A.The directly connected 10.1.1.0/24 route
B.The static default route
C.Both routes equally
D.Neither route
AnswerA

This is correct because the destination is in the connected subnet.

Why this answer

The directly connected route is used because it is the most specific and most immediate match. In practical terms, the router already knows that 10.1.1.200 belongs to a network on one of its own interfaces, so there is no reason to use the default route. The default route exists only for destinations that do not match anything more specific.

This is one of the most fundamental route-selection behaviors in IP routing.

Exam trap

A frequent exam trap is selecting the static default route for traffic destined to an IP address within a directly connected subnet. Candidates might incorrectly believe the default route overrides connected routes due to its static configuration or because it is manually set. However, the router always prefers the most specific route, which is the directly connected subnet in this case.

Misunderstanding the longest prefix match and administrative distance hierarchy leads to this error. Remember, the default route is only a fallback when no other route matches the destination IP address.

Why the other options are wrong

B

This option is incorrect because the static default route is less specific (0.0.0.0/0) and only used when no other route matches the destination. Since a connected route exists, the default route is ignored.

C

This option is wrong because routing does not load balance between a directly connected route and a static default route. The router selects the single best route based on prefix length and administrative distance.

D

This option is incorrect because the router clearly has a matching directly connected route for 10.1.1.200. Therefore, it will use that route rather than discarding both or failing to forward.

320
PBQhard

You are connected to R1 via the console. R1 is a newly deployed router that connects two subnets: 192.168.1.0/24 on GigabitEthernet0/0 and 192.168.2.0/24 on GigabitEthernet0/1. There is a default route to the Internet via ISP router at 203.0.113.1, but the network policy requires that traffic from 192.168.1.0/24 to the Internet must exit via a different next-hop 203.0.113.2. You need to implement policy-based routing on R1 to forward traffic from source 192.168.1.0/24 to 203.0.113.2, while all other traffic uses the default route via 203.0.113.1.

Hints

  • Policy-based routing uses route-maps applied to incoming interfaces.
  • The route-map matches traffic using an access list and sets the next-hop.
  • Verify the route-map and its application on the correct interface.
A.Create an access list matching source 192.168.1.0/24, a route-map with set ip next-hop 203.0.113.2, and apply the route-map inbound on GigabitEthernet0/0.
B.Create an access list matching source 192.168.1.0/24, a route-map with set ip next-hop 203.0.113.2, and apply the route-map outbound on GigabitEthernet0/1.
C.Create an access list matching destination 203.0.113.2, a route-map with set ip next-hop 203.0.113.2, and apply the route-map inbound on GigabitEthernet0/0.
D.Configure a static route for 192.168.1.0/24 with next-hop 203.0.113.2 and rely on the default route for other traffic.
AnswerA
solution
! R1
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
route-map PBR permit 10
match ip address 101
set ip next-hop 203.0.113.2
interface GigabitEthernet0/0
ip policy route-map PBR

Why this answer

Policy-based routing (PBR) allows overriding the routing table for specific traffic. The access list identifies traffic from 192.168.1.0/24, the route-map sets the next-hop to 203.0.113.2, and applying it to the incoming interface G0/0 ensures that traffic entering from that subnet follows the policy.

Exam trap

Remember that PBR is applied inbound on the interface receiving the traffic, not outbound. Also, the access list in PBR matches traffic based on the criteria you want to override (source, destination, etc.), not the next-hop address. Static routes are destination-based and cannot be used to forward based on source address.

Why the other options are wrong

B

PBR must be applied inbound on the interface receiving the traffic, not outbound on the exit interface.

C

PBR uses the access list to match traffic based on source, destination, or other criteria; here the requirement is to match source subnet.

D

A static route controls forwarding based on destination, not source. Policy-based routing is needed to forward based on source address.

321
MCQhard

Refer to the exhibit. A network engineer is verifying OSPF routing on R1. All routers in the topology are expected to reside in OSPF area 0, and the network 172.16.0.0/16 should be advertised from R2 within the same area. The engineer issues the show ip route 172.16.0.0 command on R1 and sees the output in the exhibit. The engineer expected to see an intra-area route (O) instead of an inter-area route (O IA). What is the most likely cause of this discrepancy?

A.R1 has a mismatched OSPF process ID compared to the ABR.
B.The network type on GigabitEthernet0/0 is configured as non-broadcast, preventing full adjacency.
C.The metric for the route is too high, causing OSPF to treat it as an inter-area route.
D.The destination network 172.16.0.0/16 is located in a different OSPF area.
AnswerD

The routing table entry shows 'type inter area'. This indicates the prefix is being learned via an OSPF Type-3 summary LSA, which is only generated when the network is in a different area than the local router. Therefore, the network is indeed in a different area, contradicting the assumption that R1 and the destination are both in area 0.

Why this answer

The exhibit explicitly lists the route type as 'inter area' for 172.16.0.0/16. In OSPF, an inter-area (IA) route means the destination network resides in a different OSPF area than the local router. Since all routers are expected to be in area 0, the presence of an IA route indicates the 172.16.0.0/16 network is actually located in a different area, causing the ABR to generate a Type-3 summary LSA.

Exam trap

Many candidates incorrectly choose option C, believing that a high OSPF metric can change the route type from intra-area to inter-area. OSPF route types are determined solely by the LSA type and area topology, not by the metric value.

Why the other options are wrong

A

Candidates mistakenly assume that OSPF process IDs must match globally for proper LSA exchange, but they are only locally significant.

B

Candidates may think that the network type influences the OSPF LSA type, but it only affects neighbor discovery and DR/BDR election, not the area origin of LSAs.

C

Candidates sometimes confuse the metric influence with the route type, thinking that OSPF converts routes when the cost exceeds a threshold.

322
MCQhard

R1 and R2 are connected via a shared Ethernet segment. Both routers are configured in OSPF area 0 and are on the same IP subnet. OSPF authentication is enabled on both interfaces, but the adjacency is not forming. What is the most likely reason?

A.The OSPF authentication key does not match on the two routers.
B.The routers must use different OSPF areas to become neighbors.
C.OSPF message-digest authentication can be used only on serial links.
D.The routers must remove IP addressing before OSPF can form.
AnswerA

This is correct because an authentication mismatch prevents OSPF adjacency on the shared segment.

Why this answer

The most likely reason is an OSPF authentication mismatch. In practical terms, both routers are on the same IP subnet and in the same area, but they are not using the same authentication key on the shared link. OSPF neighbors must agree on key authentication parameters before they will trust each other enough to form an adjacency.

This is a classic CCNA troubleshooting pattern because the configuration looks almost correct until you compare the security settings carefully.

Exam trap

A frequent exam trap is selecting an answer that incorrectly states OSPF authentication is limited to serial links or that routers must be in different areas to form adjacency. Candidates may also mistakenly believe that removing IP addressing is necessary for OSPF to form. These misconceptions overlook that OSPF authentication applies to Ethernet interfaces and that neighbors must be in the same area and subnet with matching authentication keys.

Misreading these details leads to choosing incorrect options that seem plausible but contradict OSPF adjacency rules.

Why the other options are wrong

B

This option is incorrect because OSPF neighbors must be in the same area to form adjacency. Using different areas on the same segment prevents adjacency, so this option contradicts OSPF area rules.

C

This option is incorrect because OSPF authentication, including message-digest (MD5), is supported on Ethernet interfaces, not just serial links. Authentication is not limited by interface type.

D

This option is incorrect because OSPF requires valid IP addressing on interfaces to operate. Removing IP addressing disables OSPF on that link, so adjacency cannot form without IP addresses.

323
MCQmedium

R3 has the static route 'ip route 172.20.8.0 255.255.255.0 192.168.1.1'. Packets destined for 172.20.8.0/24 are being dropped. What is the most likely cause?

A.The destination network mask should be /16 instead of /24
B.The next-hop address is not reachable from R3
C.Static routes require an outbound access list
D.The route must use administrative distance 255
AnswerB

If the next hop cannot be resolved, the static route cannot work.

Why this answer

A static route can only work if the next-hop address is reachable. If the next hop is down or missing from the routing table, the route cannot forward traffic successfully.

Exam trap

A frequent exam trap is assuming that an incorrect subnet mask on the static route causes packets to be dropped. While subnet masks affect routing accuracy, they do not cause next-hop reachability failures. Another trap is believing that static routes require outbound ACLs, which is false; ACLs control traffic filtering but do not impact static route functionality.

Additionally, some may think setting the administrative distance to 255 is necessary for static routes, but this actually disables the route, making it unusable. The key mistake is overlooking the requirement that the next-hop IP address must be reachable for the static route to work, which is the actual cause of packet drops in this scenario.

Why the other options are wrong

A

Option A suggests changing the destination network mask from /24 to /16. While subnet masks must be correct for proper routing, an incorrect mask does not cause next-hop reachability issues or packet drops due to unreachable next-hop addresses. The problem here is related to next-hop reachability, not the destination mask.

C

Option C incorrectly states that static routes require an outbound access list. Static routes do not need ACLs to function; ACLs are used for traffic filtering and security policies, not for enabling or disabling static routes. This option is invalid.

D

Option D claims the route must use administrative distance 255. Administrative distance 255 actually makes a route unusable, so setting it to 255 would prevent the static route from working. The default administrative distance for static routes is 1, which is preferred over most dynamic routes.

324
MCQmedium

What is an autonomous system in basic BGP terminology?

A.A collection of networks and routers under common administrative routing control
B.A single switch VLAN
C.A specific OSPF area inside one router
D.A type of wireless access point
AnswerA

This is correct because that is the basic meaning of an autonomous system.

Why this answer

An autonomous system is a collection of IP networks and routers under a common routing policy or administrative control. In practical terms, it is the domain boundary concept used in BGP discussions. BGP uses AS concepts to reason about routing between separate administrative networks.

This is one of the first BGP ideas learners need to understand.

Exam trap

A frequent exam trap is mistaking an autonomous system for a VLAN or an OSPF area. VLANs are Layer 2 broadcast domains and do not relate to routing domains or administrative control of routing policies. Similarly, OSPF areas segment a single routing domain to optimize routing but do not represent separate administrative entities.

Confusing these concepts can lead to incorrect answers because BGP’s autonomous system concept specifically refers to a collection of networks and routers under a common administrative routing policy, which is distinct from VLAN or OSPF area segmentation.

Why the other options are wrong

B

This option is incorrect because a VLAN is a Layer 2 segmentation method that isolates broadcast domains and does not relate to routing policies or autonomous systems in BGP.

C

This option is wrong since an OSPF area is a subdivision within a single routing domain to optimize routing, not an autonomous system representing separate administrative control.

D

This option is incorrect because an autonomous system is a routing domain concept, whereas a wireless access point is a physical device unrelated to BGP or routing domains.

325
Matchingmedium

Match each route-selection concept to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Preference for the most specific matching destination prefix

Trust ranking between different route sources

Protocol-specific value used to compare paths

Backup static route configured with a higher administrative distance

Why these pairings

Administrative distance indicates the trustworthiness of a routing protocol or static route, with lower values preferred. Metric is a protocol-specific cost used to compare routes from the same source. The longest-prefix match selects the route with the most specific (longest) subnet mask.

A floating static route serves as a backup by using a higher administrative distance than the primary route.

Exam trap

Be careful not to confuse administrative distance with prefix length. AD is about protocol preference, not route specificity. Also, remember that longest prefix match is always evaluated before metric comparison.

326
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure HSRP on an interface and verify the active/standby election process, including failover and verification.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct order for HSRP configuration is step A: first enter interface configuration mode, set HSRP version, configure the virtual IP, optionally set priority to influence active router selection, enable preempt to allow the higher-priority router to reclaim active role, and verify with 'show standby' to see real-time roles and states. Step B is incorrect because HSRP is configured per interface, not via global configuration and VLAN creation; the virtual IP is set on the interface, not on a VLAN. Step C is wrong because priority should be set after entering interface configuration mode, not before, and verification should use 'show standby' not 'show running-config'.

Step D is invalid because there is no global 'router hsrp' command; HSRP configuration is done directly on the interface, and 'debug standby' is not a reliable verification command. 'show standby' is the standard command to verify active/standby status.

Exam trap

Candidates often confuse the order of HSRP configuration steps or think HSRP requires a global configuration mode like routing protocols. Remember: HSRP is configured per interface, and verification uses 'show standby' to see real-time roles.

327
Drag & Dropmedium

Drag and drop the following OSPFv2 neighbor state transitions and DR/BDR election steps into the correct order for a multi-access network where a new router joins an existing OSPF area.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The new router first discovers neighbors via Hello. Then DD, LSR, LSU exchange synchronizes databases. DR/BDR election happens before Full state is achieved.

Exam trap

Do not confuse the order of ExStart and Exchange, or Loading and Full. Remember that DR/BDR election occurs after 2-Way and before ExStart.

328
MCQmedium

A network engineer enters the following configuration on R1 and R2, but R1 cannot form an OSPF adjacency with R2 on interface GigabitEthernet0/0. R1# show running-config interface GigabitEthernet0/0 interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip ospf hello-interval 10 ip ospf dead-interval 40 ip ospf 1 area 0 ! R2# show running-config interface GigabitEthernet0/0 interface GigabitEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip ospf hello-interval 5 ip ospf dead-interval 20 ip ospf 1 area 0 What is the most likely cause of the failure?

A.The routers are in different OSPF areas.
B.The OSPF timers on the interface do not match.
C.The subnet mask prevents multicast OSPF packets from being exchanged.
D.The OSPF process IDs do not match on the two routers.
AnswerB

This is correct because the interfaces are configured with different hello and dead intervals. OSPF neighbors expect those timers to align, and if they do not, the routers reject the neighbor relationship. The addressing and area assignment are fine, but the timer mismatch blocks adjacency formation.

Why this answer

The routers must agree on hello and dead timers to establish an OSPF adjacency. R1 uses hello=10 and dead=40, while R2 uses hello=5 and dead=20; this mismatch prevents the neighbor relationship. Although both routers share the same area (0) and subnet mask, and OSPF process IDs are locally significant (no match required), the timer difference is the root cause.

Exam trap

Remember that OSPF process IDs are locally significant and do not need to match between routers.

Why the other options are wrong

A

This option is incorrect because OSPF can still form adjacencies between routers in different areas, provided they are correctly configured to do so. The issue in this scenario is related to OSPF timers, not area mismatches.

C

This option is incorrect because OSPF can still exchange multicast packets even if the subnet mask is not configured correctly, as long as the interfaces are up and configured for OSPF. The failure to form an adjacency is more likely due to mismatched OSPF timers.

D

This option is wrong because OSPF process IDs do not need to match for routers to form an adjacency; they only need to be in the same area and have matching network statements.

329
Multi-Selectmedium

Which four of the following statements about IPv4 static routing are true? (Choose all that apply. There are four correct answers.)

Select 4 answers
.A default static route uses 0.0.0.0/0 as the destination network.
.A floating static route is configured with a higher administrative distance than the same route learned via a dynamic routing protocol.
.A fully specified static route includes both the exit interface and the next-hop IP address.
.A static route pointing to a next-hop IP address only is resolved through ARP on the router.
.An IPv4 static route can use an IPv6 address as the next hop.
.A recursive static route requires the router to perform multiple routing table lookups to forward the packet.

Why this answer

A default static route with destination 0.0.0.0/0 matches all packets when no more specific route exists, acting as a gateway of last resort. A floating static route uses a higher administrative distance (e.g., 150) than the dynamic protocol's default (e.g., 110 for OSPF), so it only appears in the routing table if the dynamic route fails. A fully specified static route includes both the exit interface and next-hop IP, eliminating recursive lookups.

A recursive static route specifies only the next-hop IP, forcing the router to perform multiple routing table lookups to find the exit interface.

Exam trap

Cisco often tests the distinction between recursive and fully specified static routes, tricking candidates into thinking that a next-hop-only route uses ARP directly, when in fact it requires a recursive lookup first.

330
MCQhard

An administrator has just configured OSPF in a single area between router R1 and router R2, which are directly connected via their Gi0/0 interfaces with IP addresses 10.0.0.1/30 and 10.0.0.2/30. On R1, the command show ip ospf neighbor shows no entries, and a further check on R2 with show ip ospf interface gi0/0 indicates that the interface is passive. Which configuration error is most likely causing the adjacency failure?

A.The network command on R1 does not cover the 10.0.0.0/30 subnet.
B.R2 has the passive-interface default command but no no passive-interface command for Gi0/0.
C.The OSPF process IDs on R1 and R2 are mismatched.
D.The hello and dead intervals on R1 and R2 are not the same.
AnswerB

The passive-interface default command sets all OSPF interfaces to passive mode. To allow neighbor adjacency on a specific interface, a no passive-interface <interface> command is required. Without it, Gi0/0 remains passive, preventing OSPF hellos and adjacency formation.

Why this answer

The output on R2 shows the Gi0/0 interface is passive, meaning OSPF will not send or receive hello packets on that interface, preventing neighbor discovery. The passive-interface default command makes all interfaces passive by default, and without a no passive-interface Gi0/0 command, the interface remains passive, blocking adjacency formation. This directly explains why R1's show ip ospf neighbor shows no entries.

Exam trap

Cisco often tests the distinction between passive-interface default and the need for explicit no passive-interface commands, as candidates may assume that OSPF will automatically form adjacencies on directly connected interfaces without considering passive configuration.

Why the other options are wrong

A

This option fails to account for the explicit passive interface state shown on R2. A missing network statement would not cause the interface to be displayed as passive; it would simply not be enrolled in the OSPF process.

C

This is a common misconception, but process ID mismatch does not affect OSPF neighbor formation. The passive interface status on R2 directly contradicts this as the cause.

D

The passive interface status would not appear if the only issue were interval mismatches; the interface would still be active and sending hellos. This directly conflicts with the given show output.

331
MCQhard

After configuring the area 0 range 10.0.0.0 255.255.0.0 command on an OSPF ABR, a technician finds that a host at 10.0.5.100 in Area 1 cannot reach hosts in Area 0. The ABR’s OSPF database shows only the summary 10.0.0.0/16 in Area 0, and no individual /24 routes. What is the most likely cause?

A.The ABR is filtering the specific /24 routes using a distribute-list under the OSPF process.
B.The routers in Area 1 are no longer advertising their /24 routes to the ABR because the ABR is in a different area.
C.The area range command causes the ABR to advertise only the summary LSA and suppress the more-specific Type-3 LSAs for the range.
D.The ABR has automatically created a discard route to null0 for the summary, which is dropping all traffic destined to the summarized networks.
AnswerC

By default, the area range command summarizes the specified prefix range and suppresses the individual component routes from being advertised into the target area. Only the summary LSA appears in Area 0, which matches the observed behavior.

Why this answer

The area 0 range command on an OSPF ABR creates a summary Type-3 LSA and suppresses the more-specific Type-3 LSAs within that range. This is expected OSPF route summarization behavior; only the summary route is advertised into Area 0, which explains why the /24 routes are missing. The ABR continues to forward traffic properly because it retains specific routes learned from Area 1, so connectivity within the summary should still work under normal conditions.

The other answers either describe non-existent configurations or misunderstand the discard route's role.

Exam trap

Many candidates mistake the null0 discard route for an immediate black hole, but it only drops packets when no more-specific route exists in the ABR’s routing table. In this case, the ABR still has the /24 routes from Area 1, so the discard route does not block traffic.

Why the other options are wrong

A

A distribute-list requires explicit configuration; its absence makes this an unsubstantiated guess.

B

Area border routers receive all LSAs from non-backbone areas; the area boundary does not stop LSA propagation to the ABR itself.

D

The null0 route is a loop-prevention mechanism, not an absolute traffic blocker; more-specific entries in the routing table take precedence.

332
PBQmedium

You are connected to R1 via console. R1 has two upstream paths to the Internet: a primary via ISP1 (G0/0 10.1.1.1/30) and a backup via ISP2 (G0/1 10.2.2.1/30). The backup path should only be used when the primary fails. The default route to ISP1 has been configured, but you must now configure a floating static default route to ISP2 with an administrative distance of 200.

Network Topology
G0/010.1.1.1/30G0/110.2.2.1/30R1ISP1ISP2

Hints

  • Floating static routes use a higher administrative distance to serve as backups.
  • The AD of a static route defaults to 1; to make it floating, set it higher than the primary route's AD.
  • The command format is 'ip route [network] [mask] [next-hop] [distance]'.
A.ip route 0.0.0.0 0.0.0.0 10.2.2.2 200
B.ip route 0.0.0.0 0.0.0.0 10.2.2.1 2
C.ip route 0.0.0.0 0.0.0.0 10.2.2.1 1
D.ip route 0.0.0.0 0.0.0.0 10.2.2.1 250
AnswerA
solution
! R1
ip route 0.0.0.0 0.0.0.0 10.2.2.2 200

Why this answer

A floating static route ensures backup connectivity by using an administrative distance (AD) higher than the primary route's AD. Here, the primary default route has an AD of 1, so the backup must be configured with AD 200 as specified. Crucially, the next-hop address must be the ISP's IP address (10.2.2.2) in the /30 subnet, not R1's own interface IP (10.2.2.1).

Using the local interface IP creates an invalid static route. Option A is correct only with the next-hop set to 10.2.2.2. Options B and C fail because they use AD 2 and 1 respectively (not the required 200) and also point to the wrong next-hop.

Option D uses AD 250 instead of 200 and has the same next-hop error.

Exam trap

The key trap is confusing administrative distance values. Candidates often forget that the backup route must have a higher AD than the primary. They might use the same AD (causing ECMP) or a lower AD (making it preferred).

Also, they might misremember the exact AD value specified in the question. Always ensure the floating static route's AD is explicitly set higher than the primary route's AD.

Why the other options are wrong

B

Uses AD 2 instead of the specified AD 200 and a wrong next-hop of 10.2.2.1.

C

Uses AD 1 (equal to the primary route's AD), preventing failover, and a wrong next-hop of 10.2.2.1.

D

Uses AD 250 instead of the required AD 200 as specified in the question, and still uses the wrong next-hop.

333
PBQhard

You are connected to R1, which is part of an HSRP group with R2. The current configuration has both routers active for the same virtual IP, causing instability. Configure R1 with a higher priority, enable preempt, and set the virtual IP to 192.168.1.1. Also, configure interface tracking so that if R1's G0/1 goes down, its priority decreases by 15. Verify with 'show standby brief'.

Network Topology
G0/0192.168.1.2/24G0/0192.168.1.3/24switchR1R2

Hints

  • Check the current virtual IP address — it may not match the required one.
  • Both routers have the same priority and preempt is missing, causing both to be Active.
  • Use 'standby 1 track' to monitor an uplink interface.
A.On R1, configure: standby 1 priority 110, standby 1 preempt, standby 1 ip 192.168.1.1, and standby 1 track GigabitEthernet0/1 15
B.On R1, configure: standby 1 priority 110, standby 1 preempt, standby 1 ip 192.168.1.254, and standby 1 track GigabitEthernet0/1 15
C.On R1, configure: standby 1 priority 110, standby 1 preempt, standby 1 ip 192.168.1.1, and standby 1 track GigabitEthernet0/1 10
D.On R1, configure: standby 1 priority 100, standby 1 preempt, standby 1 ip 192.168.1.1, and standby 1 track GigabitEthernet0/1 15
AnswerA
solution
! R1
interface GigabitEthernet0/0
standby 1 ip 192.168.1.1
standby 1 priority 110
standby 1 preempt
standby 1 track GigabitEthernet0/1 15
end

Why this answer

The current configuration does not cause both routers to be Active; rather, R2 is likely the Active router because both have default priority (100) and no preempt, so R2 with the higher interface IP (192.168.1.3) wins the election. To ensure R1 becomes Active, set its priority to 110 and enable preempt. Also correct the virtual IP to 192.168.1.1.

Interface tracking on G0/1 with a decrement of 15 ensures R1 yields to R2 if its tracked interface fails. Option A correctly applies all these settings. Option B uses the wrong virtual IP (192.168.1.254).

Option C uses the wrong decrement value (10). Option D uses default priority (100), which will not make R1 the Active router if R2 retains default priority and higher IP.

Exam trap

Watch out for the virtual IP address and the exact decrement value. Also, remember that preempt alone does not make a router Active if its priority is not higher than the current Active router.

Why the other options are wrong

B

The virtual IP address is wrong; it should be 192.168.1.1, not 192.168.1.254.

C

The decrement value is 10 instead of the required 15.

D

The priority is not increased; it remains at the default 100, so R1 may not become the Active router.

334
Drag & Dropmedium

Drag and drop the following steps into the correct order to describe the routing table lookup process when a router receives a packet destined for 192.168.1.100, from destination IP match to forwarding decision.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The routing table lookup process begins with matching the destination IP, then longest prefix match, determining next-hop, resolving Layer 2 address, and finally forwarding the packet.

Exam trap

Do not confuse the order of operations: the longest prefix match occurs after matching the destination IP to the routing table, not before. Also, Layer 2 resolution comes after next-hop determination.

335
MCQhard

A technician is troubleshooting an OSPF network. On a broadcast segment, R1 is the DR and R2 is the BDR. R1's interface GigabitEthernet0/0 is shut down for maintenance. The technician expects that R2 will assume the DR role, but instead a new DR election occurs and another router is elected DR. What is the most likely cause?

A.The OSPF hello and dead intervals on R2 do not match those of other routers on the segment.
B.R2 has an OSPF priority of 255.
C.The OSPF network type on the segment was changed to point-to-point.
D.R2 has an OSPF priority of 0.
AnswerD

On a broadcast OSPF network, a priority of 0 makes a router ineligible for DR or BDR election. Even though R2 was the BDR, its priority of 0 prevents it from taking over as DR when R1 fails. Consequently, a new DR election is triggered among the remaining eligible routers, and a router other than R2 becomes the new DR.

Why this answer

When the DR fails on a broadcast OSPF network, the BDR normally takes over as DR and a new BDR is elected. However, if the BDR's OSPF priority is set to 0, the router is ineligible to become DR or BDR. With the DR down and the BDR ineligible, the remaining routers must hold a fresh election, and the router with the highest non-zero priority (or highest router-ID if priorities tie) becomes the new DR.

Therefore, R2's priority of 0 explains why it did not become DR and a new election was triggered.

Exam trap

Many candidates assume the BDR becomes DR automatically when the DR fails, forgetting that an OSPF priority of 0 makes a router ineligible for DR/BDR elections. If the BDR has priority 0, it will not become DR; instead, a new election occurs among the other routers.

Why the other options are wrong

A

Neighbor adjacency failure due to timer mismatch would have prevented R2 from becoming BDR at all.

B

High priority increases the chance of being elected DR, not decrease it.

C

Point-to-point networks do not have DR/BDR elections, so R2 could not have been BDR.

336
Matchingmedium

Drag and drop the OSPFv3 commands/terms on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enables OSPFv3 on a specific interface and assigns it to an area

Displays OSPFv3 neighbor adjacencies, state, and neighbor ID

Used for OSPFv3 neighbor discovery and as next-hop address

Enters OSPFv3 router configuration mode to enable the routing process

The backbone area required for all inter-area OSPFv3 routing

Lists OSPFv3-enabled interfaces, their area, and state

Why these pairings

These commands and terms are accurately paired with their OSPFv3 descriptions as per Cisco IOS.

Exam trap

Candidates often confuse the Router ID with other OSPF identifiers like the Link State ID. Remember that the Router ID uniquely identifies the router itself, while the Link State ID identifies a specific LSA. Also, do not confuse LSA types with router identifiers.

337
Drag & Dropmedium

Drag and drop the following commands into the correct order to configure OSPFv3 for IPv6 on a Cisco IOS-XE router.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First enable IPv6 routing, then create the OSPFv3 process, then assign the process to interfaces under interface configuration mode.

Exam trap

Do not confuse the order with OSPFv2. For OSPFv3, you must first enable IPv6 routing globally; otherwise, the router will reject OSPFv3 configuration commands.

338
MCQhard

R1 and R2 are directly connected via Ethernet on interface G0/0. Both interfaces are in the same subnet and configured for OSPF area 0. After enabling OSPF, R1's G0/0 is stuck in the INIT state in the OSPF neighbor table. What is the most likely cause?

A.MTU mismatch
B.Hello and dead timer mismatch
C.Missing router ID on both routers
D.A duplicate static route to 10.1.12.0/30
AnswerB

Correct choice.

Why this answer

Being stuck in the INIT state means R1 has received Hello packets from R2 but has not transitioned to the 2-WAY state. This most often occurs when critical OSPF parameters like the hello and dead timers do not match. An MTU mismatch, while problematic, would cause the adjacency to fail during database exchange (Exstart/Exchange), not during initial neighbor formation.

Missing router IDs are not a real issue because routers auto-generate them, and a duplicate static route to the connected subnet would not affect OSPF neighbor discovery.

Exam trap

A common exam trap is selecting MTU mismatch or missing router IDs as the cause of OSPF adjacency failure. While MTU mismatches can cause adjacency issues during database exchange, they do not prevent the initial neighbor relationship from forming. Missing router IDs do not block adjacency because routers automatically generate IDs if none are configured.

Another trap is confusing static routes with neighbor discovery; static routes do not influence OSPF adjacency. The key is to focus on timer mismatches, as hello and dead intervals must be identical for routers to recognize each other as neighbors and establish adjacency.

Why the other options are wrong

A

MTU mismatch can cause OSPF adjacency problems during the database exchange phase, but it does not typically prevent the initial neighbor relationship from forming. Since the question states adjacency cannot form, MTU mismatch is unlikely the primary cause.

C

Missing router IDs do not prevent OSPF adjacency because routers automatically generate a router ID if none is configured. Therefore, this option is not a valid cause for adjacency failure.

D

A duplicate static route to 10.1.12.0/30 does not affect OSPF neighbor formation, as static routes are unrelated to OSPF adjacency processes. This option is irrelevant to the adjacency issue.

339
MCQhard

A router has a static route configured: ip route 10.200.0.0 255.255.0.0 GigabitEthernet0/1. The output of show ip interface brief shows that interface GigabitEthernet0/1 is administratively down. Why is the route to 10.200.0.0/16 present in the running configuration but absent from the routing table?

A.Because the route points to an interface that is administratively down.
B.Because static routes cannot reference exit interfaces.
C.Because the destination must be a /24, not a /16.
D.Because static routes require NTP before installation.
AnswerA

This is correct because a route using an unusable exit path will not provide operational forwarding.

Why this answer

The static route is absent because the outgoing interface is down. In practical terms, when a static route depends on an interface that is not operational, the router cannot use that path, so the route is not installed as usable forwarding state. The configuration line alone is not enough; the forwarding path also has to be viable.

This is a realistic static-route troubleshooting pattern because it distinguishes between configured intent and operational state.

Exam trap

A frequent exam trap is to confuse the presence of a static route in the configuration with its presence in the routing table. Candidates often overlook the fact that a static route pointing to an administratively down interface will not be installed, leading to the mistaken belief that the route is missing due to mask length or protocol requirements. Another trap is assuming static routes cannot use exit interfaces or require time synchronization, which is false.

This question tests the candidate's understanding of the difference between configured routes and operationally valid routes, focusing on interface state as the critical factor for route installation.

Why the other options are wrong

B

Incorrect because static routes can reference exit interfaces directly; Cisco routers support static routes with either next-hop IP addresses or exit interfaces.

C

Incorrect because the subnet mask length (such as /16 vs /24) does not prevent a static route from being installed; the issue is the interface state, not the mask.

D

Incorrect because static routes do not depend on NTP or time synchronization for installation; this is unrelated to static routing behavior.

340
MCQhard

A network engineer is troubleshooting OSPFv3 adjacency between two directly connected Cisco routers, R1 and R2, both running IOS-XE. The engineer configures OSPFv3 on both routers but notices that the adjacency does not form. The engineer runs 'show ospfv3 neighbor' on R1 and sees no neighbors. What is the most likely cause of this issue?

A.The OSPFv3 process ID must match on both routers.
B.The interface GigabitEthernet0/0 is missing the 'ospfv3 1 ipv6 area 0' command.
C.The link-local addresses are not in the same subnet.
D.The router ID 1.1.1.1 is duplicated on R2.
AnswerB

Without this command, OSPFv3 is not enabled on the interface, preventing adjacency formation.

Why this answer

Option B is correct because OSPFv3 requires explicit interface-level configuration to enable the protocol on a specific interface. The correct command is 'ospfv3 1 ipv6 area 0' (or 'ipv6 ospf 1 area 0' for the traditional OSPFv3 configuration). Without this command, the interface does not participate in OSPFv3, so no Hello packets are sent or received, preventing adjacency formation.

Exam trap

Cisco often tests the distinction between OSPFv2 (where enabling the protocol under the routing process automatically activates it on all interfaces with 'network' statements) and OSPFv3 (which requires explicit per-interface activation), leading candidates to overlook the mandatory interface-level command.

Why the other options are wrong

A

This is a common misconception; OSPFv3 uses the router ID for neighbor identification, not the process ID.

C

Link-local addresses are automatically configured and do not affect OSPFv3 adjacency as long as they are unique.

D

In this scenario, no neighbors are seen, indicating a more fundamental issue like OSPFv3 not being enabled on the interface.

341
Multi-Selectmedium

A route table shows both a default route and a more specific route to 192.168.50.0/24. Which two statements describe how packets destined for 192.168.50.25 are handled?

Select 2 answers
A.The router prefers the 192.168.50.0/24 route because it is the longest prefix match
B.The default route is used only when no more-specific route matches
C.Administrative distance is compared before prefix length for forwarding decisions
D.The packet is load-balanced across both routes automatically
AnswersA, B

Longest prefix match decides forwarding when multiple routes match a destination.

Why this answer

Once routes are installed, packet forwarding follows longest prefix match. The /24 route is more specific than the default route, so traffic to 192.168.50.25 uses the /24 entry.

Exam trap

A frequent exam trap is assuming that administrative distance is compared before prefix length when selecting a route. Candidates might think that if the default route has a better administrative distance, it will be chosen over a more specific route. However, Cisco routers always apply the longest prefix match rule first, selecting the most specific route regardless of administrative distance.

Administrative distance only comes into play when multiple routes have the same prefix length. Misunderstanding this can lead to incorrect answers about how packets are forwarded, especially when both default and specific routes exist in the routing table.

Why the other options are wrong

C

Option C is incorrect because administrative distance is not compared before prefix length; prefix length is the primary factor in route selection, making this option a common misconception.

D

Option D is incorrect because Cisco routers do not load-balance between a default route and a more specific route; these routes are not considered equal-cost and the more specific route is always preferred.

342
Multi-Selectmedium

Which TWO statements about interpreting routing table output are true? (Choose two.)

Select 2 answers
A.A route with a longer prefix length is always preferred over a route with a shorter prefix length, regardless of administrative distance.
B.A directly connected route has an administrative distance of 0 and is always preferred over any dynamic route for the same network.
C.If two routes have the same prefix length, the route with the higher administrative distance is preferred.
D.The metric is used to compare routes from different routing protocols.
E.A static route configured with an administrative distance of 200 will be preferred over an OSPF route with AD 110 for the same network.
AnswersA, B

The longest-prefix match rule ensures the most specific route is used first, even if another route has a lower AD.

Why this answer

Longest-prefix match always wins regardless of AD or route source (A correct), and directly connected routes have AD 0 (B correct). C is incorrect because among equal prefix lengths, lower AD wins. D is wrong because metric only compares same-protocol routes, while AD compares across protocols.

E fails because a higher AD (200) is less preferred than OSPF's 110.

Exam trap

Cisco often tests the misconception that administrative distance is the primary tie-breaker, but the trap here is that the longest prefix match rule always takes precedence, even over a directly connected route with AD 0.

Why the other options are wrong

C

A lower AD indicates a more trustworthy source, so the route with the lower AD is preferred, not the higher one.

D

Metrics are only comparable within the same routing protocol (e.g., OSPF cost vs. EIGRP composite metric). For different protocols, AD is used to select the best route.

E

A lower AD is preferred; OSPF AD 110 is lower than 200, so the OSPF route would be chosen.

343
PBQhard

You are connected to R1. Configure single-area OSPFv2 on R1 and R2 so that they become fully adjacent. The link between them is 10.0.0.0/30, with R1 using G0/0 and R2 using G0/1. The current configuration has mismatched hello/dead timers: R1's G0/0 uses hello 10 and dead 40, while R2's G0/1 uses hello 30 and dead 120. Also, the 'passive-interface loopback0' command is missing on R1. Ensure OSPF is enabled in area 0, use router-id 1.1.1.1 on R1 and 2.2.2.2 on R2, and correct the timer mismatch.

Network Topology
G0/010.0.0.1/30G0/110.0.0.2/30linkR1R2

Hints

  • Check the hello/dead timers on both routers' interfaces.
  • The loopback0 interface should not send OSPF hellos.
  • Use 'ip ospf hello-interval' and 'ip ospf dead-interval' on the interface with wrong timers.
A.On R2, configure 'ip ospf hello-interval 10' and 'ip ospf dead-interval 40' under G0/1. On R1, configure 'passive-interface loopback0' under router ospf.
B.On R1, configure 'ip ospf hello-interval 30' and 'ip ospf dead-interval 120' under G0/0. On R2, configure 'passive-interface loopback0' under router ospf.
C.On R1, configure 'ip ospf hello-interval 10' and 'ip ospf dead-interval 40' under G0/0. On R2, configure 'passive-interface loopback0' under router ospf.
D.On R2, configure 'ip ospf hello-interval 30' and 'ip ospf dead-interval 120' under G0/1. On R1, configure 'passive-interface loopback0' under router ospf.
AnswerA
solution
! R1
configure terminal
router ospf 1
passive-interface loopback0
end
write memory

! R2
configure terminal
interface gigabitethernet0/1
ip ospf hello-interval 10
ip ospf dead-interval 40
end
write memory

Why this answer

The adjacency fails because R2's G0/1 has hello/dead timers of 30/120, while R1's G0/0 uses 10/40. To fix, on R2 under interface G0/1, use 'ip ospf hello-interval 10' and 'ip ospf dead-interval 40'. Additionally, R1's loopback0 is advertised via a /32 network statement but should be made passive to prevent OSPF hellos from being sent out (where no neighbor exists).

On R1, configure 'passive-interface loopback0' under router ospf. After both changes, adjacency forms.

Exam trap

Watch out for timer mismatches: OSPF requires hello and dead intervals to match between neighbors. Also, remember that loopback interfaces should be made passive to avoid unnecessary OSPF hellos. Do not confuse which router needs the timer change or where the passive-interface command should be applied.

Why the other options are wrong

B

The specific factual error is that the passive-interface command is applied on the wrong router (R2 instead of R1) and the timers are changed on R1 instead of R2.

C

The specific factual error is that the timer change is applied to the wrong interface (R1's G0/0 already has correct timers) and the passive-interface is applied to the wrong router.

D

The specific factual error is that the timer values are not changed; they remain mismatched with R1's timers.

344
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure and verify a floating IPv4 static route as a backup path.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct order begins with configuring the primary static route because it defines the main path. Checking its administrative distance (default 1) is essential to then set a higher AD for the floating route, ensuring it acts only as a backup. Next, the floating static route is configured with a higher AD so it is less preferred.

Verification of the routing table shows only the primary route installed. Simulating a failure by shutting down the primary interface triggers the failover. Finally, rechecking the routing table confirms the floating route is now active, proving backup operation.

← PreviousPage 5 of 5 · 344 questions total

Ready to test yourself?

Try a timed practice session using only IP Routing questions.