ENCOR 350-401 (350-401) — Questions 151225

2015 questions total · 27pages · All types, answers revealed

Page 2

Page 3 of 27

Page 4
151
Drag & Dropmedium

Drag and drop the steps of IGMP v3 SSM membership report process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

IGMPv3 SSM membership reports are sent by hosts to request traffic from specific sources. The host first sends a Membership Report listing desired (S,G) pairs. The router processes the report, updates its multicast routing table, and then sends PIM (S,G) Joins toward the source.

The source forwards traffic, which is then delivered to the host.

152
MCQmedium

What is the purpose of the 'encapsulation replicate' keyword in a SPAN destination configuration?

A.It preserves the original VLAN tag of mirrored frames.
B.It duplicates the mirrored traffic to multiple destination ports.
C.It enables RSPAN functionality.
D.It allows the destination port to send traffic as well.
AnswerA

Without this keyword, the destination port strips the VLAN tag; with it, the tag is preserved.

Why this answer

The 'encapsulation replicate' keyword ensures that the mirrored traffic retains its original VLAN tag when sent to the destination port, which is useful for monitoring trunk traffic.

153
MCQhard

A network engineer is deploying Cisco SD-Access in a large enterprise campus. The design requires that all user traffic be segmented by Virtual Network (VN) and that the fabric edge nodes perform SGT-based enforcement. The engineer notices that traffic between two endpoints in the same IP subnet but different VNs is being forwarded directly at the fabric edge without any SGT inspection. What is the most likely cause?

A.The fabric edge nodes have not been configured with the proper SGT mappings.
B.The endpoints are in the same IP subnet, so they must be in the same Virtual Network; SGT enforcement only applies to inter-VN traffic.
C.The fabric edge nodes are operating in Layer 2 mode and do not support SGT enforcement.
D.The control plane node has not been configured with the correct IP-SGT mappings.
AnswerB

Correct. In SD-Access, endpoints in the same subnet belong to the same VN. SGT enforcement is only performed when traffic crosses VNs (inter-VN). Intra-VN traffic is bridged locally without SGT inspection.

Why this answer

In Cisco SD-Access, Virtual Networks (VNs) provide Layer 3 segmentation. Traffic between endpoints in the same IP subnet but different VNs is inherently Layer 2 traffic and cannot be routed or inspected by SGT-based enforcement, which only applies to inter-VN (Layer 3) traffic. Since the endpoints are in the same subnet, the fabric edge node forwards the traffic at Layer 2 without SGT inspection, making option B correct.

Exam trap

The trap here is that candidates assume SGT enforcement applies to all traffic between different VNs, forgetting that same-subnet traffic is Layer 2 and thus not subject to Layer 3 SGT inspection, leading them to incorrectly focus on configuration issues like missing SGT mappings.

How to eliminate wrong answers

Option A is wrong because SGT mappings are used for SGT-based enforcement on inter-VN traffic, but the issue here is that traffic is in the same subnet (Layer 2), so SGT mappings are irrelevant. Option C is wrong because fabric edge nodes in SD-Access operate in Layer 3 mode (routed overlay) and support SGT enforcement; Layer 2 mode is not a standard operational mode for fabric edge nodes in this context. Option D is wrong because the control plane node maintains IP-to-SGT mappings for inter-VN traffic, but the problem is that the traffic is intra-subnet (Layer 2), so control plane mappings are not involved.

154
MCQmedium

Consider the following Python script using the requests library to interact with a Cisco IOS-XE device via RESTCONF: ```python import requests from requests.auth import HTTPBasicAuth url = 'https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/interface/GigabitEthernet=1/0/1' headers = { 'Accept': 'application/yang-data+json', 'Content-Type': 'application/yang-data+json' } auth = HTTPBasicAuth('admin', 'cisco') response = requests.get(url, headers=headers, auth=auth, verify=False) print(response.json()) ``` What is the script attempting to do?

A.It updates the IP address of GigabitEthernet1/0/1.
B.It retrieves the configuration of GigabitEthernet1/0/1 in JSON format.
C.It deletes the interface configuration.
D.It creates a new interface.
AnswerB

The GET request with Accept header for YANG data+JSON retrieves the interface configuration.

Why this answer

The script sends a GET request to retrieve the configuration of GigabitEthernet1/0/1 using RESTCONF.

155
Multi-Selecthard

Which three statements about Python functions and modules for network automation are true? (Choose three.)

Select 3 answers
A.Using functions helps avoid code duplication and improves script maintainability.
B.The os module is used to parse JSON data from network device responses.
C.The json module is used to convert JSON strings to Python dictionaries.
D.The csv module is used to parse JSON data from network devices.
E.The re module is useful for extracting specific patterns from device show command output.
AnswersA, C, E

Correct because functions encapsulate reusable logic, reducing duplication and making scripts easier to maintain.

Why this answer

Correct answers: A, C, and E. A is correct because functions promote code reuse and readability by encapsulating logic. C is correct because the json module is essential for parsing JSON responses from REST APIs.

E is correct because the re module allows pattern matching in device outputs, such as parsing 'show' command results. B is incorrect because the os module is for operating system interactions, not for parsing JSON. D is incorrect because the csv module is for reading/writing CSV files, not for parsing JSON.

156
Matchingmedium

Drag and drop each EtherChannel port state on the left to its matching description on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Port is part of the channel and forwards traffic

Port is not part of the channel, operates as normal switchport

Port is disabled due to incompatible parameters

Port is in process of negotiation (LACP/PAgP)

Port has been added to the port-channel interface

Why these pairings

Bundled ports actively forward traffic; stand-alone ports operate individually; suspended ports are disabled due to misconfiguration.

157
Matchingmedium

Drag and drop each DNA Center package on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides network analytics, health scores, and troubleshooting insights

Automates device onboarding, configuration deployment, and software image management

Defines network hierarchy, site profiles, and global settings

Enforces access control, QoS, and segmentation policies

Orchestrates workflows for device provisioning and configuration changes

Why these pairings

Cisco DNA Center packages: Assurance provides analytics and troubleshooting; Provision automates device configuration; Design creates network hierarchies and settings; Policy manages access and segmentation.

158
Matchingmedium

Drag and drop each WAN transport type on the left to its matching SD-WAN characteristic on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides guaranteed SLA, low jitter, and private connectivity

Cost-effective transport with variable latency and potential packet loss

Cellular transport enabling mobility and rapid deployment with moderate bandwidth

High-bandwidth, low-latency cellular transport with network slicing capabilities

High-latency transport used for remote or maritime connectivity

Why these pairings

MPLS offers predictable performance; broadband Internet provides low-cost but variable quality; LTE offers mobility; 5G adds low latency and high bandwidth.

159
Multi-Selectmedium

Which three statements about BGP peering are true? (Choose three.)

Select 3 answers
A.eBGP peers are typically directly connected, but can be multi-hop with the ebgp-multihop command.
B.iBGP peers can be non-directly connected and often use loopback interfaces for reachability.
C.The default TTL for eBGP packets is 255.
D.In iBGP, all routers within the same AS must be fully meshed unless route reflectors or confederations are used.
E.The BGP router ID is used only for OSPF, not for BGP.
AnswersA, B, D

Correct because eBGP by default assumes direct connection, but multi-hop is possible.

Why this answer

eBGP peers typically use a directly connected interface or a loopback with proper routing. iBGP peers can be non-directly connected and often use loopback interfaces for stability. The TTL for eBGP is set to 1 by default, but can be increased with the ebgp-multihop command. iBGP requires that all routers in the same AS are fully meshed or use route reflectors to avoid loops. The BGP identifier (router ID) is used to identify the BGP speaker and is used in loop prevention for iBGP.

160
MCQhard

A network engineer is troubleshooting a performance issue on a Cisco Catalyst 9300 switch. The engineer suspects that a specific application is using excessive bandwidth. The switch supports Flexible NetFlow. The engineer wants to monitor only the traffic from that application without affecting the switch's CPU. What is the most efficient way to configure this?

A.Define a flow record that matches the specific application using NBAR or an ACL, and apply a flow monitor with a sampler rate to reduce CPU impact.
B.Enable NetFlow on all interfaces and export all flows to the collector, then filter at the collector.
C.Use SNMP to poll interface counters and calculate the bandwidth used by the application.
D.Configure port mirroring (SPAN) to send all traffic to an external probe for analysis.
AnswerA

Correct because matching only the application of interest and using a sampler minimizes the number of flows processed, reducing CPU load.

Why this answer

Flexible NetFlow allows filtering to reduce CPU impact. Option A is correct because using a flow record with a match on the application (e.g., NBAR or ACL) and a sampler reduces the number of flows processed. Option B is incorrect because capturing all flows would increase CPU load.

Option C is incorrect because SNMP polling gives aggregate data, not per-application. Option D is incorrect because mirroring all traffic to a probe would also increase CPU load.

161
Drag & Dropmedium

Drag and drop the steps of MPLS L3VPN packet forwarding steps into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order begins with the ingress PE receiving an IP packet from the CE, looking up the VRF and imposing the inner VPN label and outer MPLS label, then forwarding the MPLS packet across the core. The P router swaps the outer label, and the egress PE pops the outer label, looks up the inner VPN label, and forwards the IP packet to the destination CE.

162
MCQhard

An organization is migrating from a traditional three-tier architecture to a leaf-spine fabric using VXLAN EVPN. The design requires that virtual machines can move between racks without IP address changes. Which technology must be enabled at the leaf switches to support this mobility?

A.Overlay Transport Virtualization (OTV).
B.VXLAN with EVPN control plane.
C.VRF-Lite with route redistribution.
D.MPLS L3VPN with BGP.
AnswerB

Provides Layer 2 overlay over Layer 3 underlay, enabling VM mobility.

Why this answer

VXLAN with EVPN control plane (B) is correct because it provides a Layer 2 overlay network that extends VLANs across the leaf-spine fabric, enabling virtual machine mobility without IP address changes. EVPN uses BGP to distribute MAC and IP address information, allowing the leaf switches to learn and forward traffic to VMs regardless of their physical location, which is essential for seamless VM migration between racks.

Exam trap

Cisco often tests the distinction between Layer 2 extension technologies (VXLAN EVPN) and Layer 3 VPNs (MPLS L3VPN), leading candidates to mistakenly choose MPLS L3VPN because it also uses BGP, but it cannot support Layer 2 mobility without IP changes.

How to eliminate wrong answers

Option A is wrong because Overlay Transport Virtualization (OTV) is a Cisco proprietary technology designed for interconnecting data centers over Layer 3 networks, not for intra-fabric VM mobility within a single leaf-spine architecture. Option C is wrong because VRF-Lite with route redistribution provides Layer 3 segmentation and routing but does not support Layer 2 extension or MAC mobility required for VM migration without IP changes. Option D is wrong because MPLS L3VPN with BGP is a Layer 3 VPN technology that operates at Layer 3 and cannot extend Layer 2 domains, making it unsuitable for preserving IP addresses during VM moves.

163
MCQeasy

A company uses Cisco Catalyst Center (formerly DNA Center) for intent-based networking. After upgrading the Catalyst Center appliance, the engineer notices that some devices are unreachable via the network, but the Catalyst Center GUI shows them as 'Managed'. What is the most likely cause?

A.SNMP community strings are misconfigured
B.Devices were reassigned to different roles
C.Certificate trust between devices and Catalyst Center expired
D.The IP address of the Catalyst Center appliance changed after the upgrade
AnswerD

A changed IP address would break management connectivity.

Why this answer

When the Catalyst Center appliance is upgraded, its IP address may change if the upgrade process resets network configuration or if the appliance is redeployed with a new IP. Devices are managed via IP-based communication (e.g., SSH, SNMP, NETCONF), and if the Catalyst Center IP changes, devices will still show as 'Managed' in the GUI because the database retains the device state, but the devices themselves cannot be reached because they are trying to communicate with the old IP address. This mismatch causes unreachability despite the managed status.

Exam trap

Cisco often tests the distinction between GUI state (which can be stale) and actual network reachability, leading candidates to focus on protocol misconfigurations (like SNMP or certificates) rather than the underlying IP connectivity change.

How to eliminate wrong answers

Option A is wrong because SNMP community string misconfigurations would cause polling failures and likely show devices as 'Unmanaged' or with errors, not as 'Managed' while being unreachable. Option B is wrong because reassigning devices to different roles is a configuration change that would not inherently cause unreachability; it would affect policy application, not basic connectivity. Option C is wrong because certificate trust expiration would affect secure communication (e.g., for NETCONF or RESTCONF), but Catalyst Center uses IP-based management and would typically show a certificate error or authentication failure, not a simple unreachability while still showing 'Managed'.

164
MCQmedium

Examine the following OSPF configuration on a Cisco IOS-XE router: router ospf 1 router-id 1.1.1.1 network 10.0.0.0 0.255.255.255 area 0 network 192.168.1.0 0.0.0.255 area 1 default-information originate always metric 10 metric-type 1 What is the effect of the 'default-information originate always' command?

A.A default route is advertised into OSPF only if the router has a default route in its routing table.
B.A default route is unconditionally advertised into OSPF with metric 10 and type E1.
C.The router will redistribute static default routes into OSPF.
D.The router will generate a default route only for area 1.
AnswerB

The 'always' keyword ensures unconditional advertisement, and metric-type 1 means E1.

Why this answer

This command injects a default route (0.0.0.0/0) into the OSPF domain unconditionally, even if the router does not have a default route in its routing table. The metric and type are set as specified.

165
MCQhard

An engineer configures EIGRP on a new router in a DMVPN network. The router has a single physical interface with two subinterfaces: one for the DMVPN tunnel and one for a direct point-to-point link to a hub router. The engineer notices that EIGRP adjacencies form only on the point-to-point link, not on the DMVPN tunnel. The tunnel interface is configured with ip nhrp network-id 1 and ip nhrp nhs 10.1.1.1. What is the most likely reason?

A.The tunnel interface is not configured with the 'ip nhrp map' command for the hub router.
B.The tunnel interface is not configured with the 'ip eigrp' command under the interface configuration.
C.The DMVPN tunnel is using a different autonomous system number than the point-to-point link.
D.The tunnel interface is in a different VRF than the point-to-point link.
AnswerB

Correct. For EIGRP to form an adjacency over the tunnel interface, the interface must be included in the EIGRP process, typically with 'ip eigrp <as-number>' under the interface. Without it, EIGRP will not send or receive hello packets on that interface.

Why this answer

Option B is correct because the most common reason for EIGRP not forming an adjacency over a tunnel interface is the absence of the 'ip eigrp' command under that interface. Without this command, EIGRP is not enabled on the tunnel, so it will not send or process Hello packets, preventing adjacency formation even if NHRP and tunnel parameters are correctly configured.

Exam trap

Cisco often tests the distinction between routing protocol configuration (e.g., 'ip eigrp') and tunnel-specific parameters (e.g., NHRP), leading candidates to incorrectly blame NHRP mapping or AS number mismatches when the real issue is the missing EIGRP enable command on the interface.

How to eliminate wrong answers

Option A is wrong because the 'ip nhrp map' command is not required for a hub router in a DMVPN phase 2 or 3 spoke configuration; the spoke uses NHRP to dynamically register with the hub, and the hub's address is already specified with 'ip nhrp nhs'. Option C is wrong because if the autonomous system numbers were different, EIGRP would still attempt to form an adjacency but would fail due to mismatched AS numbers, not fail to initiate the adjacency at all; the question states adjacencies form only on the point-to-point link, implying the tunnel interface is not even attempting to form an adjacency. Option D is wrong because a VRF mismatch would prevent routing information exchange but would not prevent the EIGRP adjacency from forming; EIGRP can form adjacencies across VRFs if configured correctly, and the issue here is that no adjacency forms at all.

166
MCQmedium

An organization is implementing 802.1X for wireless users using Cisco ISE as the RADIUS server. The network engineer configures the wireless LAN controller (WLC) with 802.1X authentication. Users report that they can connect to the SSID but cannot access any network resources. The engineer checks the WLC and sees that users are authenticated and assigned to VLAN 100. The engineer also checks the switchport connecting the WLC and sees it is a trunk. What is the most likely issue?

A.The RADIUS server is not sending the correct VLAN ID in the Access-Accept.
B.The switch trunk port does not have VLAN 100 allowed.
C.The WLC is not configured for 802.1X on the uplink to the switch.
D.The users' devices are not configured for MAB.
AnswerB

Correct because the WLC sends tagged traffic on VLAN 100, and the trunk must permit it.

Why this answer

When using 802.1X with WLC, the WLC typically uses VLAN tagging. If the WLC is configured to tag traffic from the SSID with a specific VLAN, the switch trunk must allow that VLAN. Option B is correct because if VLAN 100 is not allowed on the trunk, traffic will be dropped.

Option A is incorrect because the users are authenticated, so the RADIUS server is working. Option C is incorrect because the WLC does not need 802.1X on the uplink. Option D is incorrect because the WLC does not use MAB for wireless.

167
MCQeasy

What is the default OSPF hello interval on an Ethernet link?

A.10 seconds
B.30 seconds
C.40 seconds
D.5 seconds
AnswerA

This is the standard default for Ethernet and other broadcast networks.

Why this answer

OSPF uses different hello intervals depending on the network type. On broadcast and point-to-point networks (like Ethernet), the default hello interval is 10 seconds.

168
MCQeasy

Which component in Cisco SD-WAN is responsible for orchestrating the overlay network, including authentication and NAT traversal?

A.vBond orchestrator
B.vSmart controller
C.vManage NMS
D.vEdge router
AnswerA

vBond is the orchestrator that handles authentication, NAT traversal, and helps devices discover vSmart and vManage.

Why this answer

The vBond orchestrator is responsible for the initial authentication of all SD-WAN components (vSmart, vManage, vEdge/cEdge) into the overlay network. It also performs NAT traversal by discovering and distributing the public IP addresses and port numbers of vEdge routers behind NAT, enabling secure DTLS/TLS connections between them. Without vBond, new devices cannot securely join the fabric or establish control-plane connectivity.

Exam trap

Cisco often tests the misconception that vSmart handles all control-plane functions including authentication, but the trap here is that vSmart only manages OMP routes and policies, while vBond is the dedicated orchestrator for initial trust and NAT traversal.

How to eliminate wrong answers

Option B (vSmart controller) is wrong because the vSmart controller is responsible for distributing control-plane policies (e.g., routing, data policies) and managing the OMP (Overlay Management Protocol) sessions, not for initial authentication or NAT traversal. Option C (vManage NMS) is wrong because vManage is the network management system that provides a GUI for configuration, monitoring, and analytics, but it does not handle device authentication or NAT discovery. Option D (vEdge router) is wrong because vEdge routers are the data-plane devices that forward traffic and terminate tunnels; they do not orchestrate the overlay or authenticate other components.

169
Matchingmedium

Drag and drop each DTP mode on the left to its matching trunking behavior on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Actively sends DTP frames; forms trunk if neighbor is trunk, desirable, or auto

Passively waits for DTP frames; forms trunk only if neighbor is trunk or desirable

Forces the interface to be a trunk regardless of DTP negotiation

Forces the interface to be an access port; never forms a trunk

Disables DTP; requires manual trunk configuration

Why these pairings

Dynamic desirable actively sends DTP frames and forms a trunk if the neighbor is trunk, dynamic desirable, or dynamic auto. Dynamic auto forms a trunk only if the neighbor is trunk or dynamic desirable. Trunk always forms a trunk.

Access never forms a trunk. None disables DTP.

170
Multi-Selecthard

Which three statements about BGP route selection are true? (Choose three.)

Select 3 answers
A.A route with a lower MED is preferred over a route with a higher MED when all other factors are equal.
B.A route with a higher LOCAL_PREF is preferred over a route with a lower LOCAL_PREF.
C.A route with a shorter AS_PATH is preferred over a route with a longer AS_PATH.
D.A route with a lower weight is preferred over a route with a higher weight.
E.A route with ORIGIN code EGP is preferred over a route with ORIGIN code IGP.
AnswersA, B, C

Correct: MED is used to influence inbound traffic; a lower MED is preferred.

Why this answer

The BGP best-path selection algorithm considers the highest weight first, then highest LOCAL_PREF, then locally originated routes (network or aggregate), then shortest AS_PATH, then lowest ORIGIN code (IGP < EGP < incomplete), then lowest MED, and so on. Routes with a lower MED are preferred. The highest LOCAL_PREF is preferred.

The shortest AS_PATH is preferred. The lowest ORIGIN code is preferred. The lowest weight is not preferred; weight is Cisco-specific and higher weight is preferred.

171
MCQmedium

Examine this OSPF configuration on router R4: interface GigabitEthernet0/0 ip address 172.16.1.4 255.255.255.0 ip ospf 1 area 0 ip ospf cost 50 ! router ospf 1 router-id 4.4.4.4 network 172.16.0.0 0.0.255.255 area 0 What is the OSPF cost of the GigabitEthernet0/0 interface?

A.50
B.1 (default for GigabitEthernet)
C.100 (derived from reference bandwidth 100 Mbps / 1 Gbps)
D.10 (derived from reference bandwidth 1000 Mbps / 100 Mbps)
AnswerA

The cost is explicitly set to 50 with the 'ip ospf cost' command.

Why this answer

The OSPF cost of an interface is determined by the `ip ospf cost` command, which explicitly overrides the default cost calculation based on reference bandwidth. Since R4's GigabitEthernet0/0 interface has `ip ospf cost 50` configured under it, the cost is set to 50 regardless of the interface bandwidth or reference bandwidth settings.

Exam trap

Cisco often tests the precedence of the `ip ospf cost` command over the default cost calculation, trapping candidates who assume the default cost for GigabitEthernet (1) or who incorrectly calculate the cost using the reference bandwidth formula without considering the explicit configuration.

How to eliminate wrong answers

Option B is wrong because the default OSPF cost for a GigabitEthernet interface is not 1; the default cost is calculated as reference bandwidth (default 100 Mbps) divided by interface bandwidth (1000 Mbps), which equals 1 only if the reference bandwidth is set to 1000 Mbps. Option C is wrong because the cost derived from the default reference bandwidth (100 Mbps) divided by 1 Gbps would be 0.1, which is not a valid OSPF cost (costs are integers, and Cisco rounds up to 1). Option D is wrong because the calculation of 1000 Mbps / 100 Mbps equals 10, but this would only apply if the reference bandwidth were changed to 1000 Mbps and the interface bandwidth were 100 Mbps, which does not match the GigabitEthernet interface's actual bandwidth of 1 Gbps.

172
MCQmedium

A network engineer applies the above CoPP policy on a router. The router has BGP peers, SSH management, and SNMP monitoring. After applying this policy, which traffic will be affected?

A.BGP sessions may flap due to dropped keepalives.
B.Data plane traffic will be dropped.
C.Only SSH sessions will be rate-limited.
D.SNMP and SSH will be unaffected because they are explicitly permitted.
AnswerA

BGP keepalives are matched and subject to the policer.

Why this answer

The CoPP policy applies to control plane traffic, not data plane traffic. BGP keepalives are control plane packets; if the policy drops or rate-limits them, BGP sessions may time out and flap. The correct answer is A because BGP keepalives are essential for maintaining neighbor adjacency, and dropping them directly causes session instability.

Exam trap

Cisco often tests the misconception that CoPP affects data plane traffic or that only management protocols like SSH are impacted, when in fact control plane policing targets all control plane packets, including routing protocol keepalives.

How to eliminate wrong answers

Option B is wrong because CoPP operates on the control plane, not the data plane; data plane traffic is forwarded in hardware and unaffected by control plane policing. Option C is wrong because the policy affects all control plane traffic matching the class maps, not just SSH; BGP and SNMP are also subject to rate-limiting or dropping. Option D is wrong because SNMP and SSH are not 'unaffected' — they are explicitly permitted only if they match a permit ACE in the class map; if the class map drops or rate-limits them, they will be affected.

173
MCQmedium

Consider the following configuration: class-map match-all HTTP match protocol http policy-map QOS class HTTP police 2000000 1500 3000 conform-action transmit exceed-action drop interface GigabitEthernet0/1 service-policy input QOS What is the effect of this configuration?

A.HTTP traffic is policed to an average rate of 2 Mbps; packets that exceed the rate are dropped, while conforming packets are transmitted.
B.HTTP traffic is shaped to an average rate of 2 Mbps; excess packets are buffered.
C.The police command will mark HTTP packets with a DSCP value of 0 if they exceed the rate.
D.The configuration is invalid because 'police' cannot be used in a 'service-policy input' direction.
AnswerA

Correct. Policing with 'conform-action transmit' and 'exceed-action drop' drops excess traffic.

Why this answer

The police command limits HTTP traffic to an average rate of 2 Mbps with a normal burst of 1500 bytes and an excess burst of 3000 bytes. Traffic within the rate is transmitted; traffic exceeding the rate is dropped.

174
MCQmedium

A network engineer is troubleshooting multicast video distribution across an enterprise campus. The multicast source is connected to a switch that is the PIM Designated Router (DR) on a multi-access segment. Receivers in a different VLAN report that they are not receiving the multicast stream, although the DR shows the correct (S,G) entry. The engineer checks the RPF neighbor for the source and notices that the unicast route to the source points to a different interface than the one where the multicast stream is received. What is the most likely cause of the issue?

A.The DR is not configured as the RP (Rendezvous Point).
B.The multicast stream is arriving on an interface that is not the RPF interface for the source.
C.The switchport connected to the source is not configured as a trunk.
D.IGMP snooping is disabled on the receiver VLAN.
AnswerB

Correct because multicast forwarding requires the incoming interface to match the unicast RPF interface; a mismatch causes the packet to be dropped.

Why this answer

Multicast forwarding requires RPF check: the incoming interface for multicast traffic must match the unicast reverse path to the source. If the unicast route points to a different interface, the RPF check fails and the multicast packet is dropped, even if the DR is correct.

175
MCQmedium

Consider the following partial configuration on Router R1: ip sla 2 icmp-echo 10.2.2.2 frequency 15 ip sla schedule 2 life forever start-time now ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly Which statement about this configuration is true?

A.The IP SLA operation will send ICMP echo requests every 15 seconds and trigger an event if a timeout occurs, but the trigger will only activate once.
B.The IP SLA operation will send ICMP echo requests every 15 seconds and continuously trigger events for each timeout.
C.The IP SLA operation will send ICMP echo requests every 15 seconds and trigger an event if the round-trip time exceeds a threshold.
D.The IP SLA operation will send ICMP echo requests every 15 seconds, but the 'reaction-configuration' command is invalid because it requires a threshold value.
AnswerA

'threshold-type immediate' triggers as soon as a timeout occurs, and 'action-type triggerOnly' ensures it triggers only once.

Why this answer

The 'reaction-configuration' command configures IP SLA to monitor the 'timeout' condition. When a timeout occurs, it triggers an immediate action, but 'triggerOnly' means it only triggers once and does not reset automatically.

176
Multi-Selecthard

Which two statements about Cisco QoS classification and marking are true? (Choose two.)

Select 2 answers
A.A class map can match traffic based on DSCP, CoS, IP precedence, or ACL.
B.Marking should be performed as close to the source as possible, typically at the access layer.
C.Marking can only be applied to Layer 2 frames using CoS bits.
D.Marking is a congestion avoidance mechanism that uses tail drop.
E.A class map is used to apply marking actions to classified traffic.
AnswersA, B

Correct because class maps support multiple match criteria including DSCP, CoS, IP precedence, and ACLs.

Why this answer

Classification identifies traffic based on fields like DSCP, CoS, or IP precedence. Marking sets the DSCP or CoS value for subsequent actions. The 'class-map' command matches traffic, and 'policy-map' applies marking.

Option A is correct because class maps can match on DSCP, CoS, IP precedence, or even ACLs. Option B is correct because marking is typically done at the trust boundary (access layer) to set the initial QoS marking. Option C is incorrect because marking is not limited to Layer 2; Layer 3 DSCP marking is common.

Option D is incorrect because marking does not use tail drop; tail drop is a congestion avoidance mechanism. Option E is incorrect because class maps do not apply actions; policy maps do.

177
MCQeasy

A network engineer runs the following command on Router R4: R4# show mpls interfaces Interface IP Tunnel BGP Static Operational GigabitEthernet0/0 Yes No No No Yes GigabitEthernet0/1 Yes No No No Yes GigabitEthernet0/2 No No No No No Based on this output, what can be concluded?

A.MPLS is enabled and operational on GigabitEthernet0/0 and GigabitEthernet0/1.
B.MPLS is enabled on all three interfaces, but only Gi0/0 and Gi0/1 are operational.
C.BGP and Static label switching are enabled on Gi0/0 and Gi0/1.
D.Tunnel interfaces are configured on Gi0/0 and Gi0/1.
AnswerA

Both interfaces show IP: Yes and Operational: Yes.

Why this answer

The command shows which interfaces are enabled for MPLS. The 'IP' column indicates if MPLS is enabled for IP forwarding. 'Operational' shows if MPLS is actually up. Gi0/2 has MPLS disabled (IP: No) and is not operational.

178
Drag & Dropmedium

Drag and drop the steps of configuring an iBGP route reflector cluster into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, enable BGP on the route reflector. Second, configure the route reflector's cluster ID (if not using router-id). Third, configure the route reflector clients.

Fourth, establish iBGP peerings between the route reflector and its clients. Finally, verify that the route reflector is advertising routes correctly.

179
MCQhard

A network engineer runs the following command on Router R2: R2# show ip bgp summary BGP router identifier 10.0.0.2, local AS number 65002 BGP table version is 10, main routing table version 10 4 network entries using 576 bytes of memory 4 path entries using 320 bytes of memory 3/2 BGP path/bestpath attribute entries using 456 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1376 total bytes of memory BGP activity 6/2 prefixes, 6/2 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.1 4 65001 1024 1020 10 0 0 02:15:30 3 192.168.1.3 4 65003 0 0 0 0 0 00:00:12 Idle (Admin) Based on this output, what can be concluded?

A.The BGP session to 192.168.1.3 is down due to a network failure.
B.The BGP session to 192.168.1.3 has been manually disabled.
C.Router R2 has received 3 routes from 192.168.1.1.
D.The BGP table version is 10, meaning 10 routes are in the table.
AnswerB

The Idle state with '(Admin)' is a clear indication that the neighbor has been administratively shut down.

Why this answer

The BGP summary shows two neighbors. The neighbor 192.168.1.1 (AS 65001) is up (02:15:30) and has sent 3 prefixes (PfxRcd=3). The neighbor 192.168.1.3 (AS 65003) is in Idle state with '(Admin)' indicating it has been administratively shut down (using 'neighbor shutdown' command).

The Idle state with Admin flag means the neighbor is manually disabled.

180
Multi-Selecthard

Which two statements about VRF route leaking are true? (Choose two.)

Select 2 answers
A.Route leaking between VRFs can be achieved by configuring static routes with the 'global' keyword.
B.BGP can be used to leak routes between VRFs by using import and export route-targets.
C.Route leaking merges the routing tables of two VRFs into one.
D.VRF-lite automatically supports route leaking without any additional configuration.
E.Route leaking requires MPLS to be enabled.
AnswersA, B

Correct because 'ip route vrf A X.X.X.X Y.Y.Y.Y global' leaks a route to the global table.

Why this answer

Correct: Route leaking can be done using static routes or BGP with import/export maps. Incorrect: Route leaking does not merge routing tables; VRF-lite does not inherently support it; it does not require MPLS; it is not automatic.

181
Drag & Dropmedium

Drag and drop the steps of SD-WAN overlay routing protocol (OMP) route advertisement sequence into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In OMP, the sequence starts with the edge device learning routes locally (connected, static, or dynamic), then redistributing them into OMP and sending to vSmart. vSmart processes and installs routes in its RIB, then advertises the best routes to other edge devices. The receiving edge device installs the route in its forwarding table and optionally redistributes into its local routing protocol.

182
Drag & Dropmedium

Drag and drop the steps of PIM DM (Dense Mode) flood and prune steps into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

PIM Dense Mode initially floods multicast traffic to all PIM-enabled interfaces. Routers that do not have interested receivers send Prune messages upstream. The upstream router then stops forwarding traffic on the pruned interface.

If a new receiver appears, a Graft message re-adds the branch.

183
MCQmedium

A network engineer is configuring dynamic ARP inspection (DAI) on a Cisco switch to prevent ARP spoofing. The switch has DHCP snooping enabled and the DHCP server is trusted. The engineer enables DAI on VLAN 10 and configures 'ip arp inspection trust' on the port connected to the DHCP server. After enabling DAI, some legitimate ARP replies from hosts are being dropped. The engineer checks the DAI statistics and sees 'ARP ACL drops' incrementing. What is the most likely reason?

A.The hosts have static IP addresses, so their MAC-IP bindings are not in the DHCP snooping database.
B.The port connected to the DHCP server should be untrusted for DAI to work correctly.
C.The DHCP server is in a different VLAN, and DAI cannot validate cross-VLAN ARP.
D.DAI is checking the destination MAC address, which does not match the expected value.
AnswerA

Correct because DAI relies on the DHCP snooping binding table; static hosts require an ARP ACL.

Why this answer

DAI validates ARP packets against the DHCP snooping binding table. If a host has a static IP address, its MAC-IP binding is not in the DHCP snooping database, so DAI drops the ARP replies unless an ARP ACL is configured to permit them. Option A is correct because static hosts need an ARP ACL.

Option B is incorrect because the DHCP server port is trusted, but that does not affect host ARP replies. Option C is incorrect because DAI does not require the DHCP server to be in the same VLAN. Option D is incorrect because DAI validates source MAC and IP, not destination.

184
Matchingmedium

Drag and drop each WPA security version on the left to its matching authentication method on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Pre-Shared Key (PSK)

802.1X/EAP

Pre-Shared Key (PSK)

802.1X/EAP

Simultaneous Authentication of Equals (SAE)

Why these pairings

WPA Personal uses Pre-Shared Key (PSK); WPA Enterprise uses 802.1X/EAP; WPA2 Personal uses PSK; WPA2 Enterprise uses 802.1X/EAP; WPA3 Personal uses Simultaneous Authentication of Equals (SAE).

185
Drag & Dropmedium

Drag and drop the steps of RSPAN VLAN propagation across trunk links into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The RSPAN VLAN must be created, allowed on trunks, and the remote switch must have the VLAN and monitor session configured.

186
MCQhard

A network engineer runs the following command on Router R5: R5# show mpls ldp neighbor Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.5:0 TCP connection: 10.0.0.2.646 - 10.0.0.5.646 State: Oper; Msgs sent/rcvd: 123/120; Downstream Up time: 01:23:45 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.1.2 Addresses bound to peer LDP Ident: 10.0.0.2 10.0.1.2 192.168.1.1 Based on this output, what can be concluded?

A.The LDP session is down because the state is 'Oper'.
B.The LDP neighbor is reachable via GigabitEthernet0/0.
C.The local LDP identifier is 10.0.0.2:0.
D.The LDP session has been up for 1 hour 23 minutes 45 seconds.
AnswerB

The LDP discovery sources show GigabitEthernet0/0 with source IP 10.0.1.2, indicating the neighbor is reachable through that interface.

Why this answer

The output shows an LDP neighbor with peer LDP identifier 10.0.0.2:0. The state is 'Oper' (operational). The discovery source is GigabitEthernet0/0 with source IP 10.0.1.2.

The peer's addresses include 10.0.0.2, 10.0.1.2, and 192.168.1.1. The key conclusion is that the LDP session is established and operational.

187
Matchingmedium

Drag and drop each TrustSec component on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

16-bit security tag embedded in Ethernet or IP packets

Access control list based on source and destination SGT

Protocol to propagate SGT bindings between network devices

IEEE 802.1AE encryption for point-to-point links

Cisco TrustSec architecture that combines SGT, SGACL, and MACsec

Why these pairings

SGT tags traffic, SGACL enforces policy, SXP propagates SGTs, and MACsec encrypts at Layer 2.

188
Multi-Selecteasy

Which three statements about Cisco SD-WAN architecture components and their roles are true? (Choose three.)

Select 3 answers
A.vManage provides a centralized dashboard for configuration, monitoring, and troubleshooting of the entire SD-WAN fabric.
B.vSmart controllers are responsible for distributing routing information and policies to all WAN Edge routers in the overlay.
C.vBond orchestrators authenticate WAN Edge routers and assist in NAT traversal for establishing tunnels.
D.vSmart controllers are responsible for NAT traversal and public IP discovery for WAN Edge routers behind NAT.
E.vManage distributes OMP routes to vEdge routers to populate the overlay routing table.
AnswersA, B, C

Correct because vManage is the management plane that offers a GUI and API for network administrators to manage all devices.

Why this answer

The vManage is the management plane for centralized configuration and monitoring. vSmart is the control plane for route and policy distribution. vBond orchestrates initial authentication and NAT traversal. vEdge routers are data plane devices that forward traffic. vSmart does not handle NAT traversal; that is vBond's role. vManage does not distribute routes; that is vSmart's role.

189
MCQmedium

interface GigabitEthernet0/1 ip address 10.1.1.1 255.255.255.0 mpls ip ! interface GigabitEthernet0/2 ip address 10.2.2.1 255.255.255.0 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router ldp interface GigabitEthernet0/1 interface GigabitEthernet0/2 ! What is the effect of this configuration?

A.LDP will form adjacencies over both interfaces and distribute labels for all routes in the routing table.
B.Only OSPF routes will receive labels; static routes are ignored by LDP.
C.LDP will only form an adjacency on GigabitEthernet0/1 because it is the first interface configured.
D.The configuration will fail because OSPF and LDP are not compatible on the same interface.
AnswerA

Correct. LDP adjacencies are formed on interfaces where LDP is enabled, and labels are distributed for all routes.

Why this answer

LDP is enabled on both interfaces, but OSPF is configured with a wildcard that includes both subnets. LDP will form adjacencies and distribute labels for all OSPF routes.

190
Matchingmedium

Drag and drop each MPLS router role on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Forwards packets based on label lookups

Imposes and removes labels at the edge of the MPLS domain

Transits labeled packets without examining the IP header

Connects to customer edge routers and provides VPN services

Customer router that connects to the provider edge

Why these pairings

LSR performs label switching, LER is at the edge, P is a core transit router, PE provides service to CE, and CE is the customer edge.

191
MCQhard

An engineer is designing a redundant Layer 2 network with multiple VLANs. The network uses Rapid PVST+ for STP. The engineer wants to ensure that different VLANs have different root bridges to optimize traffic flow. The distribution switches are Cisco Catalyst 9300s. The engineer has configured one distribution switch as the root for VLANs 10 and 20, and the other as the root for VLANs 30 and 40. However, after implementation, the engineer notices that all VLANs have the same root bridge. What is the most likely cause?

A.The engineer used the 'spanning-tree root primary' command without specifying the VLAN, which sets the priority for all VLANs.
B.The engineer enabled BPDU guard on all access ports, which prevents the switch from receiving superior BPDUs.
C.The engineer enabled PortFast on all trunk ports, which causes the switch to ignore BPDUs and become root.
D.The engineer enabled UplinkFast, which forces the switch to become the root bridge for all VLANs.
AnswerA

Correct because the command without the VLAN keyword applies to all VLANs, causing the same switch to be root for all VLANs.

Why this answer

The 'spanning-tree root primary' command without specifying a VLAN sets the bridge priority to 24576 for all VLANs on the switch, making it the root for every VLAN. Since the engineer intended different root bridges per VLAN, this command overrides any per-VLAN priority settings and causes all VLANs to elect the same root bridge.

Exam trap

Cisco often tests the nuance that the 'spanning-tree root primary' command without a VLAN parameter applies to all VLANs, leading candidates to overlook the need for per-VLAN configuration when designing asymmetric root bridges.

How to eliminate wrong answers

Option B is wrong because BPDU guard on access ports disables the port upon receiving a BPDU, but it does not prevent the switch from receiving superior BPDUs on trunk ports or affect root bridge election globally. Option C is wrong because PortFast on trunk ports is not a valid configuration (PortFast is intended for access ports) and even if enabled, it does not cause a switch to ignore BPDUs or become root; PortFast simply transitions the port to forwarding state quickly. Option D is wrong because UplinkFast is a Cisco proprietary feature that improves convergence after a root port failure, but it does not force a switch to become the root bridge for any VLAN.

192
Drag & Dropmedium

Drag and drop the steps of MPLS Layer 3 VPN VRF configuration on a PE router into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, you enable MPLS globally on the PE router. Then, you create the VRF and assign an RD. Next, you configure the route-target import and export policies.

After that, you apply the VRF to the customer-facing interface. Finally, you redistribute routes between the VRF and the MPLS backbone using BGP.

193
Matchingmedium

Drag and drop each route-target action on the left to its matching behavior on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Controls which routes from MP-BGP are placed into the VRF

Attached to VRF routes when they are advertised via MP-BGP

Applies a route-map to filter or modify routes being imported

Applies a route-map to modify RTs or attributes before export

Required for two VRFs to exchange routes in MPLS VPN

Why these pairings

Import RT determines which routes are accepted into a VRF; Export RT is attached to routes sent from a VRF; Both import and export can be configured per VRF; Import map can filter routes based on extended communities; Export map can modify RTs before advertisement.

194
MCQeasy

What is the purpose of the 'ip sla schedule' command in IP SLA configuration?

A.It defines the type of IP SLA operation.
B.It sets the frequency of the IP SLA operation.
C.It starts the IP SLA operation and sets its lifetime and start time.
D.It configures threshold monitoring for the IP SLA operation.
AnswerC

'ip sla schedule' activates the operation with parameters like 'life' and 'start-time'.

Why this answer

The 'ip sla schedule' command starts an IP SLA operation and defines its lifetime and start time.

195
Multi-Selectmedium

Which three statements about VRF path isolation in a service provider network are true? (Choose three.)

Select 3 answers
A.VRFs allow multiple customers to share the same physical infrastructure while keeping their traffic isolated.
B.In MPLS VPN, VRFs are combined with route targets to control route distribution between PE routers.
C.VRF-aware features such as NAT, QoS, and ACLs can be applied per VRF to enforce path isolation policies.
D.VRF can be used to replace VLANs for Layer 2 isolation.
E.In VRF-lite, path isolation is achieved using MPLS labels.
AnswersA, B, C

Correct because each VRF maintains separate forwarding tables, providing Layer 3 isolation.

Why this answer

Correct: VRFs isolate customer traffic; MPLS VPN uses VRFs with route targets; VRF-aware features like NAT and QoS can be applied per VRF. Incorrect: VRFs do not replace VLANs; VRF-lite does not use labels.

196
MCQhard

An engineer is configuring QoS on a Cisco ISR 4331 router for a site-to-site VPN tunnel. The tunnel interface is configured with a service policy that uses a class map matching DSCP EF. The engineer notices that the policy is not shaping traffic as expected; the tunnel bandwidth is 20 Mbps but the shaper is set to 10 Mbps. However, traffic still exceeds 10 Mbps. What is the most likely cause?

A.The shaper should be applied to the physical interface instead of the tunnel interface
B.The shaper rate should be set to 20 Mbps to match the tunnel bandwidth
C.The class map should match on the outer IP header instead of the inner DSCP
D.The service policy should be applied in the input direction
AnswerA

Correct because tunnel interfaces encapsulate traffic; shaping on the tunnel does not control the actual output rate on the physical link.

Why this answer

The correct answer is that the shaper must be applied to the physical interface, not the tunnel interface, because the tunnel interface does not have a direct view of the underlying bandwidth. Shaping on the tunnel interface is ineffective.

197
Drag & Dropmedium

Drag and drop the steps of VRF selection using policy-based routing into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with creating a route map with a match clause, then setting the VRF using the set vrf command, applying the route map to the incoming interface with ip policy route-map, the router matching the traffic, and finally forwarding the packet to the specified VRF.

198
Multi-Selecthard

Which three statements about VXLAN in Cisco SD-Access are true? (Choose three.)

Select 3 answers
A.VXLAN encapsulation uses a 24-bit VNI to identify the virtual network.
B.The underlay network for VXLAN must be a Layer 2 switched network.
C.VXLAN encapsulation is performed by the fabric edge node when traffic enters the fabric.
D.VXLAN provides the control plane for endpoint discovery in SD-Access.
E.VXLAN traffic between fabric nodes can be encrypted using MACsec.
AnswersA, C, E

Correct because the VXLAN Network Identifier (VNI) is a 24-bit field that uniquely identifies a Layer 2 or Layer 3 virtual network within the fabric.

Why this answer

VXLAN is the data plane encapsulation used in SD-Access to carry traffic across the fabric. It uses a 24-bit VNI to identify the virtual network (VN). The underlay network is typically a Layer 3 routed network using IS-IS or OSPF, not a Layer 2 network.

VXLAN encapsulation is performed by the fabric edge node when traffic enters the fabric. The control plane for SD-Access uses LISP, not VXLAN itself. VXLAN does not provide encryption natively; MACsec or other encryption methods are used separately.

199
Matchingmedium

Drag and drop each VTP mode on the left to its matching capability on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Can create, modify, and delete VLANs; advertises VLAN database

Cannot create or modify VLANs; learns VLANs from server advertisements

Forwards VTP advertisements; maintains its own VLAN database locally

Ignores all VTP advertisements; does not forward VTP messages

Enables VTP pruning to reduce unnecessary broadcast traffic

Why these pairings

VTP server can create/modify/delete VLANs and advertises them. VTP client learns VLANs but cannot modify them. VTP transparent forwards VTP messages but does not participate.

VTP off ignores VTP messages entirely.

200
MCQhard

A network administrator is deploying a new QoS policy to prioritize voice traffic across a WAN link. The policy must ensure that voice packets are not dropped even during congestion, and that bandwidth is guaranteed for voice. Which queuing mechanism should be used for the voice class?

A.Weighted Random Early Detection (WRED)
B.Low Latency Queuing (LLQ)
C.Class-Based Weighted Fair Queuing (CBWFQ)
D.First-In, First-Out (FIFO) queuing
AnswerB

LLQ provides strict priority queuing for real-time traffic like voice.

Why this answer

LLQ is the correct choice because it combines strict priority queuing with CBWFQ, ensuring that voice traffic is placed into a strict priority queue that is serviced before any other queues. This guarantees low latency and prevents voice packet drops during congestion by allowing the priority queue to be policed to a configured bandwidth limit, while still providing bandwidth guarantees for the voice class.

Exam trap

Cisco often tests the distinction between CBWFQ and LLQ, where candidates mistakenly choose CBWFQ because it offers bandwidth guarantees, but fail to recognize that only LLQ provides the strict priority queuing required for real-time voice traffic to avoid drops and delay.

How to eliminate wrong answers

Option A is wrong because WRED is a congestion avoidance mechanism that drops packets proactively based on queue depth, not a queuing mechanism that guarantees bandwidth or provides strict priority; it would drop voice packets during congestion, violating the requirement. Option C is wrong because CBWFQ provides bandwidth guarantees and fair queuing for classes but does not include a strict priority queue, so voice traffic would experience delay and jitter during congestion, leading to potential drops. Option D is wrong because FIFO queuing offers no differentiation or priority, causing voice packets to be treated the same as all other traffic, resulting in drops and delay during congestion.

201
Matchingmedium

Drag and drop each YANG module on the left to its matching standard body on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

OpenConfig

IETF

Cisco-IOS-XE

OpenConfig

IETF

Why these pairings

OpenConfig is an operator-led effort. IETF publishes standard YANG models. Cisco-IOS-XE modules are Cisco proprietary.

202
Multi-Selecthard

Which three statements about EIGRP packet types are true? (Choose three.)

Select 3 answers
A.Hello packets are sent unreliably and do not require an acknowledgment.
B.Update packets are always sent as multicast to all EIGRP neighbors.
C.Query packets are sent reliably and require a Reply from each neighbor.
D.ACK packets are unicast and are used to acknowledge reliable EIGRP packets.
E.Reply packets are sent unreliably to conserve bandwidth.
AnswersA, C, D

Correct because Hello packets are sent as best-effort (unreliable) and are not acknowledged.

Why this answer

EIGRP uses five packet types: Hello (neighbor discovery/maintenance), Update (route information), Query (ask neighbors for routes), Reply (response to Query), and ACK (acknowledgment). Hello packets are multicast to 224.0.0.10, unacknowledged, and used to form and maintain adjacencies. Update packets are sent reliably (with ACK) and can be multicast or unicast.

Query packets are multicast and require a Reply. ACK packets are unicast and are used to acknowledge reliable packets.

203
MCQmedium

Examine the following partial configuration on a Cisco IOS-XE device: interface GigabitEthernet0/1 ip address 10.1.1.1 255.255.255.0 ip ospf hello-interval 5 ip ospf dead-interval 20 ! What is the effect of this configuration?

A.The router will send OSPF hello packets every 5 seconds and declare a neighbor dead after 20 seconds of no hello.
B.The router will send OSPF hello packets every 10 seconds and declare a neighbor dead after 40 seconds, overriding the configuration.
C.The configuration is invalid because the dead interval must be exactly four times the hello interval.
D.The router will not form OSPF adjacencies because the hello and dead intervals are not default.
AnswerA

Correct. The hello interval is 5 seconds, dead interval is 20 seconds, maintaining the 4:1 ratio.

Why this answer

Option A is correct because the `ip ospf hello-interval 5` command sets the OSPF hello interval to 5 seconds, and the `ip ospf dead-interval 20` command sets the dead interval to 20 seconds. These per-interface commands override the default hello interval of 10 seconds and dead interval of 40 seconds for broadcast networks, allowing the router to send hello packets every 5 seconds and declare a neighbor dead after 20 seconds of no hello reception.

Exam trap

Cisco often tests the misconception that the dead interval must always be exactly four times the hello interval, but in reality, while the default ratio is 4:1, you can configure any values as long as they match on neighboring routers.

How to eliminate wrong answers

Option B is wrong because it incorrectly states that the router will send hello packets every 10 seconds and use a dead interval of 40 seconds, which would only occur if the default intervals were used; the explicit configuration overrides these defaults. Option C is wrong because while the dead interval is typically four times the hello interval by default, Cisco IOS-XE allows manual configuration of any hello and dead intervals, and the configuration is valid as long as both intervals are set consistently on neighboring routers. Option D is wrong because the router can still form OSPF adjacencies with non-default hello and dead intervals, provided that the neighboring routers are configured with matching hello and dead intervals; mismatched intervals prevent adjacency formation, not the fact that they are non-default.

204
MCQmedium

A network engineer is troubleshooting a Cisco SD-WAN deployment where a branch office has two WAN links: a primary MPLS link and a backup LTE link. The engineer wants to configure application-aware routing so that critical applications (e.g., Salesforce) always use the MPLS link as long as its loss is below 2% and latency below 150 ms. The engineer configures an app-route policy on the vSmart with the appropriate SLA requirements. After deployment, the engineer notices that Salesforce traffic is still using the LTE link even when the MPLS link meets the SLA. What is the most likely cause?

A.The app-route policy is not attached to the correct site list or VPN list.
B.The LTE link has a lower cost metric than the MPLS link.
C.The app-route policy was applied on the vEdge instead of the vSmart.
D.The SLA requirements are not configured correctly in the policy.
AnswerA

Correct because the policy must be associated with the specific sites and VPNs to be applied.

Why this answer

Option A is correct because the app-route policy must be attached to the correct site list and VPN list to be applied to the traffic. If the policy is not properly associated with the site list containing the branch office or the VPN list that includes Salesforce traffic, the vSmart will not enforce the application-aware routing rules, allowing the LTE link to be used even when the MPLS link meets the SLA.

Exam trap

Cisco often tests the distinction between policy definition and policy attachment, leading candidates to overlook that a correctly defined policy is ineffective if not attached to the appropriate site list or VPN list.

How to eliminate wrong answers

Option B is wrong because cost metric is used for OMP route preference, not for application-aware routing decisions; app-route policies override cost-based path selection based on SLA. Option C is wrong because app-route policies are centralized and must be configured on the vSmart controller, not on the vEdge; applying on the vEdge would have no effect in a Cisco SD-WAN architecture. Option D is wrong because the question states the SLA requirements (loss < 2%, latency < 150 ms) are configured correctly, so the issue lies in policy attachment, not the SLA definition.

205
MCQmedium

Consider this SNMP configuration on a Cisco IOS-XE switch: snmp-server community public RO snmp-server community private RW snmp-server ifindex persist What is the purpose of the 'snmp-server ifindex persist' command?

A.It prevents SNMP interface indices from changing after a router reload or interface configuration change.
B.It enables SNMP traps for interface status changes.
C.It forces SNMP to use persistent storage for community strings.
D.It allows SNMP to index interfaces by their names instead of numbers.
AnswerA

The command makes ifIndex values persistent, so they do not change dynamically, ensuring NMS stability.

Why this answer

The 'snmp-server ifindex persist' command ensures that SNMP interface indices (ifIndex) remain consistent across reboots, which is important for NMS systems that rely on stable interface identifiers.

206
Multi-Selecteasy

Which two statements about DHCP client configuration on a Cisco router are true? (Choose two.)

Select 2 answers
A.The ip address dhcp command on an interface enables the router to obtain an IP address from a DHCP server.
B.The router will automatically install a default route if the DHCP server provides the default gateway option.
C.The ip helper-address command is used to configure the router as a DHCP client on an interface.
D.The router can be configured to request a specific IP address using the dhcp client request ip-address command.
E.The dhcp client hostname command allows the router to send a hostname option in the DHCP discover message.
AnswersA, B

Correct because this command configures the interface as a DHCP client to request an address.

Why this answer

A Cisco router interface can obtain an IP address via DHCP using the ip address dhcp command. The router can also request a specific hostname using the dhcp client hostname command. The default route is automatically installed if the DHCP server provides a default gateway option.

The ip helper-address command is used to forward DHCP broadcasts, not to obtain an address. The ip dhcp client request command can be used to request specific options, but the default route is installed automatically.

207
Matchingmedium

Drag and drop each STP variant on the left to its matching standard on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

IEEE 802.1D

IEEE 802.1w

IEEE 802.1s

Cisco proprietary

Cisco proprietary (based on 802.1w)

Why these pairings

STP is IEEE 802.1D; RSTP is IEEE 802.1w; MSTP is IEEE 802.1s; PVST+ is Cisco proprietary.

208
Multi-Selecthard

Which three statements about OSPF LSA types are true? (Choose three.)

Select 3 answers
A.Type 1 LSAs are generated by every OSPF router to describe its own interfaces and neighbors.
B.Type 2 LSAs are generated by the Designated Router on multiaccess networks.
C.Type 5 LSAs are generated by ASBRs to advertise routes from other routing domains.
D.Type 3 LSAs are generated by ASBRs to summarize routes between areas.
E.Type 4 LSAs are generated by the ASBR to advertise its presence to other areas.
AnswersA, B, C

Correct because Router LSAs (Type 1) are created by each router to advertise its directly connected links.

Why this answer

Option A is correct because Type 1 LSAs (Router LSAs) are generated by every router and describe the router's directly attached links. Option B is correct because Type 2 LSAs (Network LSAs) are generated by the DR on broadcast and NBMA networks to describe the segment and attached routers. Option C is correct because Type 5 LSAs (AS External LSAs) are generated by ASBRs to advertise external routes.

Option D is incorrect because Type 3 LSAs (Summary LSAs) are generated by ABRs, not ASBRs. Option E is incorrect because Type 4 LSAs (ASBR Summary LSAs) are generated by ABRs, not the ASBR itself.

209
MCQeasy

What is the default OSPF hello interval on an Ethernet link?

A.10 seconds
B.30 seconds
C.40 seconds
D.5 seconds
AnswerA

Correct. The default hello interval for OSPF on Ethernet is 10 seconds.

Why this answer

On Ethernet (broadcast multi-access) links, OSPF defaults to a hello interval of 10 seconds, as specified in RFC 2328. This interval allows OSPF routers to quickly detect neighbor failures while keeping control overhead low. The dead interval is automatically set to 40 seconds (four times the hello interval) on such links.

Exam trap

Cisco often tests the confusion between the OSPF hello interval on Ethernet (10 seconds) and the dead interval (40 seconds), or between different network types like NBMA (30 seconds) and point-to-point (5 seconds).

How to eliminate wrong answers

Option B (30 seconds) is wrong because 30 seconds is the default hello interval for OSPF on non-broadcast multi-access (NBMA) networks, such as Frame Relay or X.25, not on Ethernet. Option C (40 seconds) is wrong because 40 seconds is the default OSPF dead interval on Ethernet, not the hello interval. Option D (5 seconds) is wrong because 5 seconds is the default hello interval for OSPF on point-to-point links and point-to-multipoint networks, not on Ethernet broadcast multi-access links.

210
MCQmedium

A company is implementing QoS in a network where voice traffic must have strict priority over all other traffic. Which queuing mechanism should be used on the outbound interface of a router to ensure voice packets are always sent first?

A.Random Early Detection (RED)
B.Low Latency Queuing (LLQ)
C.First In First Out (FIFO)
D.Class-Based Weighted Fair Queuing (CBWFQ)
AnswerB

LLQ combines a strict priority queue with CBWFQ, ensuring voice gets priority.

Why this answer

Low Latency Queuing (LLQ) is the correct choice because it combines Class-Based Weighted Fair Queuing (CBWFQ) with a strict priority queue, ensuring that voice traffic (marked with EF or CS5) is always dequeued before any other traffic class. This guarantees low latency and jitter for real-time traffic, which is essential for voice quality.

Exam trap

Cisco often tests the distinction between CBWFQ and LLQ, trapping candidates who think CBWFQ alone provides priority queuing, when in fact LLQ is required to add the strict priority queue for real-time traffic.

How to eliminate wrong answers

Option A is wrong because Random Early Detection (RED) is a congestion avoidance mechanism that drops packets probabilistically before a queue fills, not a queuing mechanism that prioritizes traffic. Option C is wrong because First In First Out (FIFO) treats all packets equally with no priority, causing voice packets to be delayed behind data bursts. Option D is wrong because Class-Based Weighted Fair Queuing (CBWFQ) provides bandwidth guarantees per class but does not include a strict priority queue, so voice traffic can still experience delay during congestion.

211
MCQmedium

A network engineer runs the following command on Router R8: R8# show ip mroute count IP Multicast Statistics Group: 239.4.4.4, Source: 10.0.0.9 Packets: 1500, Bytes: 1200000, Average rate: 8000 pps, 5 sec rate: 0 pps Group: 239.5.5.5, Source: 10.0.0.10 Packets: 0, Bytes: 0, Average rate: 0 pps, 5 sec rate: 0 pps Based on this output, what can be concluded?

A.Multicast traffic is flowing for group 239.4.4.4.
B.Multicast traffic is flowing for group 239.5.5.5.
C.Both groups are receiving traffic.
D.The source for group 239.4.4.4 is 10.0.0.10.
AnswerA

The packet and byte counts are non-zero, indicating traffic.

Why this answer

The 'show ip mroute count' output shows multicast statistics for two groups. For group 239.4.4.4, there are 1500 packets and 1200000 bytes, with an average rate of 8000 pps. For group 239.5.5.5, there are no packets.

This indicates that multicast traffic is flowing for the first group but not for the second. The correct answer is that multicast traffic is being received for group 239.4.4.4.

212
Drag & Dropmedium

Drag and drop the steps of Jinja2 template rendering for device config generation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The process begins by importing the Jinja2 Environment and FileSystemLoader, creating an environment with a loader pointing to the template directory, loading the template file, defining a dictionary with variables, and finally calling render() to produce the configuration string.

213
Drag & Dropmedium

Drag and drop the steps of VRF-aware NAT configuration for path isolation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, you create the VRF and assign an RD. Then, you configure the NAT inside and outside interfaces under the VRF. Next, you define the NAT pool and access list for translation.

After that, you apply the NAT rules with 'ip nat inside source' referencing the VRF. Finally, you verify NAT translations using 'show ip nat translations vrf'.

214
Multi-Selecthard

Which two statements about SNMP trap and inform operations are true? (Choose two.)

Select 2 answers
A.An SNMP inform request is acknowledged by the manager with a response PDU.
B.SNMP traps are more reliable than informs because they use UDP port 162.
C.Both SNMPv1 and SNMPv2c support the inform operation.
D.Informs consume more network bandwidth and memory resources than traps.
E.Traps are sent from the manager to the agent to request configuration changes.
AnswersA, D

Correct because informs use a request/response mechanism; the manager sends a response to confirm receipt.

Why this answer

SNMP traps are unacknowledged, while informs are acknowledged (confirmed) by the manager. Informs use more bandwidth and are more reliable. Both traps and informs are sent from agent to manager.

SNMPv2c supports both traps and informs. SNMPv1 only supports traps (no informs).

215
Matchingmedium

Drag and drop each PIM message type on the left to its matching function on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Discovers and maintains PIM neighbors

Requests to join a multicast group and receive traffic

Requests to leave a multicast group and stop receiving traffic

Resolves duplicate forwarding on a multi-access network

Elects the RP in PIM Sparse Mode

Why these pairings

PIM Hello discovers neighbors; Join requests to join a group; Prune requests to leave a group; Assert resolves duplicate forwarding on a multi-access network.

216
Matchingmedium

Drag and drop each queuing mechanism on the left to its matching use case on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Strict priority queuing for delay-sensitive traffic

Guarantees minimum bandwidth per class

Strict priority queue with bandwidth guarantees for other classes

Fair queuing based on flow weights

Why these pairings

PQ gives strict priority to one queue, CBWFQ guarantees bandwidth to classes, LLQ combines strict priority with CBWFQ, WFQ provides fair queuing for flows, and CBWFQ is often used for data classes.

217
MCQhard

A network engineer is designing a multicast network for IPTV. Which protocol is used by routers to discover which multicast groups are of interest to directly connected hosts?

A.Rendezvous Point (RP)
B.Internet Group Management Protocol (IGMP)
C.Protocol Independent Multicast (PIM)
D.Multicast Source Discovery Protocol (MSDP)
AnswerB

Option D is correct because IGMP is used by hosts to report group membership to routers.

Why this answer

IGMP is the protocol used between hosts and their directly connected routers to signal membership in multicast groups. When a host wants to receive traffic for a specific IPTV multicast stream, it sends an IGMP membership report, and the router uses this information to build its multicast forwarding state for that subnet. Without IGMP, the router would have no way of knowing which groups are of interest to local hosts.

Exam trap

Cisco often tests the distinction between host-to-router signaling (IGMP) and router-to-router multicast routing (PIM), so candidates mistakenly choose PIM when the question explicitly asks about discovering groups of interest to directly connected hosts.

How to eliminate wrong answers

Option A is wrong because a Rendezvous Point (RP) is a router in a PIM-SM domain that acts as a meeting point for multicast sources and receivers, not a protocol for discovering host group interest. Option C is wrong because PIM is a multicast routing protocol used between routers to build distribution trees, not a protocol for hosts to report group membership to their first-hop router. Option D is wrong because MSDP is used to exchange active source information between different PIM-SM domains (e.g., between RPs), not for host-to-router group discovery.

218
Multi-Selectmedium

Which two statements about the Cisco SD-Access fabric roles are true? (Choose two.)

Select 2 answers
A.The fabric edge node connects wired endpoints to the SD-Access fabric.
B.The fabric border node provides connectivity to networks outside the SD-Access fabric.
C.The fabric control plane node is responsible for forwarding traffic between fabric edges.
D.The fabric wireless LAN controller is a dedicated role for wireless integration.
E.The intermediate node is a core role in SD-Access fabric.
AnswersA, B

Correct because the fabric edge is the switch or wireless controller that provides network access to endpoints and applies policies.

Why this answer

In Cisco SD-Access, the fabric edge is the device that connects wired endpoints to the fabric, and the fabric border is responsible for connecting the fabric to external networks (e.g., WAN, data center). The fabric control plane node manages the LISP mapping database and authentication, not the fabric border. The fabric wireless LAN controller does not exist as a separate role; wireless services are integrated into the fabric edge or border.

The intermediate node is not a defined role in SD-Access.

219
MCQhard

A network engineer runs the following command on Switch SW9: SW9# show spanning-tree vlan 90 VLAN0090 Spanning tree enabled protocol ieee Root ID Priority 24666 Address aabb.cc00.1000 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 24666 (priority 24576 sys-id-ext 90) Address aabb.cc00.1000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- ------------------------------ Gi0/1 Desg FWD 4 128.1 P2p Gi0/2 Desg FWD 4 128.2 P2p Gi0/3 Desg FWD 4 128.3 P2p Gi0/4 Desg FWD 4 128.4 P2p Based on this output, what is the base priority of the root bridge?

A.24576
B.24666
C.32768
D.32858
AnswerA

Correct. 24576 is the base priority (24666 - 90 = 24576).

Why this answer

The root bridge priority is 24666, which includes the system ID extension of 90. The base priority is 24666 - 90 = 24576.

220
Multi-Selecthard

Which three statements about Ansible roles and directory structure are true? (Choose three.)

Select 3 answers
A.A role must contain at least a 'tasks' directory with a main.yml file to be functional.
B.Variables defined in the 'defaults' directory of a role have the highest precedence.
C.The 'meta' directory in a role can define dependencies on other roles using the 'dependencies' key.
D.Handlers in a role are defined in the 'handlers' directory and are triggered by the 'notify' directive in tasks.
E.Roles cannot be shared or reused across different Ansible projects.
AnswersA, C, D

Correct because the 'tasks/main.yml' file is the core of a role; it defines the list of tasks to execute.

Why this answer

Ansible roles have a predefined directory structure including tasks, handlers, vars, defaults, files, templates, and meta. Roles can be shared via Ansible Galaxy. The 'defaults' directory contains lowest-priority variables.

The 'meta' directory defines role dependencies.

221
Multi-Selecthard

Which two statements about PAgP (Port Aggregation Protocol) are true? (Choose two.)

Select 2 answers
A.PAgP uses the multicast MAC address 01-00-0C-CC-CC-CC for its messages.
B.PAgP supports up to 16 active links in a single EtherChannel.
C.PAgP can form a channel even if one side is configured in 'auto' mode and the other in 'desirable' mode.
D.PAgP uses the same packet format as LACP and can interoperate with LACP-enabled devices.
E.PAgP requires both ends to be configured with identical port priorities to form the channel.
AnswersA, C

Correct because PAgP uses the Cisco-proprietary multicast address 0100.0CCC.CCCC.

Why this answer

PAgP is a Cisco proprietary protocol for dynamic EtherChannel formation. It uses multicast address 01-00-0C-CC-CC-CC, supports modes 'auto' and 'desirable', and uses a learning method to detect misconfigurations. PAgP cannot interoperate with LACP and does not support standby links.

222
MCQmedium

A mid-size enterprise is deploying a new branch office with 50 users. The branch will have its own router, switch, and wireless AP. The WAN link is a 50 Mbps MPLS circuit. The company uses VoIP and requires Quality of Service. The network administrator has configured the router with a QoS policy that marks VoIP traffic with DSCP EF and all other traffic with DSCP 0. The policy also shapes traffic to 50 Mbps. After deployment, users report that voice quality is poor during peak hours. The administrator checks the router and sees that the output queue on the WAN interface is often full and drops are occurring. Which action should the administrator take to improve voice quality?

A.Increase the shaping rate to 60 Mbps to allow for burst.
B.Configure a priority queue for DSCP EF traffic within the shaper.
C.Replace shaping with policing to drop non-voice traffic.
D.Change the marking to use CoS instead of DSCP for better QoS.
AnswerB

A priority queue ensures voice packets are dequeued before other traffic, reducing voice drops.

Why this answer

The shaper is limiting traffic to 50 Mbps, but during peak hours, the aggregate traffic exceeds this rate, causing the output queue to fill and drop packets indiscriminately. By configuring a priority queue for DSCP EF (VoIP) traffic within the shaper, the router will service VoIP packets before other traffic, ensuring low latency and jitter even when the link is congested. This is the standard Cisco approach for voice quality on shaped links, as priority queuing bypasses the normal FIFO or CBWFQ behavior for marked traffic.

Exam trap

Cisco often tests the misconception that increasing bandwidth or policing alone solves voice quality issues, but the trap here is that shaping without a priority queue causes all traffic to be treated equally, so VoIP suffers from jitter and delay even if the total rate is within the shaped limit.

How to eliminate wrong answers

Option A is wrong because increasing the shaping rate to 60 Mbps does not solve the underlying congestion; it only shifts the bottleneck and may cause the provider to drop traffic if the CIR is strictly 50 Mbps, leading to continued packet loss for VoIP. Option C is wrong because policing would drop excess traffic indiscriminately, including VoIP packets, unless a separate policer is applied per class, and it does not provide the strict priority queuing needed for voice. Option D is wrong because changing the marking to CoS (Layer 2) does not improve QoS on a WAN interface that typically uses DSCP (Layer 3) for queuing decisions; the router's output queue is based on Layer 3 markings, and CoS is lost when traversing the MPLS network unless explicitly mapped.

223
MCQhard

An engineer is deploying QoS on a WAN link between two sites using a Cisco ISR 4451 router. The link is a 10 Mbps MPLS circuit. The engineer wants to ensure that voice traffic (EF) is never dropped, even during congestion. The current policy uses a single class map for voice with a policer that drops excess traffic. During peak hours, users report choppy voice calls. What change should the engineer make?

A.Change the policer to a shaper and apply it to the voice class
B.Increase the policer rate to 20 Mbps to accommodate voice bursts
C.Remove the policer and rely on FIFO queuing
D.Apply the policy in the output direction only
AnswerA

Correct because shaping buffers excess traffic instead of dropping it, reducing jitter and packet loss for voice.

Why this answer

The correct answer is to replace the policer with a shaper or use a low-latency queue (LLQ) to provide strict priority queuing. A policer drops excess traffic, which can cause voice packet loss. Using LLQ ensures voice gets priority without dropping.

224
MCQhard

A network engineer runs the following command on Router R1: R1# show ip eigrp topology all-links EIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.1.1.0/24, 1 successors, FD is 1310720, serno 5 via 192.168.1.2 (1310720/1310720), GigabitEthernet0/0 via 10.2.2.2 (1587200/1310720), GigabitEthernet0/1 P 10.2.2.0/24, 1 successors, FD is 1310720, serno 6 via 192.168.1.2 (1310720/1310720), GigabitEthernet0/0 via 10.2.2.2 (1587200/1310720), GigabitEthernet0/1 Based on this output, what can be concluded?

A.Both routes have a feasible successor via 10.2.2.2.
B.The route 10.1.1.0/24 has two successors.
C.The alternate path via 10.2.2.2 will be used immediately if the successor fails.
D.The router has two paths to 10.1.1.0/24, but only one is in the routing table.
AnswerD

Only the successor is installed in the routing table; the other path is not used unless the successor fails and queries are sent.

Why this answer

The output shows that for 10.1.1.0/24, the feasible distance (FD) is 1310720 and there is only one successor (the route via 192.168.1.2). The alternate path via 10.2.2.2 has a reported distance (RD) of 1310720, which equals the FD, so it does not satisfy the feasibility condition (RD < FD) and therefore is not a feasible successor. Only the successor route is installed in the routing table.

Exam trap

Cisco often tests the distinction between a successor and a feasible successor, and the trap here is that candidates assume any alternate path with a lower metric than the FD is a feasible successor, but the feasibility condition requires the reported distance to be strictly less than the feasible distance, not less than or equal.

How to eliminate wrong answers

Option A is wrong because the alternate path via 10.2.2.2 has a reported distance equal to the feasible distance, which violates the feasibility condition (RD must be strictly less than FD) and thus is not a feasible successor. Option B is wrong because the output explicitly states '1 successors' for 10.1.1.0/24, meaning there is only one successor, not two. Option C is wrong because the alternate path is not a feasible successor; if the successor fails, EIGRP must send queries and go active for that route before it can use the alternate path, so it will not be used immediately.

225
MCQeasy

Which BGP attribute is preferred when it has the lowest value?

A.Local Preference
B.Weight
C.MED (Multi-Exit Discriminator)
D.AS Path
AnswerC

MED is used to influence inbound traffic; lower MED is preferred.

Why this answer

BGP uses the MED (Multi-Exit Discriminator) attribute to influence inbound traffic; lower MED is preferred.

Page 2

Page 3 of 27

Page 4