Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 826900

988 questions total · 14pages · All types, answers revealed

Page 11

Page 12 of 14

Page 13
826
MCQeasy

A network engineer is configuring MPLS LDP on a new router. After enabling LDP globally and on the interface, the LDP session does not establish. The IGP (OSPF) is fully operational. What should the engineer verify first?

A.The LDP password matches.
B.The router-id is a loopback.
C.The IGP metric is set.
D.The interface has 'mpls ip' enabled.
AnswerD

This is the most basic verification; if MPLS is not enabled on the interface, LDP will not form.

Why this answer

The most common reason LDP fails to establish after global and interface configuration is that the interface is not enabled for MPLS forwarding. The command 'mpls ip' on the interface is required to activate LDP hello messages and label binding on that link. Without it, LDP remains disabled on the interface even if LDP is enabled globally and OSPF is working.

Exam trap

Cisco often tests the distinction between enabling LDP globally versus enabling it on the interface, trapping candidates who assume global configuration alone is sufficient for LDP to operate on all interfaces.

How to eliminate wrong answers

Option A is wrong because LDP password authentication is optional and not required for session establishment; it is only used if configured on both peers. Option B is wrong because while a loopback router-id is recommended for stability, LDP can use any IP address as its router-id, including a physical interface IP, and the session can still establish. Option C is wrong because the IGP metric does not affect LDP session establishment; LDP relies on IGP for reachability but not on the metric value itself.

827
MCQeasy

A service provider has deployed segment routing with OSPF as the IGP in its core network. The network consists of 100 routers in a single area. The operations team reports that after a link failure between Router X and Router Y, traffic from Router A to Router B is taking a suboptimal path even though IGP convergence is complete and all routers have updated their LSDB. Router A and Router B are both segment routing capable. The team verifies that no SR-TE policies are configured and that all routers are using the default SPF algorithm. The expected shortest path from A to B should go through the newly restored link, but instead it still traverses an alternate path. Which action should resolve the issue?

A.Remove and re-add the adjacency SID configuration on the restored link.
B.Execute 'clear ip ospf process' on all routers along the expected path.
C.Configure an SR-TE policy from A to B with an explicit path using the restored link.
D.Issue 'clear mpls forwarding labels' on Router A to rebuild the label table.
AnswerB

This forces OSPF to re-flood LSAs and run SPF, ensuring the restored link is considered in the shortest path tree.

Why this answer

Option D is correct: The issue is likely that OSPF link-state advertisement (LSA) flooding is delayed or blocked, preventing the repair of the LSDB. 'clear ip ospf process' forces a fresh LSA flood and SPF computation. Option A is wrong because SR-TE policies are not used. Option B is wrong because the problem is not with label allocation but with routing.

Option C is wrong because adjacency SIDs are automatically allocated and not the root cause.

828
Matchingmedium

Match each QoS mechanism to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Identifying packets based on specified criteria

Setting QoS bits (e.g., DSCP, CoS) in packet headers

Enforcing traffic rate limits by dropping or remarking excess packets

Buffering excess traffic to smooth output rate

Congestion avoidance by selectively dropping packets based on queue depth

Why these pairings

These are fundamental QoS tools used in service provider networks.

829
MCQhard

A network engineer needs to design a multicast solution for IPTV distribution across a service provider network. Which protocol is best suited for building a shared distribution tree where the RP is dynamically elected?

A.PIM-DM
B.PIM-SM with Auto-RP
C.MSDP
D.PIM-SM with BSR
AnswerD

BSR provides dynamic RP election in a standards-based way.

Why this answer

PIM-SM with BSR (Bootstrap Router) is the correct choice because it provides a dynamic, automated mechanism for electing an RP (Rendezvous Point) within a PIM-SM domain. BSR uses a distributed election process where candidate BSRs exchange bootstrap messages to elect a single BSR, which then collects candidate-RP advertisements and distributes the RP-set to all routers, enabling shared distribution trees without manual RP configuration.

Exam trap

Cisco often tests the distinction between Auto-RP and BSR, where candidates mistakenly think Auto-RP dynamically elects the RP, but Auto-RP only advertises RP information from a statically configured RP or mapping agent, whereas BSR provides true dynamic RP election through a distributed bootstrap process.

How to eliminate wrong answers

Option A is wrong because PIM-DM (Dense Mode) uses a flood-and-prune approach to build source-based trees, not shared trees, and does not involve an RP or dynamic RP election. Option B is wrong because PIM-SM with Auto-RP uses a separate, statically configured RP (or a mapping agent) to advertise RP information, but it does not dynamically elect the RP itself; Auto-RP relies on a designated RP or a mapping agent, which is not a fully dynamic election mechanism like BSR. Option C is wrong because MSDP (Multicast Source Discovery Protocol) is used to interconnect multiple PIM-SM domains by sharing active source information between RPs, not for building a shared distribution tree or dynamically electing an RP within a single domain.

830
MCQhard

In EVPN multihoming with all-active mode, what is the purpose of the aliasing capability?

A.It permits the use of a single ESI label across all PEs in the ES.
B.It reduces the number of BGP updates by aggregating MAC routes.
C.It allows load balancing of traffic across all PEs.
D.It enables one PE to advertise MAC addresses for another PE in the same ES.
AnswerD

Correct. Aliasing allows a PE to advertise MACs for other PEs in the same ES, making all active paths known.

Why this answer

In EVPN all-active multihoming, the aliasing capability allows a PE that has learned a MAC address via local attachment to the Ethernet Segment (ES) to advertise that MAC address on behalf of other PEs in the same ES. This enables remote PEs to load-balance traffic destined to that MAC across all multihomed PEs, even if only one PE actually learned the MAC locally. Without aliasing, traffic would be forced to the specific PE that learned the MAC, defeating the purpose of all-active redundancy.

Exam trap

Cisco often tests the distinction between aliasing (advertising MACs for other PEs) and load balancing (the forwarding behavior that aliasing enables), causing candidates to mistakenly select 'load balancing' as the purpose of aliasing itself.

How to eliminate wrong answers

Option A is wrong because the aliasing capability does not involve a single ESI label; each PE in the ES advertises its own MPLS label (e.g., the ESI label or MAC/IP advertisement label), and the aliasing function is about MAC address advertisement, not label consolidation. Option B is wrong because aliasing does not reduce BGP updates or aggregate MAC routes; in fact, it may increase the number of MAC/IP advertisement routes as each PE advertises the same MAC addresses, and aggregation is not a feature of EVPN aliasing. Option C is wrong because aliasing itself does not perform load balancing; it enables load balancing by allowing remote PEs to see multiple next hops for the same MAC, but the actual load balancing is a forwarding decision made by the remote PE based on the received aliased routes.

831
MCQmedium

An engineer is using RESTCONF to configure an interface on a Cisco IOS-XE device. The request returns a 400 Bad Request error. What is the most likely cause?

A.The device does not support RESTCONF
B.The user does not have sufficient privileges
C.The URI is incorrect
D.The YANG module is not loaded
E.The JSON payload contains incorrect data types or missing mandatory leafs
AnswerE

400 Bad Request indicates a client-side error; invalid payload is a common cause.

Why this answer

A 400 Bad Request in RESTCONF indicates a client-side error, typically malformed syntax. The most common cause is an invalid JSON payload, such as incorrect data types (e.g., string instead of integer) or missing mandatory leafs defined in the YANG module. RESTCONF validates the payload against the YANG schema before applying the configuration, and any schema violation triggers a 400 error.

Exam trap

Cisco often tests the distinction between HTTP status codes in RESTCONF, where candidates confuse a 400 (client payload error) with a 404 (resource not found) or 401/403 (authentication/authorization), especially when the URI seems correct but the payload is invalid.

How to eliminate wrong answers

Option A is wrong because if the device did not support RESTCONF, the response would be a 404 Not Found or a 501 Not Implemented, not a 400 Bad Request. Option B is wrong because insufficient privileges would result in a 401 Unauthorized or 403 Forbidden error, not a 400. Option C is wrong because an incorrect URI would typically return a 404 Not Found (if the resource doesn't exist) or a 405 Method Not Allowed (if the path is valid but the method is wrong), not a 400.

Option D is wrong because a missing YANG module would cause a 500 Internal Server Error or a 404 if the module's namespace is not recognized, not a 400.

832
Multi-Selectmedium

Which two of the following are characteristics of MPLS Traffic Engineering that differentiate it from pure MPLS forwarding?

Select 2 answers
A.Requires LDP for LSP creation
B.Allows bandwidth reservation
C.Supports explicit path selection
D.Provides optimal load balancing based on topology
E.Uses RSVP for label distribution
AnswersB, C

Correct. MPLS TE can reserve bandwidth along a path to guarantee QoS.

Why this answer

MPLS Traffic Engineering (MPLS-TE) explicitly supports bandwidth reservation, which allows an operator to guarantee a certain amount of bandwidth for a traffic-engineered LSP. This is a key differentiator from pure MPLS forwarding, where LSPs are created without any bandwidth awareness and simply forward packets based on the label-swapping mechanism.

Exam trap

Cisco often tests the misconception that MPLS-TE requires LDP for LSP creation, but in reality, MPLS-TE uses RSVP-TE for signaling and does not depend on LDP for the TE LSPs themselves.

833
MCQhard

A service provider is migrating from LDP to Segment Routing in an IS-IS network. After enabling IS-IS with segment-routing on all routers, they observe that some prefixes still receive labels from LDP instead of from SR. Which configuration is most likely missing on these routers?

A.Missing 'segment-routing mpls' command under IS-IS
B.OSPF segment-routing is still configured
C.TI-LFA is not enabled
D.SRGB range conflicts with MPLS label range
AnswerA

This command enables SR label allocation in IS-IS.

Why this answer

When migrating from LDP to Segment Routing in an IS-IS network, the 'segment-routing mpls' command must be explicitly enabled under the IS-IS routing process. Without this command, IS-IS will not allocate MPLS labels for prefixes using the Segment Routing (SR) extension, causing the router to fall back to LDP for label distribution. This is the most common missing configuration when SR labels are not being assigned.

Exam trap

Cisco often tests the distinction between enabling segment-routing globally versus enabling it under the IGP process; the trap here is that candidates assume 'segment-routing mpls' is automatically applied when SR is enabled globally, but it must be explicitly configured under IS-IS or OSPF.

How to eliminate wrong answers

Option B is wrong because OSPF segment-routing configuration is irrelevant in an IS-IS network; the question explicitly states IS-IS is used, so OSPF settings have no effect on IS-IS SR behavior. Option C is wrong because TI-LFA (Topology Independent Loop-Free Alternate) is a fast-reroute mechanism that relies on SR, but its absence does not prevent SR from assigning labels; it only affects protection. Option D is wrong because an SRGB range conflict with the MPLS label range would cause label allocation failures or errors, not a fallback to LDP; LDP would still be used only if SR is not properly enabled.

834
MCQmedium

A service provider is deploying MPLS L3VPN over an OSPF backbone. The PE routers are configured with OSPF as the IGP. The CE router of customer A is connected to two PEs for redundancy. Which configuration is required on the PE routers to ensure that the CE router can load-balance traffic across both PEs without loops?

A.Use OSPF sham-links between the two PEs.
B.Use the BGP cost community to adjust the path selection on the CE.
C.Configure OSPF with the capability vrf-lite and enable the down-bit on the PE-CE link.
D.Disable the DN-bit on the PE-CE OSPF interface.
AnswerC

The down-bit prevents the CE from re-advertising routes learned from one PE to the other PE, avoiding loops.

Why this answer

Option C is correct because configuring OSPF with the capability vrf-lite and enabling the down-bit on the PE-CE link prevents routing loops in a multi-homed CE scenario. The down-bit is set by the PE when redistributing routes into OSPF, ensuring that the CE does not re-advertise those routes back to another PE, which would cause a loop. The vrf-lite capability allows the CE to understand the down-bit without requiring full MPLS/VPN functionality, enabling load-balancing across both PEs safely.

Exam trap

Cisco often tests the distinction between the down-bit (DN-bit) used in OSPF PE-CE scenarios and the sham-link concept used for OSPF area 0 extension, leading candidates to mistakenly choose sham-links for loop prevention in multi-homed CE designs.

How to eliminate wrong answers

Option A is wrong because OSPF sham-links are used to connect two PE routers in different OSPF areas within an MPLS L3VPN to maintain OSPF adjacency across the backbone, not to prevent loops or enable load-balancing for a multi-homed CE. Option B is wrong because the BGP cost community influences path selection on the PE side for inter-AS or multi-homing scenarios, but it does not affect the CE's OSPF routing decisions or prevent loops in the PE-CE OSPF domain. Option D is wrong because disabling the DN-bit (down-bit) on the PE-CE OSPF interface would allow the CE to re-advertise routes learned from one PE back to the other PE, creating a routing loop; the DN-bit must be enabled to prevent this.

835
Multi-Selectmedium

Which TWO of the following are characteristics of MPLS LDP?

Select 2 answers
A.Distributes labels for BGP routes
B.Label distribution based on IP routing table
C.Requires an IGP like OSPF for session reachability
D.UDP for discovery, TCP for session
E.TCP for both discovery and session
AnswersB, D

By default, LDP distributes labels for all IGP routes.

Why this answer

B is correct because MPLS LDP distributes labels for routes found in the IP routing table, not for BGP routes. LDP peers exchange label bindings for each prefix in the IGP routing table, enabling label-switched paths (LSPs) for those destinations. This is fundamental to LDP's operation as defined in RFC 5036.

Exam trap

Cisco often tests the misconception that LDP requires an IGP for session reachability, but the trap is that LDP uses its own UDP discovery mechanism and can form sessions over any IP reachable path, though an IGP is commonly used for loopback reachability in practice.

836
MCQeasy

In IS-IS, what is the purpose of the Partial Route Computation (PRC)?

A.To compute the entire SPF tree after a topology change
B.To recompute only the routes that are affected by a change in IP reachability
C.To calculate the shortest path to all destinations in the L2 backbone
D.To repair IS-IS adjacency after link failure
AnswerB

PRC is triggered by IP prefix changes.

Why this answer

PRC recomputes only affected routes when a leaf changes, without full SPF, enabling faster convergence.

837
MCQmedium

In an EVPN-VPWS (Virtual Private Wire Service) deployment, which identifier is used to uniquely identify an Ethernet Segment for multi-homing?

A.Ethernet Tag ID
B.MAC address of the CE
C.Ethernet Segment Identifier (ESI)
D.Route Distinguisher (RD)
AnswerC

Correct identifier.

Why this answer

In EVPN-VPWS, the Ethernet Segment Identifier (ESI) uniquely identifies an Ethernet Segment across all multi-homed Provider Edge (PE) nodes. This 10-byte value is used in Designated Forwarder (DF) election and split-horizon filtering to prevent loops when a Customer Edge (CE) is multi-homed to multiple PEs. The ESI is carried in EVPN routes (Type 1 and Type 4) to signal multi-homing membership.

Exam trap

Cisco often tests the distinction between the Ethernet Tag ID (used for service identification) and the ESI (used for multi-homing segment identification), causing candidates to confuse the two identifiers in EVPN-VPWS contexts.

How to eliminate wrong answers

Option A is wrong because the Ethernet Tag ID identifies a specific service instance (e.g., VLAN or VPWS service) within an EVPN instance, not the multi-homed segment. Option B is wrong because the MAC address of the CE is not used for segment identification; EVPN-VPWS relies on the ESI for multi-homing, and MAC addresses are irrelevant in point-to-point VPWS. Option D is wrong because the Route Distinguisher (RD) is used to make EVPN routes unique across different VRFs or EVPN instances, not to identify an Ethernet Segment for multi-homing.

838
MCQhard

A service provider is designing a QoS policy for a multi-service MPLS VPN network that carries voice, video, and data traffic. The network uses DiffServ and MPLS EXP markings. The design must ensure that voice traffic is given priority over video and data, while video traffic should have better treatment than data but not at the expense of voice. The provider plans to use a hierarchical QoS (HQoS) policy at the PE-CE interfaces. Which configuration approach best meets these requirements?

A.Mark voice traffic with EXP 5, video with EXP 4, and data with EXP 0, and rely on the core to prioritize based on EXP.
B.Use a single-level policy with LLQ for voice and video together, and CBWFQ for data.
C.Apply a parent policy with a shape for the total bandwidth and a child policy with LLQ for voice and CBWFQ for video and data.
D.Apply class-based shaping to each traffic class separately on the interface.
AnswerC

This provides hierarchical control, ensuring voice gets priority within the shaped bandwidth while video and data get fair treatment.

Why this answer

Option C is correct because hierarchical QoS (HQoS) allows the service provider to enforce a total bandwidth shape at the parent level while using a child policy to apply LLQ for voice (ensuring strict priority) and CBWFQ for video and data (ensuring video gets better treatment than data without starving voice). This meets the requirement that video should not degrade voice, as the parent shape prevents any single class from monopolizing the link, and the child policy’s LLQ guarantees voice priority over all other traffic.

Exam trap

Cisco often tests the misconception that a single-level LLQ can handle multiple priority classes together, but the trap here is that combining voice and video in one LLQ queue violates the strict priority requirement for voice over video, which HQoS with separate child policies resolves.

How to eliminate wrong answers

Option A is wrong because relying solely on EXP markings in the core does not enforce per-interface queuing or bandwidth guarantees at the PE-CE edge; the core may treat EXP 5 and EXP 4 similarly if no DiffServ PHB is strictly mapped, and it cannot prevent video from competing with voice on the access link. Option B is wrong because placing voice and video together in a single LLQ class gives them equal priority, violating the requirement that video must not degrade voice; LLQ treats all traffic in the priority queue the same, so voice could be delayed by video bursts. Option D is wrong because applying class-based shaping separately to each traffic class does not provide a hierarchical structure to enforce a total bandwidth limit or guarantee that voice gets strict priority over video and data; it only shapes individual classes independently, which can lead to oversubscription and no priority queuing.

839
MCQhard

A service provider wants to use Segment Routing TE with Flex-Algo to engineer traffic around links with low bandwidth. Which configuration approach should be taken?

A.Configure a policy-map to apply QoS marking on TE tunnels.
B.Use the 'min-delay' metric in Flex-Algo to prefer low-delay links.
C.Define a Flex-Algo with a metric type of 'min-unidirectional-link-bandwidth'.
D.Use standard IS-IS metric and adjust it on low-bandwidth links to a high value.
AnswerC

This Flex-Algo metric excludes links with insufficient bandwidth, meeting the requirement.

Why this answer

Option C is correct because Flex-Algo allows the definition of a custom metric type, such as 'min-unidirectional-link-bandwidth', which enables Segment Routing TE to compute paths that avoid low-bandwidth links. This approach directly addresses the requirement to engineer traffic around links with low bandwidth by using bandwidth as the path selection metric.

Exam trap

Cisco often tests the distinction between standard IGP metric manipulation and Flex-Algo's custom metric types, where candidates mistakenly think adjusting the IS-IS metric is the correct Flex-Algo approach, but Flex-Algo requires explicit definition of a new metric type rather than relying on the default metric.

How to eliminate wrong answers

Option A is wrong because QoS marking on TE tunnels does not influence path computation; it only affects traffic prioritization and queuing, not the selection of links based on bandwidth. Option B is wrong because the 'min-delay' metric in Flex-Algo prefers low-delay links, which is unrelated to bandwidth constraints; it would not avoid low-bandwidth links. Option D is wrong because adjusting the standard IS-IS metric on low-bandwidth links to a high value is a traditional traffic engineering technique, but it does not leverage Segment Routing TE with Flex-Algo, which provides more granular and dynamic control via custom metric types.

840
MCQeasy

Which IS-IS router type maintains a full Layer 2 routing table of all areas and can act as a gateway between areas?

A.Level 2
B.Level 0
C.Level 1/2
D.Level 1
AnswerA

Correct. Level 2 routers maintain the full L2 routing table and route between areas.

Why this answer

In IS-IS, Level 2 routers route between areas and maintain a complete L2 database. Level 1 routers route within an area, and Level 1/2 routers act as both, but the question asks for the type that maintains a full L2 routing table of all areas. Level 2 routers specifically perform inter-area routing.

841
MCQeasy

What is the purpose of the SRGB (Segment Routing Global Block) in SR-MPLS?

A.It defines a contiguous block of labels used for global SIDs such as Node SIDs.
B.It defines the range of labels for Adjacency SIDs.
C.It is used to reserve labels for RSVP-TE tunnels.
D.It is the set of labels allowed for MPLS VPNs.
AnswerA

Correct definition.

Why this answer

The SRGB defines a range of labels reserved for global segment routing SIDs (e.g., Node SIDs). It ensures that the same label value represents the same prefix across the domain, avoiding label conflicts.

842
MCQhard

An SP uses NSO with a YANG service model to provision an L3VPN. The service model references a leafref to a VPN ID that must exist in a separate list. Which YANG statement ensures the leafref value is valid against the referenced list?

A.must 'current() = /vpn-list/vpn-id';
B.type leafref { path '/vpn-list/vpn-id'; }
C.mandatory true;
D.type string { pattern '[0-9]+'; }
AnswerB

leafref with path ensures the value exists in the referenced leaf.

Why this answer

leafref automatically validates that the leaf value matches a leaf in the referenced path.

843
MCQmedium

A service provider is implementing MPLS in their core network. They want to ensure that labeled packets for BGP prefixes are forwarded correctly without requiring an IGP label for every BGP prefix. Which technique should be used to achieve this?

A.Use BGP-free core with LDP or Segment Routing
B.Enable MPLS on all interfaces and rely on BGP label distribution
C.Implement LDP for BGP prefixes
D.Configure static labels for BGP prefixes
AnswerA

BGP-free core allows forwarding based on labels assigned by LDP/SR for BGP next hops.

Why this answer

A BGP-free core with LDP or Segment Routing allows the service provider to forward labeled packets for BGP prefixes without requiring an IGP label for every BGP prefix. In this design, edge routers (PEs) impose a label stack where the outer label (IGP label) is distributed by LDP or Segment Routing for the BGP next-hop, and the inner label is the BGP label. Core routers (P routers) only need to swap the outer label based on the IGP label, not the BGP prefix, thus eliminating the need for IGP labels per BGP prefix.

Exam trap

Cisco often tests the misconception that LDP can distribute labels for BGP prefixes, but LDP is strictly for IGP prefixes; the correct approach is to use a BGP-free core where LDP or Segment Routing handles the IGP label for the BGP next-hop, not the BGP prefix itself.

How to eliminate wrong answers

Option B is wrong because enabling MPLS on all interfaces and relying on BGP label distribution alone does not provide a label-switched path for the BGP next-hop; core routers would still need an IGP label to forward the packet, which is not automatically generated for BGP prefixes. Option C is wrong because LDP is designed to distribute labels for IGP prefixes (e.g., loopback addresses), not for BGP prefixes; LDP cannot directly assign labels to BGP prefixes. Option D is wrong because configuring static labels for BGP prefixes is not scalable and does not leverage dynamic label distribution; it would require manual configuration for every prefix and does not integrate with the IGP label-switched path.

844
MCQeasy

A network engineer is configuring Segment Routing on an IOS-XR router. They want to use the preferred algorithm for automatically computing paths based on IGP metrics. Which algorithm should be configured under the SR segment list?

A.strict-spf
B.delay
C.te
D.preferred
AnswerD

The 'preferred' algorithm uses the IGP metric-based shortest path.

Why this answer

The 'preferred' algorithm is the correct choice because it instructs the router to automatically select the best algorithm for path computation based on IGP metrics. In Segment Routing, the 'preferred' algorithm uses the default SPF (Shortest Path First) algorithm, which computes paths based solely on IGP link metrics, ensuring optimal routing without additional constraints.

Exam trap

Cisco often tests the distinction between 'preferred' (which defaults to IGP metric-based SPF) and 'strict-spf' (which disables ECMP), leading candidates to mistakenly choose 'strict-spf' when the question asks for standard IGP metric-based path computation.

How to eliminate wrong answers

Option A (strict-spf) is wrong because it enforces a strict SPF algorithm that avoids any load-balancing or ECMP, which is not the default behavior for IGP metric-based path computation. Option B (delay) is wrong because it refers to a performance-based algorithm (e.g., latency) that is not used for standard IGP metric-based path computation; it is typically used in advanced traffic engineering scenarios. Option C (te) is wrong because it represents a Traffic Engineering algorithm that considers constraints like bandwidth or administrative policies, not the simple IGP metric-based path computation required by the question.

845
MCQhard

A service provider is migrating from LDP to Segment Routing (SR) in the core. They need to support MPLS forwarding without maintaining LDP sessions. Which SR data plane is appropriate?

A.SRv6
B.LDP over RSVP
C.MPLS-TE with RSVP-TE
D.SR-MPLS
AnswerD

Correct. SR-MPLS uses IGP to advertise labels, no LDP needed.

Why this answer

Segment Routing with MPLS data plane (SR-MPLS) uses IGP to distribute labels, eliminating the need for LDP. SR-MPLS is the direct replacement for LDP in MPLS networks.

846
MCQmedium

In IOS XR, what is the commit/rollback configuration model?

A.It requires a reboot to apply changes.
B.Changes are applied immediately and cannot be undone.
C.Configuration changes are staged and committed atomically; rollback is supported.
D.It only applies to interface configurations.
AnswerC

This is the correct description.

Why this answer

The commit/rollback model applies changes atomically and allows reverting to previous configurations if needed.

847
MCQmedium

An engineer notices that an MPLS LSP in the core is not establishing. Which troubleshooting step should be performed first?

A.Verify LDP neighbor adjacency
B.Ping the far-end loopback interface
C.Check BGP IPv4 unicast neighbors
D.Check OSPF neighbor adjacency on all links
AnswerA

LDP adjacency is essential for label exchange and LSP building.

Why this answer

The first step in troubleshooting an MPLS LSP that is not establishing is to verify LDP neighbor adjacency because LDP is the protocol responsible for distributing labels across the MPLS domain. Without a working LDP session between adjacent LSRs, label bindings cannot be exchanged, and the LSP cannot be built. This is the foundational layer for MPLS forwarding, so it must be checked before higher-layer issues like routing or reachability.

Exam trap

Cisco often tests the misconception that checking IGP adjacency (OSPF) is the first step, but LDP depends on IGP for reachability, not adjacency; the trap is that candidates confuse routing protocol adjacency with label distribution protocol adjacency.

How to eliminate wrong answers

Option B is wrong because pinging the far-end loopback interface tests IP reachability, not the MPLS label-switched path; a successful ping can occur even if LDP is broken if the router uses IP forwarding. Option C is wrong because BGP IPv4 unicast neighbors are used for exchanging routing information, not for MPLS label distribution; LDP or RSVP-TE handles label binding. Option D is wrong because while OSPF adjacency is necessary for IGP routing, it does not directly affect LDP session establishment; LDP can fail even if OSPF is fully converged.

848
MCQmedium

A service provider is using Cisco Peakflow for DDoS detection. Peakflow identifies anomalies based on network traffic telemetry. Which data collection method does Peakflow primarily use?

A.NetFlow/IPFIX
B.Syslog
C.SNMP polling
D.Packet capture
AnswerA

Peakflow relies on flow data for anomaly detection.

Why this answer

Peakflow uses NetFlow (or IPFIX) data exported from routers to analyze traffic patterns and detect anomalies.

849
MCQhard

When automating configuration changes across a large network using a tool like Cisco NSO, what is the best practice to minimize the risk of negative impact?

A.Rely on rollback automation
B.Use a staging environment with identical configuration to test before production
C.Limit automation to read-only commands
D.Automate only during maintenance windows
E.Apply changes directly to production devices
AnswerB

Testing in a staging environment that mirrors production allows early detection of issues, minimizing production impact.

Why this answer

Using a staging environment with identical configuration to test before production is the best practice because it allows validation of automation scripts and configuration changes in a controlled setting that mirrors the production network. This approach identifies potential errors, compatibility issues, or unintended side effects without risking service disruption, aligning with Cisco NSO's recommended deployment workflow that emphasizes pre-production testing to ensure change reliability.

Exam trap

Cisco often tests the misconception that rollback automation is a sufficient safety net, but the trap here is that candidates overlook the proactive risk mitigation provided by pre-production testing, which is the foundational best practice in network automation change management.

How to eliminate wrong answers

Option A is wrong because relying solely on rollback automation is reactive and does not prevent the initial negative impact; rollback may fail if the network state changes or if the automation tool cannot revert complex transactional changes cleanly. Option C is wrong because limiting automation to read-only commands defeats the purpose of configuration automation, which requires write operations to implement changes; read-only commands are for monitoring, not configuration management. Option D is wrong because automating only during maintenance windows reduces but does not eliminate risk; it ignores the need for thorough testing and validation, and unexpected failures can still occur during the window.

Option E is wrong because applying changes directly to production devices without prior testing violates change management best practices and increases the likelihood of widespread outages or misconfigurations.

850
MCQeasy

In IS-IS, what is the purpose of the NET (Network Entity Title) address field SEL (Selector) byte?

A.Identifies the application layer protocol
B.Indicates that this is a router (always 0x00)
C.Identifies the area
D.Identifies the system ID
AnswerB

SEL=0x00 indicates the network entity.

Why this answer

The SEL byte is always 0x00 for routers, indicating that the address refers to the router itself rather than a specific service.

851
Multi-Selectmedium

Which THREE are characteristics of EVPN? (Choose three.)

Select 3 answers
A.Provides only L2VPN services
B.Supports all-active multi-homing
C.Supports multi-homing with Ethernet Segment Identifier (ESI)
D.Uses BGP for control plane signaling
E.Uses LDP for pseudowire signaling
AnswersB, C, D

Correct. EVPN supports all-active and single-active.

Why this answer

EVPN uses BGP control plane, supports multi-homing with ESI, and can provide both L2 and L3 services. It does not use LDP for signaling; it uses BGP. VPLS is older.

852
MCQhard

A metro Ethernet provider needs to scale customer VLANs beyond the 4,096 limit by encapsulating customer VLAN tags with an outer service provider tag. Which IEEE standard is used?

A.802.1ad (Q-in-Q)
B.802.1ah (Provider Backbone Bridging)
C.802.1Q
D.802.1ak
AnswerA

802.1ad allows double tagging with an outer service provider tag.

Why this answer

Q-in-Q (802.1ad) adds an outer VLAN tag to extend VLAN space. 802.1ah is for MAC-in-MAC, 802.1Q is the basic standard, and 802.1ak is not related.

853
MCQmedium

In Segment Routing over MPLS (SR-MPLS), how are Prefix-SIDs advertised in IS-IS?

A.Via LDP label mapping messages
B.Via RSVP-TE PATH messages
C.Via BGP VPN labels
D.Via IS-IS TLV 135 and TLV 149
AnswerD

Correct. IS-IS uses these TLVs for SR SID advertisement.

Why this answer

In SR-MPLS, Prefix-SIDs are advertised in IS-IS using TLV 135 (Extended IP Reachability) to carry the prefix and its metric, and TLV 149 (IS-IS Router Capability) to carry the SID/Label Binding sub-TLV, which maps the prefix to a specific label (Prefix-SID). This allows IS-IS to distribute both the prefix reachability and its associated segment identifier in a single protocol update, enabling source routing without LDP or RSVP-TE.

Exam trap

Cisco often tests the distinction between traditional MPLS label distribution protocols (LDP, RSVP-TE) and SR-MPLS's use of IGP extensions (IS-IS TLVs or OSPF Opaque LSAs) to carry segment IDs, leading candidates to mistakenly associate Prefix-SIDs with LDP or RSVP-TE.

How to eliminate wrong answers

Option A is wrong because LDP label mapping messages are used for distributing labels in MPLS LDP, not for advertising Prefix-SIDs in SR-MPLS, which uses IS-IS or OSPF extensions. Option B is wrong because RSVP-TE PATH messages are used for traffic engineering label distribution and path setup, not for advertising Prefix-SIDs in IS-IS. Option C is wrong because BGP VPN labels are used in MPLS VPN environments to identify VPN routes, not for advertising Prefix-SIDs in IS-IS.

854
MCQeasy

Which QoS mechanism is most effective for preventing congestion on a service provider edge link when traffic exceeds the link capacity?

A.Priority queuing
B.Traffic policing
C.Traffic shaping
D.WRED
AnswerC

Shapes traffic to avoid line-rate bursts and drops.

Why this answer

Traffic shaping is the most effective QoS mechanism for preventing congestion on a service provider edge link when traffic exceeds link capacity because it buffers excess packets and smooths the transmission rate to match the configured committed information rate (CIR). Unlike policing, which drops or re-marks packets, shaping avoids tail drops and packet loss by queuing bursts, making it ideal for edge links where preserving traffic integrity is critical. Cisco IOS uses the Generic Traffic Shaping (GTS) or Class-Based Shaping (CB-Shaping) to enforce a rate limit while maintaining TCP fairness and reducing retransmissions.

Exam trap

Cisco often tests the distinction between congestion management (queuing/scheduling) and congestion avoidance (WRED) versus rate limiting (policing/shaping), and the trap here is that candidates confuse policing (which drops) with shaping (which buffers), or assume WRED prevents congestion rather than just avoiding tail drops.

How to eliminate wrong answers

Option A is wrong because priority queuing (PQ) provides strict priority scheduling, not congestion prevention; it can cause starvation of lower-priority queues when traffic exceeds capacity, leading to packet loss for non-priority traffic. Option B is wrong because traffic policing drops or re-marks packets that exceed the configured rate, which can cause TCP global synchronization and excessive retransmissions, making it unsuitable for preventing congestion on an edge link where preserving traffic is preferred. Option D is wrong because WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that proactively drops packets before queues fill, but it does not limit the overall traffic rate to prevent congestion; it only manages queue depth and cannot stop traffic from exceeding link capacity.

855
MCQmedium

An SP engineer is troubleshooting IS-IS routing. The network uses wide metrics, and some links have been configured with TE metrics. Which statement correctly describes the relationship between TE metrics and narrow metrics in IS-IS?

A.Narrow metrics are used only for L1 routes, while TE metrics are used for L2.
B.Wide metrics allow values up to 2^24 - 1, while narrow metrics allow up to 63.
C.TE metrics override narrow metrics for SPF calculations.
D.TE metrics are used by default when metric-style wide is configured.
AnswerB

Wide metrics use 24 bits (max 16777215), narrow use 6 bits (max 63).

Why this answer

IS-IS supports both narrow (6-bit) and wide (24-bit) style metrics. TE metrics are separate TLVs that carry additional information for MPLS-TE and do not replace the standard metric used for SPF computation.

856
MCQeasy

In the DiffServ model, which DSCP value is used for Expedited Forwarding (EF) to support voice traffic?

A.DSCP 0
B.DSCP 46
C.DSCP 40
D.DSCP 34
AnswerB

EF is DSCP 46 as per RFC 3246.

Why this answer

EF is defined by DSCP 46 (binary 101110) to provide low-loss, low-latency service for voice.

857
MCQhard

A service provider is troubleshooting BGP route advertisement for a VPNv4 prefix. The PE router receives the prefix from the route reflector but does not install it in the VRF routing table. The BGP table shows the prefix as valid but not best. What is the most likely cause?

A.The VRF does not have the correct route-target import.
B.The next-hop is not reachable via the IGP with an MPLS label.
C.The BGP table is full and cannot accept more prefixes.
D.The MPLS label is missing in the BGP update.
AnswerB

Next-hop unreachability causes the route to be not best.

Why this answer

For a VPNv4 prefix to be installed in the VRF routing table, BGP must select it as the best path. A key requirement for best-path selection is that the next-hop address must be reachable via the IGP with an associated MPLS label (via LDP or other label distribution protocol). If the next-hop is not reachable with a label, the route remains valid but not best, and thus is not installed in the VRF.

Exam trap

Cisco often tests the distinction between a route being valid (accepted into BGP table) versus best (eligible for installation into the VRF), and the trap here is that candidates assume a valid route should automatically be installed, overlooking the next-hop reachability with label requirement for MPLS VPNs.

How to eliminate wrong answers

Option A is wrong because the VRF route-target import configuration determines whether the prefix is accepted into the VRF at all; if the import RT matches, the prefix enters the BGP table, but the issue here is that it is already in the BGP table as valid, so RT import is not the problem. Option C is wrong because a full BGP table would prevent new prefixes from being accepted, but the prefix is already present in the BGP table as valid, so table capacity is not the limiting factor. Option D is wrong because if the MPLS label were missing in the BGP update, the prefix would likely be marked as invalid or not installed at all, but the question states the prefix is valid, indicating the label is present in the update; the problem is that the next-hop itself is not reachable via the IGP with a label.

858
Multi-Selecteasy

Which two MPLS OAM tools can be used to troubleshoot label switching paths? (Choose two)

Select 2 answers
A.traceroute
B.show ip route
C.MPLS LSP ping
D.ping
E.MPLS echo request
AnswersC, E

MPLS LSP ping sends MPLS echo request to verify LSP connectivity.

Why this answer

MPLS LSP ping (option C) is an OAM tool specifically designed to verify the data plane of an MPLS label switched path (LSP) by sending an MPLS echo request packet with a target FEC stack, which is forwarded along the LSP and validated by the egress LSR. This tests the actual label forwarding path, not just the control plane, making it a correct choice for troubleshooting LSPs.

Exam trap

Cisco often tests the distinction between control-plane verification (like 'show ip route' or 'ping') and data-plane OAM tools (like MPLS LSP ping and MPLS echo request), leading candidates to mistakenly select generic IP tools that cannot validate label switching.

859
MCQeasy

A network operator is migrating from traditional MPLS LDP to Segment Routing (SR) with IS-IS. The network consists of four routers (R1-R4) in a square topology. The engineer has enabled SR on all routers and configured prefix-SIDs for loopbacks. However, when checking the MPLS forwarding table on R1, the engineer sees that some prefixes have label values that are not the prefix-SIDs. For example, the prefix for R4's loopback shows label 16004 instead of the expected 16004 (which is correct). But for another prefix, the label is 16003 instead of 16003 (correct). The engineer does not see any labels for some external routes. What is the most likely reason that some labels are missing?

A.The IS-IS wide metrics are not enabled on all interfaces.
B.Route redistribution from another protocol is not configured.
C.The prefix-SIDs are inconsistent across routers.
D.External routes are not covered by prefix-SIDs; they require LDP or another label distribution mechanism.
AnswerD

SR only assigns labels to IGP prefixes; external routes need separate handling.

Why this answer

Option D is correct because Segment Routing (SR) with IS-IS only assigns prefix-SIDs to prefixes that are part of the IS-IS domain and explicitly configured with a SID. External routes, such as those redistributed from another protocol (e.g., BGP or OSPF), are not covered by prefix-SIDs and require a separate label distribution mechanism like LDP or a manually configured explicit-null label to be forwarded with MPLS encapsulation. The engineer's observation that some labels are missing for external routes directly points to this limitation.

Exam trap

Cisco often tests the misconception that SR with IS-IS automatically assigns labels to all routes in the routing table, when in fact prefix-SIDs only apply to IGP routes within the same protocol domain, and external routes still need LDP or another label distribution mechanism.

How to eliminate wrong answers

Option A is wrong because IS-IS wide metrics are required for SR operation (to support the extended TLV format for SIDs), but their absence would cause SR to fail entirely or produce incorrect SID assignments, not just missing labels for external routes. Option B is wrong because route redistribution from another protocol is not the root cause; while redistribution may introduce external routes, the missing labels are due to the lack of a label distribution mechanism for those routes, not the act of redistribution itself. Option C is wrong because inconsistent prefix-SIDs across routers would cause label mismatch or forwarding loops, not missing labels; the engineer already confirmed that some prefix-SIDs (e.g., 16004) are correctly installed, indicating consistency is not the issue.

860
Matchingmedium

Match each multicast protocol to its role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Host-to-router protocol for joining multicast groups

Sparse mode multicast routing using RP

Dense mode multicast routing assuming all routers want traffic

Protocol for connecting multiple PIM-SM domains

Bootstrap Router for automatic RP election

Why these pairings

These are essential multicast protocols for service provider IPTV and content delivery.

861
MCQhard

In BGP, an SP router receives multiple routes to the same prefix. The first route has a weight of 100, LOCAL_PREF of 200, AS_PATH length 3, and is learned via eBGP. The second route has weight 50, LOCAL_PREF 150, AS_PATH length 2, and is learned via iBGP. According to BGP route selection, which route will be preferred?

A.The second route (AS_PATH length 2)
B.The first route (eBGP learned)
C.The second route (LOCAL_PREF 150)
D.The first route (weight 100)
AnswerD

Correct. Weight is checked first; higher weight wins.

Why this answer

BGP selection order: highest weight first. Route 1 has weight 100, Route 2 has weight 50, so Route 1 is preferred regardless of other attributes.

862
MCQeasy

Refer to the exhibit. This JSON policy is used for Segment Routing Traffic Engineering. What is the purpose of the 'color' attribute?

A.It sets the metric type for the path calculation
B.It defines the preference value for the candidate path
C.It identifies a specific SR-TE policy to be used for traffic steering
D.It specifies the link affinity constraint for the path
AnswerC

Color is used to match traffic via color-based forwarding.

Why this answer

In Segment Routing Traffic Engineering (SR-TE), the 'color' attribute is a 32-bit numerical value that, combined with the destination prefix, uniquely identifies an SR-TE policy. This allows traffic to be steered into a specific policy based on color, enabling advanced traffic engineering use cases such as multi-topology routing or service-level agreement (SLA) differentiation.

Exam trap

The trap here is that candidates confuse the 'color' attribute with the 'preference' value, as both are numerical values used in SR-TE policy selection, but 'color' identifies the policy itself while 'preference' selects among candidate paths within that policy.

How to eliminate wrong answers

Option A is wrong because the metric type for path calculation is set via the 'metric' sub-object within the candidate path, not by the 'color' attribute. Option B is wrong because the preference value for a candidate path is defined by the 'preference' field inside the candidate path list, not by 'color'. Option D is wrong because link affinity constraints are specified using the 'affinity' object under constraints, not by the 'color' attribute.

863
Multi-Selectmedium

A service provider plans to deploy automation using Cisco NSO. Which two benefits does NSO provide for service lifecycle management? (Choose two.)

Select 2 answers
A.Automatic rollback on failed deployment.
B.Multi-vendor device support via NETCONF and CLI.
C.On-device scripting engine.
D.Real-time traffic monitoring.
E.Built-in configuration compliance checks.
AnswersA, B

NSO automatically rolls back changes if a deployment fails, ensuring device consistency.

Why this answer

Option A is correct because Cisco NSO provides a built-in transaction management system that automatically rolls back a service deployment to its previous state if any part of the deployment fails. This ensures service lifecycle integrity by preventing partial or inconsistent configurations across devices.

Exam trap

Cisco often tests the distinction between NSO's centralized orchestration capabilities and features that belong to other tools (like monitoring or compliance), leading candidates to mistakenly select options that describe functions of separate Cisco products (e.g., Cisco DNA Center for compliance or Cisco ThousandEyes for monitoring).

864
Multi-Selecteasy

Which THREE BGP attributes are considered in the best path selection process before comparing IGP metric to the next-hop? (Choose three.)

Select 3 answers
A.MED
B.AS_PATH length
C.eBGP over iBGP
D.Weight
E.LOCAL_PREF
AnswersB, D, E

AS_PATH is fourth after local preference.

Why this answer

Weight, LOCAL_PREF, and AS_PATH length are considered before IGP metric. MED comes after AS_PATH.

865
Multi-Selecteasy

Which TWO protocols are supported by a BNG (Broadband Network Gateway) for subscriber session establishment? (Choose two)

Select 2 answers
A.PPPoE
B.IPoE (DHCP)
C.IPSec
D.L2TP
E.PPPoA
AnswersA, B

PPPoE is a common protocol for DSL broadband.

Why this answer

BNG supports PPPoE and IPoE (DHCP) for subscriber access. PPPoA is asynchronous transfer mode, not typically used in modern BNG.

866
MCQmedium

A service provider is automating the provisioning of MPLS L3VPNs across multiple devices using NETCONF. During a deployment, the automation script fails with an error indicating that the device does not support the required YANG model. Which action should the engineer take to verify device capabilities?

A.Use the hello message exchange to check supported YANG modules via capabilities.
B.Use CLI show command to list YANG models.
C.Use RESTCONF with GET to retrieve device capabilities.
D.Use SNMP to check device OID.
AnswerA

The NETCONF hello message includes capabilities such as supported YANG models, making this the correct approach.

Why this answer

NETCONF hello message exchange includes the list of supported YANG modules in the capabilities. This is the standard way to discover device capabilities. Other options are either not standard or would not provide the required information.

867
MCQeasy

Which BGP community is used to prevent a route from being advertised to any eBGP peers?

A.NO_EXPORT
B.INTERNET
C.LOCAL_AS
D.NO_ADVERTISE
AnswerA

Correct. NO_EXPORT prevents advertisement to eBGP peers.

Why this answer

The well-known community NO_EXPORT (0xFFFFFF01) prevents a route from being advertised to any eBGP peers. The route can still be advertised within the AS.

868
MCQhard

An SP detects a volumetric DDoS attack targeting a customer network. The SP uses Cisco's S/RTBH technique to drop attack traffic. Which action is performed by the edge routers upon receiving a BGP route with a specific community?

A.The edge router applies a BGP FlowSpec rule to rate-limit the traffic
B.The edge router forwards the attack traffic to a scrubbing center
C.The edge router installs a /32 route pointing to a discard interface
D.The edge router sends ICMP unreachable messages to the attacker
AnswerC

The /32 route with next-hop Null0 causes traffic to be dropped.

Why this answer

S/RTBH works by advertising a /32 prefix (the victim's IP) with a special BGP community (e.g., NO_EXPORT) and a next-hop of the discard interface (e.g., Null0). Edge routers install the route pointing to Null0, dropping traffic to that IP.

869
Multi-Selecteasy

Which TWO types of SIDs are defined in Segment Routing? (Select two.)

Select 2 answers
A.Adjacency-SID
B.TI-LFA SID
C.Service-SID
D.Prefix-SID
E.Node-SID
AnswersA, D

Identifies a link adjacency.

Why this answer

Segment Routing (SR) defines two primary types of Segment Identifiers (SIDs): the Prefix-SID and the Adjacency-SID. A Prefix-SID is a global or local label associated with an IGP prefix (e.g., a loopback), enabling shortest-path forwarding toward that prefix. An Adjacency-SID is a local label associated with a specific adjacency (link) between two routers, forcing traffic out that exact interface regardless of the IGP shortest path.

Exam trap

Cisco often tests the distinction between Node-SID and Prefix-SID, where candidates mistakenly treat Node-SID as a separate SID type, but it is actually a Prefix-SID assigned to the router's loopback address.

870
MCQmedium

An SP engineer is designing an OSPF network with several remote sites that should not receive external routes but need to reach external destinations via a default route. Which OSPF area type best meets this requirement while also preventing Type 5 LSAs from entering?

A.NSSA
B.Backbone area 0
C.Stub area
D.Totally stubby area
AnswerD

Correct. Totally stubby area blocks Type 5 and Type 3 LSAs except a default route, so remote sites only have a default route to reach external destinations.

Why this answer

A totally stubby area blocks Type 5 and Type 3 LSAs (except a default route). A stub area blocks Type 5 but allows Type 3 (inter-area routes). An NSSA allows Type 7 LSAs for external routes from the area.

A totally stubby area is the correct choice because it blocks both Type 5 and Type 3 (except default), meeting the requirement.

871
MCQeasy

Refer to the exhibit. The VRF CUSTOMER is configured with route-target import 100:1. Why is this route not installed in the VRF table?

A.VRF not properly configured.
B.Route target mismatch.
C.Route distinguisher missing.
D.Next-hop unreachable.
AnswerB

The route carries RT:200:1, but the VRF imports only RT:100:1.

Why this answer

B is correct because the VRF CUSTOMER is configured with route-target import 100:1, but the route in question carries a different route-target value (e.g., 100:2). For a route to be installed into a VRF table, the route-target extended community attached to the route must match at least one of the import route-targets configured on the VRF. A mismatch prevents the route from being imported, even if other conditions are satisfied.

Exam trap

Cisco often tests the distinction between route distinguisher (RD) and route-target (RT) — candidates confuse RD uniqueness with RT import/export matching, leading them to pick 'Route distinguisher missing' when the actual issue is a route-target mismatch.

How to eliminate wrong answers

Option A is wrong because the VRF is properly configured with a route distinguisher and route-target import statement; the issue is not a missing or misconfigured VRF definition. Option C is wrong because a route distinguisher is required for VRF route uniqueness in the BGP table, but its absence would cause a different error (e.g., the route not being carried in BGP at all), not a failure to import a route that already has an RD. Option D is wrong because the next-hop reachability is not the cause here; if the next-hop were unreachable, the route would still be considered for import but would be marked as invalid or not installed due to unreachability, whereas the question explicitly states the route is not installed due to route-target mismatch.

872
MCQhard

A service provider is deploying Segment Routing Traffic Engineering (SR-TE) to optimize traffic flows. Which mechanism is used to steer traffic into an SR-TE policy?

A.RSVP-TE tunnel interface
B.Color extended community on BGP routes
C.BGP prefix-independent convergence (PIC)
D.Manual static route pointing to the policy
E.LDP label distribution
AnswerB

The color community is the standard way to steer traffic into an SR-TE policy.

Why this answer

In Segment Routing Traffic Engineering (SR-TE), traffic is steered into an SR-TE policy using a color extended community attached to BGP routes. The color community acts as a service-level identifier that maps BGP-learned prefixes to a specific SR-TE policy on the headend router, enabling automated traffic engineering without per-flow state or tunnel interfaces.

Exam trap

The trap here is that candidates often confuse the color extended community with BGP communities used for routing policy (e.g., route maps) or assume that SR-TE requires explicit tunnel interfaces like RSVP-TE, when in fact the color community is the key steering mechanism in SR-TE.

How to eliminate wrong answers

Option A is wrong because RSVP-TE tunnel interfaces are a legacy MPLS-TE mechanism that requires per-tunnel signaling and state, whereas SR-TE uses segment lists and does not rely on RSVP-TE. Option C is wrong because BGP prefix-independent convergence (PIC) is a fast-convergence technique for BGP route failures, not a mechanism for steering traffic into an SR-TE policy. Option D is wrong because manual static routes pointing to a policy are not a standard or scalable method; SR-TE policies are dynamically selected via BGP color communities or explicit policy configuration, not static routes.

Option E is wrong because LDP label distribution is used for label-switched path setup in traditional MPLS, not for steering traffic into SR-TE policies, which use segment routing labels (MPLS or SRv6).

873
MCQhard

A network operator is implementing segment routing (SR-MPLS) using OSPF as the IGP. Which OSPF TLV is used to advertise the Node SID (Prefix SID) for a router's loopback address?

A.Router Information TLV
B.Traffic Engineering TLV
C.Extended Prefix TLV
D.Extended Link TLV
AnswerC

Correct TLV for Prefix SID.

Why this answer

In OSPF, the Extended Prefix TLV (type 1) carries the Prefix SID sub-TLV for segment routing. The Adjacency SID is carried in the Extended Link TLV.

874
MCQeasy

What is the purpose of NTP authentication in a service provider network?

A.To encrypt NTP traffic
B.To rate-limit NTP packets
C.To synchronize time across devices
D.To verify the identity of the NTP server
AnswerD

Authentication uses keys to verify that the server is legitimate.

Why this answer

NTP authentication ensures that time synchronization messages are from a trusted source, preventing spoofed NTP packets that could cause time changes affecting logs, protocols, and security.

875
MCQmedium

A customer is experiencing packet loss during congestion on a link. The service provider wants to implement a QoS policy that drops less important traffic before more important traffic. Which queuing mechanism is best suited?

A.Class-Based Weighted Fair Queuing (CBWFQ) with WRED
B.FIFO queuing
C.Low Latency Queuing (LLQ)
D.Traffic shaping
AnswerA

CBWFQ allocates bandwidth per class, WRED drops low priority before high priority.

Why this answer

CBWFQ with WRED is the best choice because CBWFQ provides per-class queuing with guaranteed bandwidth, while WRED proactively drops less important traffic (based on IP precedence or DSCP) before the queue becomes full, preventing tail drop and ensuring that higher-priority traffic is preserved during congestion. This combination allows the service provider to selectively discard lower-priority packets under congestion, meeting the requirement to drop less important traffic before more important traffic.

Exam trap

Cisco often tests the misconception that LLQ alone can prioritize traffic during congestion, but the trap here is that LLQ provides strict priority queuing without proactive dropping, so it does not selectively drop less important traffic; WRED is required for that function.

How to eliminate wrong answers

Option B (FIFO queuing) is wrong because it treats all traffic equally, dropping packets from the tail of the queue regardless of importance, which does not differentiate between traffic classes. Option C (LLQ) is wrong because it is designed to provide strict priority queuing for delay-sensitive traffic (e.g., voice), but it does not inherently drop less important traffic before more important traffic; it can starve other queues if not policed, and it lacks the proactive dropping mechanism of WRED. Option D (Traffic shaping) is wrong because it buffers excess traffic to smooth out bursts and does not drop packets; it delays them, which does not address the requirement to drop less important traffic during congestion.

876
MCQmedium

A customer is using a Cisco ASR 9000 router with hierarchical QoS (HQoS) on a subscriber interface. The parent policy sets a shape rate of 10 Mbps, but the observed traffic rate is only 8 Mbps. What is a common misconfiguration that would cause this?

A.The child policy includes a police command that is limiting traffic below the parent shaper rate
B.The child policy uses 'bandwidth remaining' instead of 'bandwidth'
C.The child policy includes a bandwidth command that exceeds the parent shaper rate
D.The parent shaper uses 'shape peak' instead of 'shape average'
AnswerA

If a child policy has a police command with a rate of 8 Mbps, that overrides the parent shaper for that class, resulting in a lower observed rate.

Why this answer

In hierarchical QoS (HQoS) on a Cisco ASR 9000, the parent policy shapes traffic to a specified rate, but if the child policy includes a police command, that policer can independently drop or mark down traffic before it reaches the parent shaper. This causes the observed traffic rate to be lower than the parent shape rate, as the child policer is the actual bottleneck. The correct answer is A because the police command in the child policy is limiting traffic below the 10 Mbps parent shaper, resulting in only 8 Mbps observed.

Exam trap

Cisco often tests the distinction between shaping and policing in HQoS, where candidates mistakenly think the parent shaper always controls the final rate, ignoring that a child policer can override it by dropping traffic earlier in the pipeline.

How to eliminate wrong answers

Option B is wrong because 'bandwidth remaining' allocates unused bandwidth from the parent shaper and does not cap the rate; it would not cause the observed rate to be lower than the parent shape. Option C is wrong because a 'bandwidth' command that exceeds the parent shaper rate would simply be constrained by the parent shaper, resulting in traffic at the parent shape rate (10 Mbps), not below it. Option D is wrong because 'shape peak' allows bursts above the committed rate, which would increase the observed rate, not reduce it below the parent shape; 'shape average' is the typical command for strict rate limiting.

877
Multi-Selecthard

A service provider wants to deploy network slicing for 5G services. Which THREE of the following are typical requirements for network slicing?

Select 3 answers
A.End-to-end orchestration and lifecycle management.
B.Each slice must use a different BGP autonomous system number.
C.Dedicated core network functions per slice (e.g., UPF, SMF).
D.Resource isolation (compute, network, storage) between slices.
E.Dedicated physical fibers and routers per slice.
AnswersA, C, D

Automation is key for slice management.

Why this answer

Network slices require resource isolation (A), dedicated control plane functions (B), and end-to-end orchestration (E). Slices share physical resources (C is false) and do not necessarily require separate BGP AS (D).

878
Multi-Selectmedium

In EVPN multi-homing, which two mechanisms are used to avoid duplicate packets and ensure efficient forwarding? (Choose two.)

Select 2 answers
A.MAC mobility
B.Split-horizon filtering
C.Aliasing
D.ARP suppression
E.Designated Forwarder (DF) election
AnswersB, E

Correct: Split-horizon prevents loops.

Why this answer

Designated Forwarder (DF) election ensures only one PE forwards traffic to the CE for broadcast/multicast/unknown unicast, and split-horizon prevents a PE from forwarding packets back to the ES from which they were received.

879
MCQmedium

An SP uses OSPF with Traffic Engineering extensions to support RSVP-TE. Which LSA type is used to carry TE information in OSPF?

A.Type 11 Opaque LSAs.
B.Type 10 Opaque LSAs.
C.Type 5 LSAs.
D.Type 9 Opaque LSAs.
AnswerB

Correct. Type 10 Opaque LSAs are area-scoped and carry TE information.

Why this answer

OSPF TE extensions use Opaque LSAs. Specifically, Type 10 Opaque LSAs (area-scoped) carry TE information as defined in RFC 3630.

880
MCQmedium

A service provider is designing a new MPLS L3VPN service. The customer requires that their VPN traffic be isolated from other customers and that the provider edge routers maintain separate routing tables for each VPN. Which architectural component is essential for this separation?

A.MPLS label stacking
B.VRF (Virtual Routing and Forwarding)
C.VLAN tagging on the customer-facing interfaces
D.BGP route reflectors
AnswerB

VRF creates separate routing tables per VPN instance, enabling isolation.

Why this answer

VRF (Virtual Routing and Forwarding) is the essential architectural component that enables a provider edge router to maintain separate, isolated routing tables for each VPN customer. Each VRF instance contains its own routing table, CEF (Cisco Express Forwarding) table, and associated interfaces, ensuring that traffic from one customer is never forwarded using another customer's routing information. This per-VPN isolation is fundamental to MPLS L3VPN services as defined in RFC 4364.

Exam trap

Cisco often tests the distinction between data-plane isolation (VLANs, MPLS labels) and control-plane isolation (VRF), and the trap here is that candidates confuse VLAN tagging (Layer 2) with the Layer 3 routing table separation provided by VRFs, assuming VLANs alone can achieve the required routing isolation.

How to eliminate wrong answers

Option A is wrong because MPLS label stacking is a forwarding mechanism used to separate transport labels from service labels in an MPLS network, but it does not create or maintain separate routing tables per VPN; it operates at the data plane, not the control plane. Option C is wrong because VLAN tagging on customer-facing interfaces provides Layer 2 segmentation (802.1Q) but does not create separate Layer 3 routing tables; a single VLAN can still be mapped to a single VRF, but VLANs alone cannot isolate routing information. Option D is wrong because BGP route reflectors are used to scale BGP route distribution within an MPLS VPN by reducing the number of iBGP sessions, but they do not provide per-VPN routing table isolation; they propagate VPNv4 routes that already carry the Route Distinguisher (RD) and Route Target (RT) attributes.

881
MCQmedium

During a multicast deployment, some receivers are not receiving the stream. The PIM neighbor table shows the upstream interface is correct. Which command would verify whether the multicast routing table has the correct outgoing interface list?

A.show ip igmp groups
B.show ip pim neighbor
C.show ip mroute
D.show ip route
AnswerC

Shows multicast routing table, including incoming and outgoing interfaces.

Why this answer

The 'show ip mroute' command displays the multicast routing table, including the outgoing interface list (OIL) for each multicast group. Since the PIM neighbor table confirms the upstream interface is correct, the issue likely lies in the OIL, which 'show ip mroute' directly verifies. This command shows which interfaces are forwarding multicast traffic and whether they are pruned or in a forwarding state.

Exam trap

Cisco often tests the distinction between the multicast routing table (show ip mroute) and PIM neighbor or IGMP group commands, trapping candidates who confuse neighbor reachability with correct forwarding interface configuration.

How to eliminate wrong answers

Option A is wrong because 'show ip igmp groups' shows IGMP membership on a router, not the multicast routing table's outgoing interface list; it only indicates which hosts have joined a group on local interfaces. Option B is wrong because 'show ip pim neighbor' displays PIM neighbor relationships and their states, but the question already states the upstream interface is correct, so this command does not help verify the OIL. Option D is wrong because 'show ip route' shows the unicast routing table, which is unrelated to multicast forwarding state or the outgoing interface list for multicast groups.

882
Multi-Selectmedium

An SP engineer is designing an OSPF network and wants to reduce the number of LSAs in a stub area. Which TWO area types would block Type 5 LSAs but allow Type 3 LSAs? (Choose two.)

Select 2 answers
A.NSSA
B.Totally stubby area
C.Backbone area 0
D.Stub area
E.Normal area
AnswersA, D

NSSA blocks Type 5 but injects Type 7 for external routes.

Why this answer

Stub and NSSA allow Type 3 LSAs but block Type 5 LSAs. Totally stubby blocks both Type 3 and Type 5.

883
MCQhard

An engineer is implementing Unicast Reverse Path Forwarding (uRPF) on a provider edge (PE) router to mitigate IP spoofing. The customer-facing interface has a single static default route. Which uRPF mode should be used to provide anti-spoofing without causing false drops?

A.VRF mode
B.Strict mode
C.Feasible mode
D.Loose mode
AnswerD

Loose mode only checks that a route exists (including default) to the source, preventing spoofing with minimal false drops.

Why this answer

With a single default route, strict uRPF would fail because the reverse path check expects a specific route back to the source. Loose uRPF only checks if a route exists (including default) to the source, making it suitable.

884
Multi-Selectmedium

A service provider is deploying uRPF on peering edges with multiple upstream providers and asymmetric routing. Which two statements are true about uRPF operation in this scenario? (Choose two.)

Select 2 answers
A.Loose mode may drop traffic if no route to the source exists in the FIB
B.uRPF requires CEF to be disabled
C.Loose mode requires a default route to function
D.uRPF can be applied in both IPv4 and IPv6
E.Strict mode is preferred for asymmetric routing environments
AnswersA, D

Loose mode drops only if there is no route at all.

Why this answer

Loose uRPF only checks that a route to the source exists, suitable for asymmetric routing. Strict uRPF requires the incoming interface to match the best return route, which can drop legitimate traffic with asymmetric routing. Default routes do not affect loose mode.

885
MCQhard

Refer to the exhibit. A network automation engineer uses NETCONF to retrieve the QoS policy 'POLICE-CUSTOMER'. Based on the response, what is the effect of this policy?

A.It polices all traffic to a maximum of 256 kbps and drops excess.
B.It sets DSCP CS4 on traffic exceeding 256 kbps.
C.It guarantees a priority queue for traffic up to 256 kbps.
D.It shapes traffic to an average rate of 256 kbps.
AnswerA

Correct: Policer with exceed-action drop.

Why this answer

The NETCONF response shows a 'police' configuration under the QoS policy 'POLICE-CUSTOMER' with a committed information rate (CIR) of 256000 bps (256 kbps) and a conform-action of 'transmit' with an exceed-action of 'drop'. This is a standard policing action that meters traffic to the specified rate and drops any packets that exceed it, as defined in RFC 2697 (Single Rate Three Color Marker). Option A correctly identifies this behavior.

Exam trap

Cisco often tests the distinction between policing (drops/marks excess) and shaping (buffers excess), and candidates mistakenly associate any rate-limiting action with shaping or marking without checking the specific action keywords in the configuration.

How to eliminate wrong answers

Option B is wrong because the configuration shows an exceed-action of 'drop', not 'set-dscp-transmit' or any marking action; DSCP CS4 would require a 'set-dscp' action in the exceed-action or violate-action. Option C is wrong because policing does not guarantee a priority queue; priority queuing is a scheduling mechanism configured under a class-map with 'priority' command, not a police action. Option D is wrong because shaping buffers and delays excess traffic to smooth bursts, whereas policing drops or marks excess traffic without buffering; the configuration explicitly uses 'police' not 'shape'.

886
Multi-Selectmedium

An SP is planning to offer L3VPN services. Which TWO components are essential for BGP/MPLS IP VPN operation?

Select 2 answers
A.Full mesh of IPsec tunnels between all PEs.
B.OSPF as the IGP within the MPLS core.
C.A single global routing table shared among all customers.
D.VRF (Virtual Routing and Forwarding) on provider edge routers.
E.MP-BGP with VPN-IPv4 address family for route exchange.
AnswersD, E

VRF isolates routing per customer.

Why this answer

VRF (A) provides per-customer routing, and MP-BGP (B) advertises VPN routes between PEs. MPLS labels are used but not essential as control plane component.

887
MCQhard

In an SR network, which configuration is required to activate TI-LFA for link protection?

A.metric delay interface configuration
B.label-preferred under the interface
C.fast-reroute per-prefix ti-lfa under the IGP process
D.mpls traffic-eng auto-tunnel primary
AnswerC

This command enables TI-LFA for all prefixes in the IGP domain.

Why this answer

Option C is correct because TI-LFA (Topology Independent Loop-Free Alternate) is activated under the IGP process using the 'fast-reroute per-prefix ti-lfa' command. This enables segment routing to compute a backup path that provides link protection without relying on the topology of the failure, ensuring 50-msec convergence.

Exam trap

Cisco often tests the distinction between per-interface and per-process configuration; the trap here is that candidates might think TI-LFA is configured under the interface (like traditional MPLS-TE FRR) rather than under the IGP process.

How to eliminate wrong answers

Option A is wrong because 'metric delay interface configuration' is used for IGP metric propagation delays (e.g., 'metric delay' under OSPF or IS-IS), not for activating TI-LFA. Option B is wrong because 'label-preferred under the interface' is not a valid Cisco command; TI-LFA is configured at the IGP process level, not per interface. Option D is wrong because 'mpls traffic-eng auto-tunnel primary' is used for MPLS-TE auto-tunnel creation, not for TI-LFA link protection in an SR network.

888
MCQeasy

In a Layer 3 MPLS VPN, a customer site that is part of VRF RED is unable to communicate with another site that is also in VRF RED. The 'show ip bgp vpnv4 vrf RED' command shows the routes, but the router does not install them in the routing table. Which configuration element is most likely missing?

A.A BGP session between PEs.
B.The route-target export on the receiving PE.
C.The route-target import on the receiving PE.
D.An MPLS LDP session between PEs.
AnswerC

Correct. Import is needed to accept routes into the VRF.

Why this answer

In a Layer 3 MPLS VPN, VRF RED routes are learned via MP-BGP between PEs. The 'show ip bgp vpnv4 vrf RED' command confirms the routes are present in the BGP table, but they are not installed in the routing table because the receiving PE lacks the correct route-target import configuration. The route-target import statement on the VRF determines which VPNv4 routes are accepted and installed into the VRF's RIB; without it, the routes remain in BGP but are not added to the routing table.

Exam trap

Cisco often tests the distinction between route-target import and export, and the trap here is that candidates see routes in the BGP table and assume they should be in the routing table, overlooking that import filtering is the final gatekeeper for VRF route installation.

How to eliminate wrong answers

Option A is wrong because a BGP session between PEs (MP-IBGP) is already established, as evidenced by the routes appearing in the BGP table; missing this would prevent route advertisement entirely. Option B is wrong because route-target export on the receiving PE controls which routes are advertised to other PEs, not which routes are imported into the local VRF; the issue is on the import side. Option D is wrong because an MPLS LDP session between PEs is not required for VPNv4 route installation; LDP is used for label distribution in the core, but the route not being installed in the VRF routing table is a BGP/VRF policy issue, not a label-switching problem.

889
MCQmedium

In BGP route reflection, what is the purpose of the ORIGINATOR_ID attribute?

A.To prevent routing loops by ensuring that a route is not reflected back to its originator
B.To indicate the next-hop IP address
C.To identify the route reflector
D.To carry the community value
AnswerA

A router ignores routes with its own ORIGINATOR_ID.

Why this answer

ORIGINATOR_ID is a non-transitive optional attribute that identifies the router that originated the route into the iBGP domain, used to prevent loops.

890
MCQmedium

Refer to the exhibit. The router has three LDP neighbors established. A network administrator notices that MPLS labels for the prefix 10.4.4.0/24 are not being advertised from this router to its neighbors, although the prefix is present in the routing table. Which is the most likely cause?

A.The LDP session to 10.3.3.3 is down.
B.The route to 10.4.4.0/24 is not the best path in the routing table.
C.The 'mpls ldp' command has not been applied globally.
D.The multicast routing table is empty for the prefix.
AnswerB

LDP assigns a label only to the best IGP route; if the route is not best, no label is allocated.

Why this answer

Option B is correct because the LDP neighbor for 10.4.4.4 (via 10.3.3.3) is up, but the router does not have a label for 10.4.4.0/24. This suggests the route is not being used for forwarding because of the IGP metric or administrative distance. Option A is wrong because the neighbor is up.

Option C is wrong because LDP has been configured globally. Option D is wrong because there is no indication of an mroute issue.

891
MCQeasy

Which label is used for an Adjacency SID in SR-MPLS?

A.A label from RSVP-TE reserved range
B.A label from the static label range
C.A label from the dynamic label range
D.A label from the SRGB (Segment Routing Global Block)
AnswerC

Correct: Adjacency SIDs are allocated from the dynamic range.

Why this answer

The Adjacency SID is local to the router and represents a specific link; it is typically allocated from the dynamic label range, not the SRGB.

892
MCQhard

An SP uses Cisco NSO for automation. Which protocol does NSO typically use to push configuration changes to network devices?

A.RESTCONF
B.NETCONF
C.SNMP
D.CLI via SSH
AnswerB

NETCONF is the standard protocol for NSO.

Why this answer

NSO uses NETCONF as the primary protocol to push configuration changes, leveraging YANG data models.

893
MCQeasy

In an MPLS VPN, what label operation does the egress PE perform on the VPN packet before forwarding it to the CE?

A.Swap the top label
B.Impose a VPN label
C.Pop the label stack
D.Push a new label
E.Replace the transport label
AnswerC

The egress PE removes all labels and forwards the IP packet.

Why this answer

In an MPLS VPN, the egress PE (Provider Edge) router receives a packet with a label stack typically consisting of a transport label (IGP label) and a VPN label. Before forwarding the IP packet to the CE (Customer Edge), the egress PE must remove the entire MPLS label stack because the CE is an IP-only device that does not understand MPLS labels. This operation is called 'pop the label stack' (also known as penultimate hop popping, though at the egress PE it is explicit label removal).

Exam trap

Cisco often tests the distinction between label operations at different MPLS nodes; the trap here is confusing the egress PE's role with that of the ingress PE (which imposes labels) or a transit P router (which swaps labels), leading candidates to select 'Swap the top label' or 'Push a new label'.

How to eliminate wrong answers

Option A is wrong because swapping the top label is an operation performed by transit P routers (label switch routers) in the MPLS core, not by the egress PE when forwarding to the CE. Option B is wrong because imposing a VPN label is done by the ingress PE when encapsulating the original IP packet, not by the egress PE. Option D is wrong because pushing a new label would add another MPLS header, which is unnecessary and would confuse the CE router that expects a plain IP packet.

Option E is wrong because replacing the transport label is a function of intermediate P routers performing label swap, not the egress PE's final disposition.

894
MCQeasy

Which MEF service type is used for multipoint-to-multipoint Ethernet connectivity, such as a corporate LAN extension across multiple sites?

A.E-Line
B.E-Tree
C.E-LAN
D.E-Access
AnswerC

E-LAN supports any-to-any communication.

Why this answer

E-LAN provides multipoint-to-multipoint connectivity, emulating a LAN across multiple locations.

895
MCQeasy

A service provider has deployed a new MPLS L3VPN service for a customer with multiple sites. The customer reports intermittent voice quality issues during peak hours. The provider uses a DiffServ QoS model with MPLS EXP markings. The PE routers apply the following policy on the customer-facing interfaces: policy-map CUSTOMER-OUT class VOICE priority percent 10 set mpls experimental topmost 5 class VIDEO bandwidth remaining percent 30 set mpls experimental topmost 4 class DATA bandwidth remaining percent 70 set mpls experimental topmost 0 The core network has a simple policy that maps EXP 5 to PQ, EXP 4 to a low-latency queue, and EXP 0 to best effort. The provider monitors the network and finds that the PE-CE interfaces are not congested (average utilization is 40%), but the voice packets are experiencing jitter. The customer's voice traffic is about 5% of the link capacity. Which action is most likely to reduce the jitter?

A.Add a police command under the VOICE class to limit voice traffic to 5% and shape the priority queue.
B.Configure the core routers to map EXP 5 to a low latency queue instead of PQ.
C.Increase the priority percent to 20 for voice traffic.
D.Change the set mpls experimental topmost to set ip dscp ef for voice.
AnswerA

Policing and shaping the priority queue prevents bursts and reduces jitter.

Why this answer

The voice traffic is only 5% of link capacity, but the priority percent 10 command allows up to 10% of the link to be treated as priority. During peak hours, if other traffic (e.g., video or data) bursts and exceeds the remaining bandwidth, the priority queue can still be policed implicitly by the scheduler, but jitter arises because the priority queue is not rate-limited. Adding a police command under the VOICE class to limit voice to 5% and shaping the priority queue ensures that voice traffic does not exceed its actual rate, preventing microbursts that cause jitter in the priority queue.

Exam trap

Cisco often tests the misconception that simply increasing priority percentage or changing marking will solve jitter, when the real issue is the lack of explicit policing on the priority queue to match the actual traffic rate.

How to eliminate wrong answers

Option B is wrong because mapping EXP 5 to a low-latency queue instead of PQ would actually increase jitter for voice, as PQ provides the strictest priority and lowest jitter. Option C is wrong because increasing priority percent to 20 would allow more traffic into the priority queue, potentially worsening jitter due to increased queuing delay from bursts. Option D is wrong because changing the marking from MPLS EXP to IP DSCP EF does not address the root cause of jitter (unpoliced priority queue); the core network already maps EXP 5 to PQ, and DSCP marking would be irrelevant in the MPLS core unless the core also maps DSCP.

896
Multi-Selectmedium

A service provider is implementing BGP security measures to prevent route hijacking. Which TWO mechanisms directly validate the origin AS of BGP prefixes? (Choose two.)

Select 1 answer
A.BGP prefix lists
B.BGP route-maps with AS path matching
C.BGP community-based filtering
D.RPKI Origin Validation using ROAs
E.BGPSec (BGP Security)
AnswersD

RPKI validates the origin AS of a prefix.

Why this answer

RPKI Origin Validation uses ROAs to validate the origin AS. BGP prefix lists and route-maps filter based on prefix, not AS origin. BGPSec validates AS path, but RPKI is the primary origin validation.

BGP community filtering does not validate origin.

897
MCQhard

In SR-TE PCE, which protocol does the PCE use to communicate with the PCC (Path Computation Client) to set up LSPs?

A.RESTCONF
B.NETCONF
C.BGP-LS
D.PCEP
AnswerD

PCEP handles path computation and delegation.

Why this answer

In Segment Routing Traffic Engineering (SR-TE) with a Path Computation Element (PCE), the PCE communicates with the Path Computation Client (PCC) using the Path Computation Element Protocol (PCEP), as defined in RFC 5440 and extended for SR by RFC 8664. PCEP is specifically designed for path computation requests and responses, and for initiating and setting up LSPs via the PCE-initiated LSP stateful model (RFC 8281). The PCC sends path computation requests to the PCE, and the PCE responds with computed paths, which the PCC then uses to instantiate SR-TE LSPs.

Exam trap

Cisco often tests the distinction between protocols used for topology discovery (BGP-LS), configuration (NETCONF/RESTCONF), and path computation/setup (PCEP), so the trap here is confusing BGP-LS (which provides topology information to the PCE) with PCEP (which is the actual signaling protocol between PCE and PCC for LSP operations).

How to eliminate wrong answers

Option A is wrong because RESTCONF is a RESTful protocol used for YANG-based data model access (RFC 8040), not for PCE-PCC path computation or LSP setup; it is used for configuration management, not real-time path computation signaling. Option B is wrong because NETCONF (RFC 6241) is a network configuration protocol that uses YANG models for device configuration, but it does not handle dynamic path computation or LSP instantiation between PCE and PCC; it is a management plane protocol, not a control plane protocol for SR-TE. Option C is wrong because BGP-LS (RFC 7752) is used to advertise link-state and topology information (including SR extensions) from routers to a controller or PCE, but it is not used for direct PCE-PCC communication to set up LSPs; it provides topology data, not path computation or LSP setup signaling.

898
Multi-Selecthard

An SP network uses OSPFv3 for IPv6 routing. Which three statements about OSPFv3 are true? (Choose three.)

Select 3 answers
A.OSPFv3 requires an IPv4 address on the interface to form adjacencies
B.OSPFv3 uses link-local addresses for next-hop
C.OSPFv3 uses the same LSA types as OSPFv2 but with different formats
D.OSPFv3 uses IPsec for authentication
E.OSPFv3 supports multiple instances per link
AnswersB, C, E

Correct. OSPFv3 uses link-local addresses for next-hop and to form adjacencies.

Why this answer

OSPFv3 runs on a per-link basis, uses link-local addresses for adjacencies, and supports multiple instances per link. OSPFv3 does not require IPv4; it is for IPv6. It uses the same LSA types but with modified formats.

899
MCQhard

An operator notices that a new MPLS-TE tunnel is not being established. The tunnel configuration includes a dynamic path option and a bandwidth of 100 Mbps. The network uses RSVP-TE with CSPF. The link-state database shows sufficient reservable bandwidth on all links along the calculated path. What is the most likely cause of the tunnel establishment failure?

A.RSVP-TE is not enabled on the transit interfaces
B.The path option is misconfigured with a strict explicit path
C.MPLS LDP is not enabled on the core routers
D.The tunnel source interface is not configured with an IP address
AnswerA

RSVP-TE must be enabled on each interface along the path for signaling.

Why this answer

RSVP-TE must be explicitly enabled on every interface that will participate in MPLS-TE label-switched path (LSP) signaling. Even if the link-state database shows sufficient reservable bandwidth, without RSVP-TE enabled on transit interfaces, the PATH messages cannot be processed, and the tunnel will fail to establish. This is a common misconfiguration when deploying MPLS-TE.

Exam trap

Cisco often tests the distinction between having sufficient bandwidth in the link-state database (IGP) versus having RSVP-TE actually enabled on the interfaces, leading candidates to overlook the required interface-level RSVP configuration.

How to eliminate wrong answers

Option B is wrong because a dynamic path option does not use a strict explicit path; a strict explicit path would be configured under a different path option type, and the question states a dynamic path option is used. Option C is wrong because MPLS LDP is not required for MPLS-TE tunnels; RSVP-TE signals its own labels, and LDP is used for different label distribution purposes. Option D is wrong because if the tunnel source interface lacked an IP address, the tunnel would not even come up operationally, and the operator would likely notice that issue before attempting to establish the tunnel; the question focuses on RSVP-TE signaling failure.

900
Multi-Selecteasy

Which TWO are benefits of model-driven telemetry over SNMP polling?

Select 2 answers
A.Supports structured data models (YANG)
B.Reduces CPU usage on the device
C.Requires fewer credentials for access
D.Works with legacy devices without modification
E.Uses XML exclusively
AnswersA, B

YANG models provide structured, machine-readable data, enabling easier integration and automation.

Why this answer

Option A is correct because model-driven telemetry uses structured data models defined in YANG, which provides a standardized, hierarchical representation of device state and configuration. This contrasts with SNMP polling, which relies on flat MIB variables and often requires complex parsing of unstructured data. YANG models enable consistent data retrieval across multivendor environments and simplify automation workflows.

Exam trap

Cisco often tests the misconception that model-driven telemetry requires fewer credentials than SNMP, but in reality both methods need authentication, and telemetry may require additional subscription setup; the trap here is assuming that reduced polling overhead translates to reduced security overhead.

Page 11

Page 12 of 14

Page 13
Cisco SPCOR / CCNP Service Provider Core 350-501 350-501 Questions 826–900 | Page 12/14 | Courseiva