Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 901975

988 questions total · 14pages · All types, answers revealed

Page 12

Page 13 of 14

Page 14
901
MCQhard

A network operator uses gRPC Network Management Interface (gNMI) to collect telemetry data from routers. They notice that some updates are missing. Which gNMI mode should be used to ensure that all state changes are captured?

A.ON_CHANGE
B.TARGET_DEFINED
C.POLL
D.SAMPLE
AnswerA

Sends updates only when a value changes, capturing all changes.

Why this answer

ON_CHANGE mode in gNMI ensures that the target device sends a telemetry update immediately whenever a state change occurs, guaranteeing that no updates are missed. This is in contrast to SAMPLE mode, which only sends periodic snapshots and can miss transient changes between intervals. Therefore, to capture all state changes, ON_CHANGE is the correct subscription mode.

Exam trap

Cisco often tests the misconception that SAMPLE mode with a very short interval is sufficient to capture all changes, but the trap is that SAMPLE can still miss state changes that occur and revert between samples, whereas ON_CHANGE guarantees delivery of every transition.

How to eliminate wrong answers

Option B (TARGET_DEFINED) is wrong because it is not a standard gNMI subscription mode; gNMI defines only ON_CHANGE, SAMPLE, and POLL, and TARGET_DEFINED is a misleading distractor. Option C (POLL) is wrong because POLL mode requires the collector to explicitly request data at intervals, which can miss state changes that occur between polls. Option D (SAMPLE) is wrong because SAMPLE mode sends data at a fixed periodic interval, and any state changes that occur and revert within that interval may be lost.

902
MCQmedium

In a Layer 3 MPLS VPN, a CE router is dual-homed to two different PE routers. The PE routers advertise the same prefix to the route reflector with different route targets. What ensures that only the best path is installed in the VRF?

A.Each PE router independently selects the best path based on BGP attributes.
B.The route reflector discards duplicate prefixes.
C.MPLS labels ensure that only one path is used.
D.The CE router must advertise the same route to only one PE.
AnswerA

BGP best path selection runs in the VRF context on each PE, using standard attributes.

Why this answer

BGP path selection applies within the VRF. The route with higher local preference or shorter IGP metric to the next-hop determines the best path. Route targets are used for import/export only.

903
Multi-Selecthard

Which three statements accurately describe the benefits of Segment Routing over RSVP-TE for traffic engineering? (Choose three.)

Select 3 answers
A.It does not require a signaling protocol like RSVP.
B.It provides faster convergence than RSVP-TE FRR.
C.It uses the IGP to distribute topology and segment information, enabling distributed intelligence.
D.No per-LSP state is maintained on transit routers.
E.It eliminates the need for CSPF path computation.
AnswersA, C, D

Correct: SR uses IGP, no RSVP needed.

Why this answer

SR-TE reduces state by not requiring per-LSP state on intermediate nodes, supports distributed intelligence via IGP, and does not require a separate protocol like RSVP. However, SR-TE still requires CSPF for path computation, and RSVP-TE also supports fast reroute.

904
Multi-Selecthard

Which THREE BGP path attributes are considered during the best path selection process after local preference? (Choose three.)

Select 3 answers
A.Multi-exit discriminator (MED)
B.Next-hop IP address
C.AS path length
D.Router ID
E.Origin code
AnswersA, C, E

Lower MED is preferred.

Why this answer

After local preference, the BGP best path selection process evaluates the AS path length. A shorter AS path is preferred because it indicates a less complex path to the destination network. This attribute is directly compared next, making option C correct.

Exam trap

Cisco often tests the exact order of BGP path selection steps, and the trap here is that candidates mistakenly think MED is compared immediately after local preference, when in fact AS path length and origin code are evaluated before MED.

905
Multi-Selectmedium

Which THREE components are required for model-driven telemetry with gRPC? (Choose three.)

Select 3 answers
A.SNMP trap receiver
B.NETCONF session
C.YANG data model
D.gRPC dial-out from the network device
E.Telemetry receiver
AnswersC, D, E

Defines the data to be streamed.

Why this answer

YANG data models (C) are required because they define the structure and semantics of the telemetry data being streamed. gRPC uses YANG as its schema language to encode data in Protocol Buffers (protobuf) or JSON format, ensuring the receiver can parse and interpret the telemetry information correctly.

Exam trap

Cisco often tests the distinction between dial-in (NETCONF/RESTCONF) and dial-out (gRPC) telemetry, and candidates mistakenly think a NETCONF session or SNMP trap is part of the gRPC telemetry stack, but they are separate protocols with different transport and data models.

906
MCQmedium

In the context of network slicing for 5G, which type of slice is optimized for massive IoT with low data rates and high connection density?

A.uRLLC
B.mMTC
C.V2X
D.eMBB
AnswerB

mMTC supports massive IoT with high connection density.

Why this answer

Massive IoT corresponds to mMTC (massive Machine Type Communications) slice, designed for many devices with low data rates.

907
MCQmedium

Which MPLS TE mechanism provides link protection by pre-establishing a backup LSP that bypasses a specific link, activated when the link fails?

A.LDP FRR
B.Bypass tunnel
C.Detour tunnel
D.TE backup path
AnswerB

Bypass tunnel protects a link or node.

Why this answer

RSVP-TE Fast Reroute uses bypass tunnels to protect links, providing local repair upon failure.

908
MCQmedium

An SP wants to filter BGP prefixes received from a customer to prevent hijacking. Which two tools can be used together on the provider edge router to implement inbound prefix filtering?

A.Prefix-list and route-map
B.Distribute-list and ACL
C.RPKI and BGP community
D.AS-path access-list and community-list
AnswerA

This combination allows matching prefixes and applying actions like permit/deny.

Why this answer

Prefix-lists and route-maps are commonly used together to match and filter BGP prefixes. Prefix-lists define the prefixes, and route-maps apply them in BGP neighbor statements.

909
MCQhard

A service provider is implementing IPv6 transition in its core. Which transition mechanism is recommended for carrying IPv6 over an existing MPLS/IPv4 backbone without dual-stacking all routers?

A.ISATAP
B.NAT64
C.6to4 tunneling
D.6PE (IPv6 Provider Edge)
AnswerD

6PE uses MPLS labels; only PEs need dual-stack.

Why this answer

6PE (IPv6 Provider Edge) is the correct answer because it allows IPv6 traffic to be carried over an existing MPLS/IPv4 backbone without requiring dual-stack on all core routers. In 6PE, only the Provider Edge (PE) routers need to be dual-stack; they encapsulate IPv6 packets in MPLS labels and transport them across the IPv4 MPLS core, which remains IPv4-only. This meets the requirement of not dual-stacking all routers while leveraging the existing MPLS infrastructure.

Exam trap

Cisco often tests the distinction between mechanisms that require dual-stack on all routers (like 6to4 or ISATAP) versus those that only require dual-stack on edge routers (like 6PE), so the trap here is assuming that any tunneling mechanism works without considering the MPLS core requirement.

How to eliminate wrong answers

Option A (ISATAP) is wrong because it is a site-to-site tunneling mechanism that requires dual-stack hosts and routers, and it does not integrate with MPLS or provide scalable carrier-grade transport over an existing MPLS/IPv4 backbone. Option B (NAT64) is wrong because it is a translation mechanism for IPv6-only clients to access IPv4 servers, not a method for carrying IPv6 traffic over an MPLS backbone, and it introduces stateful translation overhead. Option C (6to4 tunneling) is wrong because it uses automatic IPv6-in-IPv4 tunneling with a public 6to4 relay, which relies on IPv4 connectivity and does not leverage MPLS label switching; it also suffers from reliability issues and is not recommended for service provider core networks.

910
MCQmedium

A service provider implements CGNAT to conserve IPv4 addresses. Which feature is required to ensure that application-level protocols such as SIP or FTP function correctly?

A.Port block allocation
B.ALG support
C.Logging
D.Session limits
AnswerB

ALGs handle protocol-specific translations like SIP, FTP.

Why this answer

Many application protocols embed IP addresses in payload. ALGs (Application Level Gateways) inspect and modify these payloads to ensure proper translation. Without ALGs, these protocols may break.

911
MCQeasy

A BNG (Broadband Network Gateway) is used for subscriber management. Which protocol is typically used between the BNG and the subscriber's modem (CPE) for authentication and IP address assignment in a PPPoE environment?

A.DHCP
B.RADIUS directly to CPE
C.L2TP
D.PPPoE with PPP authentication and IPCP
AnswerD

PPPoE uses PPP for authentication and IPCP for IP address assignment.

Why this answer

In a PPPoE environment, the BNG acts as the access concentrator. Authentication is performed using PAP or CHAP, and IP address assignment is done via IPCP (IP Control Protocol). The BNG also uses RADIUS for centralized authentication but between BNG and CPE, PPPoE uses PPP for authentication and IPCP for IP address.

912
MCQmedium

Based on the exhibit, which statement about label allocation for prefix 10.1.1.0/24 is true?

A.Router 192.168.2.2 is the penultimate hop for this prefix.
B.The local router will use PHP for this prefix.
C.The local router allocated label 161 for the prefix
D.Router 192.168.1.1 is the egress LSR for this prefix.
AnswerC

Yes, local binding tag is 161.

Why this answer

The exhibit shows that the local router (192.168.1.2) has allocated label 161 for prefix 10.1.1.0/24, as indicated in the output of the 'show mpls forwarding-table' command. This label is assigned by the local router as the ingress LSR to forward traffic toward the egress LSR (192.168.1.1). The correct statement is that the local router allocated label 161 for this prefix.

Exam trap

Cisco often tests the distinction between label allocation (which router assigns the label) and PHP (which router pops the label), causing candidates to confuse the ingress LSR's role with that of the penultimate hop.

How to eliminate wrong answers

Option A is wrong because the penultimate hop for this prefix is router 192.168.1.1 (the egress LSR), not 192.168.2.2; the penultimate hop is the router that pops the label before forwarding to the egress. Option B is wrong because PHP (Penultimate Hop Popping) is performed by the penultimate hop router, not by the local router; the local router is the ingress and does not perform PHP. Option D is wrong because router 192.168.1.1 is the egress LSR for this prefix, as it is the next hop for the label-switched path, but the statement is false because the question asks which statement is true, and this option is not correct in the context of the exhibit (the local router allocated label 161, not that 192.168.1.1 is the egress).

913
MCQeasy

An SP uses DPI to classify traffic. What is the primary purpose of DPI in a service provider network?

A.To block all traffic from a specific IP
B.To identify applications regardless of port
C.To classify traffic based on port numbers only
D.To encrypt traffic
AnswerB

DPI can identify applications even if they use non-standard ports.

Why this answer

DPI inspects packet payloads to identify application-layer protocols (e.g., HTTP, BitTorrent), enabling traffic shaping, QoS, or security policies.

914
MCQeasy

Which DSCP value is recommended for Expedited Forwarding (EF) per-hop behavior, commonly used for voice traffic?

A.DSCP 46
B.DSCP 10
C.DSCP 0
D.DSCP 34
AnswerA

EF is DSCP 46, used for voice.

Why this answer

Expedited Forwarding (EF) per-hop behavior is defined in RFC 3246 and is designed for low-loss, low-latency, and low-jitter services such as voice traffic. The recommended DSCP value for EF is 46 (binary 101110), which corresponds to the PHB that ensures a dedicated forwarding treatment with a minimal queueing delay. This value is widely adopted in Cisco QoS deployments for voice payloads to guarantee strict priority queuing.

Exam trap

Cisco often tests the distinction between DSCP values for voice payload (EF/46) versus voice signaling (CS3/24) or video (AF41/34), and the trap here is that candidates may confuse AF41 (DSCP 34) with EF because both are used for real-time traffic, but only EF provides strict priority queuing.

How to eliminate wrong answers

Option B (DSCP 10) is wrong because DSCP 10 (binary 001010) corresponds to AF11 (Assured Forwarding class 1, low drop probability), which is used for data traffic that requires a guaranteed bandwidth but not the strict low-latency treatment of voice. Option C (DSCP 0) is wrong because DSCP 0 represents Best Effort (BE) forwarding, which provides no QoS guarantees and would cause voice packets to be treated as regular data, leading to unacceptable delay and jitter. Option D (DSCP 34) is wrong because DSCP 34 (binary 100010) maps to AF41 (Assured Forwarding class 4, low drop probability), which is typically used for real-time video or streaming traffic, not for the strict priority queuing required by voice.

915
MCQmedium

In BGP confederation, how does the AS_PATH attribute handle the confederation sub-AS numbers to prevent loops?

A.Confederation sub-AS numbers are added to the regular AS_PATH
B.Confederation sub-AS numbers are carried in a separate confederation AS_PATH segment and are stripped when routes leave the confederation
C.Confederation sub-AS numbers are replaced by the confederation identifier
D.Confederation sub-AS numbers are ignored for loop detection
AnswerB

Correct. The confederation AS_PATH is used within the confederation and removed when routes are advertised outside.

Why this answer

In BGP confederation, confederation sub-AS numbers are carried in a separate confederation AS_PATH segment and are not visible to external BGP peers. The confederation AS_PATH is used for loop prevention within the confederation, while the regular AS_PATH remains unchanged when routes leave the confederation.

916
MCQhard

In a Segment Routing network with TI-LFA enabled, which mechanism prevents micro-loops during a link failure?

A.Constraint Shortest Path First computation
B.Explicit path with segment list and delay timer
C.Loop-Free Alternate precomputed backup paths
D.Prefix Independent Convergence with fast reroute
AnswerB

Correct. TI-LFA encodes a post-convergence path as an explicit segment list and introduces a delay to allow other routers to converge, preventing micro-loops.

Why this answer

In Segment Routing with TI-LFA, micro-loops are prevented by using an explicit path with a segment list and a delay timer. When a link fails, the protecting router installs a backup path with a segment list that steers traffic around the failure, and a delay timer ensures that the backup path is not activated until the network has converged, preventing transient loops.

Exam trap

Cisco often tests the distinction between TI-LFA and traditional LFA, where candidates mistakenly think LFA alone prevents micro-loops, but TI-LFA specifically adds segment lists and delay timers to address this issue.

How to eliminate wrong answers

Option A is wrong because Constraint Shortest Path First (CSPF) computation is used in MPLS-TE for path calculation under constraints, not for micro-loop prevention in TI-LFA. Option C is wrong because Loop-Free Alternate (LFA) precomputed backup paths provide fast reroute but do not inherently prevent micro-loops during convergence; TI-LFA extends LFA with segment lists and delay timers to address this. Option D is wrong because Prefix Independent Convergence (PIC) with fast reroute is a mechanism for fast convergence in MPLS networks, but it does not specifically prevent micro-loops; TI-LFA uses explicit segment lists and timers for that purpose.

917
MCQeasy

During MPLS LDP operation, a router receives a label mapping for a prefix from its neighbor. What is the correct behavior when the receiving router has a route to that prefix?

A.It installs the label as the outgoing label for the prefix.
B.It discards the label mapping unless it has a corresponding route.
C.It uses UDP to send a notification back.
D.It installs the label as the incoming label for the prefix.
AnswerD

The router updates its LIB with the received label as the outgoing label for the prefix.

Why this answer

When a router receives a label mapping from an LDP neighbor for a prefix, it installs the received label as the incoming label (incoming label map, or ILM) for that prefix. This is because LDP uses a downstream-on-demand label distribution model where the downstream router (the one sending the mapping) assigns the label, and the upstream router (the receiver) uses it as the incoming label for forwarding traffic toward the prefix. The router must have a route to the prefix in its routing table to accept and use the label mapping.

Exam trap

Cisco often tests the distinction between incoming and outgoing labels in LDP, trapping candidates who assume the received label is used as the outgoing label for forwarding packets toward the neighbor.

How to eliminate wrong answers

Option A is wrong because the received label mapping is installed as the incoming label, not the outgoing label; the outgoing label is assigned by the downstream router and sent in a label mapping message to the upstream router. Option B is wrong because LDP does not discard the label mapping if a route exists; instead, it requires a matching route to install the label, but the mapping is accepted and used when the route is present. Option C is wrong because LDP uses TCP (not UDP) for reliable transport of label mapping messages, and no notification is sent back to the neighbor upon receipt of a label mapping; acknowledgments are handled via TCP.

918
MCQeasy

Which protocol is used to discover MPLS peers for LDP session establishment?

A.TCP
B.UDP
C.ARP
D.ICMP
AnswerB

LDP hello messages are sent via UDP on port 646.

Why this answer

LDP uses UDP multicast (224.0.0.2) on port 646 to discover directly connected MPLS peers, as specified in RFC 5036. This allows LDP to dynamically find neighbors without manual configuration, using UDP for the initial discovery phase before establishing a TCP session for label exchange.

Exam trap

Cisco often tests the misconception that LDP uses TCP for discovery because TCP is used for the subsequent label exchange, but the initial peer discovery is explicitly UDP-based.

How to eliminate wrong answers

Option A is wrong because TCP is used for the reliable exchange of label bindings and session maintenance after discovery, not for the initial peer discovery. Option C is wrong because ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses on a local network, not for discovering MPLS peers. Option D is wrong because ICMP is used for error reporting and diagnostic functions (e.g., ping), not for LDP neighbor discovery.

919
MCQhard

An SP is designing a core network using Cisco CRS routers running IOS XR. They require process separation to ensure that a failure in the BGP process does not affect OSPF operations. Which IOS XR architectural feature provides this capability?

A.Non-Stop Forwarding (NSF)
B.Process separation
C.Graceful Restart
D.Secure Domain Router (SDR)
AnswerB

Correct. Each protocol runs as an independent process, ensuring fault isolation.

Why this answer

IOS XR uses a distributed OS where each protocol runs as a separate process (process separation). This prevents a crash in one protocol process from impacting others, enhancing stability.

920
MCQeasy

An engineer is configuring MPLS on a Cisco router. Which label operation is performed on the ingress LSR when a packet enters the MPLS domain?

A.Pop the top label
B.Push a new label
C.No label operation
D.Swap the top label
AnswerB

Push is performed by the ingress LSR.

Why this answer

The ingress LSR pushes a new label onto the stack, encapsulating the original IP packet with an MPLS header.

921
MCQmedium

Which access technology uses orthogonal frequency-division multiplexing (OFDM) and is commonly deployed for high-speed internet over copper telephone lines?

A.GPON
B.Cable (DOCSIS)
C.DSL
D.Metro Ethernet
AnswerC

DSL uses copper telephone lines with OFDM.

Why this answer

VDSL2 and G.fast use OFDM, but DSL generally refers to xDSL technologies. However, the most common high-speed copper access is VDSL2, but the question is broad. The correct answer is DSL as a family.

922
MCQeasy

Which multicast RP model is recommended for large-scale networks to provide redundancy and load sharing?

A.Auto-RP
B.BSR
C.Anycast-RP
D.Static RP
AnswerC

Correct. Anycast-RP uses the same IP address for multiple RPs, enabling load sharing and redundancy.

Why this answer

Anycast-RP is recommended for large-scale networks because it allows multiple RPs to share the same IP address, providing redundancy and load sharing without requiring dynamic RP discovery protocols. This model uses MSDP (Multicast Source Discovery Protocol) or PIM (Protocol Independent Multicast) to synchronize multicast state between RPs, ensuring that sources and receivers can register with the nearest RP for optimal path selection.

Exam trap

Cisco often tests the misconception that BSR or Auto-RP provide load sharing, but the trap here is that only Anycast-RP explicitly supports both redundancy and load sharing by allowing multiple RPs to actively serve different groups or sources simultaneously.

How to eliminate wrong answers

Option A is wrong because Auto-RP uses a flood-and-prune mechanism with a designated RP announcement group (224.0.1.39/40), which can cause scalability issues and lacks built-in load sharing across multiple RPs. Option B is wrong because BSR (Bootstrap Router) uses a single elected BSR to distribute RP information, creating a single point of failure and not inherently supporting load sharing across multiple RPs. Option D is wrong because Static RP requires manual configuration on every router, offers no redundancy if the single RP fails, and cannot provide load sharing without additional complex configurations like Anycast-RP.

923
MCQmedium

An MPLS Traffic Engineering LSP fails to establish. The RSVP signaling shows 'PathErr: Admission Control Failure'. The link has sufficient bandwidth but the headend reports a lack of resources. What is the most likely cause?

A.The tunnel is requesting more bandwidth than available on any path
B.The MPLS forwarding table is corrupted
C.The headend router does not have the correct destination address
D.The RSVP bandwidth is not configured on the interface or is set to 0
E.The LSP is configured with a strict explicit path that is impossible
AnswerD

Without 'ip rsvp bandwidth' command on the interface, RSVP cannot allocate resources.

Why this answer

The 'PathErr: Admission Control Failure' with 'lack of resources' despite sufficient link bandwidth indicates that RSVP has no reservable bandwidth on the interface. This occurs when the 'ip rsvp bandwidth' command is missing or set to 0, preventing RSVP from admitting any LSP even if the physical link has capacity. The headend correctly reports the failure because the interface-level RSVP resource pool is exhausted or unconfigured.

Exam trap

Cisco often tests the distinction between physical link bandwidth and RSVP reservable bandwidth, trapping candidates who assume 'sufficient bandwidth' on the link automatically means RSVP can admit the LSP.

How to eliminate wrong answers

Option A is wrong because the tunnel requesting more bandwidth than available would cause a different PathErr (e.g., 'Admission Control Failure' due to insufficient bandwidth on a specific link), but the question states the link has sufficient bandwidth and the headend reports lack of resources, pointing to a local RSVP configuration issue. Option B is wrong because a corrupted MPLS forwarding table would cause forwarding failures or label errors, not RSVP signaling failures like PathErr. Option C is wrong because an incorrect destination address would result in a 'PathErr: Bad Initial Subobject' or routing failure, not an admission control failure.

Option E is wrong because a strict explicit path that is impossible would generate a 'PathErr: Routing Problem' or 'PathErr: Bad Strict Node' during path computation, not an admission control failure at the headend.

924
MCQhard

A service provider offers IPTV services using multicast. The network uses Multicast VPN (MVPN) with Rosen GRE encapsulation (Profile 1) in an MPLS L3VPN environment. The Provider Edge (PE) routers participate in both the default MDT and data MDT for high-bandwidth streams. Recently, a new channel was added, and it uses a data MDT. The content server is attached to a PE that is acting as a multicast source. Other PEs are receivers. Upon adding the channel, some receivers report missing packets. The network engineer checks the PEs and notices that the data MDT group address is being advertised via BGP as an MDT SAFI route, but some PEs are not joining the data MDT. The source PE's multicast routing table shows that it believes data MDT is active. Which architecture issue is most likely preventing some PEs from joining the data MDT?

A.The source PE is not sending IGMP joins for the data MDT group.
B.The default MDT group is flapping.
C.The PIM sparse mode RP is not reachable.
D.The data MDT group is not within the configured data MDT group range on the receiving PEs.
AnswerD

Correct. If the group is outside the configured range, the PE will not participate in that data MDT.

Why this answer

The data MDT group must be within the configured data-MDT group range on each PE; if not, the PE will ignore the BGP MDT SAFI route and not join the data MDT. Source PE IGMP joins are not relevant; default MDT issues are separate; PIM RP reachability might affect default MDT but not data MDT join if using SSM.

925
MCQmedium

A service provider wants to offer a service where a customer site can communicate with multiple other sites in a full mesh over MPLS. Which L2VPN technology is most appropriate?

A.L3VPN
B.VPWS
C.VPLS
D.E-Tree
AnswerC

VPLS provides multipoint connectivity.

Why this answer

VPLS (Virtual Private LAN Service) provides multipoint-to-multipoint Ethernet connectivity over MPLS, emulating a LAN.

926
Multi-Selecteasy

Which THREE are valid reasons for using the 'ipv6 unicast-routing' command on a Cisco router?

Select 3 answers
A.It enables IPv6 on all interfaces.
B.It enables global IPv6 routing.
C.It enables IPv6 CEF.
D.It enables IPv6 multicast routing.
E.It allows configuration of IPv6 routing protocols like OSPFv3.
AnswersB, C, E

Correct. This is the primary purpose.

Why this answer

The 'ipv6 unicast-routing' command globally enables IPv6 unicast routing on the router, which is necessary for the router to forward IPv6 packets between interfaces. Without this command, the router will not process or forward IPv6 unicast traffic, even if IPv6 addresses are configured on interfaces.

Exam trap

Cisco often tests the distinction between interface-level IPv6 configuration and global IPv6 routing enablement, leading candidates to mistakenly think 'ipv6 unicast-routing' activates IPv6 on all interfaces.

927
MCQeasy

Which BGP attribute is NOT considered in the BGP best path selection process when all other attributes are equal and the routes are from different ASs?

A.LOCAL_PREF
B.AS_PATH length
C.MED
D.Weight
AnswerC

MED is compared only if the routes are from the same AS; if from different ASs, MED is not compared by default.

Why this answer

Weight is Cisco-specific and considered first, but it is not a standard BGP attribute; it is considered before LOCAL_PREF.

928
MCQhard

An ISP wants to create separate virtual networks over a shared physical infrastructure to serve mobile broadband (eMBB), IoT (mMTC), and mission-critical services (uRLLC). Which technology enables this segmentation with per-slice resource guarantees?

A.MPLS Traffic Engineering
B.L3VPN with VRF
C.VPLS
D.Network Slicing using IETF and 3GPP frameworks
AnswerD

Network slicing provisions isolated virtual networks with dedicated resources.

Why this answer

Network slicing divides the physical network into multiple virtual networks, each with dedicated resources for different service types. L3VPN, MPLS-TE, and VPLS do not provide per-slice resource guarantees natively.

929
MCQmedium

Refer to the exhibit. The router has an outgoing label of 'Pop' for prefix ***********. What does this imply?

A.The router has not learned a label for that prefix
B.The router will not forward traffic for that prefix
C.The router is the penultimate hop and will remove the label before forwarding
D.The router will push a new label for that prefix
AnswerC

Penultimate hop popping (PHP) removes the outermost label.

Why this answer

When a router has an outgoing label of 'Pop' for a prefix in MPLS, it indicates that the router is the penultimate hop (PHP) in the LSP. PHP means the router will remove (pop) the top label before forwarding the packet to the next hop, reducing the burden on the egress LSR. This is standard MPLS behavior as per RFC 3031, where the egress router signals an implicit null label (label 3) to its upstream neighbor.

Exam trap

Cisco often tests the distinction between 'Pop' (PHP) and 'Untagged' (no label assigned), so candidates mistakenly think 'Pop' means the router is dropping the label or not forwarding traffic, when in fact it is a deliberate MPLS optimization.

How to eliminate wrong answers

Option A is wrong because 'Pop' is an explicit label operation, not an indication of a missing label; if no label were learned, the entry would show 'no label' or 'untagged'. Option B is wrong because the router will still forward traffic for that prefix, but it will pop the label before doing so; the prefix is reachable and traffic is not dropped. Option D is wrong because 'Pop' means the router removes the label, not pushes a new one; pushing a new label would be indicated by an 'impose' or 'push' operation.

930
MCQeasy

A service provider wants to prioritize voice traffic over data traffic on a PE-CE link. Which QoS mechanism should be applied at the PE ingress to classify packets?

A.Policer
B.Class-based marking based on NBAR
C.WRED
D.Shaper
AnswerB

NBAR performs deep packet inspection to classify traffic by application.

Why this answer

Class-based marking using NBAR (Network-Based Application Recognition) is the correct mechanism because it can inspect packets at the application layer to distinguish voice traffic (e.g., RTP, SIP) from data traffic. On a PE-CE link, marking at ingress allows the service provider to set the appropriate DSCP or IP precedence value, which downstream QoS policies can then trust and act upon. This classification step is essential before any policing, shaping, or queuing can be applied.

Exam trap

Cisco often tests the misconception that policing or shaping can classify traffic, when in reality they are actions applied after classification, not mechanisms for identifying packet types.

How to eliminate wrong answers

Option A is wrong because a policer measures and limits traffic rate but does not classify or mark packets; it only drops or re-marks based on a pre-existing classification. Option C is wrong because WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that drops packets based on queue depth and precedence, not a classification tool. Option D is wrong because a shaper delays excess traffic to smooth bursts but does not inspect or classify packets; it operates on traffic that has already been classified.

931
MCQeasy

Which routing protocol is used between CE and PE routers in a typical MPLS L3VPN deployment?

A.RIP
B.BGP
C.EIGRP
D.IS-IS
AnswerB

eBGP is commonly used for CE-PE routing in L3VPN to carry customer routes and support multi-homing.

Why this answer

In a typical MPLS L3VPN deployment, the CE-to-PE routing protocol is BGP because it is the only protocol that can carry VPNv4 routes with the necessary route distinguisher (RD) and route target (RT) attributes. While other protocols can run between CE and PE, BGP is the standard choice for exchanging customer routes in a scalable, multi-VPN environment, as defined in RFC 4364.

Exam trap

Cisco often tests the misconception that any IGP (like OSPF or IS-IS) can be used between CE and PE, but the trap here is that only BGP can carry the VPNv4 address family with RD/RT attributes required for MPLS L3VPN, while IGPs are used only within the service provider core or for specific CE-PE scenarios that still require redistribution into MP-BGP.

How to eliminate wrong answers

Option A is wrong because RIP is a distance-vector protocol that lacks the scalability, route filtering, and VPN-specific attributes (RD/RT) required for MPLS L3VPN, and it is rarely used in modern service provider networks. Option C is wrong because EIGRP is a Cisco proprietary protocol that does not natively support the VPNv4 address family or the BGP-based control plane needed for MPLS L3VPN, and it would require complex redistribution and route-target handling. Option D is wrong because IS-IS is an IGP used within the MPLS core for label distribution (e.g., with LDP), not between CE and PE; it cannot carry VPNv4 routes or enforce per-VRF route separation.

932
MCQeasy

A small service provider is deploying MPLS in its core network for the first time. They have a simple topology: three P routers in the core and two PE routers connecting customers. They have configured LDP on all interfaces and OSPF as the IGP. They also configured a basic L3VPN for a customer with a single CE attached to each PE. The customer reports that they can ping between CEs for a few minutes, but then the connectivity drops. After a few seconds, it returns. This pattern repeats every few minutes. The engineer checks the LDP neighbors and sees that all LDP sessions are up. The OSPF adjacencies are stable. The engineer also notices that the pings time out exactly when the LDP graceful restart timer is expiring on one of the P routers. What is the most likely cause?

A.The BGP session between the PEs is flapping due to a hold timer mismatch or connectivity issue.
B.The LDP graceful restart timer is causing periodic re-establishment of LDP sessions.
C.The OSPF network type on the core links is set to point-to-point, causing SPF recalculation every 5 minutes.
D.One of the core interfaces is flapping due to a hardware issue, triggering IGP and LDP convergence.
AnswerA

If the BGP session between PEs goes down, VPN routes are withdrawn, causing connectivity loss. When the session comes back, routes are re-advertised, restoring connectivity. The pattern matches.

Why this answer

Option D is correct because if the BGP session between PEs is going down (e.g., due to a hold timer issue or misconfiguration), the VPN routes would be withdrawn and re-advertised, causing intermittent connectivity. Option A is wrong because LDP graceful restart timer is for LDP session recovery, but LDP sessions are up. Option B is wrong because OSPF network type does not cause periodic drops.

Option C is wrong because interface flaps would cause more permanent outages.

933
MCQhard

A service provider is deploying multicast service for IPTV using PIM-SM with a single RP. During high traffic periods, the RP becomes overloaded. What is the most scalable solution to distribute the load across multiple RPs?

A.Use Anycast-RP
B.Use Bidirectional PIM
C.Increase the RP's memory and CPU
D.Use PIM-DM
AnswerA

Anycast-RP allows multiple RPs under a single RP address, distributing the load.

Why this answer

Anycast-RP allows multiple RPs to share the same IP address, enabling load distribution and redundancy. In PIM-SM, sources register with the nearest RP via unicast routing, and receivers join toward the same Anycast-RP address, which is routed to the closest physical RP. This distributes the registration and join processing load across multiple RPs without requiring protocol changes.

Exam trap

Cisco often tests the misconception that Bidirectional PIM or simply upgrading hardware can solve RP overload, but the key is that Anycast-RP is the only option that distributes the RP load across multiple devices while maintaining a single RP address for the multicast domain.

How to eliminate wrong answers

Option B is wrong because Bidirectional PIM is designed for many-to-many multicast applications and uses a shared tree rooted at the RP, but it does not inherently distribute load across multiple RPs; it still relies on a single RP per group. Option C is wrong because increasing the RP's memory and CPU is a vertical scaling approach that does not address the fundamental architecture limitation of a single RP becoming a bottleneck; it is not a scalable solution for load distribution. Option D is wrong because PIM-DM uses a flood-and-prune mechanism that is inefficient for sparse-mode IPTV deployments and does not use an RP at all, so it cannot distribute RP load.

934
MCQmedium

You are a network engineer at a service provider. Your network uses MPLS L3VPN with OSPF as the IGP and LDP for label distribution. A customer has two sites connected to different PEs (PE1 and PE2) in the same VPN. The customer's CE routers are running eBGP with the PEs. Recently, the customer reports that traffic between the two sites is intermittently dropping. Upon investigation, you find that the BGP session between PE1 and the CE at site A goes down briefly every few minutes. The logs on PE1 show BGP notifications with error code 'Hold Timer Expired'. The CE router at site A is a low-end device with limited CPU. What is the most likely cause and the best course of action?

A.Configure BGP route dampening on PE1 to suppress flapping routes.
B.Disable LDP on the link between PE1 and CE1.
C.Change the IGP from OSPF to IS-IS to reduce routing updates.
D.Increase the BGP hold time on PE1 to 180 seconds.
AnswerD

Increasing the hold time gives the CE more time to send keepalives, reducing session drops.

Why this answer

The BGP session drops due to 'Hold Timer Expired' because the low-end CE router's CPU is overloaded, causing it to fail sending BGP keepalives within the default 90-second hold time. Increasing the hold time on PE1 to 180 seconds (option D) gives the CE more time to send keepalives, reducing false timeouts. This directly addresses the root cause—insufficient CPU to maintain timely keepalives—without changing routing protocols or suppressing routes.

Exam trap

Cisco often tests the misconception that route dampening or IGP changes fix BGP session stability issues, when the real problem is a mismatch in BGP timers due to peer resource constraints.

How to eliminate wrong answers

Option A is wrong because BGP route dampening suppresses flapping routes but does not prevent the BGP session from going down due to hold timer expiry; it would only penalize routes after the session flaps, not fix the underlying keepalive issue. Option B is wrong because LDP is used for label distribution in the MPLS core and is not involved in the CE-PE eBGP session; disabling it would break MPLS L3VPN functionality. Option C is wrong because changing the IGP from OSPF to IS-IS does not affect BGP keepalive timing or CE router CPU load; it would only alter interior routing updates, which are unrelated to the hold timer expiry between PE and CE.

935
Multi-Selectmedium

Which TWO statements about QoS policy propagation via BGP (QPPB) are correct?

Select 2 answers
A.QPPB can be applied on inbound direction only.
B.QPPB is an IETF standard.
C.It uses BGP communities to mark QoS on traffic received from customer.
D.It uses MPLS EXP bits to propagate QoS.
E.It dynamically adjusts BGP attributes based on QoS policy.
AnswersA, C

It applies to traffic coming from customers.

Why this answer

Option A is correct because QPPB can be applied on inbound direction only. QPPB uses BGP policy to classify traffic based on IP precedence or QoS group, and the classification is performed on incoming traffic before any routing decision. The outbound direction is not supported for QPPB classification.

Exam trap

Cisco often tests the misconception that QPPB is an IETF standard or that it can be applied bidirectionally, when in fact it is a Cisco proprietary feature limited to inbound direction only.

936
MCQmedium

An ISP is implementing BGP communities to influence routing behavior for their customers. They want to ensure that a customer's routes are not advertised to a specific transit provider. Which BGP community should be used?

A.LOCAL_AS
B.NO_EXPORT
C.NO_PEER
D.NO_ADVERTISE
AnswerB

This community ensures the route stays within the local AS and is not sent to any external AS.

Why this answer

The NO_EXPORT community (RFC 1997) tells a router to advertise the route to iBGP peers within the same AS but not to any eBGP peers. In this scenario, the ISP wants to prevent a customer's routes from being advertised to a specific transit provider, which is an eBGP neighbor. Applying the NO_EXPORT community to those routes ensures they stay within the ISP's AS and are not sent to any external transit provider.

Exam trap

Cisco often tests the distinction between NO_EXPORT and NO_ADVERTISE, where candidates mistakenly choose NO_ADVERTISE because they think it only blocks eBGP advertisements, but in reality NO_ADVERTISE blocks all advertisements (including iBGP), making NO_EXPORT the correct choice when the goal is to block only external (eBGP) propagation.

How to eliminate wrong answers

Option A (LOCAL_AS) is wrong because it is not a standard BGP community; it is a BGP feature (often used with 'allowas-in' or 'local-as' on a neighbor statement) that prepends the local AS number in the AS_PATH, but it does not control route advertisement to a specific transit provider. Option C (NO_PEER) is wrong because it is not a standard BGP well-known community; the correct community to prevent advertisement to any eBGP peer is NO_EXPORT, and NO_PEER is a common distractor that does not exist in RFC 1997. Option D (NO_ADVERTISE) is wrong because it prevents the route from being advertised to any BGP peer (iBGP or eBGP), which is too restrictive; the requirement is only to block advertisement to a specific transit provider (an eBGP peer), not to all peers.

937
MCQeasy

A network administrator needs to automate the deployment of a new QoS policy on dozens of provider edge routers. Which Cisco tool is best suited for this purpose?

A.Cisco Network Services Orchestrator (NSO)
B.Cisco SecureX
C.Cisco Prime Infrastructure
D.Cisco ISE
AnswerA

NSO is a multi-vendor orchestration platform that can automate the deployment of QoS policies via NETCONF or CLI.

Why this answer

Cisco Network Services Orchestrator (NSO) is the correct tool because it provides model-driven orchestration and automation for deploying and managing network configurations across hundreds of devices using YANG data models and NETCONF. For QoS policy deployment, NSO can push consistent service definitions (e.g., class-maps, policy-maps, service-policy) to multiple provider edge routers simultaneously, ensuring compliance and reducing manual errors.

Exam trap

Cisco often tests the distinction between lifecycle management tools (Prime Infrastructure) and true orchestration platforms (NSO), where candidates mistakenly choose Prime Infrastructure for bulk configuration deployment because of its template features, but NSO is the only option that provides model-driven, transactional, and multi-vendor orchestration required for automated QoS policy deployment at scale.

How to eliminate wrong answers

Option B is wrong because Cisco SecureX is a cloud-native security platform focused on threat detection, response, and integration of security products, not on network configuration automation or QoS policy deployment. Option C is wrong because Cisco Prime Infrastructure is a lifecycle management tool for wired and wireless networks that provides monitoring, troubleshooting, and template-based configuration, but it lacks the model-driven orchestration and multi-vendor support of NSO for large-scale automated service deployment. Option D is wrong because Cisco ISE (Identity Services Engine) is a policy-based access control and authentication server for network admission control (NAC) and security, not designed for automating QoS policy deployment on provider edge routers.

938
MCQmedium

Which RSVP reservation style is most commonly used in MPLS-TE to allow sharing of resources among multiple LSPs of the same session?

A.Wildcard Filter (WF)
B.Distinct Filter (DF)
C.Fixed Filter (FF)
D.Shared Explicit (SE)
AnswerD

Correct. SE is used in MPLS-TE.

Why this answer

Shared Explicit (SE) style allows multiple senders to share a reservation, which is typical for MPLS-TE where the headend may have multiple LSPs to the same destination.

939
MCQeasy

Which access technology uses wavelength division multiplexing to provide symmetric gigabit speeds in fiber-optic networks?

A.Cable
B.GPON
C.DSL
D.XGS-PON
AnswerD

XGS-PON uses WDM to deliver symmetric 10 Gbps.

Why this answer

XGS-PON uses wavelength division multiplexing to support symmetric 10 Gbps speeds, while GPON is asymmetric and DSL/cable are copper-based.

940
MCQmedium

A service provider is deploying a QoS policy for a customer with voice, mission-critical data, and best-effort traffic. The voice requires strict priority and low latency. Which queuing mechanism should be used to ensure voice packets are always served before other queues, and what additional measure is necessary to prevent voice traffic from starving other traffic?

A.FIFO queuing with a priority list; no policing needed because FIFO handles voice adequately.
B.CBWFQ with bandwidth percent for voice; no additional measure needed because CBWFQ inherently prevents starvation.
C.WRED for voice; tail drop for data; this ensures low latency for voice.
D.LLQ for voice; policing on the priority queue to limit voice traffic to a configured rate.
AnswerD

LLQ places voice in a strict priority queue; policing prevents voice from exceeding its allocated bandwidth and starving other queues.

Why this answer

LLQ provides a strict priority queue for delay-sensitive traffic like voice. However, to prevent starvation of other traffic, policing must be applied to the priority queue to limit the amount of voice traffic allowed into it.

941
MCQmedium

What is the purpose of Constrained Shortest Path First (CSPF) in MPLS-TE?

A.To distribute labels for LDP
B.To calculate the best path for L3VPN
C.To find a path that satisfies traffic engineering constraints and is as short as possible
D.To compute the shortest path without any constraints
AnswerC

Correct: CSPF applies constraints to SPF.

Why this answer

CSPF computes paths that meet TE constraints such as bandwidth, affinity, and explicit hops while optimizing the path cost.

942
MCQmedium

A service provider is migrating from LDP to Segment Routing. What is the correct order of operations to ensure uninterrupted MPLS forwarding?

A.Enable SR on each router one by one while LDP remains active, then remove LDP after SR is stable.
B.Enable SR on all routers simultaneously.
C.Configure IS-IS SR extensions on all routers, then disable LDP.
D.Disable LDP first to free labels, then enable SR.
AnswerA

Correct. This gradual migration ensures continuous forwarding via LDP while SR is established.

Why this answer

Option A is correct because it follows the recommended migration strategy of running LDP and Segment Routing (SR) in parallel. By enabling SR on each router one by one while LDP remains active, MPLS forwarding continues uninterrupted via LDP until SR is fully deployed and stable. Once SR is verified on all routers, LDP can be safely removed without causing any forwarding black holes.

Exam trap

Cisco often tests the misconception that you must disable the old protocol before enabling the new one, but the correct approach is to run both protocols in parallel to maintain forwarding continuity during migration.

How to eliminate wrong answers

Option B is wrong because enabling SR on all routers simultaneously is operationally risky; any misconfiguration or instability in SR could cause widespread forwarding disruption without a fallback. Option C is wrong because configuring IS-IS SR extensions alone does not automatically enable SR MPLS forwarding; you must also enable SR globally and on interfaces, and disabling LDP before SR is stable would break MPLS forwarding. Option D is wrong because disabling LDP first removes the existing label bindings, causing immediate MPLS forwarding failures before SR can provide replacement labels.

943
Multi-Selecthard

Which three of the following are valid methods for protecting a pseudowire in an MPLS network?

Select 3 answers
A.Multi-segment PW with backup
B.Ethernet OAM CFM
C.RSVP FRR for link protection
D.PW redundancy with active/standby
E.LSP ping for fault detection
AnswersA, C, D

Correct. Multi-segment pseudowires can be configured with a backup path for redundancy.

Why this answer

Multi-segment PW (MS-PW) with backup is a valid protection method because it allows a pseudowire to be established across multiple MPLS segments, with a backup PW path that can take over if the primary MS-PW fails. This provides end-to-end pseudowire redundancy by using a secondary switched path, ensuring service continuity in multi-domain or multi-area MPLS networks.

Exam trap

Cisco often tests the distinction between fault detection tools (like LSP ping or Ethernet OAM) and actual protection mechanisms (like FRR or PW redundancy), leading candidates to mistakenly select detection methods as valid protection answers.

944
Multi-Selecthard

An SP is deploying SR-PCE for centralized traffic engineering. Which THREE functions does the PCE perform? (Select three.)

Select 3 answers
A.Computes path for traffic-engineered LSPs based on constraints.
B.Distributes link-state information using BGP-LS.
C.Instantiates SR-TE policies on routers.
D.Signals path to PCC using PCEP.
E.Configures MPLS forwarding on routers.
AnswersA, C, D

Primary function of PCE.

Why this answer

PCE computes paths based on constraints, communicates via PCEP with routers (PCCs), and can instantiate SR-TE policies.

945
MCQmedium

A network engineer is troubleshooting a BGP convergence issue in a large service provider network. After a link failure in the core, BGP sessions between route reflectors take a long time to reconverge. The RRs are receiving updates from many clients. Which technology can be implemented to improve convergence time? The network currently uses standard BGP with default timers.

A.BGP Add-Path
B.BGP TCP MD5 authentication
C.BGP route-refresh
D.BGP next-hop-self
AnswerA

Add-Path allows multiple paths per prefix, enabling fast failover.

Why this answer

BGP Add-Path allows a route reflector to advertise multiple paths for the same prefix to its clients, which reduces the need for clients to re-advertise updates after a failure. This speeds up convergence by enabling the route reflector to immediately select and propagate an alternate path without waiting for BGP reconvergence from other clients. In large service provider networks with many clients, this minimizes the delay caused by the route reflector having only a single best path per prefix.

Exam trap

Cisco often tests the misconception that BGP route-refresh or next-hop-self speeds up convergence, but the key is that Add-Path directly reduces reconvergence time by providing pre-computed alternate paths, while the other options address security, soft reconfiguration, or next-hop manipulation without affecting convergence speed.

How to eliminate wrong answers

Option B (BGP TCP MD5 authentication) is wrong because it secures BGP sessions against spoofing but does not affect convergence time or path selection. Option C (BGP route-refresh) is wrong because it triggers a soft reconfiguration to request updates from a peer, which is a manual or triggered operation that does not proactively improve convergence after a failure. Option D (BGP next-hop-self) is wrong because it modifies the next-hop attribute on routes advertised to eBGP peers, typically used in iBGP to ensure reachability, but it does not reduce the number of updates or speed up convergence in a route reflector topology.

946
MCQmedium

A large enterprise uses MPLS L3VPN to connect multiple sites. They want to implement inter-AS option B (ASBR-to-ASBR MP-eBGP) for scalability. Which statement about this model is correct?

A.Each ASB router maintains VRFs for all attached customers
B.Inter-AS option B requires a full mesh of MP-iBGP between all PEs
C.MP-eBGP sessions are established per VRF between ASBRs
D.ASBRs exchange IPv4 labeled unicast routes using MP-eBGP
AnswerD

MP-eBGP with label is used for inter-AS option B.

Why this answer

In Inter-AS Option B, ASBRs exchange IPv4 labeled unicast routes using MP-eBGP (Multiprotocol BGP) with the IPv4 labeled unicast address family. This allows the ASBRs to pass VPNv4 routes between autonomous systems without requiring per-VRF sessions or VRFs on the ASBRs, enabling scalable inter-AS connectivity.

Exam trap

Cisco often tests the misconception that ASBRs need VRFs or per-VRF sessions in Option B, when in fact they operate at the VPNv4 address family level without any customer-specific configuration.

How to eliminate wrong answers

Option A is wrong because ASBRs in Option B do not maintain VRFs for attached customers; VRFs are only configured on PE routers, while ASBRs simply forward labeled VPNv4 routes using MP-eBGP. Option B is wrong because Inter-AS Option B does not require a full mesh of MP-iBGP between all PEs; it relies on MP-eBGP between ASBRs and MP-iBGP within each AS between PEs and route reflectors. Option C is wrong because MP-eBGP sessions between ASBRs are not established per VRF; they are established per address family (IPv4 labeled unicast or VPNv4) and carry all VPN routes in a single session.

947
MCQhard

During a DDoS attack, a service provider uses Cisco Peakflow to detect anomalous traffic and then triggers S/RTBH. What must be configured on the router to black hole attack traffic using a /32 null route?

A.QoS policy to rate-limit attack traffic
B.An inbound ACL blocking the attack source IPs
C.A static route to Null0 for the victim IP and a BGP community to trigger blackholing
D.PBR to redirect traffic to a scrubbing center
AnswerC

This is the standard S/RTBH mechanism.

Why this answer

S/RTBH relies on BGP to propagate a /32 route with a specific community (commonly no-export) pointing to a null interface (e.g., Null0). The trigger router sets the next-hop to a static route pointing to Null0 and advertises it via BGP.

948
MCQmedium

Refer to the exhibit. A network engineer notices that the local label 19 for prefix 10.4.4.0/24 shows 'Untagged' in the outgoing label column. What is the most likely cause?

A.The next-hop router 192.168.3.3 is unreachable.
B.Penultimate Hop Popping is enabled on the next-hop router.
C.The MTU on interface Gi0/0/2 is too small.
D.LDP is not enabled on the interface toward 192.168.3.3.
AnswerD

If LDP is not enabled, no label is received from the next-hop, resulting in 'Untagged'.

Why this answer

When LDP is not enabled on the interface toward the next-hop router (192.168.3.3), the local router cannot exchange label bindings with that neighbor. As a result, the local label for prefix 10.4.4.0/24 remains in the LIB but is not programmed into the LFIB with an outgoing label, showing 'Untagged' because the router must pop the label (or forward as IP) when sending traffic to that next hop.

Exam trap

Cisco often tests the distinction between 'Untagged' (no label from LDP neighbor) and 'Pop tag' (implicit-null from PHP), leading candidates to mistakenly attribute 'Untagged' to PHP when it actually indicates a missing LDP adjacency.

How to eliminate wrong answers

Option A is wrong because if the next-hop router 192.168.3.3 were unreachable, the route itself would not be in the routing table, and the label entry would not appear at all or would show 'no route' rather than 'Untagged'. Option B is wrong because Penultimate Hop Popping (PHP) causes the next-hop router to advertise an implicit-null label (label 3), which results in 'Pop tag' or 'Untagged' in the outgoing label column only when PHP is explicitly negotiated; however, PHP is a normal LDP behavior and would not indicate a problem—the question implies a fault, not normal operation. Option C is wrong because a small MTU on interface Gi0/0/2 would cause fragmentation or packet drops, but it would not affect the label binding or cause the outgoing label to show 'Untagged' in the LFIB.

949
MCQmedium

An engineer is troubleshooting an MPLS L3VPN where customers behind CE1 cannot reach a specific prefix behind CE2. The PE routers are using OSPF as the IGP and LDP for label distribution. On PE2, the prefix is present in the VRF routing table, but not in the VRF forwarding table. What is the most likely cause?

A.MTU mismatch is causing the VPN label to be dropped.
B.OSPF is not redistributing the BGP routes into the IGP on PE2.
C.The VRF is not properly configured on PE2's interface toward CE2.
D.The route is missing a label in the LFIB on PE2.
AnswerD

If the label is missing, the route cannot be installed in the VRF forwarding table.

Why this answer

The prefix is present in the VRF routing table (RIB) but missing from the VRF forwarding table (FIB) on PE2. This indicates that the route has been learned via BGP and installed in the RIB, but the MPLS VPN label (the inner label) required to forward the packet across the MPLS core is absent. Without a valid label in the LFIB, the CEF (FIB) cannot install the route, causing the reachability failure.

Option D correctly identifies this missing label in the LFIB as the root cause.

Exam trap

Cisco often tests the distinction between the routing table (RIB) and the forwarding table (FIB) in MPLS VPNs, trapping candidates who assume that a route present in the RIB automatically means it is usable for forwarding, when in fact the FIB requires a valid label binding to install the route.

How to eliminate wrong answers

Option A is wrong because an MTU mismatch would cause packet fragmentation or drop at the IP layer, not prevent a route from being installed in the VRF forwarding table; the route would still appear in both the RIB and FIB. Option B is wrong because OSPF redistribution of BGP routes into the IGP is not required for MPLS L3VPN operation; the PE routers exchange VPNv4 routes via MP-BGP, and the IGP (OSPF) is only used for core reachability and LDP label distribution, not for carrying customer prefixes. Option C is wrong because if the VRF were not properly configured on PE2's interface toward CE2, the CE-facing interface would not be associated with the VRF, and the prefix would likely not appear in the VRF routing table at all; the issue is specifically that the route is in the RIB but not the FIB, pointing to a label problem, not a VRF interface misconfiguration.

950
MCQmedium

An engineer is troubleshooting a BGP route propagation issue. The customer is receiving a default route from upstream provider, but the route is not being installed in the routing table. The BGP table shows the route is valid but not best. What is the most likely cause?

A.The next-hop is unreachable
B.The route is filtered by an inbound route-map
C.The BGP session is not established
D.A static default route with lower administrative distance exists
AnswerD

Static route AD 1 < BGP AD 20, so BGP route is not best.

Why this answer

Option D is correct because a static default route with a lower administrative distance (e.g., 1) will be preferred over a BGP default route (AD 20 for eBGP). Even though the BGP route is valid in the BGP table, it is not installed in the routing table because the static route is more trustworthy. This is a common scenario where the routing table already has a better path, preventing the BGP route from becoming 'best' and being installed.

Exam trap

Cisco often tests the distinction between a route being 'valid' in the BGP table versus being 'best' and installed in the routing table, trapping candidates who assume a valid BGP route is automatically used for forwarding.

How to eliminate wrong answers

Option A is wrong because if the next-hop were unreachable, the BGP route would be marked as invalid in the BGP table, not 'valid but not best'. Option B is wrong because an inbound route-map filtering the route would prevent it from appearing in the BGP table at all, whereas the question states the route is present and valid. Option C is wrong because if the BGP session were not established, no routes would be received from the upstream provider, contradicting the fact that the route is in the BGP table.

951
MCQhard

An SP is designing a metro Ethernet network using Q-in-Q. A customer uses VLAN ID 100 on their network, and the SP assigns service VLAN 200. Which frame format is used on the SP network?

A.Single tag: VLAN 100
B.Double tag: outer 100, inner 200
C.Double tag: outer 200, inner 100
D.Single tag: VLAN 200
AnswerC

Outer tag is service VLAN, inner is customer VLAN.

Why this answer

Q-in-Q adds an outer (service) VLAN tag (200) while preserving the inner (customer) VLAN tag (100).

952
MCQhard

In OSPF TE extensions for RSVP-TE, which LSA type is used to carry TE information (such as link attributes) in OSPF?

A.Type 11 Opaque LSA
B.Type 5 AS-external LSA
C.Type 10 Opaque LSA
D.Type 9 Opaque LSA
AnswerC

Type 10 Opaque LSA is area-scoped and carries TE information.

Why this answer

Opaque LSA Type 10 (Area-local) is used for TE information in OSPF. Type 9 is link-local, Type 11 is AS-scoped.

953
MCQmedium

A service provider is troubleshooting an MPLS L3VPN scenario where a customer in VRF Blue cannot reach a server in VRF Blue at a remote site. The PEs are running MPLS with LDP. The VRF on both PEs shows the remote prefix. The PE at the local site shows the label from the remote PE for the prefix in the BGP table. However, when pinging from the CE, the packets are dropped. A packet capture on the core shows MPLS packets with the correct VPN label, but the transport label is missing. Further investigation shows that the LDP session between the two PEs is up, but the LDP label binding for the remote PE's loopback is not present. What is the most likely cause and correct action?

A.Increase the TTL on the MPLS packets
B.Change the transport address in LDP to the loopback IP
C.Configure the remote PE's loopback to be advertised via BGP
D.Check MPLS LDP interface configuration and enable LDP on all core interfaces
AnswerD

LDP must be enabled on each core interface to exchange label bindings for loopbacks.

Why this answer

The LDP session is up, but the label binding for the remote loopback is missing. This could be because LDP is not enabled on the underlying interfaces between the PEs, or because the label space is configured incorrectly. Typically, if LDP is enabled on all core interfaces, label bindings for loopbacks are automatically exchanged.

The missing binding suggests that either LDP is not configured on some interfaces, or an access-list is blocking LDP. The most direct action is to verify that LDP is enabled on all core interfaces using the command 'show mpls ldp interface'.

954
Multi-Selectmedium

A network engineer is implementing QoS on a Cisco ASR 1000 for a customer with multiple service classes. The customer requires that mission-critical data not be starved when voice traffic bursts. Which two actions should the engineer take? (Choose two.)

Select 2 answers
A.Configure a policer on the voice class to limit its bandwidth
B.Enable WRED on the voice class
C.Use tail drop with a high threshold for the data class
D.Allocate a minimum bandwidth guarantee to the data class
E.Configure a shape on the voice class to 75% of interface bandwidth
AnswersA, D

Policing the voice class prevents it from exceeding a set rate, protecting other classes from starvation.

Why this answer

Option A is correct because policing the voice class limits its bandwidth to a configured rate (e.g., using the `police` command under the class-map), preventing voice bursts from starving mission-critical data. This ensures that voice traffic does not exceed its allocated share, leaving enough bandwidth for other classes. Option D is correct because allocating a minimum bandwidth guarantee to the data class (e.g., using the `bandwidth` command under the class-map) ensures that even when voice bursts occur, the data class receives a reserved amount of bandwidth, preventing starvation.

Together, these actions enforce admission control and bandwidth reservation, aligning with the customer's requirement.

Exam trap

Cisco often tests the distinction between policing (which limits bandwidth) and shaping (which buffers and smooths traffic), and between bandwidth guarantees (which reserve capacity) and WRED (which manages congestion but does not prevent starvation), leading candidates to confuse these mechanisms.

955
MCQhard

In a hierarchical QoS policy, the parent policy shapes to 20 Mbps. The child policy has a class for voice with priority and police rate 2 Mbps, and a class for data with bandwidth 10 Mbps. What is the maximum bandwidth voice traffic can consume under congestion?

A.8 Mbps
B.20 Mbps
C.10 Mbps
D.2 Mbps
AnswerD

Correct; policing limits voice to 2 Mbps.

Why this answer

Voice is in LLQ with a police rate of 2 Mbps; even though the parent shape is 20 Mbps, policing limits voice to 2 Mbps to prevent starvation.

956
MCQmedium

In an OSPF network, an engineer wants to minimize the size of the routing table in a non-backbone area while still allowing the area to learn external routes from other ASs. Which OSPF area type should be configured?

A.Stub area
B.Totally stubby area
C.NSSA
D.Backbone area 0
AnswerC

NSSA allows external routes via Type 7 LSAs.

Why this answer

A Not-So-Stubby Area (NSSA) allows importing external routes as Type 7 LSAs while still blocking Type 5 LSAs from other areas.

957
MCQhard

An SP is deploying EVPN with VXLAN encapsulation in a data center interconnect. The design requires that the control plane for MAC/VTEP learning is based on BGP. Which BGP address family must be configured?

A.l2vpn evpn
B.l2vpn vpls-vpws
C.vpnv4
D.ipv4 unicast
AnswerA

The l2vpn evpn address family is used for EVPN control plane with BGP.

Why this answer

EVPN with VXLAN encapsulation requires the BGP L2VPN address family (l2vpn evpn) to exchange MAC/VTEP reachability information. This address family carries EVPN routes (type-2 for MAC/IP, type-3 for IMET) that populate the control plane for VXLAN tunnel endpoints, enabling MAC learning without flooding.

Exam trap

Cisco often tests the misconception that VPLS (l2vpn vpls-vpws) is the correct address family for EVPN with VXLAN, but VPLS uses MPLS encapsulation and a different control plane, while EVPN with VXLAN specifically requires the l2vpn evpn address family.

How to eliminate wrong answers

Option B (l2vpn vpls-vpws) is wrong because it is used for MPLS-based VPLS or VPWS services, not for VXLAN encapsulation or EVPN control plane. Option C (vpnv4) is wrong because it carries IPv4 VPN routes (MP-BGP for MPLS L3VPN), not MAC/VTEP information for Layer 2 EVPN. Option D (ipv4 unicast) is wrong because it carries standard IPv4 unicast routes and has no role in EVPN MAC/VTEP learning or VXLAN control plane.

958
MCQmedium

An engineer needs to ensure that a core router can forward MPLS packets without checking the IP header. Which forwarding mechanism should be enabled?

A.Link Fragmentation and Interleaving (LFI)
B.CEF switching
C.Per-packet load balancing
D.Penultimate Hop Popping (PHP)
AnswerD

PHP pops label at penultimate hop, so last hop forwards without IP check.

Why this answer

Penultimate Hop Popping (PHP) is the correct mechanism because it allows the penultimate router (the router before the egress) to remove the MPLS label and forward the packet using only the label stack, without the egress router needing to perform an IP lookup. This enables the core router to forward MPLS packets based solely on the label, bypassing any IP header inspection. PHP is defined in RFC 3031 and is a standard MPLS forwarding behavior that optimizes label-switched path (LSP) performance.

Exam trap

Cisco often tests the misconception that CEF switching is the mechanism to forward MPLS packets without IP header checks, but CEF still requires IP header inspection for the final hop or when labels are not used; PHP is the specific mechanism that eliminates the IP lookup at the egress.

How to eliminate wrong answers

Option A is wrong because Link Fragmentation and Interleaving (LFI) is a QoS mechanism used on low-speed links to fragment large packets and interleave small voice packets, not a forwarding mechanism for MPLS packets. Option B is wrong because CEF switching is a general IP forwarding mechanism that uses a Forwarding Information Base (FIB) and adjacency tables; while it can forward MPLS packets, it still requires checking the IP header when the label is popped or when PHP is not used, and it is not specifically designed to forward MPLS packets without IP header inspection. Option C is wrong because per-packet load balancing distributes packets across multiple paths based on packet-by-packet decisions, but it does not eliminate the need to check the IP header; it is a load-balancing technique, not a forwarding mechanism that bypasses IP header checks.

959
MCQeasy

A network engineer is troubleshooting an OSPF adjacency failure between two directly connected routers, R1 and R2. Both routers are configured with the same OSPF process ID and area. The engineer verifies that the interfaces are up and IP connectivity exists. Which configuration mismatch is most likely causing the adjacency to fail?

A.MTU mismatch between the interfaces
B.Passive interface configuration on one router
C.Area ID mismatch on the interfaces
D.OSPF network type mismatch between the interfaces
AnswerD

Network type mismatch (e.g., broadcast vs. point-to-point) causes the routers to disagree on DR/BDR election and hello behavior, preventing adjacency.

Why this answer

Option C is correct because OSPF network type mismatch, such as one side configured as point-to-point and the other as broadcast, prevents adjacency formation. Option A is wrong because an MTU mismatch would cause the adjacency to form but show problems during LSA exchange. Option B is wrong because area mismatch would cause a mismatch in area ID.

Option D is wrong because a passive interface would allow the neighbor to be seen but not become full.

960
MCQmedium

A service provider is deploying a new metro Ethernet network and needs to support multiple customer VLANs over a single physical link without overlapping VLAN IDs. Which technology should be used at the access layer to achieve this?

A.VLAN translation
B.Q-in-Q (802.1ad) double tagging
C.MAC-in-MAC (802.1ah)
D.VLAN trunking with 802.1Q
AnswerB

Correct. Q-in-Q adds an outer tag to segregate customer traffic, allowing overlapping inner VLANs.

Why this answer

Q-in-Q (802.1ad) allows service providers to add an outer VLAN tag to customer frames, enabling customer VLAN separation even when their VLAN IDs conflict. This is commonly used in metro Ethernet networks for scalability.

961
MCQhard

In a hierarchical QoS policy applied to a subscriber aggregation interface, the parent policy shapes to 100 Mbps and the child policy allocates 50% bandwidth to voice and 50% to data. If voice traffic exceeds 50 Mbps, what happens to the excess?

A.Excess voice is queued in the data queue
B.Excess voice is shaped by the parent policy
C.Excess voice is forwarded with best effort
D.Excess voice is dropped or re-marked
AnswerD

LLQ typically includes policing to limit the priority queue.

Why this answer

The child policy's police command within LLQ drops or re-marks voice traffic exceeding the configured bandwidth to prevent starvation of other queues.

962
MCQeasy

Which access technology is commonly used in service provider networks to deliver high-speed internet over existing telephone lines?

A.Metro Ethernet
B.GPON
C.Cable
D.DSL
AnswerD

DSL uses telephone lines for broadband.

Why this answer

DSL (Digital Subscriber Line) uses existing telephone lines to provide high-speed internet access.

963
MCQmedium

Which RSVP-TE filter style is commonly used for MPLS-TE tunnels to allow multiple senders on the same session?

A.Distinct Explicit (DE)
B.Fixed Filter (FF)
C.Shared Explicit (SE)
D.Wildcard Filter (WF)
AnswerC

Correct: SE allows multiple senders sharing a reservation.

Why this answer

Shared Explicit (SE) allows multiple senders, each with its own filter spec, but they share the same reservation. Fixed Filter (FF) is per sender. The question likely refers to SE style.

964
MCQeasy

In MPLS-TE Fast Reroute (FRR), what is a 'detour'?

A.A secondary path for load balancing
B.A backup LSP that protects a single primary LSP
C.A bypass tunnel that protects multiple LSPs
D.A mechanism to reroute traffic after failure detection
AnswerB

Correct: Detour provides 1:1 protection.

Why this answer

A detour is a 1:1 protection mechanism where a backup LSP is created for each protected LSP, often pre-signaled.

965
MCQmedium

An SP uses model-driven telemetry to monitor queue depths on core interfaces. They observe periodic spikes in the queue depth for EF traffic, causing increased latency. Which automation technique could dynamically adjust the QoS policy to mitigate the spikes?

A.Use a Python script that consumes telemetry data and adjusts the EF bandwith percentage via NETCONF when queue depth exceeds a threshold.
B.Deploy NETCONF YANG modules for VRF configuration.
C.Configure WRED on the EF queue.
D.Implement streaming telemetry to collect data every 5 seconds.
AnswerA

Closed-loop automation enables dynamic QoS adjustment.

Why this answer

Option A is correct because it combines model-driven telemetry (to detect queue depth spikes in real time) with a closed-loop automation approach: a Python script consumes the telemetry data, and when the EF queue depth exceeds a threshold, it dynamically adjusts the EF bandwidth percentage via NETCONF. This directly addresses the periodic spikes by modifying the QoS policy on the fly, reducing latency without manual intervention.

Exam trap

Cisco often tests the distinction between monitoring (telemetry) and active remediation (automation), so the trap here is that candidates see 'streaming telemetry' in Option D and think it solves the problem, but it only provides data—not the dynamic adjustment needed to mitigate the spikes.

How to eliminate wrong answers

Option B is wrong because deploying NETCONF YANG modules for VRF configuration does nothing to monitor or adjust queue depths or QoS policies; it is focused on VRF provisioning, not dynamic QoS tuning. Option C is wrong because configuring WRED on the EF queue would drop packets during congestion, which is inappropriate for EF (Expedited Forwarding) traffic that requires low loss and low latency; WRED is typically used for best-effort or AF traffic, not for EF. Option D is wrong because implementing streaming telemetry to collect data every 5 seconds only provides monitoring data—it does not include any mechanism to dynamically adjust the QoS policy; it is a passive observation tool, not an active remediation technique.

966
MCQhard

In an OSPF network, an area is configured as a Not-So-Stubby Area (NSSA). Which statement about LSA types in this area is correct?

A.Type 1 and Type 2 LSAs are not allowed in NSSA.
B.Type 4 LSAs are used to advertise the ABR to other areas.
C.Type 7 LSAs are originated by ASBR within the NSSA and converted to Type 5 by the ABR.
D.Type 5 LSAs are flooded within the NSSA.
AnswerC

Correct. Type 7 LSAs originated in NSSA and translated at ABR to Type 5 for other areas.

Why this answer

NSSA areas allow Type 7 LSAs to carry external routes, which are translated to Type 5 at the ABR. Type 5 LSAs are not allowed within the NSSA, and Type 4 LSAs are also blocked. Type 3 LSAs (summary) are allowed.

967
MCQhard

An SP is troubleshooting an MPLS L2VPN VPLS network where MAC flapping is occurring between two PEs. Which mechanism in VPLS prevents loops and ensures that a broadcast frame from one PE is not reflected back to the originating PE?

A.Split horizon
B.Spanning Tree Protocol (STP)
C.Rapid Spanning Tree Protocol (RSTP)
D.MAC address aging
AnswerA

Split horizon prevents forwarding out of incoming pseudowire.

Why this answer

In a VPLS environment, split horizon is the mechanism that prevents loops by ensuring that a broadcast, multicast, or unknown unicast frame received from a pseudowire (PW) is never forwarded back to any other PW on the same PE. This rule, defined in RFC 4761 and RFC 4762, stops the originating PE from receiving its own reflected frames, thus eliminating the MAC flapping that would occur if the frame were looped through the MPLS core.

Exam trap

Cisco often tests the distinction between loop prevention mechanisms used in the customer-facing domain (STP/RSTP) versus those used in the service provider core (split horizon), and the trap here is assuming that STP or RSTP can be applied to the MPLS pseudowires, when in fact VPLS explicitly relies on split horizon to prevent loops within the full-mesh of PEs.

How to eliminate wrong answers

Option B (Spanning Tree Protocol) is wrong because STP is a Layer 2 loop-prevention protocol used in bridged Ethernet networks (e.g., access or customer networks), but it is not designed to operate across the MPLS core of a VPLS; VPLS relies on split horizon instead. Option C (Rapid Spanning Tree Protocol) is wrong for the same reason as STP—it is a faster variant of STP but still operates only on the customer-facing interfaces, not on the pseudowires between PEs, and cannot prevent loops within the VPLS core. Option D (MAC address aging) is wrong because MAC aging is a mechanism to remove stale MAC entries from the forwarding table after a timeout (default 300 seconds on Cisco IOS), but it does not prevent loops or frame reflection; it only cleans up old entries, and MAC flapping can still occur even with aging enabled.

968
MCQhard

Refer to the exhibit. An engineer configures MPLS LDP on a router. The router has two interfaces with IP addresses 10.0.0.1/30 and 10.0.0.5/30. The engineer notices that LDP sessions are not established. The OSPF neighbor adjacencies are up. What is the most likely cause?

A.The OSPF network statements do not cover the interfaces correctly
B.The MPLS MTU is set to 1500, which is too low
C.The label range is too small
D.LDP is not enabled on the interfaces
AnswerD

The 'mpls ip' command does not enable LDP; LDP requires 'mpls ldp' or explicit configuration.

Why this answer

D is correct because MPLS LDP requires explicit interface-level activation under the `mpls ip` command. Even if OSPF adjacencies are up and the global LDP process is configured, LDP will not form sessions on interfaces where `mpls ip` is missing. The engineer likely enabled LDP globally but forgot to enable it on the specific interfaces, which is a common oversight.

Exam trap

Cisco often tests the distinction between global LDP configuration and interface-level activation, leading candidates to assume that enabling LDP globally is sufficient for session establishment.

How to eliminate wrong answers

Option A is wrong because OSPF network statements are unrelated to LDP session establishment; OSPF adjacencies are already up, proving the interfaces are correctly covered. Option B is wrong because an MPLS MTU of 1500 is standard and does not prevent LDP session establishment; MTU issues typically cause label-switched path (LSP) problems, not LDP hello or session failures. Option C is wrong because a small label range would cause label allocation failures, not prevent LDP sessions from forming; LDP sessions use TCP port 646 and are independent of label range size.

969
MCQmedium

Which YANG data modeling construct is used to restrict a leaf value to be a reference to another leaf in the data tree?

A.when
B.leafref
C.must
D.choice
AnswerB

leafref ensures the value exists at the referenced leaf.

Why this answer

The 'leafref' type in YANG is used to restrict the value of a leaf to refer to another leaf in the data tree, enforcing referential integrity.

970
MCQeasy

An engineer is configuring MPLS VPN and needs to ensure that customer traffic is automatically marked with a specific QoS policy based on the VPN. Which method should be used to propagate QoS markings across the MPLS network?

A.Use 802.1p CoS on the CE-PE link and preserve it across the MPLS backbone
B.Use MPLS EXP bits to mark traffic at the ingress PE and map to QoS at egress
C.Use IP ToS bits to mark traffic and rely on MPLS to preserve them
D.Set DSCP at the ingress PE and preserve it across the MPLS backbone
AnswerB

MPLS EXP bits are designed to carry QoS information across the MPLS network.

Why this answer

In an MPLS VPN environment, QoS markings must be preserved across the MPLS backbone. MPLS EXP (Experimental) bits are the standard mechanism to carry QoS information within the MPLS label stack. At the ingress PE, customer traffic is classified and marked with the appropriate EXP bits based on the VPN or other criteria.

The egress PE then uses these EXP bits to map traffic to the correct QoS policy, ensuring end-to-end QoS treatment.

Exam trap

Cisco often tests the misconception that IP ToS or DSCP markings are automatically preserved across an MPLS backbone, when in fact MPLS EXP bits are the dedicated field for QoS propagation and must be explicitly set and mapped.

How to eliminate wrong answers

Option A is wrong because 802.1p CoS is a Layer 2 marking used on Ethernet links; it is not preserved across an MPLS backbone where the original Ethernet header is removed. Option C is wrong because IP ToS bits (including DSCP) are not automatically preserved when MPLS labels are imposed; the MPLS label stack replaces the IP header for forwarding, and ToS bits are not copied to EXP bits by default unless explicitly configured. Option D is wrong because DSCP is an IP-layer marking; while it can be preserved if the MPLS backbone is configured to copy DSCP to EXP bits, simply setting DSCP at the ingress PE does not guarantee propagation across the MPLS network without an explicit mapping mechanism like MPLS EXP.

971
MCQmedium

In EVPN-VPWS, which identifier is used to uniquely identify an Ethernet Segment for multi-homing?

A.Route Distinguisher
B.EVI
C.MAC address
D.ESI
AnswerD

ESI identifies the Ethernet segment.

Why this answer

The Ethernet Segment Identifier (ESI) uniquely identifies an Ethernet segment that is multi-homed to two or more PEs.

972
MCQeasy

When DSCP markings are mapped to MPLS EXP bits at the ingress PE router, how many EXP values are available for traffic differentiation in the MPLS core?

A.8
B.16
C.64
D.32
AnswerA

3 bits yield 2^3 = 8 values.

Why this answer

MPLS EXP (now TC) is a 3-bit field, providing 8 possible values (0-7).

973
Multi-Selecteasy

Which TWO are characteristics of Segment Routing?

Select 2 answers
A.Uses only IPv6 data plane
B.Source routing capability
C.Requires RSVP-like signaling for path setup
D.No per-flow state on transit routers
E.Requires a centralized SDN controller
AnswersB, D

SR specifies path in the packet header.

Why this answer

Segment Routing (SR) is a source-routing paradigm where the ingress node encodes a list of segments (instructions) into the packet header, guiding the packet through the network without intermediate routers needing to maintain per-flow state. Option B is correct because SR inherently provides source routing capability: the source node determines the path by stacking segment identifiers (SIDs), and transit nodes simply forward based on the top SID.

Exam trap

Cisco often tests the misconception that Segment Routing requires a centralized controller (like SDN) or RSVP-like signaling, when in fact it can run purely with IGP-based distributed control and source-routed packet headers.

974
MCQmedium

An SP engineer notices that BGP routes from a CE are not being installed in the VRF routing table, although the BGP session is established. The VRF configuration includes route-target import 100:1. The CE is sending routes with RT 100:1. What is the most likely cause?

A.The BGP route is suppressed due to route update delay
B.The route is not matching any import map
C.The VRF name does not match
D.The RD is not configured
AnswerB

If an import map is configured, only routes matching the map are imported.

Why this answer

Even though the BGP session is up and the CE is sending routes with the correct route-target (RT 100:1), the VRF may have an import map applied. An import map filters which received VPN routes are actually installed into the VRF routing table. If the route does not match the conditions defined in that import map, it will be accepted by BGP but not installed, which explains the symptom.

Exam trap

Cisco often tests the distinction between a BGP session being up and routes being installed in the VRF, leading candidates to overlook the import map as a filtering mechanism that can block routes even when the RT matches.

How to eliminate wrong answers

Option A is wrong because a BGP route update delay (e.g., bgp update-delay) affects the initial convergence of the BGP table, not the permanent filtering of routes based on RT or import maps. Option C is wrong because the VRF name is a local label and does not affect route import; the import is controlled by RT matching, not the VRF name. Option D is wrong because the Route Distinguisher (RD) is used to make routes unique across VRFs, but it is not required for route installation; a missing RD would prevent the VRF from being configured properly, but the question states the VRF is configured with RT import, implying RD is present.

975
MCQhard

Based on the exhibit, what is the purpose of the 'mpls ldp neighbor ... password cisco' commands?

A.To synchronize LDP and IGP convergence.
B.To control the label allocation for prefixes from that neighbor.
C.To authenticate the LDP session using MD5.
D.To enable LDP session protection for the neighbor.
AnswerC

The password command enables MD5 authentication for the LDP session.

Why this answer

The 'mpls ldp neighbor ... password cisco' command configures a Message Digest 5 (MD5) authentication password for the LDP session with a specific neighbor. This ensures that the TCP connection used for LDP exchanges is authenticated, preventing spoofed or unauthorized LDP messages from being accepted, as defined in RFC 5036.

Exam trap

Cisco often tests the distinction between LDP authentication (password) and LDP session protection (holdtime/graceful restart), so the trap here is confusing the 'password' keyword with session protection features that maintain adjacency state.

How to eliminate wrong answers

Option A is wrong because synchronizing LDP and IGP convergence is achieved through LDP-IGP synchronization (e.g., 'mpls ldp sync' on an interface), not by setting a password. Option B is wrong because controlling label allocation for prefixes from a neighbor is done via label filtering (e.g., 'mpls ldp neighbor ... label accept' or 'mpls ldp neighbor ... label advertise'), not by a password. Option D is wrong because LDP session protection (e.g., 'mpls ldp session protection') is a separate feature that maintains LDP hello adjacencies and re-establishes sessions after link flaps, unrelated to authentication.

Page 12

Page 13 of 14

Page 14
Cisco SPCOR / CCNP Service Provider Core 350-501 350-501 Questions 901–975 | Page 13/14 | Courseiva