Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 976988

988 questions total · 14pages · All types, answers revealed

Page 13

Page 14 of 14

976
MCQeasy

A large service provider operates an MPLS L3VPN network with multiple Route Reflectors (RRs) in the core. The network uses BGP as the control plane for both IPv4 unicast and VPNv4 routes. Recently, one of the RRs started flapping, causing route withdrawals to many clients. The network architect wants to improve stability. The RRs are fully meshed with each other and clients are configured as route-reflector clients. The RRs have both IPv4 and VPNv4 address families enabled. Which action should be taken to minimize the impact of an RR failure?

A.Configure BGP prefix-independent convergence (PIC) on all PE routers.
B.Implement BGP add-paths capability on RRs to advertise multiple paths to clients.
C.Deploy redundant RRs with the same cluster ID and use the 'bgp cluster-id' command to ensure clients only accept routes from one RR at a time.
D.Configure client-to-client reflection on the RRs and ensure that each PE is a client of at least two RRs.
AnswerD

This provides redundancy; clients receive routes from multiple RRs, and if one RR fails, routes are still available via the other.

Why this answer

Configuring client-to-client reflection on the RRs and ensuring each PE is a client of at least two RRs provides redundancy; if one RR fails, routes are still available via the other RR. BGP PIC helps fast failover but does not prevent route withdrawal impact; add-paths increases paths but not redundancy; same cluster ID reduces redundancy.

977
Multi-Selectmedium

Which TWO of the following are benefits of using EVPN over traditional VPLS for L2VPN services?

Select 2 answers
A.EVPN uses a single MAC address per Ethernet segment.
B.EVPN uses BGP for control plane to advertise MAC addresses.
C.EVPN supports active-active multi-homing with load balancing.
D.EVPN requires a full mesh of pseudowires between all PEs.
E.EVPN only supports L2 extension, not L3.
AnswersB, C

EVPN uses MP-BGP to distribute MAC/VTEP information.

Why this answer

EVPN provides active-active multi-homing (B) and uses BGP for MAC learning (C), unlike VPLS which uses flooding and active/standby.

978
MCQhard

During a maintenance window, an automation script pushed a QoS policy that inadvertently changed the marking for all inbound traffic on a core interface. The change was rolled back, but performance reports show that some traffic is still being marked incorrectly. What is the most logical explanation?

A.The automation script used RESTCONF which requires a commit to finalize
B.The device requires a reload to clear the old marking
C.The rollback script only applied to the outbound direction
D.The rolled back policy was applied inbound, but the outbound policy that also applies marking was not rolled back
AnswerD

The automation may have only rolled back the inbound policy, leaving the outbound marking policy active, which continues to mark traffic.

Why this answer

Option D is correct because QoS policies can be applied independently in the inbound and outbound directions on an interface. If the original automation script modified the inbound marking policy, and the rollback only reverted that inbound policy, any outbound policy that also performs marking would remain unchanged and continue to incorrectly mark traffic. This explains why some traffic still shows incorrect marking after the rollback.

Exam trap

Cisco often tests the concept that QoS policies are directional and that a rollback must consider both inbound and outbound policies independently, leading candidates to overlook the possibility of a separate outbound marking policy still being active.

How to eliminate wrong answers

Option A is wrong because RESTCONF does not require a separate commit operation; it uses HTTP methods (POST, PUT, PATCH, DELETE) that take effect immediately on the device, unlike NETCONF which uses a commit. Option B is wrong because QoS policies in modern Cisco IOS/IOS-XE are applied dynamically and do not require a reload to take effect or clear; a simple 'no service-policy' or removal of the policy class-map is sufficient. Option C is wrong because the rollback script was applied to the same inbound direction where the original change was made; the issue is not about direction mismatch in the rollback but about a separate outbound policy that was never touched by the rollback.

979
MCQmedium

A service provider uses a centralized automation system to manage QoS policies via NETCONF and YANG. When attempting to push a new policy-map, the device returns an error indicating that the policy-map type is not supported in the specified location. What is the most likely cause?

A.The YANG module for QoS is not installed on the device
B.The NETCONF session is not authenticated
C.The automation system is using the wrong namespace
D.The policy-map is being applied to an interface that does not support hierarchical QoS
AnswerD

Some interface types, like tunnel interfaces, do not support hierarchical QoS policies; applying one results in this error.

Why this answer

The error indicates that the policy-map type is not supported in the specified location. This typically occurs when a policy-map is applied to an interface that does not support hierarchical QoS (HQoS), such as a physical interface that requires a service-policy under a parent policy-map. The NETCONF/YANG operation succeeds in syntax but fails due to device-level capability constraints.

Exam trap

Cisco often tests the distinction between YANG schema validation and device capability enforcement, leading candidates to incorrectly blame namespace or module issues when the real problem is a hardware or software feature limitation.

How to eliminate wrong answers

Option A is wrong because if the YANG module for QoS were not installed, the NETCONF server would return a 'data-missing' or 'operation-not-supported' error, not a location-specific policy-map type error. Option B is wrong because an unauthenticated NETCONF session would fail at the session establishment phase with an 'access-denied' error, not during a policy-map push. Option C is wrong because using the wrong namespace would cause a 'bad-attribute' or 'unknown-element' error during XML parsing, not a runtime error about policy-map type support.

980
Multi-Selecthard

Which THREE of the following L3VPN services require the use of a dedicated control plane per VPN instance?

Select 3 answers
A.VPLS
B.6VPE
C.MPLS L3VPN
D.Carrier Supporting Carrier (CSC) VPN
E.MDT VPN
AnswersB, C, D

Why this answer

6VPE (IPv6 VPN Provider Edge) requires a dedicated control plane per VPN instance because it uses separate per-VPN routing tables and a distinct BGP session (typically MP-BGP with the IPv6 address family) to exchange IPv6 VPN routes. This ensures that each customer's IPv6 routing information is isolated and processed independently, which is a core requirement for L3VPN services that maintain per-VPN forwarding and control plane separation.

Exam trap

Cisco often tests the misconception that all MPLS-based VPN services (including VPLS and MDT VPN) require per-VPN control planes, but only L3VPN services that maintain per-VPN routing tables and separate routing protocol instances (like MPLS L3VPN, 6VPE, and CSC VPN) actually need dedicated control planes per VPN instance.

981
MCQhard

In SRv6, which SID behavior is used to achieve L3VPN IPv6 VPN forwarding, where the SID points to a VPN instance and performs decapsulation and IPv6 lookup?

A.End.DT6
B.End.X
C.End.DT2U
D.End.DT4
AnswerA

End.DT6 handles IPv6 VPN.

Why this answer

End.DT6 is the SRv6 endpoint behavior for L3VPN over IPv6, performing decapsulation and lookup in the appropriate VPN routing table.

982
MCQmedium

Refer to the exhibit. Based on the exhibit, what is the most likely reason for no label bindings?

A.The local router has disabled label advertisements
B.The IGP routes are not present in the routing table
C.The LDP session is not fully established
D.The remote peer has label filtering applied
AnswerD

Label filtering on the remote peer can prevent advertisement of labels.

Why this answer

Option D is correct because the exhibit shows that the local router has received label bindings from the remote peer (as seen in the 'show mpls ldp bindings' output), but the local router has not installed any labels in its forwarding table. This indicates that the remote peer is advertising labels, but the local router is filtering those labels from being used, typically via an inbound label filtering policy. Label filtering can be applied using 'mpls ldp neighbor [neighbor-id] label-filter' or 'mpls ldp label-filter' to accept or reject specific label bindings, which matches the scenario where bindings are received but not used.

Exam trap

Cisco often tests the distinction between receiving label bindings (via LDP) and actually installing them in the forwarding table, leading candidates to incorrectly assume that any missing labels in the forwarding table are due to LDP session issues or IGP problems, rather than inbound label filtering.

How to eliminate wrong answers

Option A is wrong because the local router has not disabled label advertisements; the 'show mpls ldp bindings' output shows that the local router is actively receiving label bindings from the remote peer, which would not happen if label advertisements were disabled globally or per interface. Option B is wrong because the IGP routes are present in the routing table; the 'show ip route' output would show the routes for the prefixes listed in the bindings, and LDP relies on IGP reachability to establish sessions and exchange labels, so missing IGP routes would prevent LDP from even establishing a session. Option C is wrong because the LDP session is fully established; the 'show mpls ldp neighbor' output would show the session state as 'Operational' and the 'show mpls ldp bindings' output confirms that label bindings have been exchanged, which requires a fully established LDP session.

983
MCQhard

An SP uses Cisco ASR 9000 routers with IOS XR. Which statement correctly describes the commit/rollback configuration model in IOS XR?

A.Only 'commit replace' is supported; rollback requires manual re-entry.
B.Changes are staged in a candidate configuration and applied only after 'commit'; rollback to a previous commit is possible.
C.The router automatically commits changes every 10 minutes.
D.Changes take effect immediately without commit; rollback is not supported.
AnswerB

This is the commit/rollback model.

Why this answer

IOS XR requires a 'commit' to apply changes; it supports rollback to previous committed configurations, allowing safe changes.

984
MCQhard

An ISP is implementing 6PE to provide IPv6 connectivity over an MPLS network that only supports IPv4 in the core. In 6PE, how are IPv6 prefixes carried across the MPLS backbone?

A.IPv6 prefixes are transported over an IPv6 MPLS core using LDPv6
B.IPv6 prefixes are carried as VPNv6 prefixes in MP-BGP with an IPv4 next-hop
C.IPv6 prefixes are encapsulated in IPv4 tunnels with GRE
D.IPv6 prefixes are converted to IPv4 using NAT64 before MPLS forwarding
AnswerB

Correct; 6PE uses MP-BGP with AFI=2 (IPv6) and SAFI=1, with next-hop as IPv4 address.

Why this answer

6PE uses BGP to carry IPv6 prefixes with an IPv4 next-hop address (the loopback of the peer 6PE router). The BGP session is over IPv4, but the NLRI carries IPv6 prefixes. MPLS labels are used to forward traffic.

985
Multi-Selectmedium

An SP engineer is implementing DSCP classification at the edge. Which two AF classes are typically used for mission-critical data? (Choose two.)

Select 2 answers
A.CS0
B.AF11
C.AF41
D.AF22
E.AF31
AnswersC, E

AF4 class is high priority.

Why this answer

AF4x (e.g., AF41/AF42/AF43) and AF3x (e.g., AF31/AF32/AF33) are used for high-priority data. AF1x is low-priority.

986
MCQhard

Which OSPF area type is most suitable for a service provider's customer-facing network where external routes are blocked, but internal routes (including inter-area) are allowed, and the area should not accept Type 5 LSAs?

A.NSSA
B.Backbone area
C.Totally stubby area
D.Stub area
AnswerD

Stub area blocks Type 5 LSAs and uses default route.

Why this answer

A stub area blocks Type 5 LSAs but allows inter-area and intra-area routes. It injects a default route. NSSA allows limited external routes via Type 7, which is not desired here.

987
MCQmedium

An engineer is hardening the management plane of an IOS XR router. Which combination is the most secure for remote administration?

A.SSH with TACACS+ authentication and authorization
B.HTTP with local authentication
C.Telnet with local authentication
D.SSH with RADIUS authentication
AnswerA

SSH encryption plus TACACS+ full encryption and granular command authorization.

Why this answer

SSH provides encrypted remote access, and TACACS+ offers granular AAA control with encryption of all traffic, making it more secure than RADIUS (which encrypts only password) or local authentication.

988
MCQmedium

In EVPN-VPWS, which component is used to identify a multi-homed Ethernet segment and enable load balancing and fast convergence?

A.Ethernet Tag ID
B.MAC address
C.EVPN Route Target
D.Ethernet Segment Identifier (ESI)
AnswerD

Correct.

Why this answer

The Ethernet Segment Identifier (ESI) is a unique identifier for an Ethernet segment that is multi-homed to two or more PEs. ESI is used for DF election and aliasing.

Page 13

Page 14 of 14

Cisco SPCOR / CCNP Service Provider Core 350-501 350-501 Questions 976–988 | Page 14/14 | Courseiva