Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 76150

500 questions total · 7pages · All types, answers revealed

Page 1

Page 2 of 7

Page 3
76
MCQhard

A network engineer applies the above configuration on a PE router. The PE receives route 172.16.1.0/24 from eBGP peer 10.1.1.1. Which communities will be attached to this route?

A.65000:100 only
B.No communities are attached because the route-map does not specify additive.
C.65000:200 only
D.65000:100 and 65000:200
AnswerD

The set community command can include multiple values.

Why this answer

The route-map SET_COMM matches prefix 172.16.1.0/24 (permitted by prefix-list CUSTOMER). It sets two communities: 65000:100 and 65000:200. Standard community list includes both.

77
MCQmedium

Refer to the exhibit. An engineer configured Segment Routing on a router. However, the router does not advertise a Prefix-SID for the loopback0 interface. What is the most likely reason?

A.The loopback is not included in any OSPF network statement.
B.The 'prefix-sid index' command is not associated with the loopback prefix; it should be configured under the OSPF process for that specific prefix.
C.The 'segment-routing mpls' command is missing under the loopback interface.
D.The 'mpls ip' command is missing on the loopback interface.
AnswerB

The prefix-sid index under OSPF is generic; it needs to be tied to the specific prefix, e.g., 'prefix-sid index 100 192.168.1.1/32'.

Why this answer

The correct answer is B because in Cisco IOS XR, the 'prefix-sid index' command must be configured under the OSPF process for the specific prefix (e.g., 'prefix-sid index 100' under 'router ospf 1' for the loopback0 prefix). Configuring it under the interface does not associate the SID with the prefix in OSPF's link-state database, so the router will not advertise the Prefix-SID. The exhibit shows the command under the loopback interface, which is incorrect for OSPF Segment Routing.

Exam trap

Cisco often tests the distinction between interface-level and protocol-level configuration for Segment Routing, trapping candidates who assume the 'prefix-sid index' command belongs on the interface (like MPLS or IPv6 commands) rather than under the OSPF or IS-IS process.

How to eliminate wrong answers

Option A is wrong because OSPF network statements are not required for loopback interfaces; loopbacks are automatically advertised as stub networks if the interface is enabled under OSPF. Option C is wrong because 'segment-routing mpls' is a global command that enables Segment Routing MPLS on the router, not an interface-level command; it is not missing on the loopback. Option D is wrong because 'mpls ip' is used for LDP, not for Segment Routing; Segment Routing does not require MPLS IP on the interface for Prefix-SID advertisement.

78
MCQmedium

An automation engineer uses RESTCONF to configure a Cisco ASR 9000 router. When sending a PATCH request to update an interface description, the API returns 404 Not Found. What is the most probable issue?

A.HTTP authentication is required.
B.The YANG module is not supported.
C.The interface does not exist on the device.
D.The RESTCONF username/password is incorrect.
AnswerC

A non-existent interface results in a 404 because the resource URI points to a path that does not exist.

Why this answer

HTTP 404 indicates the requested resource is not found. For a PATCH on an interface, the most likely cause is that the interface does not exist. Other options would result in different HTTP status codes.

79
Multi-Selecthard

Which THREE are requirements for deploying MPLS Traffic Engineering with RSVP-TE?

Select 3 answers
A.OSPFv3 must be the IGP
B.LDP must be enabled on all routers
C.Links must have reservable bandwidth advertised
D.CSPF (Constrained SPF) must be implemented for path calculation
E.RSVP-TE signaling protocol must be configured
AnswersC, D, E

Bandwidth reservations require links to advertise available bandwidth.

Why this answer

RSVP-TE signaling, CSPF computation, and reservable bandwidth are key. Options B, D, and E are correct. Option A is wrong because LDP is not required.

Option C is wrong because OSPFv3 is for IPv6; RSVP-TE works with IS-IS or OSPFv2.

80
MCQmedium

A service provider is deploying MPLS Layer 3 VPNs and wants to ensure that customer traffic is not dropped when a PE-CE link fails. The CE router is using static routing. Which design should be implemented to provide fast convergence?

A.Configure OSPF on the PE-CE link and set hello timers to 1 second.
B.Use IP SLA tracking to monitor the CE and adjust the static route.
C.Increase the administrative distance of the static route to 255.
D.Enable BFD on the PE-CE interface and associate it with the static route.
AnswerD

BFD provides sub-second failure detection, triggering fast route withdrawal.

Why this answer

Option D is correct because BFD (Bidirectional Forwarding Detection) provides sub-second failure detection on the PE-CE link, and when associated with a static route, it allows the PE to quickly remove the failed route from the routing table. This triggers fast convergence without waiting for routing protocol timers, which is critical for MPLS Layer 3 VPNs using static routing on the CE side.

Exam trap

The trap here is that candidates often choose IP SLA (Option B) thinking it provides fast failure detection, but they overlook that IP SLA is poll-based and slower than BFD, which is the Cisco-recommended mechanism for sub-second convergence with static routes.

How to eliminate wrong answers

Option A is wrong because OSPF is a dynamic routing protocol, but the CE router is using static routing; configuring OSPF would require changing the CE configuration and does not leverage the static route design. Option B is wrong because IP SLA tracking can detect reachability but typically operates at a polling interval of several seconds (e.g., 5-60 seconds), which is too slow for fast convergence compared to BFD's sub-second detection. Option C is wrong because increasing the administrative distance of the static route to 255 makes it the least preferred route, effectively removing it from the routing table unless no other route exists, which would break connectivity rather than provide fast convergence.

81
MCQhard

You are responsible for network assurance for a Tier-1 ISP that has deployed model-driven telemetry using gNMI with ON_CHANGE subscriptions on all core routers. Recently, the NMS team reported that some BGP route flaps are not being captured in the telemetry data, even though the routers' syslogs show the flaps occurred. The telemetry subscription is for the path '/bgp/neighbors/neighbor/state/messages/received'. The NMS is using a gNMI collector that supports both ON_CHANGE and SAMPLE subscriptions. You suspect the issue is with the subscription configuration. Upon reviewing the router configuration, you see that the telemetry subscription uses the SAMPLE mode instead of ON_CHANGE. What is the most appropriate action to ensure all BGP route flap events are captured?

A.Configure the router to send syslogs to the NMS and parse them for BGP flaps.
B.Add a second subscription with ON_CHANGE for the same paths to ensure redundancy.
C.Change the subscription to SAMPLE with a 1-second interval to capture flaps more frequently.
D.Modify the subscription to use ON_CHANGE mode for the BGP neighbor paths.
AnswerD

ON_CHANGE ensures every state change is reported.

Why this answer

Option D is correct because the gNMI ON_CHANGE subscription mode is designed to stream telemetry updates only when the value of a subscribed path changes. Since the NMS is missing BGP flap events, the subscription must be using SAMPLE mode, which periodically polls the state and can miss transient events between sampling intervals. Changing the subscription to ON_CHANGE ensures that every state transition (e.g., BGP session up/down) is immediately pushed to the collector, capturing all flaps.

Exam trap

Cisco often tests the misconception that increasing SAMPLE frequency (e.g., 1-second interval) is sufficient to capture all events, when in fact only ON_CHANGE guarantees event-driven capture for state transitions.

How to eliminate wrong answers

Option A is wrong because relying on syslog parsing is a workaround that adds complexity and latency, and it does not leverage the model-driven telemetry architecture that provides structured, real-time data. Option B is wrong because adding a second subscription with ON_CHANGE for the same paths is redundant and does not fix the root cause—the existing subscription must be changed to ON_CHANGE, not supplemented. Option C is wrong because even a 1-second SAMPLE interval can miss BGP flaps that occur and resolve within that second, and it increases CPU/bandwidth overhead without guaranteeing event capture; ON_CHANGE is the only mode that guarantees event-driven updates.

82
MCQmedium

A service provider is deploying QoS on a Cisco ASR 9000 router to support a triple-play service (voice, video, data) over an Ethernet access network. The network engineer must ensure that voice traffic (EF) is prioritized, video traffic (AF41) is treated with low loss, and data traffic (default) gets best-effort service. Additionally, the engineer must implement a hierarchical QoS policy to shape the aggregate subscriber traffic to 100 Mbps on a GigabitEthernet interface, with the following per-class bandwidth allocations: voice 10 Mbps, video 40 Mbps, and data 50 Mbps. During testing, voice packets are being dropped under congestion, and video traffic is experiencing jitter. The current QoS configuration is as follows: policy-map CHILD class VOICE priority level 1 police rate 10 mbps class VIDEO bandwidth remaining ratio 40 class DATA bandwidth remaining ratio 50 ! policy-map PARENT class class-default shape average 100 mbps service-policy CHILD ! Which action should the engineer take to resolve the issues while maintaining the design objectives?

A.Change the video class to 'priority level 2' to give it preferential treatment over data.
B.Remove the police from the voice class and add 'priority level 1' without police; this ensures voice is priority queued without dropping.
C.Add a 'police' to the video class with a CIR of 40 Mbps and 'conform-action transmit exceed-action drop' to protect voice.
D.Change the voice class to use 'bandwidth remaining percent 10' and remove the police.
AnswerB

Priority queuing with no police allows voice packets to be transmitted ahead of other queues, avoiding drops.

Why this answer

Option B is correct because the current configuration uses a police rate of 10 Mbps under the voice priority class, which causes voice packets to be dropped when they exceed that rate, even though priority queuing should guarantee low latency. Removing the police and keeping 'priority level 1' allows voice traffic to be strictly prioritized without a hard rate limit, ensuring no drops for voice while still allowing the parent shaper to enforce the aggregate 100 Mbps. This resolves the voice drops and, by preventing voice from being policed, reduces jitter for video traffic that might otherwise be affected by bursty voice drops.

Exam trap

Cisco often tests the misconception that a police rate on a priority class is necessary to protect other classes, when in fact the parent shaper already limits the aggregate, and the priority queue should be left unpoliced to avoid dropping delay-sensitive voice traffic.

How to eliminate wrong answers

Option A is wrong because changing video to 'priority level 2' would make it a second-level priority queue, which still does not address the root cause of voice drops (the police) and could starve data traffic, violating the design objective of low-loss video (AF41) without priority queuing. Option C is wrong because adding a police to the video class with a CIR of 40 Mbps and exceed-action drop would not protect voice; it would only drop video packets that exceed 40 Mbps, but voice drops are caused by the police on the voice class itself, not by video oversubscription. Option D is wrong because changing voice to 'bandwidth remaining percent 10' removes priority queuing entirely, which would introduce latency and jitter for voice, contradicting the requirement that EF traffic be prioritized with low latency.

83
MCQmedium

A service provider's network uses MPLS TE with Fast Reroute (FRR) for link protection. After a fiber cut on a core link, the traffic is rerouted via a backup tunnel, but the backup tunnel's path suffers from high latency. The customer complains about poor voice quality. What can be done to avoid this scenario in future deployments?

A.Configure backup tunnels with explicit paths that avoid high-latency links
B.Increase the bandwidth reservations on the backup tunnel
C.Implement BGP PIC for edge routers
D.Use node protection instead of link protection
AnswerA

Explicit path constraint ensures backup tunnel follows desired low-latency links.

Why this answer

Option B is correct. By explicitly configuring the backup tunnel with a path specification (e.g., using explicit path objects) that avoids high-latency links, the backup path can be engineered to meet latency requirements. Option A (node protection) does not address latency.

Option C (BGP PIC) is for edge convergence, not core protection. Option D (increasing bandwidth reservation) affects bandwidth but not latency.

84
MCQmedium

Based on the exhibit, which prefix is missing a label binding and likely causing traffic to be dropped?

A.10.2.2.0/24
B.10.1.1.0/24
C.10.4.4.0/24
D.10.3.3.0/24
E.10.5.5.0/24
AnswerC

'No Label' means no label binding exists; traffic to this prefix will be dropped.

Why this answer

The prefix 10.4.4.0/24 has 'No Label', indicating the router has not learned a label from the next-hop for that FEC. This can cause labeled packets to that prefix to be dropped.

85
Multi-Selecteasy

Which TWO conditions cause a router to drop packets when a police action is configured?

Select 2 answers
A.exceed action is drop
B.conform action is drop
C.no bandwidth is reserved
D.violate action is drop
E.queue is full
AnswersA, D

When a packet exceeds the rate, it can be dropped if configured.

Why this answer

When a police action is configured, the router uses a token bucket model to meter traffic. If traffic exceeds the committed information rate (CIR) and burst size, it falls into the 'exceed' or 'violate' category depending on the configured conform and exceed burst parameters. The 'drop' action for exceed or violate conditions explicitly instructs the router to discard those packets, enforcing traffic shaping or policing at the hardware or software level.

Exam trap

Cisco often tests the distinction between 'exceed' and 'violate' actions in policing, where candidates mistakenly think only 'violate' can drop packets, but 'exceed' can also be configured to drop, and both are valid conditions for packet loss.

86
MCQeasy

Refer to the exhibit. An engineer monitors the queue depths on a core interface. Which class is experiencing the most congestion?

A.The interface is not congested because bandwidth is 1 Gbps.
B.Voice class, because it has a taildrop threshold.
C.Both classes equally, because they both have taildropping.
D.Best-effort class, because its average depth is 580.
AnswerD

Correct: Nearly at taildrop threshold of 600, and exceeded max.

Why this answer

Option D is correct. Best-effort queue has average depth 580 near its taildrop threshold of 600, and max depth 650 which exceeds the threshold, indicating drops. Voice queue depth is low.

Option A is wrong because voice is under threshold. Option B is wrong because best-effort is near threshold. Option C is wrong because the command already shows the data.

87
MCQeasy

Refer to the exhibit. A PE router configuration for VRF CUST1 is shown. What is the most likely result when a CE sends a route with RT 100:100?

A.The route causes a BGP session reset
B.The route is imported and installed in VRF
C.The route is imported but not advertised to other CEs
D.The route is received but not imported into VRF
AnswerD

Only routes with matching RT import are imported; RT 100:100 does not match.

Why this answer

The VRF only imports routes with RT 100:1. Routes with RT 100:100 are received in the BGP table but not imported into the VRF. Option B is incorrect because import depends on RT matching.

C and D are not typical outcomes.

88
MCQhard

A network engineer notices that BGP-LU prefixes learned from an eBGP neighbor are not being installed in the MPLS forwarding table (LFIB). The BGP table shows the prefixes with the correct label. The IGP route to the neighbor is reachable. What additional configuration is needed?

A.Enable `no bgp default ipv4-unicast`
B.Configure `mpls ldp autoconfig` on the interface
C.Add `allowas-in` to accept routes with AS-path containing own AS
D.Set `label mode per-prefix` under the BGP neighbor or address-family
AnswerD

BGP-LU requires per-prefix label allocation for LFIB installation.

Why this answer

For BGP-LU to install labels into LFIB, the `label mode` must be set to `per-prefix` or the router must have `mpls bgp forwarding` enabled. Without enabling label allocation per prefix, BGP-LU prefixes are not programmed in LFIB. The other options are not directly related.

89
MCQeasy

A service provider is implementing MPLS L3VPN for a customer. The customer requires that routes from two different VPNs be imported into a single VRF. Which feature should be used?

A.Route Reflector
B.Route Target (RT) import/export
C.Route Distinguisher (RD)
D.BGP extended community
AnswerB

RT import/export is used to control which routes are imported into a VRF.

Why this answer

Route Target (RT) import/export controls which routes are imported into a VRF. By configuring multiple RT import statements, routes from different VPNs can be imported. Option A refers to Route Reflector for BGP scalability, not VRF import.

Option B is Route Distinguisher, which uniquifies prefixes but doesn't control import. Option D is a component of RT but not the feature itself.

90
Multi-Selecteasy

Which THREE protocols are used for label distribution in an MPLS network?

Select 3 answers
A.OSPF
B.LDP
C.IS-IS
D.BGP
E.RSVP
AnswersB, D, E

LDP is the most common label distribution protocol for MPLS.

Why this answer

Options A, B, and C are correct. LDP, BGP, and RSVP are standard label distribution protocols. OSPF and ISIS are IGPs and do not distribute labels, although they can be used for SR, but SR still relies on IGP to advertise prefix-SIDs, not as a label distribution protocol per se.

91
MCQmedium

A service provider offers Carrier Ethernet services using MPLS-TP in the access and aggregation layers. The network uses MPLS-TP tunnels with static LSPs and protection via 1:1 linear protection with APS. One customer reports intermittent connectivity issues on their E-LINE service. The operations team observes that the protection switchover is occurring frequently due to apparent signal failures on the working path. However, the physical layer shows no errors. The protection switching is configured with revertive mode. The working LSP has an RDI (Remote Defect Indication) configured. Upon further investigation, the team finds that the working LSP's OAM continuity check messages (CCMs) are being lost occasionally, triggering a protection switch. What is the most likely misconfiguration?

A.The CCM interval is too long, causing delayed detection.
B.The working path uses a higher MPLS-TP OAM rate than the protection path.
C.The protection path has a lower priority than the working path.
D.The CCM interval is too short, causing frequent false failures due to transient congestion.
AnswerD

Correct. A short interval makes the system overly sensitive, leading to false failure detection.

Why this answer

A short CCM interval makes the system sensitive to minor delays, causing false failures and frequent protection switches. A longer interval would reduce sensitivity but increase detection time. Priority and OAM rate differences are not typical causes.

92
MCQeasy

A network architect is designing an MPLS network that must provide fast convergence in case of a link failure. The network uses Segment Routing. Which mechanism provides sub-50ms protection by using a precomputed backup path?

A.BFD (Bidirectional Forwarding Detection)
B.TI-LFA (Topology-Independent Loop-Free Alternate)
C.LFA (Loop-Free Alternate)
D.LDP FRR
AnswerB

TI-LFA uses segment lists to guarantee backup path regardless of topology.

Why this answer

TI-LFA (Topology-Independent Loop-Free Alternate) with Segment Routing provides fast reroute by computing a backup path using segment lists that avoid the failed link. LFA provides protection but not always topology-independent. LDP FRR is older.

BFD is a detection mechanism, not protection.

93
MCQeasy

A service provider deploys MPLS L3VPN to connect multiple customer sites. Which VPN address family must be enabled on the PE routers to exchange customer IPv4 routes between PEs?

A.VPNv4 unicast
B.IPv4 labeled-unicast
C.IPv4 unicast
D.VPNv6 unicast
AnswerA

VPNv4 address family carries VPN-IPv4 routes with route distinguisher.

Why this answer

Option C is correct because VPNv4 address family carries IPv4 VPN routes with RD and RT. Option A is wrong because IPv4 unicast is for global table. Option B is wrong because VPNv6 is for IPv6 VPNs.

Option D is wrong because labeled IPv4 is used for MPLS label distribution.

94
Multi-Selectmedium

Which TWO statements accurately describe MPLS LDP label distribution and autoconfiguration? (Choose two.)

Select 2 answers
A.LDP can be configured to allocate labels only for specific prefixes using label filtering.
B.LDP uses hello messages sent to multicast address 224.0.0.2.
C.LDP allocates labels for all prefixes in the IGP routing table by default.
D.LDP sessions are always established using the physical interface IP address.
E.LDP label allocation is per interface by default.
AnswersA, C

You can filter which prefixes get labels via ACL or prefix-list.

Why this answer

LDP allocates labels for every IGP prefix by default. It uses the Transport address (usually loopback) to establish sessions. Option D is incorrect because LDP can also use targeted discovery.

95
Multi-Selecthard

Which THREE are valid methods for label distribution in an MPLS network?

Select 3 answers
A.Segment Routing via IGP
B.RSVP-TE
C.BGP
D.LDP
E.TDP
AnswersA, B, D

Segment routing uses IGP extensions to distribute prefix SIDs.

Why this answer

Segment Routing via IGP (Option A) is a valid label distribution method because it uses the IGP (OSPF or IS-IS) to advertise prefix-SIDs, which are MPLS labels. The IGP distributes these labels as part of its link-state database, eliminating the need for a separate label distribution protocol like LDP. This is defined in RFC 8660 and RFC 8665 for OSPF and IS-IS respectively.

Exam trap

Cisco often tests the distinction between label distribution protocols for core LSP establishment versus label-carrying protocols for services, so candidates may mistakenly select BGP as a core label distribution method when it is actually used for VPN label distribution.

96
Multi-Selectmedium

Which TWO queuing mechanisms best meet the requirements for voice traffic (low latency and jitter) in a service provider network?

Select 2 answers
A.LLQ (Low Latency Queuing)
B.WRED (Weighted Random Early Detection)
C.Priority queuing
D.CBWFQ without LLQ
E.FIFO (First In First Out)
AnswersA, C

LLQ provides a strict priority queue for real-time traffic.

Why this answer

LLQ is correct because it combines a strict priority queue with CBWFQ, ensuring voice traffic (which is delay-sensitive) is always serviced first, thereby minimizing latency and jitter. The priority queue is policed to prevent starvation of other traffic, making it ideal for real-time applications like VoIP in service provider networks.

Exam trap

Cisco often tests the misconception that WRED or CBWFQ alone can handle voice traffic, but the trap here is that only LLQ (or strict priority queuing) provides the necessary low latency and jitter by guaranteeing immediate service for voice packets, while other mechanisms introduce delay or drop packets.

97
MCQmedium

A service provider wants to implement Segment Routing in its MPLS core to simplify traffic engineering. What is the primary advantage of Segment Routing over traditional RSVP-TE?

A.No per-flow state on transit routers
B.Improved ECMP load balancing
C.Better support for Fast Reroute
D.Requires a central controller for path calculation
AnswerA

SR uses source routing; transit routers only need label forwarding.

Why this answer

Option C is correct because Segment Routing eliminates per-flow state on intermediate routers by encoding the path in the packet header. Option A is wrong because both can support fast-reroute. Option B is wrong because ECMP is supported by both.

Option D is wrong because SR doesn't necessarily require a central controller.

98
MCQhard

In a carrier's network, MPLS-TE tunnels are used to steer traffic away from congested links. The operator configures a tunnel with a bandwidth of 200 Mbps and a dynamic path. The CSPF computation shows a path with sufficient bandwidth, but the tunnel fails to come up. The RSVP neighbor is established. What is the most likely cause?

A.The tunnel destination is not reachable via IGP
B.The path message is rejected due to resource reservation failure
C.The tunnel interface is down
D.MPLS LDP is not configured
AnswerB

RSVP-TE reserves bandwidth; if not available, tunnel fails.

Why this answer

The tunnel fails to come up because the CSPF-computed path cannot reserve the requested 200 Mbps bandwidth. Even though the path has sufficient bandwidth on paper, the RSVP resource reservation process may fail due to a lack of available bandwidth at the exact time of reservation, or due to a mismatch in bandwidth pool configuration (e.g., global vs. subpool). Since the RSVP neighbor is established, the issue is specifically with the reservation step, not with reachability or LDP.

Exam trap

Cisco often tests the distinction between CSPF path computation (which only checks link metrics and TE attributes) and RSVP resource reservation (which performs actual bandwidth admission control), leading candidates to incorrectly assume that a successful CSPF computation guarantees the tunnel will come up.

How to eliminate wrong answers

Option A is wrong because the RSVP neighbor is already established, which implies IGP reachability to the tunnel destination is present; RSVP relies on IGP routes to send Path messages. Option C is wrong because the tunnel interface being down would prevent any RSVP signaling, but the RSVP neighbor is established, indicating the interface is operationally up. Option D is wrong because MPLS LDP is not required for MPLS-TE tunnels; RSVP-TE handles label distribution for TE tunnels, and LDP is used for non-TE LSPs.

99
MCQeasy

A service provider router receives a route with a higher specific prefix length than the same prefix in the routing table. Which route will be preferred?

A.The route with higher administrative distance.
B.The route with lower metric.
C.The more specific prefix.
D.The less specific prefix.
AnswerC

Longest prefix match is the primary criterion in IP routing.

Why this answer

C is correct because a router always prefers the most specific prefix (longest prefix length) when forwarding packets, regardless of administrative distance or metric. This is a fundamental rule of IP routing: the route with the longest subnet mask match is chosen first, as it represents the most precise path to the destination.

Exam trap

Cisco often tests the misconception that administrative distance or metric can override the longest prefix match, leading candidates to incorrectly choose option A or B when the question explicitly states a higher specific prefix length.

How to eliminate wrong answers

Option A is wrong because administrative distance is only used to compare routes to the same prefix length; a less specific route with a lower AD cannot override a more specific route. Option B is wrong because metric is compared only among routes with the same prefix length and same routing protocol; a lower metric on a less specific route does not make it preferred over a more specific route. Option D is wrong because the less specific prefix is never preferred when a more specific prefix exists for the same destination; the longest prefix match rule always takes precedence.

100
Multi-Selecthard

Which TWO BGP path attributes are considered before AS-path length in the default best-path selection process?

Select 2 answers
A.Origin code
B.Community
C.MED
D.Weight
E.Local Preference
AnswersD, E

Weight is the first tie-breaker.

Why this answer

Weight (D) is a Cisco-proprietary attribute that is checked first in the BGP best-path selection process, before AS-path length. Local Preference (E) is the second attribute evaluated, also preceding AS-path length. Both are considered before the AS-path length comparison in the default BGP decision process.

Exam trap

Cisco often tests the exact order of BGP path selection attributes, and the trap here is that candidates mistakenly think MED or Origin are evaluated before AS-path length, when in fact they come later in the decision process.

101
MCQmedium

An engineer is using NETCONF to retrieve the operational QoS statistics from a router. The response contains XML data but does not include the queueing statistics. What is the most likely reason?

A.The NETCONF filter did not include the correct YANG path for QoS statistics
B.The user does not have enough privilege level
C.The statistics are only available via SNMP
D.The router is running an older IOS that does not support NETCONF
AnswerA

NETCONF filters are used to select specific data; omitting the path for queueing statistics results in their omission from the response.

Why this answer

NETCONF retrieves data based on YANG models. If the filter does not specify the correct YANG path for QoS queueing statistics, the server will not include that data in the response. The YANG data model for QoS (e.g., Cisco‑IOS‑XE‑qos‑oper.yang) defines specific paths for queueing counters; omitting or mis‑specifying the filter path results in an incomplete reply.

Exam trap

Cisco often tests the misconception that a successful NETCONF reply means all requested data is present, when in reality a missing or incorrect YANG path filter silently omits specific subtrees like queueing statistics.

How to eliminate wrong answers

Option B is wrong because insufficient privilege would cause an authentication or authorization error (e.g., rpc‑error with access‑denied), not a successful response missing specific data. Option C is wrong because NETCONF is a standards‑based management protocol (RFC 6241) that can retrieve all operational data, including QoS statistics, if the corresponding YANG model is supported; SNMP is not the exclusive source. Option D is wrong because even older IOS versions that support NETCONF (e.g., IOS‑XE 16.x) include QoS YANG models; the absence of queueing statistics is a filtering issue, not a NETCONF capability issue.

102
MCQhard

Refer to the exhibit. An engineer has configured an SR-TE policy. What is required for this policy to be used for traffic steering?

A.Static routing
B.IGP with segment routing
C.BGP with color extended community
D.OSPF with opaque LSA
AnswerC

BGP routes with a color community matching the policy's color will steer traffic onto that policy.

Why this answer

For an SR-TE policy to be used, traffic must be steered via BGP with a color extended community matching the policy's color. Without a match, the policy is not activated. Option B: IGP with SR is already configured; Option C: static routing is not relevant; Option D: OSPF opaque LSA is for OSPF extensions, not SR-TE policy activation.

103
MCQmedium

Refer to the exhibit. The policy above is applied on a PE router. The customer complains that voice quality is poor. Based on the exhibit, what is the most likely cause?

A.The police rate for voice is too low for the offered traffic
B.The policy is applied to the wrong direction
C.The class-default is empty
D.The DATA class is not matching any traffic
AnswerA

The offered rate of 100 kbps exceeds the policed rate of 64 kbps, causing significant drops (over 40% of packets dropped), which directly impacts voice quality.

Why this answer

The police rate for voice is too low for the offered traffic. Voice traffic requires a guaranteed bandwidth to maintain low jitter and packet loss; if the policer rate is set below the actual voice flow rate, packets are dropped or marked down, causing poor voice quality. In the exhibit, the voice class has a police rate that is insufficient for the offered load, leading to excessive drops.

Exam trap

Cisco often tests the misconception that applying a policy in the correct direction is sufficient, but the trap here is that the police rate itself must be properly sized for the actual voice traffic load, not just the classification.

How to eliminate wrong answers

Option B is wrong because the policy is applied in the ingress direction on the PE router, which is correct for policing inbound customer traffic before it enters the service provider core; applying it egress would not prevent oversubscription at the edge. Option C is wrong because class-default being empty means no traffic is classified there, but voice and data are matched in other classes, so this does not cause voice quality issues. Option D is wrong because the DATA class not matching traffic would only affect data, not voice; the voice class is matching traffic, so the problem lies in the voice policing rate.

104
MCQhard

A SP wants to automate the deployment of QoS policies on numerous PE routers using NETCONF. Which YANG module is most appropriate for modeling the QoS policy-map configuration?

A.ietf-interfaces
B.Cisco-IOS-XR-qos-ma-cfg
C.Cisco-IOS-XR-ip-tcp-yang
D.ietf-netconf-acm
AnswerB

This YANG module defines QoS policy-map structures.

Why this answer

Option B is correct because the Cisco-IOS-XR-qos-ma-cfg YANG module is specifically designed to model QoS policy-map configurations on Cisco IOS XR platforms. Since the SP is using NETCONF to automate QoS policies on PE routers running IOS XR, this native module provides the exact data model for defining class-maps, policy-maps, and service policies, aligning with the task's requirement.

Exam trap

Cisco often tests the distinction between native YANG modules (like Cisco-IOS-XR-qos-ma-cfg) and standard IETF modules (like ietf-interfaces), where candidates mistakenly choose a generic interface module instead of the specific QoS policy-map module.

How to eliminate wrong answers

Option A is wrong because ietf-interfaces is a standard YANG module for modeling interface configurations (e.g., IP addresses, MTU), not QoS policy-map definitions. Option C is wrong because Cisco-IOS-XR-ip-tcp-yang models TCP parameters (e.g., window scaling, timestamps), not QoS policy-map structures. Option D is wrong because ietf-netconf-acm defines NETCONF Access Control Model (NACM) for restricting NETCONF operations, not for modeling QoS configurations.

105
MCQhard

A service provider uses an MPLS-TE tunnel to carry voice and data traffic. The tunnel is experiencing packet loss during congestion. The engineer wants to ensure that voice traffic receives guaranteed bandwidth and low latency while data traffic uses remaining bandwidth. Which QoS configuration should be applied on the tunnel interface?

A.LLQ with a priority queue for voice and a default class for data
B.CBWFQ with bandwidth allocation for voice and data
C.Policing on voice traffic to limit its rate
D.Shaping on the tunnel to 75% of bandwidth with no queuing
AnswerA

LLQ ensures low latency for voice, and the default class uses remaining bandwidth for data.

Why this answer

Option A is correct because Low Latency Queuing (LLQ) allows you to place voice traffic into a strict priority queue, ensuring guaranteed bandwidth and low latency during congestion, while the default class uses CBWFQ to allocate remaining bandwidth to data traffic. This matches the requirement of prioritizing voice without starving data entirely, as the priority queue is policed to prevent voice from consuming all bandwidth.

Exam trap

Cisco often tests the misconception that CBWFQ alone can provide low latency for voice, but the trap here is that CBWFQ lacks a strict priority queue, so voice traffic will experience delay and jitter, making LLQ the only correct choice for real-time traffic.

How to eliminate wrong answers

Option B is wrong because CBWFQ alone cannot provide the strict low latency required for voice; it allocates bandwidth fairly but does not have a priority queue, so voice would experience jitter and delay during congestion. Option C is wrong because policing on voice traffic limits its rate but does not guarantee low latency or bandwidth; policing drops excess traffic without queuing, which can cause voice packet loss even within the contracted rate. Option D is wrong because shaping to 75% of bandwidth with no queuing only smooths traffic but provides no QoS differentiation; without queuing, both voice and data are treated equally, leading to packet loss for voice during congestion.

106
MCQmedium

A service provider is deploying EVPN-VXLAN in its data center to provide Layer 2 and Layer 3 overlay services. The underlay uses an eBGP-based CLOS fabric with spine and leaf switches. The leaf switches act as VTEPs and run EVPN for MAC/VXLAN advertisement. One of the tenants, a financial customer, requires that their traffic between two leaf-connected servers is always forwarded through a firewall for inspection, even when the servers are on the same leaf. The firewall is connected to a service leaf. The architect proposes using EVPN integrated routing and bridging (IRB) with asymmetric IRB. However, traffic between two VMs on the same leaf is bypassing the firewall. Which architectural change ensures that all inter-VM traffic within the same leaf goes through the firewall?

A.Implement a VXLAN tunnel from each leaf to the firewall and use policy-based forwarding (PBF) on the leaf to redirect inter-VM traffic to the firewall via the tunnel.
B.Configure a gateway on the firewall and use static routes on the leaf to forward traffic to the firewall.
C.Use EVPN symmetric IRB and ensure the firewall is attached as a Layer 2 extension.
D.Enable 'split-horizon' on the leaf switches to prevent direct forwarding.
AnswerA

Correct. PBF can redirect traffic to the firewall even for local traffic, ensuring inspection.

Why this answer

Implement a VXLAN tunnel from each leaf to the firewall and use policy-based forwarding (PBF) on the leaf to redirect inter-VM traffic to the firewall via the tunnel. This forces traffic to the firewall even for local traffic. Split-horizon prevents loops, not service insertion; static routes are not scalable; symmetric IRB still allows local bridging.

107
Matchingmedium

Match each service provider architecture term to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provider Edge router connecting to customer equipment

Provider core router forwarding traffic without VPN awareness

Customer Edge router connecting to the provider network

Route Reflector to scale BGP in a service provider backbone

Autonomous System Boundary Router connecting to other ASes

Why these pairings

These are fundamental roles in a service provider network.

108
Multi-Selectmedium

Which TWO are benefits of using Segment Routing (SR) over traditional LDP-based MPLS?

Select 2 answers
A.Eliminates the need for LDP and RSVP-TE protocols.
B.Requires only OSPF as the IGP.
C.Reduces label imposition at the ingress PE.
D.Faster convergence due to BGP PIC.
E.Supports traffic engineering without RSVP-TE.
AnswersA, E

SR uses IGP to distribute labels, removing LDP and RSVP-TE.

Why this answer

Option A is correct because Segment Routing (SR) eliminates the need for the Label Distribution Protocol (LDP) and Resource Reservation Protocol with Traffic Engineering (RSVP-TE) by encoding MPLS labels directly into the Interior Gateway Protocol (IGP), such as OSPF or IS-IS. This simplifies the control plane by removing these protocols entirely, reducing operational complexity and resource overhead.

Exam trap

Cisco often tests the misconception that Segment Routing requires a specific IGP (like OSPF only) or that it reduces label imposition, when in fact SR is IGP-agnostic and label depth depends on the path encoding, not the protocol itself.

109
MCQmedium

An SP's core router experiences excessive packet drops on a congested link. The QoS policy uses CBWFQ with 4 queues. The drops occur only in the queue for a premium business class. Which is the most likely cause?

A.The 'bandwidth remaining' command is missing from the policy-map.
B.The interface is using MLP with interleaving.
C.The queue is using tail-drop without WRED.
D.The premium class is configured with a police action that drops traffic when it exceeds the committed information rate.
AnswerD

Policing drops excess traffic; if the police rate is lower than the guaranteed bandwidth, drops occur.

Why this answer

The premium business class queue is experiencing excessive packet drops because a police action configured with a 'drop' exceed-action is discarding traffic that exceeds the committed information rate (CIR). Unlike congestion management (queuing), policing is a congestion avoidance mechanism that drops packets immediately when the traffic rate surpasses the configured CIR, regardless of the queue depth or available bandwidth. This explains why drops occur only in the premium class queue, as the policer is explicitly dropping excess packets before they even enter the CBWFQ scheduler.

Exam trap

Cisco often tests the distinction between policing (which drops excess traffic regardless of congestion) and queuing (which drops only when buffers are full), leading candidates to mistakenly attribute drops to congestion management mechanisms like tail-drop or WRED when the real cause is a police action configured with a drop exceed-action.

How to eliminate wrong answers

Option A is wrong because the 'bandwidth remaining' command is used to allocate excess bandwidth among queues in a class-based weighted fair queuing (CBWFQ) policy; its absence would not cause drops in a specific queue, but rather affect how unused bandwidth is distributed. Option B is wrong because MLP with interleaving is a technique to reduce serialization delay on multilink interfaces by fragmenting and interleaving small packets; it does not cause packet drops in a specific queue. Option C is wrong because tail-drop without WRED would cause drops when the queue is full, but the drops would occur in any queue that reaches its maximum threshold, not exclusively in the premium class queue; the question states drops occur only in the premium class queue, which points to a policing action rather than a congestion management drop mechanism.

110
MCQmedium

A service provider's network is experiencing suboptimal routing for BGP prefixes received from a customer. The customer is multihomed to two different PE routers in the same AS. Which BGP feature can ensure that traffic ingresses via the correct PE?

A.MED
B.Local Preference
C.AS-path prepend
D.Weight
AnswerA

MED is used to influence inbound traffic by advertising different metrics to different peers.

Why this answer

MED (Multi-Exit Discriminator) is the correct BGP attribute for influencing inbound traffic from a multihomed customer. When the customer advertises the same prefix to two PE routers in the same AS, setting a lower MED value on one PE will cause the customer's upstream AS to prefer that path for returning traffic. This allows the service provider to control which PE receives the ingress traffic without altering any outbound routing policies.

Exam trap

Cisco often tests the distinction between attributes that influence inbound vs. outbound traffic, and the trap here is confusing Local Preference (outbound) with MED (inbound) when both are used for path selection within an AS.

How to eliminate wrong answers

Option B (Local Preference) is wrong because Local Preference is used to influence outbound traffic from the local AS, not inbound traffic from a customer. Option C (AS-path prepend) is wrong because it influences path selection by making a route appear longer, but it is typically applied on egress updates to affect inbound traffic from external ASes, not within the same AS for multihomed customers. Option D (Weight) is wrong because Weight is a Cisco-proprietary attribute that is local to the router and influences outbound path selection, not inbound traffic from a customer.

111
MCQhard

A service provider wants to influence inbound traffic from a customer AS. The customer AS is multi-homed to two provider ASes. Which BGP community is most effective to make the customer prefer a specific entry point?

A.Set community 'no-export' on routes from the undesired entry point.
B.Set community 'prepend 3' on routes from the desired entry point.
C.Set community 'local-preference 200' on routes from the desired entry point.
D.Set community 'no-advertise' on routes from the undesired entry point.
AnswerC

This community instructs the customer to set local preference higher for those routes, making that entry point preferred.

Why this answer

The provider can set the 'prepend' community (e.g., 100:1) to request the customer to prepend AS path, but that is outbound. To influence inbound, the provider should use communities that affect the customer's BGP decision process, like local preference. However, the most effective is to set a higher local preference on routes advertised to the customer from the desired entry point.

This is typically done via the 'local-preference' community (e.g., 2:100).

112
Multi-Selecteasy

Which TWO actions are required to enable model-driven telemetry on a Cisco IOS XR router?

Select 2 answers
A.Configure a subscription that refers to a sensor group and a destination group.
B.Apply an access-list to allow telemetry traffic from the router.
C.Enable NETCONF on the router for telemetry to function.
D.Configure a destination group with receiver IP and port.
E.Configure the subscription with the sensor path directly.
AnswersA, D

The subscription is the binding that activates data collection and forwarding to the receiver.

Why this answer

To enable model-driven telemetry, you must configure a destination group (receiver) and a subscription that ties the sensor path to the destination. Option A is correct because a destination group defines where telemetry data is sent. Option D is correct because a subscription binds the sensor path and destination.

Option B is wrong because the sensor path is configured in a sensor group, not the subscription. Option C is wrong because an ACL is not required for telemetry. Option E is wrong because NETCONF is not mandatory; telemetry can use gRPC or other protocols.

113
MCQmedium

A network engineer is troubleshooting MPLS L3VPN issues on a PE router. The CE router is receiving routes from the PE, but the CE cannot ping the remote CE. The PE shows the remote prefix in its routing table and in the VRF. What is the most likely cause?

A.The VRF route-target import/export is misconfigured
B.The MTU on the core links is too small
C.The RD is different on the two PEs
D.The LSP between the PEs is not operational
AnswerD

The LSP must be up to forward MPLS-encapsulated packets between PEs.

Why this answer

If the PE has the route in the VRF but the label-switched path (LSP) to the remote PE is down or nonexistent, the packet cannot be forwarded. The most common issue is that the LSP (e.g., via LDP or Segment Routing) is broken. Other options like wrong RT/RD or MTU would cause different symptoms.

114
MCQhard

A service provider uses BGP communities to influence routing policies. An administrator wants to prevent a specific prefix from being advertised to any external AS. Which BGP community should be applied?

A.NO_ADVERTISE
B.INTERNET
C.LOCAL_AS
D.NONE
E.NO_EXPORT
AnswerE

NO_EXPORT prevents advertisement to any eBGP peer, which is exactly what is needed.

Why this answer

The well-known community NO_EXPORT (0xFFFFFF01 or 0xFFFFFF01) tells the router not to advertise the prefix to any eBGP peers. The community NO_ADVERTISE prevents advertisement to any peer (including iBGP), which is too restrictive. Local-AS (0xFFFFFF03) prevents advertisement to external AS but allows advertisement to confederation sub-AS.

To prevent advertisement to any external AS, NO_EXPORT is correct.

115
MCQhard

A large SP is using model-driven telemetry to collect interface statistics from 5000 routers to a centralized collector. The collector is deployed on two servers with load balancing. Recently, the operations team noticed that some router telemetry streams are missing data for intervals of up to 5 minutes during peak hours. The engineer suspects packet loss between the routers and collector. The routers are sourced from different vendors but all support gRPC dial-out telemetry. The engineer wants to identify which routers are affected. The current configuration uses a single telemetry collector IP with port 5000. What step should the engineer take to isolate the problematic routers?

A.Use a packet capture on the network to identify drops.
B.Enable telemetry debugging on each router and review logs.
C.Check the telemetry subscription statistics on each router for drops and errors.
D.Configure a second collector on a different port and split the routers across two collectors.
AnswerC

Routers maintain per-subscription counters (e.g., sent packets, dropped packets, sequence errors) that directly pinpoint problematic devices.

Why this answer

Checking telemetry subscription statistics on each router (e.g., using show telemetry statistics) provides per-router counters for drops, errors, and sequence gaps. This directly identifies which routers are experiencing loss. Other options are either too manual, network-wide, or do not isolate individual routers.

116
MCQmedium

A service provider is implementing Multicast VPN (MVPN) in an MPLS backbone. They use Rosen GRE (draft-rosen) for multicast transport. What is the primary limitation of Rosen GRE compared to mLDP-based MVPN?

A.It requires full-mesh of GRE tunnels between all PEs.
B.It cannot use Source-Specific Multicast (SSM).
C.All multicast traffic is sent to every PE in the VPN, even if no receiver exists.
D.It does not support Protocol Independent Multicast (PIM).
AnswerC

Rosen GRE uses a default MDT that forwards traffic to all PEs, causing waste.

Why this answer

Option C is correct because Rosen GRE uses a default MDT group that carries all multicast traffic, leading to unnecessary traffic replication to PEs that do not have interested receivers. mLDP builds P2MP LSPs precisely where needed. Option A is wrong because both support PIM. Option B is wrong because both require full-mesh of tunnels (Rosen GRE uses GRE, mLDP uses MPLS LSP).

Option D is wrong because both can handle SSM.

117
Multi-Selecteasy

A service provider is configuring BGP community propagation in an MPLS VPN network. Which two actions are necessary to ensure that communities are passed from CE to remote PE?

Select 2 answers
A.Configure no bgp default community-mode
B.Configure send-community on the CE-to-PE BGP session
C.Configure send-community extended on the VPNv4 neighbor
D.Configure vrf forwarding with route-target both
E.Configure route-map to filter communities
AnswersB, C

Correct. This allows communities from the CE to be received by the PE.

Why this answer

B is correct because the `send-community` command must be configured on the CE-to-PE BGP session to allow standard BGP communities (e.g., NO_EXPORT) to be propagated from the CE router into the MPLS VPN network. Without this, the PE router will strip communities from incoming BGP updates, preventing them from reaching the remote PE.

Exam trap

Cisco often tests the distinction between standard and extended communities, leading candidates to forget that `send-community` (for standard) is required on the CE-PE session, while `send-community extended` is only for VPNv4 peers.

118
MCQhard

Refer to the exhibit. An engineer pushes this XML configuration via NETCONF, but the device rejects it with an error stating 'invalid policy-map structure'. What is the problem?

A.The class name must be defined in a class-map before being referenced in the policy-map
B.The configuration is missing the class-default class
C.The YANG model does not support the 'police' keyword
D.The priority and police commands cannot coexist in the same class
AnswerA

The YANG model requires that class-maps are defined separately. This XML attempts to define a class inline, which is not allowed.

Why this answer

The error 'invalid policy-map structure' occurs because the policy-map references a class name that has not been defined in a class-map beforehand. In Cisco IOS, a class-map must exist before it can be used inside a policy-map; otherwise, the device rejects the configuration as structurally invalid.

Exam trap

Cisco often tests the dependency between class-maps and policy-maps, where candidates mistakenly think the error is about missing class-default or command incompatibility, rather than the fundamental requirement that a class must be defined before it is referenced.

How to eliminate wrong answers

Option B is wrong because the class-default class is automatically created by the system and does not need to be explicitly defined; its absence is not the cause of the error. Option C is wrong because the YANG model for Cisco IOS-XE NETCONF fully supports the 'police' keyword for traffic policing under a policy-map class. Option D is wrong because priority and police can coexist in the same class when used correctly (e.g., priority with police for bandwidth policing), though certain restrictions apply; this is not the cause of the 'invalid policy-map structure' error.

119
MCQeasy

Which congestion avoidance technique drops packets probabilistically before the queue becomes full?

A.FIFO
B.Priority Queuing
C.WRED
D.Custom Queuing
AnswerC

WRED proactively drops packets to avoid congestion.

Why this answer

WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that monitors the average queue depth and, when it exceeds a configured threshold, begins dropping packets probabilistically before the queue becomes completely full. This proactive dropping signals TCP senders to reduce their transmission rates, thereby preventing tail drop and global synchronization.

Exam trap

The trap here is that candidates often confuse congestion avoidance (WRED) with congestion management (queuing algorithms like PQ, CQ, or FIFO), mistakenly thinking that any queuing mechanism that drops packets qualifies as congestion avoidance.

How to eliminate wrong answers

Option A is wrong because FIFO (First-In, First-Out) is a simple queuing method that does not perform any congestion avoidance; it simply transmits packets in the order they arrive and drops packets only when the queue is full (tail drop). Option B is wrong because Priority Queuing (PQ) is a congestion management technique that services high-priority queues first and can starve lower-priority queues, but it does not proactively drop packets based on queue depth. Option D is wrong because Custom Queuing (CQ) is a congestion management technique that allocates a fixed amount of bandwidth to each queue by round-robin servicing, but it does not perform random early detection or probabilistic dropping.

120
MCQeasy

A service provider is migrating from OSPF to IS-IS in the core. During the migration, both protocols are running. Some prefixes are learned via both OSPF and IS-IS. The network uses BGP for external routes and MPLS for VPNs. The engineer notices that BGP routes are pointing to a next-hop that is reachable via OSPF but not via IS-IS, causing traffic to be dropped. What is the best course of action to ensure that during the migration, BGP uses only one IGP protocol?

A.Use BGP next-hop tracking to prefer IS-IS routes
B.Configure a route-map to selectively distribute routes
C.Increase the administrative distance of IS-IS to be higher than OSPF
D.Implement MPLS TE tunnels for BGP next-hops
AnswerC

Higher admin distance makes IS-IS less preferred, ensuring OSPF routes are used for next-hop resolution.

Why this answer

Option C is correct because increasing the administrative distance of IS-IS to be higher than OSPF (e.g., from 115 to 120) makes OSPF routes preferred over IS-IS routes in the routing table. Since BGP uses the IGP route to resolve its next-hop, this ensures BGP always selects the OSPF path, preventing traffic drops when the next-hop is only reachable via OSPF. This is a simple, protocol-agnostic way to control IGP preference during a migration without altering route redistribution or tunneling.

Exam trap

Cisco often tests the misconception that BGP next-hop tracking (Option A) or route-maps (Option B) can influence IGP preference, when in fact administrative distance is the direct and simplest mechanism to control route selection between two IGPs.

How to eliminate wrong answers

Option A is wrong because BGP next-hop tracking (NHT) monitors reachability changes but does not influence which IGP protocol is preferred; it only triggers BGP to re-evaluate next-hops, not to prefer one IGP over another. Option B is wrong because a route-map for selective distribution controls which prefixes are advertised between protocols, not the administrative distance or next-hop resolution behavior of BGP; it would not force BGP to use only OSPF for next-hop resolution. Option D is wrong because MPLS TE tunnels can steer traffic but add complexity and do not address the fundamental issue of BGP next-hop resolution preferring one IGP over another; they are an over-engineered solution for a simple administrative distance fix.

121
MCQmedium

You are a network engineer at a service provider that offers L3VPN services. A customer complains that their VPN traffic is intermittently dropping. The network uses OSPF as the IGP, LDP for label distribution, and MP-BGP for VPNv4 route exchange. The PE routers are connected to two core routers (P1 and P2) in a redundant design. Upon investigation, you find that the BGP next-hop for some VPN prefixes is set to the loopback interface of the remote PE, but the route to that loopback is sometimes unreachable due to a flapping link between P1 and P2. The IGP converges, but the BGP prefixes take longer to recover. What is the most likely cause of the intermittent drops?

A.The OSPF network type is incorrectly set to point-to-point
B.The BGP timers are set too low, causing premature route withdrawal
C.BGP next-hop tracking is not enabled, causing BGP to rely on IGP convergence only
D.The LDP session between the PEs is down
AnswerC

NHT allows BGP to react quickly to IGP next-hop changes.

Why this answer

The intermittent drops occur because BGP next-hop tracking (NHT) is not enabled. Without NHT, BGP relies solely on IGP convergence to detect reachability changes for the BGP next-hop (the remote PE loopback). When the link between P1 and P2 flaps, OSPF converges quickly, but BGP does not immediately re-evaluate its next-hop reachability; it waits for the next BGP scan interval (default 60 seconds) or until a BGP update is received.

This delay causes the VPN prefixes to remain installed with an unreachable next-hop, leading to traffic drops until BGP eventually withdraws or re-advertises the routes.

Exam trap

Cisco often tests the misconception that BGP automatically reacts to IGP changes instantly, when in fact without NHT, BGP relies on periodic scanning, causing a delay that leads to traffic drops during transient IGP failures.

How to eliminate wrong answers

Option A is wrong because OSPF network type set to point-to-point would affect adjacency formation and LSA flooding, but it does not directly cause BGP to delay recovery after IGP convergence; the issue is about BGP next-hop reachability timing, not OSPF network type. Option B is wrong because setting BGP timers too low (e.g., keepalive/hold timers) would cause premature session resets, not intermittent drops tied to a flapping IGP link; the problem is BGP not reacting to IGP changes, not BGP session instability. Option D is wrong because the LDP session between PEs is not required for VPNv4 route exchange; LDP is used for label distribution within the MPLS core, and the PE-to-PE LDP session is not a standard design—LDP runs between directly connected LSRs, not between PEs across the core.

122
MCQeasy

A service provider is designing a new MPLS core network and needs to choose a routing protocol that supports traffic engineering and fast convergence. Which protocol should be used?

A.RIP
B.EIGRP
C.OSPF
D.IS-IS
AnswerD

IS-IS supports MPLS TE and provides fast convergence, making it ideal for SP core.

Why this answer

IS-IS is the correct choice because it natively supports MPLS Traffic Engineering (TE) via IS-IS TE extensions (RFC 5305) and offers fast convergence through mechanisms like IS-IS Fast Flooding and LSP throttling. Unlike OSPF, IS-IS operates directly over Layer 2, making it more scalable and robust in large service provider core networks, and it avoids the need for a separate flooding domain for TE.

Exam trap

Cisco often tests the misconception that OSPF is the only link-state protocol suitable for MPLS TE, but the trap is that IS-IS is actually the more common choice in service provider cores due to its native TE support and superior scalability in hierarchical designs.

How to eliminate wrong answers

Option A is wrong because RIP is a distance-vector protocol with slow convergence and no support for traffic engineering or MPLS TE extensions. Option B is wrong because EIGRP is a Cisco-proprietary protocol that lacks native MPLS TE support and is not designed for the hierarchical, scalable core networks required by service providers. Option C is wrong because while OSPF supports MPLS TE via OSPF TE extensions (RFC 3630), it requires a separate opaque LSA type 10 flooding domain and has higher CPU overhead for TE link-state advertisements compared to IS-IS, making IS-IS the preferred choice in many service provider designs.

123
MCQhard

A network engineer is designing a Layer 2 VPN using EVPN with MPLS data plane. The customer requires all-hub multipoint connectivity with optimal multicast replication. Which EVPN route type is used to advertise multicast group membership?

A.Route Type 3 (Inclusive Multicast Ethernet Tag)
B.Route Type 2 (MAC/IP Advertisement)
C.Route Type 4 (Ethernet Segment)
D.Route Type 6 (Selective Multicast Ethernet Tag)
AnswerD

Used to advertise multicast group membership for selective replication.

Why this answer

Route Type 6 (Selective Multicast Ethernet Tag) is used in EVPN to advertise multicast group membership for selective multicast replication. This allows the provider edge (PE) routers to build optimal multicast trees for specific groups, enabling efficient all-hub multipoint connectivity with EVPN-MPLS data plane.

Exam trap

Cisco often tests the distinction between inclusive (Route Type 3) and selective (Route Type 6) multicast, and the trap here is assuming that Route Type 3 is used for all multicast scenarios, when in fact Route Type 6 is required for optimal group-specific replication.

How to eliminate wrong answers

Option A is wrong because Route Type 3 (Inclusive Multicast Ethernet Tag) advertises an inclusive multicast service, meaning all traffic is flooded to all PEs in the broadcast domain, which does not support selective or optimal multicast replication. Option B is wrong because Route Type 2 (MAC/IP Advertisement) is used to advertise MAC and IP addresses for host reachability, not multicast group membership. Option C is wrong because Route Type 4 (Ethernet Segment) is used for multi-homing scenarios to advertise Ethernet segment identifiers and redundancy group information, not multicast group membership.

124
MCQhard

A service provider operates a Layer 2 MPLS VPN using VPLS. Recently, two new CE routers were added to the VPLS domain, but they cannot ping each other. The existing CEs can communicate. The network uses BGP autodiscovery and signaling. The new CEs are connected to different PEs. The 'show vfi status' command on the new PEs indicates the VFI is up but the pseudowire to the remote PE is down. The BGP session between the PEs is established and the L2VPN address family routes are exchanged. What is the most probable cause?

A.The BGP neighbor is not activated under the VPLS address-family
B.The route-target on the new PEs does not match the existing VPLS context
C.The MTU mismatch between PEs
D.The VFI name is not consistent across PEs
AnswerB

Correct. Mismatched route-target prevents the new PEs from being discovered by the existing ones, so pseudowires are not established.

Why this answer

B is correct because BGP autodiscovery for VPLS relies on route-target (RT) matching to import remote VPLS endpoints into the local VFI. If the RT configured on the new PEs does not match the RT used by the existing VPLS context, the remote pseudowire will not be created even though BGP sessions are up and L2VPN routes are exchanged. The 'show vfi status' showing VFI up but pseudowire down is a classic symptom of RT mismatch, as the local PE cannot associate the received BGP routes with the correct VPLS instance.

Exam trap

Cisco often tests the distinction between BGP session establishment (which only requires neighbor configuration and address-family activation) and successful VPLS pseudowire creation (which additionally requires matching route-target import/export policies), leading candidates to incorrectly suspect BGP activation issues when the real problem is RT mismatch.

How to eliminate wrong answers

Option A is wrong because the BGP neighbor is already activated under the L2VPN address-family (the question states BGP session is established and L2VPN routes are exchanged), so the issue is not activation. Option C is wrong because an MTU mismatch between PEs would cause pseudowire status to be 'down' due to LDP or MPLS MTU negotiation failure, but the question specifies BGP autodiscovery and signaling, and MTU mismatch typically manifests as operational errors or packet drops, not a pseudowire that fails to come up solely due to RT mismatch. Option D is wrong because the VFI name is a local label on each PE and does not need to be consistent across PEs; VPLS uses the VPLS ID (or VPLS instance ID) carried in BGP, not the VFI name, to match endpoints.

125
MCQeasy

Based on the exhibit, which OSPF network type is configured on this interface?

A.Non-Broadcast
B.Point-to-Point
C.Broadcast
D.Point-to-Multipoint
AnswerB

Correct as displayed.

Why this answer

The output shows 'Network Type POINT_TO_POINT', so the interface is configured as point-to-point.

126
MCQmedium

A customer's MPLS L3VPN has two CE routers connected to two different PEs, but the PEs are not receiving the customer's routes from each other. The PE-CE routing protocol is OSPF. The PEs have the VRF configured with OSPF process, and the routes from CE are in the VRF routing table. The MP-BGP session between PEs is up and the VPNv4 address family is working. On the source PE, the routes show as not advertised to BGP. What is the likely issue?

A.The route-target export on the source PE does not match the import on the remote PE
B.The OSPF network type is not set to broadcast
C.The OSPF process on the PE is not redistributed into BGP VPNv4 under the VRF
D.The next-hop-self is not configured under the VRF OSPF process
AnswerC

Correct. The 'redistribute ospf process-id' command under the VRF address-family is missing, so OSPF routes are not injected into MP-BGP.

Why this answer

The correct answer is C because in an MPLS L3VPN with OSPF as the PE-CE protocol, the VRF OSPF process must be explicitly redistributed into the MP-BGP VPNv4 address family using the `redistribute ospf <process-id> match internal external` command under the VRF address-family IPv4. Without this redistribution, the OSPF routes learned from the CE remain in the VRF routing table but are never injected into BGP, so they are not advertised to the remote PE, even though the MP-BGP session is up and the VPNv4 address family is working.

Exam trap

Cisco often tests the misconception that simply enabling OSPF under a VRF and having a working MP-BGP session is sufficient for route exchange, when in fact explicit redistribution from OSPF into BGP VPNv4 is required.

How to eliminate wrong answers

Option A is wrong because if the route-target export on the source PE did not match the import on the remote PE, the routes would be advertised to BGP (they would show as advertised) but would not be installed on the remote PE; the question states the routes show as 'not advertised to BGP', so the issue is before BGP advertisement. Option B is wrong because the OSPF network type does not affect whether routes are redistributed into BGP; it only influences neighbor discovery and DR/BDR election, and the PE-CE adjacency is already established since routes are in the VRF table. Option D is wrong because `next-hop-self` is a BGP configuration (applied under the VRF address-family or BGP neighbor) that modifies the next-hop attribute in BGP updates, not an OSPF command; it does not control whether routes are advertised to BGP in the first place.

127
MCQhard

A service provider is implementing Segment Routing over IPv6 (SRv6) in their core. They want to provide path isolation for different services using SRv6 SIDs. Which SID structure is used to encode both the locator and the function?

A.The SID is divided into locator and function (and optionally arguments).
B.The SID uses a separate label stack for function encoding.
C.The SID is an IPv6 address without any encoding.
D.The SID consists of a prefix only.
AnswerA

SRv6 SID is structured as Locator:Function:Args.

Why this answer

An SRv6 SID is 128 bits; the locator is the prefix portion, and the function is the remaining bits. Option A is incorrect because the prefix is the locator. Option C is incorrect because the SRv6 SID includes both.

Option D is incorrect because the argument is optional and part of the function.

128
MCQeasy

Which network architecture model separates the control plane and data plane in a way that allows for centralized control and distributed forwarding?

A.SDN architecture
B.MPLS architecture
C.VPN architecture
D.QoS architecture
AnswerA

SDN centralizes control while keeping forwarding distributed.

Why this answer

Software-Defined Networking (SDN) architecture explicitly separates the control plane from the data plane, centralizing network intelligence in a controller while leaving packet forwarding to distributed switches and routers. This decoupling enables programmatic, centralized control of the network, with the controller (e.g., OpenDaylight, Cisco APIC) making forwarding decisions and pushing flow entries to devices via protocols like OpenFlow or OpFlex. The result is a logically centralized brain with physically distributed forwarding, which is the defining characteristic of SDN.

Exam trap

Cisco often tests the misconception that MPLS or VPN architectures inherently separate control and data planes, but they do not centralize control—they still rely on distributed protocols like LDP or MP-BGP, which is the key distinction from SDN.

How to eliminate wrong answers

Option B is wrong because MPLS architecture does not separate the control and data planes for centralized control; instead, it uses a distributed control plane (e.g., LDP, RSVP-TE) where each router independently builds its label forwarding table, and forwarding is still distributed. Option C is wrong because VPN architecture (e.g., MPLS Layer 3 VPN) relies on a distributed control plane using MP-BGP to exchange VPN routes, with each PE router making independent forwarding decisions; it does not centralize control. Option D is wrong because QoS architecture is a set of mechanisms (e.g., classification, policing, shaping) that operate within the data plane and control plane of existing devices, but it does not fundamentally separate the two planes for centralized control.

129
Multi-Selectmedium

Which THREE of the following are required components for implementing MPLS Layer 3 VPN (L3VPN) in a service provider network? (Choose three.)

Select 3 answers
A.MP-BGP between PE routers to exchange VPNv4 routes
B.VRF configuration on PE routers to separate customer routes
C.MPLS forwarding enabled on all core routers
D.IBGP between PE and P routers for label distribution
E.VRF configuration on P routers
AnswersA, B, C

MP-BGP carries VPNv4 routes with route distinguishers and route targets.

Why this answer

Option A is correct because MP-BGP (Multiprotocol BGP) is essential for carrying VPNv4 routes between PE routers. It uses address family VPNv4 to transport customer IPv4 prefixes along with their Route Distinguisher (RD) and Route Target (RT) attributes, enabling the separation and distribution of multiple customer VPNs across the MPLS core.

Exam trap

Cisco often tests the misconception that P routers require VRF configuration or that IBGP is used for label distribution between PE and P routers, when in fact P routers only need MPLS forwarding and LDP for label exchange.

130
MCQhard

Refer to the exhibit. Which statement about this BGP configuration is true?

A.The no synchronization command is invalid under address-family ipv4 vrf.
B.The next-hop-self command ensures that the PE sets itself as the next-hop for routes advertised to the route reflector.
C.The send-community extended command is only needed for IPv4 unicast address family.
D.The redistribute ospf command will import OSPF routes into the VRF but not into BGP.
AnswerB

Next-hop-self is used to set the local router as next-hop.

Why this answer

Option B is correct because the `next-hop-self` command under the VRF address-family instructs the PE router to set its own IP address as the next-hop for routes advertised to the route reflector. This is necessary in MPLS L3VPN environments to ensure that the route reflector (and other PEs) can reach the customer prefix via the advertising PE, avoiding reachability issues when the original next-hop is not directly connected across the MPLS core.

Exam trap

Cisco often tests the misconception that `next-hop-self` is only needed for eBGP peers, but in MPLS L3VPN it is essential for iBGP sessions to route reflectors to ensure correct next-hop reachability across the core.

How to eliminate wrong answers

Option A is wrong because the `no synchronization` command is valid under `address-family ipv4 vrf`; BGP synchronization is disabled by default in modern IOS versions and is not required for VRF configurations. Option C is wrong because the `send-community extended` command is required for the VPNv4 address family (or under the VRF) to propagate extended communities (e.g., RTs) necessary for MPLS L3VPN operation, not just for IPv4 unicast. Option D is wrong because the `redistribute ospf` command under the VRF address-family imports OSPF routes into the BGP VRF table, making them available for redistribution into BGP VPNv4 routes; the routes are indeed imported into BGP, not excluded.

131
MCQmedium

A service provider is running OSPF in their core network. After a link failure, routing convergence is taking longer than expected. The engineer suspects the issue is related to the SPF calculation. Which OSPF feature can reduce the SPF calculation time?

A.OSPF database overload protection
B.Bidirectional Forwarding Detection (BFD)
C.Incremental SPF (iSPF)
D.LSA pacing timers (pacing-interval)
AnswerC

Reduces SPF computation by recalculating only changed parts.

Why this answer

Option C is correct: incremental SPF (iSPF) recalculates only affected routes, reducing convergence time. Option A (LSA pacing) is for flooding; Option B (LSDB overload) is unrelated; Option D (BFD) speeds up failure detection, not SPF calculation.

132
MCQeasy

Refer to the exhibit. Which prerequisite for MPLS L3VPN is missing on PE1?

A.MPLS is not enabled on the interface
B.LDP is not enabled globally
C.VRF is not defined
D.OSPF is not redistributed into BGP
AnswerC

No `ip vrf` definition or VRF applied to any interface.

Why this answer

Option C is correct because the exhibit shows that PE1 has an interface configured with an IP address and MPLS enabled, but no VRF definition is present. For MPLS L3VPN, a VRF must be defined on the PE router to separate customer routing tables and to associate the customer-facing interface with that VRF. Without the VRF, the PE cannot import/export VPN routes or maintain per-VPN routing instances, which is a fundamental prerequisite for L3VPN operation.

Exam trap

Cisco often tests the misconception that MPLS or LDP configuration alone is sufficient for L3VPN, when in fact the VRF definition is the mandatory first step that candidates overlook.

How to eliminate wrong answers

Option A is wrong because the exhibit shows 'mpls ip' under the interface, indicating MPLS is already enabled on that interface. Option B is wrong because LDP is enabled globally as shown by 'mpls ldp router-id' and 'mpls ldp' in the global configuration, and LDP is not a prerequisite for L3VPN (though it is commonly used for label distribution). Option D is wrong because OSPF redistribution into BGP is a configuration step for propagating routes within the VPN, not a prerequisite; the VRF must exist first before any redistribution can be applied.

133
MCQeasy

A service provider is designing a Layer 2 MPLS VPN to connect multiple customer sites. Which technology should be used to provide end-to-end Ethernet service with MAC address transparency and support for multiple customer VLANs?

A.MPLS Traffic Engineering (MPLS TE)
B.VPLS (Virtual Private LAN Service)
C.VPWS (Virtual Private Wire Service)
D.RSVP-TE signaling
AnswerB

VPLS provides multipoint Ethernet services with MAC address transparency and supports multiple VLANs via QinQ or VLAN mapping.

Why this answer

VPLS (Virtual Private LAN Service) is the correct choice because it emulates an Ethernet bridge across an MPLS core, providing MAC address transparency and supporting multiple customer VLANs through a multipoint-to-multipoint topology. Unlike point-to-point services, VPLS learns MAC addresses and forwards frames based on them, enabling end-to-end Ethernet service across distributed sites.

Exam trap

Cisco often tests the distinction between point-to-point (VPWS) and multipoint (VPLS) services, and candidates mistakenly choose VPWS when the question explicitly requires connecting multiple sites with MAC transparency.

How to eliminate wrong answers

Option A is wrong because MPLS Traffic Engineering (MPLS TE) is a mechanism for optimizing traffic paths based on bandwidth and constraints, not for providing Layer 2 Ethernet services with MAC transparency. Option C is wrong because VPWS (Virtual Private Wire Service) offers only point-to-point Ethernet connections, lacking the multipoint capability and MAC learning required for connecting multiple sites with VLAN transparency. Option D is wrong because RSVP-TE is a signaling protocol used for MPLS label distribution and traffic engineering, not a Layer 2 VPN service technology.

134
MCQmedium

A service provider is deploying segment routing in its MPLS core. Which label allocation method is used by segment routing to distribute prefix SIDs?

A.LDP
B.BGP
C.RSVP-TE
D.IGP (IS-IS or OSPF)
AnswerD

Segment routing encodes prefix SIDs in IGP updates.

Why this answer

Segment routing uses the IGP (IS-IS or OSPF) to distribute prefix SIDs. The IGP extensions for segment routing (RFC 8665 for OSPF, RFC 8667 for IS-IS) carry the prefix SID sub-TLV within the prefix reachability information, allowing each router to allocate and advertise the SID associated with a prefix. This is the native label allocation method for segment routing, as it leverages the existing IGP database without requiring a separate label distribution protocol.

Exam trap

Cisco often tests the misconception that segment routing requires a separate label distribution protocol like LDP or RSVP-TE, but the trap here is that segment routing uses the IGP itself to distribute prefix SIDs, making it a control-plane-less label distribution method.

How to eliminate wrong answers

Option A is wrong because LDP (Label Distribution Protocol) is a separate label distribution protocol used in traditional MPLS, but segment routing eliminates the need for LDP by encoding labels directly in the IGP. Option B is wrong because BGP is used for distributing VPN labels or inter-domain prefix SIDs (e.g., BGP-LU), but not for allocating prefix SIDs within a single IGP domain. Option C is wrong because RSVP-TE is a signaling protocol for traffic engineering that establishes explicit LSPs with resource reservations, whereas segment routing uses source-routed paths without signaling.

135
MCQeasy

An SP engineer configures a QoS policy on an IOS XR router to re-mark DSCP from AF11 to AF22 for traffic matching a specific ACL. The policy compiles successfully but traffic is not re-marked. What is a likely reason?

A.The ACL cannot match on DSCP values.
B.The ACL is applied to the wrong interface.
C.The interface does not have the 'qos' feature enabled, or the policy-map is not attached.
D.The policy is applied in the output direction; marking can only be done on ingress.
AnswerC

Even with policy-map compiled, without attaching it to the interface, no action occurs.

Why this answer

Option C is correct because on IOS XR routers, QoS policies require explicit feature enablement via the 'qos' command under the interface configuration, and the policy-map must be attached in the correct direction. Without the 'qos' feature enabled, the router will compile the policy but silently ignore it, resulting in no re-marking of DSCP from AF11 to AF22.

Exam trap

Cisco often tests the IOS XR-specific requirement to explicitly enable the 'qos' feature on an interface, which catches candidates accustomed to classic IOS where policy-map attachment alone enables QoS.

How to eliminate wrong answers

Option A is wrong because ACLs on IOS XR can match on DSCP values using the 'ip dscp' keyword within the access-list entries, so this is not a limitation. Option B is wrong because while applying the ACL to the wrong interface could cause traffic to not match, the question states the policy compiles successfully and traffic is not re-marked, implying the ACL is correctly placed but the QoS feature itself is not operational. Option D is wrong because marking can be performed on both ingress and egress directions in IOS XR; the statement that marking can only be done on ingress is incorrect, as egress marking is supported and commonly used.

136
MCQeasy

A network administrator is designing an MPLS TE tunnel for a service provider backbone. The goal is to provide bandwidth protection for voice traffic. Which MPLS TE feature should be configured?

A.Autoroute announce
B.Path-option
C.Fast Reroute (FRR)
D.Bandwidth protection
AnswerC

FRR provides backup LSPs to protect against link or node failures.

Why this answer

MPLS TE Fast Reroute (FRR) provides sub-50 ms protection against link or node failures by pre-computing and pre-signaling a backup tunnel that bypasses the protected element. This meets the requirement for bandwidth protection of voice traffic, which is sensitive to packet loss and delay during network convergence.

Exam trap

Cisco often tests the distinction between features that provide path selection (Path-option) or traffic steering (Autoroute announce) versus features that provide actual failure protection (FRR), leading candidates to confuse 'bandwidth protection' as a separate feature rather than a benefit of FRR.

How to eliminate wrong answers

Option A is wrong because Autoroute announce is used to automatically inject the TE tunnel's destination into the IGP routing table, enabling traffic to be routed into the tunnel without explicit static routes; it does not provide any failure protection. Option B is wrong because Path-option defines the explicit or dynamic path for the primary TE tunnel but does not create a backup path or offer fast failover. Option D is wrong because 'Bandwidth protection' is not a standalone MPLS TE feature; it is a capability provided by FRR (specifically link or node protection) and is not a configurable command or feature name in Cisco IOS XR or classic IOS.

137
MCQeasy

An engineer is configuring an MPLS Traffic Engineering tunnel using RSVP-TE. The tunnel is intended to carry voice traffic with strict delay requirements. Which RSVP-TE object should be used to enforce a maximum delay path?

A.Enable 'record-route' on the tunnel
B.Configure 'fast-reroute' protection
C.Specify an explicit-path (ERO) manually
D.Use the 'path-option' with 'metric delay' under the tunnel
AnswerD

This allows CSPF to use delay as the metric for path computation.

Why this answer

The 'path-option with metric delay' command instructs RSVP-TE to compute a path that minimizes cumulative delay rather than IGP cost or hop count. This directly enforces a maximum delay constraint for voice traffic by selecting the path with the lowest measured or configured delay metric across the MPLS network.

Exam trap

Cisco often tests the distinction between path selection tools (like metric types) and path recording or protection mechanisms, leading candidates to confuse 'record-route' or 'fast-reroute' with delay enforcement.

How to eliminate wrong answers

Option A is wrong because 'record-route' merely logs the actual path taken by the tunnel for troubleshooting or loop detection; it does not influence path selection or enforce delay constraints. Option B is wrong because 'fast-reroute' provides local protection against link or node failures by pre-signaling backup tunnels, but it does not impose a delay requirement on the primary path. Option C is wrong because manually specifying an explicit-path (ERO) forces a fixed sequence of hops, which may not be the lowest-delay path and requires static engineering; it does not dynamically enforce a delay metric.

138
MCQhard

A service provider is deploying EVPN-VPWS to replace legacy pseudowire connections for point-to-point Layer 2 services. They notice that MAC addresses learned from a CE device are not properly advertised to the remote PE. Which EVPN route type is responsible for advertising MAC address reachability information in a VPWS scenario?

A.Route Type 1 (Ethernet Auto-Discovery)
B.Route Type 2 (MAC/IP Advertisement)
C.Route Type 5 (IP Prefix)
D.Route Type 3 (Inclusive Multicast)
AnswerA

Ethernet AD routes include MAC address information for split-horizon.

Why this answer

Option A is correct because Route Type 1 (Ethernet Auto-Discovery) is used for VPWS per-EVI and per-ES AD routes, which include MAC mobility information. Route Type 2 is for MAC/IP advertisement, but in VPWS, MAC learning is not required typically; however, Route Type 1 carries the MAC address for split-horizon filtering. Option B (RT-2) is for MAC/IP but not the primary for VPWS.

Option C (RT-3) is for inclusive multicast. Option D (RT-5) is for IP prefix.

139
MCQhard

A service provider operates a large MPLS network with hundreds of PE routers. They have deployed QoS policies to ensure real-time traffic (voice and video) receives priority. The policy uses LLQ with a strict priority queue for voice (DSCP EF) and another for video (DSCP AF41). Each priority queue has a policer to prevent starvation of other classes. Recently, a customer reports that their video calls are experiencing jitter and packet loss. The engineer examines the PE router connected to this customer. The interface is GigabitEthernet0/0/1 with the policy applied in the output direction. Show commands indicate that the video priority queue is frequently dropping packets, while the voice queue has no drops. The police for the video queue is set to 10 Mbps. The customer's contract guarantees 20 Mbps for video traffic. However, the actual video traffic is averaging 15 Mbps with bursts to 18 Mbps. The engineer notes that the video class also has a bandwidth command of 10 Mbps under the priority statement. What is the most likely cause of the video packet loss?

A.The bandwidth command under priority is too low; increase it to 20 Mbps.
B.The video queue is using the wrong queue limit; increase the queue limit to accommodate bursts.
C.The video traffic is not being classified correctly; check the class-map match criteria.
D.The police rate for the video queue is too low; increase it to at least 20 Mbps.
AnswerD

The policer drops traffic exceeding 10 Mbps, causing loss for 15-18 Mbps traffic.

Why this answer

The video priority queue is dropping packets because the police rate (10 Mbps) is lower than the actual traffic rate (15 Mbps average, bursts to 18 Mbps). In LLQ, the priority queue uses a policer to enforce a maximum rate; traffic exceeding the police rate is dropped. The bandwidth command under priority only reserves bandwidth for the queue in the absence of congestion or for shaping purposes, but the policer is the active enforcement mechanism that causes drops.

Increasing the police rate to at least 20 Mbps aligns with the customer's guaranteed rate and prevents drops.

Exam trap

Cisco often tests the distinction between the bandwidth command (which reserves bandwidth for CBWFQ) and the policer rate (which enforces a hard limit on priority traffic), leading candidates to mistakenly think increasing bandwidth will solve the drops.

How to eliminate wrong answers

Option A is wrong because the bandwidth command under priority in LLQ does not directly limit the queue's throughput; it is used for CBWFQ bandwidth allocation and does not affect the policer's drop behavior. Option B is wrong because queue limit (tail-drop threshold) is not the cause; the drops are due to the policer exceeding its configured rate, not due to buffer exhaustion. Option C is wrong because the question states the video traffic is classified as DSCP AF41 and is being placed into the correct priority queue (drops are occurring in that queue), so classification is working correctly.

140
MCQeasy

A service provider is designing a new MPLS core network and wants to simplify traffic engineering without deploying a centralized controller. Which technology should be used to enable source-routed paths with explicit path control?

A.BGP-LU
B.LDP
C.RSVP-TE
D.Segment Routing (SR-MPLS)
AnswerD

SR-MPLS enables source routing with segment lists, supporting traffic engineering without a controller.

Why this answer

Segment Routing (SR-MPLS) allows source routing by encoding paths as a list of segment IDs, enabling traffic engineering without a centralized controller. LDP only distributes labels for shortest-path forwarding. BGP-LU is for inter-domain label distribution.

RSVP-TE requires a centralized controller.

141
Matchingmedium

Match each Ethernet OAM protocol to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Connectivity Fault Management for end-to-end Ethernet OAM

Performance monitoring including delay and loss measurement

Ethernet in the First Mile OAM for link-level monitoring

Link Aggregation Control Protocol for bundling links

Link Layer Discovery Protocol for neighbor discovery

Why these pairings

These are Ethernet OAM and management protocols used in service provider access.

142
MCQhard

A Cisco XR router is configured to stream telemetry via gRPC with TLS. The collector can connect but receives empty data. The telemetry configuration is as follows: sensor-group with 'openconfig-interfaces' paths. What is the likely cause?

A.The router's CPU is overloaded
B.The sensor-group path is not supported by the device
C.The collector does not support TLS
D.The telemetry interval is too short
E.The destination group is missing the 'encoding' configuration
AnswerB

An unsupported YANG path results in an empty subscription; the device may not implement openconfig-interfaces.

Why this answer

If the device does not support the 'openconfig-interfaces' YANG model, the sensor path returns no data, resulting in empty telemetry data. The collector connects successfully, so TLS is fine. Missing encoding would cause errors but not empty data.

CPU overload or short interval would still produce some data.

143
MCQeasy

Which protocol is typically used to distribute MPLS labels between directly connected LSRs?

A.LDP
B.RSVP
C.BGP
D.OSPF
AnswerA

LDP is specifically designed to distribute labels for MPLS forwarding.

Why this answer

LDP (Label Distribution Protocol) is the standard protocol used to distribute MPLS labels between directly connected LSRs (Label Switch Routers) in a non-traffic-engineered MPLS network. It operates by establishing LDP sessions over TCP (port 646) and exchanging label mappings for each FEC (Forwarding Equivalence Class) based on the underlying IGP routing table, enabling hop-by-hop label switching without requiring explicit path setup.

Exam trap

Cisco often tests the distinction between label distribution protocols (LDP) and routing protocols (OSPF, BGP) or signaling protocols (RSVP), trapping candidates who confuse the role of RSVP-TE for traffic engineering with the basic label distribution function of LDP.

How to eliminate wrong answers

Option B (RSVP) is wrong because RSVP is used for traffic engineering (RSVP-TE) to reserve bandwidth and establish explicit paths, not for basic label distribution between directly connected LSRs; it requires signaling of path and reservation messages and is more complex than LDP. Option C (BGP) is wrong because BGP distributes labels for VPN or inter-AS MPLS services (e.g., labeled unicast or VPNv4 routes) but does not handle label distribution for directly connected LSRs in the core; it relies on LDP or RSVP-TE for the underlying LSP. Option D (OSPF) is wrong because OSPF is an IGP that distributes routing information, not labels; while OSPF can carry opaque LSAs for traffic engineering (OSPF-TE), it does not perform label distribution itself.

144
Multi-Selecteasy

Which TWO actions are required to implement QoS trust boundaries correctly in a service provider network?

Select 2 answers
A.Configure classification at the edge
B.Enable auto QoS on all interfaces
C.Apply shaping at customer premises
D.Set trust to CoS on access ports
E.Use MPLS EXP bits for core marking
AnswersA, D

Classification marks packets at the edge, defining the trust boundary.

Why this answer

Option A is correct because trust should be set on access ports to accept marking from trusted sources. Option C is correct because classification must be performed at the network edge to enforce policy. Option B is incorrect because auto QoS is not a mandatory requirement.

Option D is incorrect because MPLS EXP bits are used for core marking, not trust boundary. Option E is incorrect because shaping is applied at customer premises, not related to trust boundary.

145
Multi-Selectmedium

Which THREE QoS mechanisms can be used for traffic policing?

Select 3 answers
A.dual-rate three-color
B.token bucket
C.single-rate two-color
D.WRED
E.shaping
AnswersA, B, C

This is another common policing implementation.

Why this answer

Traffic policing uses token bucket mechanisms to measure and enforce traffic rates. Dual-rate three-color (RFC 2698) uses two token buckets (CIR/PIR) to mark packets as green, yellow, or red, allowing separate policing of committed and peak rates. Single-rate two-color (RFC 2697) uses one token bucket to mark packets as either conforming (green) or exceeding (red).

Both are standard policing implementations.

Exam trap

Cisco often tests the distinction between policing and shaping, where candidates mistakenly select shaping as a policing mechanism because both control traffic rates, but shaping buffers while policing drops/re-marks.

146
Multi-Selecthard

A multicast service provider is designing an IPv4 PIM Sparse Mode (PIM-SM) network with multiple RPs. The network must support Anycast RP using MSDP. Which THREE statements are correct regarding this design?

Select 3 answers
A.Anycast RP allows multiple RPs to share the same IP address, providing redundancy and load balancing
B.Auto-RP must be used to distribute the RP information to all routers
C.MSDP peering is required between the anycast RP routers to exchange active source information
D.MSDP is only required if the network uses Source-Specific Multicast (SSM)
E.IGMPv3 is needed on the last-hop routers to support SSM if used together with Anycast RP
AnswersA, C, E

The same IP is configured as RP on multiple routers; MSDP ensures consistency.

Why this answer

Options A, C, and E are correct. Option A: MSDP is used to exchange active source information between anycast RPs. Option C: Anycast RP provides load balancing and redundancy automatically.

Option E: Source-specific multicast (SSM) can be used with PIM-SM and Anycast RP if IGMPv3 is supported. Option B is wrong: Anycast RP works with both static and dynamic RP assignments, but Auto-RP is not required. Option D is wrong: MSDP is not needed for SSM because SSM uses (S,G) channels and does not rely on an RP.

147
MCQeasy

What is the primary benefit of using model-driven telemetry over traditional SNMP polling for network assurance?

A.Provides real-time data streaming without polling overhead
B.Reduces the need for YANG models
C.Increases security by using SSH
D.Simplifies device configuration
AnswerA

Push-based telemetry eliminates polling.

Why this answer

Model-driven telemetry uses a push model where network devices continuously stream structured data (e.g., YANG-encoded) to a collector, eliminating the need for periodic SNMP polling. This provides real-time visibility with minimal CPU overhead on the device, as the device itself initiates the data export based on configured subscriptions, rather than responding to repeated GET requests.

Exam trap

Cisco often tests the misconception that model-driven telemetry is primarily about security or simplicity, when the core differentiator is the shift from pull-based (SNMP) to push-based (telemetry) data collection for real-time, low-overhead streaming.

How to eliminate wrong answers

Option B is wrong because model-driven telemetry actually relies on YANG models to define the data being streamed, so it increases, not reduces, the need for YANG models. Option C is wrong because while telemetry can use secure transports like gRPC over TLS or SSH (NETCONF), the primary benefit is not security; traditional SNMPv3 also provides encryption and authentication. Option D is wrong because model-driven telemetry does not simplify device configuration; it requires additional configuration for subscriptions, destinations, and encoding (e.g., GPB, JSON), which can be more complex than enabling SNMP.

148
MCQeasy

A network administrator is configuring a Cisco ASR 9000 router for MPLS L3VPN. The PE receives customer routes via eBGP from the CE. Which command is required to redistribute these routes into the VPNv4 BGP table on the PE?

A.Configure 'address-family ipv4 unicast' under the VRF configuration and then 'address-family vpnv4 unicast' under the BGP process.
B.Configure 'address-family ipv4 vrf CUSTOMER' under the BGP process and activate the neighbor.
C.Enter 'vrf CUSTOMER' in the BGP process and then 'address-family ipv4 unicast' under the VRF.
D.Enter 'redistribute bgp 100' under the VRF's OSPF or static route configuration.
AnswerA

The VRF address-family ipv4 unicast imports routes into the VRF, and the VPNv4 address-family enables VPNv4 BGP to carry these routes.

Why this answer

Option A is correct because in MPLS L3VPN, customer routes learned via eBGP from the CE must be placed into the VRF's IPv4 unicast table first, and then the 'address-family vpnv4 unicast' under BGP is required to redistribute those VRF routes into the VPNv4 BGP table, which carries the route with its route distinguisher (RD) and extended community. This two-step process ensures the PE can advertise the route as a VPNv4 prefix to other PEs via MP-BGP.

Exam trap

Cisco often tests the distinction between configuring BGP within a VRF (for CE-PE eBGP) and enabling the VPNv4 address family to propagate those routes across the MPLS core, leading candidates to mistakenly think that simply configuring 'address-family ipv4 vrf CUSTOMER' is sufficient for VPNv4 redistribution.

How to eliminate wrong answers

Option B is wrong because 'address-family ipv4 vrf CUSTOMER' under BGP is used to configure BGP peering within the VRF (e.g., for eBGP with the CE), but it does not automatically redistribute those routes into the VPNv4 address family; the VPNv4 address family must be explicitly configured and the VRF routes must be injected via network statements or redistribution. Option C is wrong because entering 'vrf CUSTOMER' in the BGP process and then 'address-family ipv4 unicast' under the VRF is not a valid BGP configuration; the VRF is defined globally, and BGP uses 'address-family ipv4 vrf CUSTOMER' to handle VRF-specific BGP sessions, not a nested 'address-family ipv4 unicast' under the VRF. Option D is wrong because 'redistribute bgp 100' under the VRF's OSPF or static route configuration would redistribute BGP routes into an IGP or static routes, not into the VPNv4 BGP table; the VPNv4 table is populated by MP-BGP, not by redistribution from an IGP.

149
MCQhard

During multicast troubleshooting, the command 'show ip mroute' shows that the RPF neighbor for a particular (S,G) entry is incorrect. What is the most likely cause?

A.The unicast routing table does not have a route back to the source.
B.The multicast routing protocol is not enabled globally.
C.TTL threshold is set too high on the incoming interface.
D.IGMP snooping is disabled on the switch.
AnswerA

RPF check uses unicast route towards source; missing or incorrect route leads to wrong RPF neighbor.

Why this answer

The RPF neighbor is determined by the unicast routing table towards the source. If the unicast route points to a different next-hop than the actual multicast path (e.g., due to asymmetric routing or incorrect unicast route), the RPF check fails and the multicast tree is not built correctly.

150
Multi-Selectmedium

Which TWO statements accurately describe the behavior of the QoS policy shown in the exhibit?

Select 2 answers
A.The policy shapes the total output traffic to 30 Mbps.
B.During congestion, video traffic is allocated 30% of the remaining bandwidth after voice is served.
C.Video traffic is placed in a strict priority queue.
D.The policy polices voice traffic to a maximum of 30% of the interface bandwidth.
E.Voice traffic is guaranteed to be sent before any other traffic.
AnswersB, E

Bandwidth remaining percent allocates a percentage of the available bandwidth after priority queues are serviced.

Why this answer

Option B is correct because the policy uses the 'bandwidth remaining percent' command under the video class, which allocates 30% of the remaining bandwidth after the voice class (which is in a strict priority queue) has been served. This is the standard behavior for class-based weighted fair queuing (CBWFQ) when a priority queue is present: the priority traffic is serviced first, and then the remaining bandwidth is distributed according to the 'bandwidth remaining percent' values assigned to the non-priority classes.

Exam trap

Cisco often tests the distinction between 'bandwidth' (which allocates a guaranteed minimum during congestion) and 'bandwidth remaining percent' (which allocates a percentage of leftover bandwidth after priority queues), and candidates frequently confuse 'police' with 'shape' or misinterpret a fixed police rate as a percentage of interface bandwidth.

Page 1

Page 2 of 7

Page 3

All pages