Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 151225

500 questions total · 7pages · All types, answers revealed

Page 2

Page 3 of 7

Page 4
151
MCQhard

Refer to the exhibit. An engineer is troubleshooting an MPLS LDP session between two routers. The output shows that the LDP session is operational. However, MPLS labels are not being exchanged. What is the most likely cause?

A.The peer's addresses are not bound to the LDP Ident.
B.The TCP connection is not using port 646.
C.The LDP label advertisement mode is 'downstream on demand'.
D.The LDP session is not established.
AnswerC

In this mode, labels are only sent on request; if the peer expects unsolicited, labels may not be exchanged.

Why this answer

The exhibit shows that the LDP session is operational (state = Operational), but no labels are being exchanged. In 'downstream on demand' mode, a router does not advertise labels unless explicitly requested by an upstream neighbor via a Label Request message. Since the session is up but no labels are exchanged, this mismatch in label advertisement mode is the most likely cause.

Exam trap

The trap here is that candidates see the LDP session is 'Operational' and assume label exchange must be working, but Cisco tests the subtle distinction that session state and label advertisement are independent processes.

How to eliminate wrong answers

Option A is wrong because the LDP Ident is used to identify the label space and is bound to the router ID; the peer's addresses not being bound would prevent session establishment, not just label exchange. Option B is wrong because LDP uses TCP port 646 by default; if the TCP connection were not using port 646, the session would not be established at all. Option D is wrong because the output explicitly states the LDP session is operational, meaning it is established.

152
MCQeasy

A network engineer is troubleshooting an OSPF issue in a service provider network. The network uses OSPFv2 with multiple areas. Routers in area 0 are able to ping each other, but routers in area 1 cannot reach routers in area 2. All routers are OSPF-enabled and have correct network type configurations. What is the most likely cause?

A.Missing or misconfigured ABRs between area 1 and area 0, or area 2 and area 0
B.Mismatched OSPF area IDs on routers in area 1 and area 2
C.Lack of BGP peering between ABRs
D.OSPF network type mismatch preventing adjacency formation
AnswerA

Inter-area routing must go through area 0; without proper ABRs, areas cannot exchange routes.

Why this answer

In OSPFv2, inter-area communication must traverse area 0 (the backbone). Routers in area 1 and area 2 can only reach each other if Area Border Routers (ABRs) exist between each non-backbone area and area 0, and those ABRs are correctly configured and have full adjacencies. Since area 0 routers can ping each other but area 1 and area 2 cannot, the most likely cause is a missing or misconfigured ABR on either side, preventing the exchange of Type 3 summary LSAs between the areas.

Exam trap

Cisco often tests the misconception that OSPF areas can communicate directly without the backbone, leading candidates to overlook the mandatory role of ABRs and area 0 in inter-area routing.

How to eliminate wrong answers

Option B is wrong because mismatched OSPF area IDs on routers within area 1 and area 2 would prevent them from forming adjacencies with each other, but the issue is about inter-area reachability, not intra-area connectivity; area IDs are locally significant per interface and do not need to match across different areas. Option C is wrong because BGP peering between ABRs is not required for OSPF inter-area routing; OSPF uses its own LSAs (Type 3) to propagate routes between areas, and BGP is a separate routing protocol typically used for external route exchange, not for OSPF inter-area connectivity. Option D is wrong because the question explicitly states that all routers have correct network type configurations, and a network type mismatch would prevent adjacency formation locally, not specifically cause a failure only between area 1 and area 2 while area 0 remains functional.

153
MCQeasy

A service provider is implementing QoS on a PE router for customer traffic. Which tool should be used to classify traffic based on application layer information?

A.Access-list
B.MQC with NBAR
C.Shaping
D.Policy-map with police
AnswerB

Correct. NBAR can classify traffic based on application signatures.

Why this answer

NBAR (Network-Based Application Recognition) is a deep packet inspection (DPI) engine within the Modular QoS CLI (MQC) that can identify applications by inspecting payloads up to Layer 7. This allows classification of traffic based on application-layer information such as HTTP, DNS, or proprietary protocols, which is exactly what the question requires.

Exam trap

Cisco often tests the distinction between classification tools (NBAR, ACLs) and QoS actions (shaping, policing), so the trap here is that candidates confuse a QoS action (like shaping or policing) with the classification mechanism itself.

How to eliminate wrong answers

Option A is wrong because an access-list (ACL) classifies traffic based on Layer 3/4 fields (IP addresses, ports, protocol numbers) and cannot inspect application-layer payloads. Option C is wrong because shaping is a QoS action that delays excess traffic to smooth output, not a classification tool. Option D is wrong because a policy-map with police is a QoS action (policing) that drops or marks traffic based on a pre-classified rate, not a method to classify traffic by application layer.

154
MCQhard

Refer to the exhibit. What is the significance of the entry with 'Pop Label'?

A.It indicates a merge operation
B.It indicates the penultimate hop popping (PHP)
C.It indicates the label is removed at this router
D.It indicates an error
AnswerB

PHP removes the label before sending to the egress.

Why this answer

The 'Pop Label' in the outgoing label column indicates that the router will pop the top label before forwarding (penultimate hop popping, PHP). This is typical for PHP in MPLS.

155
MCQhard

Refer to the exhibit. A PE router in an MPLS L3VPN network shows the above output. The VRF CUSTOMER contains two routes. Which statement about forwarding for these routes is true?

A.Both routes are reachable via MPLS.
B.Traffic to 10.1.1.0/24 will be label-switched with an implicit null label.
C.Traffic to 10.2.2.0/24 will be forwarded using the BGP next hop label.
D.Traffic to 10.2.2.0/24 will be forwarded using IP routing.
AnswerB

'Pop' means implicit-null label (label 3), which is popped by the penultimate hop.

Why this answer

The output shows that for the VRF CUSTOMER, the route to 10.1.1.0/24 has a next hop of 192.168.1.2 and is associated with label 3 (implicit null). In MPLS L3VPN, label 3 instructs the upstream router to pop the MPLS label and forward the packet using IP routing to the directly connected next hop. Therefore, traffic to 10.1.1.0/24 will be label-switched with an implicit null label, meaning the label is removed before forwarding to the CE router.

Exam trap

Cisco often tests the distinction between implicit null (label 3) and explicit null (label 0), and the trap here is that candidates assume any route with a label in the VRF table is fully MPLS-switched end-to-end, not realizing that label 3 means the label is popped before the final hop.

How to eliminate wrong answers

Option A is wrong because not both routes are reachable via MPLS; the route to 10.1.1.0/24 uses implicit null (label 3), which means the MPLS label is popped before forwarding, so the packet is not MPLS-switched on the final hop. Option C is wrong because traffic to 10.2.2.0/24 will be forwarded using the BGP next hop label (label 16000), not an implicit null label; the output shows label 16000 for that route. Option D is wrong because traffic to 10.2.2.0/24 will be forwarded using MPLS label switching (label 16000), not IP routing, as indicated by the presence of a non-null label in the VRF table.

156
Multi-Selecthard

When configuring EVPN VPWS, which TWO parameters must match between the two endpoints of the pseudowire?

Select 2 answers
A.EVI (Ethernet VPN Instance)
B.Route-target
C.ESI (Ethernet Segment Identifier)
D.VLAN ID of the attachment circuit
E.IMET group address
AnswersA, C

The EVI must be identical on both PEs to associate the pseudowire with the same EVPN instance.

Why this answer

Options A and B are correct. EVI and ESI must match to form a pseudowire. Option C (IMET) is used for multicast but not for VPWS.

Option D is not required to match; VLAN IDs can differ. Option E (route-target) is used for route import/export but not mandatory for VPWS endpoint matching.

157
MCQhard

Refer to the exhibit. An operator configures an SR-TE policy on a headend router. Which statement is true about the traffic steered into this policy?

A.The segment-list consists of adjacency-SIDs
B.The path is automatically computed using CSPF based on IGP metrics
C.Traffic is forwarded using MPLS LDP labels
D.The headend will impose a label stack containing labels 16000, 16001, and 16002
AnswerD

Explicit segment-lists define the ordered list of labels.

Why this answer

The correct answer is D because the SR-TE policy uses a segment-list with three labels (16000, 16001, 16002), which are MPLS labels assigned to prefix-SIDs for specific nodes. The headend imposes this label stack to steer traffic along the explicit path defined by the segment-list, ensuring strict source routing without relying on dynamic CSPF computation or LDP.

Exam trap

Cisco often tests the distinction between explicit segment-lists (which require manual label configuration) and dynamic path computation (CSPF), leading candidates to mistakenly assume CSPF is always used in SR-TE policies.

How to eliminate wrong answers

Option A is wrong because the segment-list consists of prefix-SIDs (labels 16000, 16001, 16002), not adjacency-SIDs; adjacency-SIDs are typically local and used for link-level forwarding, not for node-to-node path segments. Option B is wrong because the path is explicitly defined by the segment-list, not automatically computed using CSPF; SR-TE policies can use explicit paths or dynamic paths, but the exhibit shows an explicit segment-list. Option C is wrong because traffic is forwarded using MPLS labels from the segment-list (prefix-SIDs), not LDP labels; SR-TE uses segment routing labels, and LDP is not involved unless interworking is configured.

158
MCQmedium

A large enterprise recently implemented centralized QoS policies using Cisco DNA Center. The policies are pushed via RESTCONF to the branch routers. After the deployment, the branch office reports that critical business applications (like ERP) are being delayed. The network team verifies that the QoS policy is applied correctly on the WAN interface (Serial0/0/0) with a shape of 10 Mbps. The policy-map has a class for 'critical-data' with bandwidth 5 Mbps and another class for 'transactional-data' with bandwidth 3 Mbps. The remaining traffic is in class-default with fair-queue. The branch router's CPU utilization is normal. The interface output shows that the queue for critical-data is rarely full, but packets are experiencing high latency. The engineer pings from the branch server to the central site and sees 200 ms RTT normally, but up to 500 ms during peak hours. What is the most likely cause of the high latency for critical-data?

A.The shape rate is too low; increase it to match the access link speed (e.g., 20 Mbps).
B.The critical-data class needs a priority command to reduce latency.
C.The queue-limit for critical-data is too high; reduce it to force early drops.
D.The bandwidth command in critical-data should be increased above 5 Mbps.
AnswerA

If shaped to 10 Mbps but the actual link is faster, traffic buffers, increasing latency. Increasing shape rate reduces buffering.

Why this answer

The correct answer is A because the shape rate of 10 Mbps is the bottleneck. Even though the critical-data class has a bandwidth guarantee of 5 Mbps, the overall interface is shaped to 10 Mbps. During peak hours, when the sum of all traffic (critical, transactional, and default) exceeds 10 Mbps, packets are queued at the shaper.

This queueing introduces additional delay (up to 500 ms) for all classes, including critical-data, because the shaper enforces a single token bucket for the entire interface. Increasing the shape rate to match the actual access link speed (e.g., 20 Mbps) would reduce the queuing delay by allowing more traffic to be transmitted immediately.

Exam trap

Cisco often tests the distinction between shaping and policing, and the trap here is that candidates assume the bandwidth command inside a class provides low latency, when in fact a shaper at the interface level introduces queuing delay for all traffic, regardless of class-level guarantees.

How to eliminate wrong answers

Option B is wrong because the priority command is used for low-latency queuing (LLQ) to provide strict priority for voice or video, but the question states that the critical-data queue is rarely full and the issue is overall queuing delay caused by the shaper, not a lack of priority. Option C is wrong because reducing the queue-limit would cause tail drops, which would increase packet loss, not reduce latency; the problem is excessive buffering delay, not a full queue. Option D is wrong because increasing the bandwidth for critical-data would not solve the root cause—the shaper at 10 Mbps is the bottleneck; even with more bandwidth allocation, the shaper still queues all traffic when the aggregate exceeds 10 Mbps, so latency would remain high.

159
MCQeasy

A network engineer is troubleshooting an MPLS TE tunnel that is not coming up. The tunnel is configured with a strict explicit path, and the path includes an interface that is currently down. Which action should the engineer take to allow the tunnel to use an alternative path?

A.Increase the path-option preference value.
B.Disable path protection on the tunnel.
C.Change the explicit path to 'loose' for the down interface.
D.Configure an affinity constraint to exclude the down interface.
AnswerC

Loose hops allow the tunnel to traverse other interfaces.

Why this answer

Option C is correct because changing the explicit path from 'strict' to 'loose' for the down interface allows the MPLS TE tunnel to use an alternative next-hop that is reachable, even if the specified interface is down. A strict explicit path requires every hop to be directly connected, so a down interface prevents the tunnel from coming up. By making the hop loose, the router can route around the failed link using the IGP's best path to the next specified node.

Exam trap

Cisco often tests the distinction between strict and loose explicit paths, where candidates mistakenly think that adjusting path preference or adding constraints can override a strict hop that is down, rather than recognizing that only changing the hop type to loose allows the router to dynamically route around the failure.

How to eliminate wrong answers

Option A is wrong because increasing the path-option preference value only changes the order in which path options are tried; it does not bypass a down interface in a strict explicit path. Option B is wrong because disabling path protection removes the ability to use a backup tunnel or fast reroute, but does not resolve the issue of a strict explicit path requiring a down interface. Option D is wrong because configuring an affinity constraint to exclude the down interface would require the tunnel to avoid that interface, but the explicit path still mandates it as a strict hop, so the constraint cannot override the explicit path definition.

160
Matchingmedium

Match each Segment Routing component to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Segment Identifier, an instruction in the SR header

Segment Routing Global Block of label values

Segment Routing over MPLS data plane

Topology-Independent Loop-Free Alternate for fast reroute

Path Computation Element Protocol for SR path computation

Why these pairings

These are key elements of Segment Routing in service provider networks.

161
Multi-Selecteasy

Which two statements about MPLS label operations are true? (Choose two.)

Select 2 answers
A.Push operation can only add one label at a time.
B.Pop operation can remove multiple labels at once.
C.Push operation adds a label to the packet.
D.Swap operation removes and replaces two labels.
E.Pop operation removes the top label and may be triggered by implicit-null.
AnswersC, E

Push adds an MPLS header.

Why this answer

A correct: push is adding a label. B correct: pop is removing exactly one label, and PHP uses implicit-null. C wrong: swap replaces label.

D wrong: push adds one or more. E wrong: pop removes exactly one, not multiple at once (except in PHP).

162
MCQhard

A network architect is designing a Segment Routing (SR) network for a service provider with a requirement for fast convergence upon node failure. The network uses IS-IS as the IGP with segment routing extensions. Which design choice BEST ensures that the network can achieve sub-50ms convergence without relying on any signaling protocol beyond the IGP?

A.Deploy BFD with static routes for fast detection
B.Configure RSVP-TE with Fast Reroute on all label-switched paths
C.Enable TI-LFA (Topology Independent Loop-Free Alternate) on all ISIS interfaces
D.Use LDP with LDP FRR and path protection
AnswerC

TI-LFA provides fast reroute without additional protocols, using SR-MPLS data plane.

Why this answer

Option A is correct because TI-LFA (Topology Independent Loop-Free Alternate) calculates backup paths based solely on IGP and does not require additional signaling. Option B is wrong because RSVP-TE requires TE tunnels and signaling. Option C is wrong because LDP is a separate signaling protocol.

Option D is wrong because BFD can be used for fast detection but does not provide a backup path itself; it must be combined with a protection mechanism.

163
MCQhard

A service provider is using LISP to provide host mobility. Which LISP component is responsible for storing the mapping of EID to RLOC?

A.Map-Server
B.Altitude
C.Tunnel Router
D.Map-Resolver
AnswerA

Correct. The Map-Server maintains the mapping database for the LISP site.

Why this answer

In LISP (RFC 6830), the Map-Server (MS) is the central repository that stores the mapping of Endpoint Identifiers (EIDs) to Routing Locators (RLOCs). When an Ingress Tunnel Router (ITR) needs to forward traffic to a destination EID, it queries the Map-Resolver, which in turn contacts the Map-Server to retrieve the authoritative mapping. The Map-Server also accepts registration from Egress Tunnel Routers (ETRs) on behalf of their EID prefixes, making it the definitive source for EID-to-RLOC bindings.

Exam trap

Cisco often tests the distinction between the Map-Server (which stores the mapping) and the Map-Resolver (which only proxies requests), so the trap here is confusing the resolver's forwarding role with the server's storage role, leading candidates to incorrectly select Map-Resolver.

How to eliminate wrong answers

Option B (Altitude) is wrong because Altitude is not a LISP component; it is a proprietary Cisco technology for traffic engineering and path selection, unrelated to EID-to-RLOC mapping storage. Option C (Tunnel Router) is wrong because Tunnel Routers (ITR/ETR) perform encapsulation/decapsulation and may cache mappings, but they do not store the authoritative mapping database—that is the Map-Server's role. Option D (Map-Resolver) is wrong because the Map-Resolver handles incoming map-requests from ITRs and forwards them to the Map-Server; it does not store mappings itself, acting only as a proxy.

164
MCQmedium

In an IS-IS segment routing network, after the global 'segment-routing mpls' configuration, which IS-IS configuration is mandatory for label allocation?

A.mpls label protocol sr
B.segment-routing mpls under router isis
C.prefix-sid under the loopback interface
D.is-type level-1-2
AnswerB

This command is required to enable segment routing label allocation within the IS-IS process.

Why this answer

Option C is correct because the 'segment-routing mpls' command must be enabled under the IS-IS router configuration to activate label allocation for segment routing. Option A is wrong because 'mpls label protocol sr' is not an IS-IS command; it is a global command. Option B is wrong because IS type does not affect segment routing directly.

Option D is wrong because prefix-SID under the interface is for specific prefix assignments, not for enabling label allocation globally.

165
Multi-Selecteasy

Which two statements about MPLS Layer 3 VPN route target (RT) communities are correct?

Select 1 answer
A.RTs must be manually configured on every PE router for each VRF.
B.RTs are used to prevent routing loops within the MPLS VPN network.
C.RTs are used to determine the next-hop IP address for VPN prefixes.
D.RTs control the import and export of routes between VRFs on PE routers.
E.RTs are carried in the IP header to enable per-VPN forwarding.
AnswersD

Correct: RTs determine which routes are imported into or exported from a VRF.

Why this answer

Route targets are used to import and export VPN routes between VRFs, and they are encoded as extended community attributes in BGP updates. Option B is incorrect because RTs do not directly determine the next hop; that is done by the BGP next-hop attribute. Option C is incorrect because RTs are not used for loop prevention (that is the role of the route distinguisher and AS-override).

Option D is incorrect because RTs are not required to be manually configured if auto-RT is used. Option E is incorrect because RTs are not carried in IP headers; they are part of BGP VPNv4 updates.

166
MCQhard

Refer to the exhibit. CE1 is unable to ping the loopback of a remote CE. Which configuration change is required on PE1 to enable communication?

A.Add `send-community extended` to the VRF BGP neighbor
B.Apply the VRF to the interface facing CE and ensure BGP VRF neighbor is activated
C.Change the VPNv4 neighbor to point to 192.168.1.2
D.Set the CE neighbor remote-as to 65000
AnswerB

Missing `ip vrf forwarding CUSTOMER` on interface and `neighbor 192.168.1.2 activate` under address-family ipv4 vrf CUSTOMER.

Why this answer

Option D is correct because the VRF CUSTOMER is defined but the VRF is not applied to any interface; also the BGP VRF configuration lacks the `neighbor ... activate` under address-family ipv4 vrf. Option A is wrong because send-community already enabled. Option B is wrong because the VPNv4 neighbor is correct.

Option C is wrong because the CE neighbor remote-as is correct.

167
MCQeasy

Refer to the exhibit. The show command output displays the LDP neighbor state. What does the 'Downstream' label mode indicate about label distribution?

A.Labels are sent only to the peer that advertises the prefix.
B.Labels are only distributed when explicitly requested.
C.The neighbor must request labels via a Label Request message.
D.Labels are advertised to all neighbors without a request.
AnswerD

Downstream mode means unsolicited label advertisement.

Why this answer

Downstream label mode means the router advertises labels to its neighbors without being asked. Option A is incorrect because downstream-on-demand sends labels only when requested. Option C is incorrect because unsolicited downstream is the same as downstream.

Option D is incorrect because DoD is not shown.

168
Multi-Selectmedium

Which TWO statements about model-driven telemetry compared to SNMP are correct? (Choose two.)

Select 2 answers
A.Model-driven telemetry uses UDP for transport by default.
B.Model-driven telemetry can stream data at sub-second intervals.
C.Model-driven telemetry uses a push model while SNMP primarily uses a pull model.
D.Model-driven telemetry only sends data on change (event-driven).
E.Model-driven telemetry uses MIBs to define data structures.
AnswersB, C

Correct: Telemetry supports high-frequency streaming.

Why this answer

Model-driven telemetry (MDT) uses a push model where the network device streams structured data (e.g., YANG-modeled) to a collector, enabling sub-second intervals for real-time monitoring. This contrasts with SNMP's pull model, where the manager polls the device at intervals limited by CPU and network overhead, making sub-second polling impractical.

Exam trap

Cisco often tests the misconception that model-driven telemetry is purely event-driven, but it supports periodic streaming as a primary mode, and candidates confuse the transport protocol (UDP vs. TCP) because SNMP uses UDP by default.

169
MCQeasy

What is the purpose of the 'mpls ldp autoconfig' command on an interface?

A.Enable MPLS forwarding
B.Enable LDP on all interfaces
C.Disable LDP on the interface
D.Automatically configure LDP on the interface
AnswerD

This command enables LDP automatically on the interface.

Why this answer

The 'mpls ldp autoconfig' command enables LDP on the interface automatically when MPLS is configured globally. It does not enable on all interfaces, nor disable LDP or enable MPLS forwarding.

170
Multi-Selecteasy

Which THREE of the following are required for successful operation of OSPFv3 in an IPv6 service provider network?

Select 3 answers
A.Interface activation with 'ipv6 ospf <process> area <area>'
B.OSPFv3 process configuration with router-id
C.IPv6 unicast routing enabled globally
D.OSPFv3 authentication configured
E.OSPFv3 LSA type 9 for link-local addresses
AnswersA, B, C

Each interface must be explicitly activated for OSPFv3.

Why this answer

Option A is correct because OSPFv3 requires interface-level activation using the 'ipv6 ospf <process> area <area>' command to enable the OSPFv3 process on a specific interface and associate it with an area. Without this, the interface will not participate in OSPFv3 neighbor discovery or routing updates, even if the process is configured globally.

Exam trap

Cisco often tests the misconception that OSPFv3 authentication is mandatory, but it is optional and uses IPsec AH/ESP headers, not the simple authentication mechanisms of OSPFv2.

171
MCQmedium

A service provider uses RESTCONF to automate interface configuration. They need to add a new IPv4 address to an existing interface. Which HTTP method and URI should be used?

A.DELETE /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1
B.PATCH /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4/address
C.POST /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4
D.PUT /restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet0/1/ietf-ip:ipv4/address
AnswerB

PATCH merges the new address into the list.

Why this answer

Option B is correct because PATCH is the appropriate HTTP method for a partial update to an existing resource, and the URI targets the IPv4 address list under the specific interface. This allows adding a new IPv4 address without replacing the entire interface configuration, which aligns with RESTCONF's support for partial resource modification as defined in RFC 8040.

Exam trap

Cisco often tests the difference between PATCH (partial update) and PUT (full replacement), where candidates mistakenly choose PUT thinking it 'updates' the resource, but it actually replaces the entire list.

How to eliminate wrong answers

Option A is wrong because DELETE removes the entire interface resource, not adds an address. Option C is wrong because POST is used to create a new data resource (e.g., a new interface), not to add an address to an existing list; the URI also points to the ipv4 container, not the address list. Option D is wrong because PUT replaces the entire address list resource with the payload, which would overwrite any existing addresses instead of adding a new one.

172
MCQhard

In an MPLS L3VPN network with route reflectors, what is the default behavior regarding the BGP next-hop attribute for reflected VPNv4 routes?

A.It sets the next-hop to 0.0.0.0.
B.It removes the next-hop attribute.
C.It sets the next-hop to the route reflector's loopback.
D.It leaves the next-hop unchanged from the originating PE.
AnswerD

Route reflectors preserve the next-hop attribute.

Why this answer

Route reflectors do not modify the next-hop attribute by default; it remains the originating PE's loopback.

173
MCQmedium

In a carrier network using VRF-lite for customer isolation, which issue arises if route-target values are not correctly configured?

A.Customer routes are not installed in the global table.
B.BGP sessions between PEs flap.
C.The PE-CE routing protocol fails.
D.Customer routes leak into other VRFs.
AnswerD

Mismatched route-targets can cause unintended import/export, leading to route leakage between VRFs.

Why this answer

Option B is correct because incorrect route-target configuration can cause routes from one VRF to be imported into another VRF, leading to route leakage. Option A is wrong because routes would still be installed in the VRF, but they might leak. Option C is wrong because PE-CE routing protocols are independent of route-target.

Option D is wrong because BGP sessions between PEs are not directly affected by VRF route-targets.

174
Multi-Selecthard

Which TWO statements about Cisco NSO (Network Services Orchestrator) are true? (Choose two.)

Select 2 answers
A.NSO automatically generates Python scripts for device configuration.
B.NSO provides northbound APIs using NETCONF and RESTCONF.
C.NSO eliminates the need for SNMP in network management.
D.NSO only supports CLI-based device management.
E.NSO uses YANG models to define service parameters.
AnswersB, E

NSO exposes NETCONF and RESTCONF northbound.

Why this answer

NSO provides northbound APIs using NETCONF and RESTCONF, enabling integration with higher-level orchestration and management systems. These standard protocols allow external systems to interact with NSO for service lifecycle management, configuration, and operational data retrieval, making B correct.

Exam trap

Cisco often tests the misconception that NSO only supports CLI-based management or that it eliminates SNMP entirely, when in fact NSO is protocol-agnostic and can leverage multiple southbound protocols including NETCONF, CLI, and SNMP for different device types.

175
MCQeasy

Which MPLS label is used to identify the egress PE in a Layer 3 MPLS VPN?

A.Transport label
B.VPN label
C.LDP label
D.IGP label
AnswerB

The VPN label is used by the egress PE to identify the correct VRF.

Why this answer

The VPN label is allocated by the egress PE and carried in MP-BGP updates to identify the egress PE. The transport label is for LSP, IGP label is not a standard term, and LDP label is for LDP.

176
MCQmedium

In a multicast environment, a PE router is not receiving multicast traffic from a source behind a CE. The PIM neighbors are established. The RP is reachable. What is the most likely issue?

A.The CE is not sending IGMP joins
B.The source address is not in the VRF
C.The PE does not have the multicast VRF enabled
D.The RP is not configured in the VRF
AnswerC

Without multicast VRF, the PE cannot forward multicast traffic in the VRF.

Why this answer

For MVPN, the PE must have multicast VRF (MVRF) enabled to forward multicast traffic. Without it, traffic is not accepted. Option A: IGMP joins are sent by hosts, not CE; Option C: source address in VRF is handled by MVRF; Option D: RP is configured per VRF, but if reachable, it's likely configured.

So B is correct.

177
MCQeasy

A service provider wants to provide Layer 3 VPN services to customers using MPLS. Which technology is used to distribute VPNv4 routes between PE routers?

A.MP-BGP
B.IS-IS
C.OSPF
D.EIGRP
AnswerA

MP-BGP is the correct protocol for distributing VPNv4 routes.

Why this answer

MP-BGP is used to carry VPNv4 routes between PE routers. OSPF, EIGRP, and IS-IS are IGPs and do not carry VPNv4 routes.

178
Multi-Selecthard

Which three are benefits of using MPLS Layer 3 VPNs over traditional VPNs? (Choose three.)

Select 3 answers
A.Scalability
B.Support for multiple services
C.Lower cost
D.Reduced security
E.Simplified routing
AnswersA, B, E

MPLS L3VPNs can scale to thousands of VPNs.

Why this answer

MPLS L3VPNs offer scalability, simplified customer routing (no customer IGP), and support for multiple services (multicast, QoS). Cost is not necessarily lower, and security is not reduced.

179
MCQeasy

Based on the exhibit, which label operation will occur when a packet destined to 10.2.2.1 enters PE1 with label 17?

A.Forward with no label (Untagged)
B.Pop the label and forward as IP
C.Push label 17 onto the packet
D.Swap label 17 to label 18
AnswerD

The forwarding table shows outgoing label 18 for this prefix.

Why this answer

The correct answer is D because the exhibit shows an MPLS VPN scenario where PE1 receives a labeled packet destined for 10.2.2.1. The incoming label 17 corresponds to the VPNv4 route for 10.2.2.1/32, and the LFIB on PE1 indicates a swap operation to label 18, which is the transport label used to forward the packet across the MPLS core toward the next-hop PE.

Exam trap

Cisco often tests the distinction between label operations (push, swap, pop) in MPLS VPN scenarios, and the trap here is that candidates mistakenly think the incoming label is a VPN label that must be popped or pushed, rather than recognizing that the LFIB dictates a swap when the packet is transiting the MPLS core.

How to eliminate wrong answers

Option A is wrong because the packet arrives with an MPLS label (17), and in an MPLS VPN, the ingress PE must forward the packet with a label stack, not as an untagged packet. Option B is wrong because popping the label and forwarding as IP would only occur at the penultimate hop (PHP) or if the packet were destined to the PE itself, but here the destination is a remote VPN prefix. Option C is wrong because pushing label 17 would imply the packet arrived unlabeled, but the question states the packet enters with label 17 already present; pushing a new label 17 would be incorrect as the operation is a swap, not a push.

180
MCQhard

An SP router is configured with a hierarchical QoS policy (parent policy shaper, child policy with CBWFQ). When applying this policy to an interface, the router reports 'Policy map not found' error. What is the most likely cause?

A.The interface speed is not configured.
B.The interface is not part of a bridge domain.
C.The child policy-map specified in the parent's 'service-policy' command does not exist.
D.The shape average command in the parent policy uses an unsupported value.
AnswerC

The child policy must exist before applying the parent.

Why this answer

The 'Policy map not found' error occurs when the parent policy-map references a child policy-map via the 'service-policy' command, but that child policy-map does not exist in the router's configuration. Hierarchical QoS requires both the parent and child policy-maps to be created and correctly named; a missing child policy-map prevents the router from applying the nested policy.

Exam trap

Cisco often tests the distinction between configuration errors (e.g., missing policy-map) and operational errors (e.g., unsupported values), leading candidates to overthink interface or shaping parameters when the actual issue is a simple missing object.

How to eliminate wrong answers

Option A is wrong because the interface speed does not need to be explicitly configured for a hierarchical QoS policy to be applied; the router can auto-negotiate or use default speed settings, and a missing speed configuration would not cause a 'Policy map not found' error. Option B is wrong because bridge domains are relevant to Layer 2 VPN or EVPN configurations, not to the existence of a policy-map; the error is purely about a missing policy-map object, not about the interface's Layer 2 membership. Option D is wrong because an unsupported shape average value would cause a configuration rejection or a different error (e.g., 'Invalid shape rate'), not a 'Policy map not found' error; the error message explicitly indicates the child policy-map is missing.

181
MCQeasy

A service provider is deploying Segment Routing in the MPLS core using IS-IS. Which extension is required in IS-IS to advertise the prefix-SID?

A.TLV 22 (Extended IS Reachability)
B.TLV 242 (Router Capability)
C.Sub-TLV 3 (Prefix-SID)
D.TLV 135 (Extended IP Reachability)
AnswerC

Sub-TLV 3 is used within TLV 135 or 242 to carry prefix-SID.

Why this answer

In IS-IS, the Prefix-SID is advertised using Sub-TLV 3, which is carried within TLV 135 (Extended IP Reachability). This sub-TLV contains the SID value and flags, enabling Segment Routing in the MPLS core. Without Sub-TLV 3, the prefix-SID cannot be signaled, making it the required extension.

Exam trap

Cisco often tests the distinction between the TLV that carries the prefix (TLV 135) and the sub-TLV that carries the SID (Sub-TLV 3), leading candidates to incorrectly select TLV 135 as the answer.

How to eliminate wrong answers

Option A is wrong because TLV 22 (Extended IS Reachability) is used to advertise IS-IS neighbor information and link attributes, not prefix-SIDs. Option B is wrong because TLV 242 (Router Capability) is used to advertise router capabilities such as SRGB or node-SID, but it does not carry prefix-SIDs. Option D is wrong because TLV 135 (Extended IP Reachability) carries the prefix itself, but the prefix-SID is advertised via Sub-TLV 3 within TLV 135, not by TLV 135 alone.

182
MCQhard

A large service provider operates a national MPLS backbone with over 200 P routers and 500 PE routers. They use IS-IS as the IGP with segment routing and have deployed TI-LFA for link and node protection. Recently, a core router (P1) suffered a complete failure, and during the failure, traffic for some prefixes was dropped for over 200ms. After the failure, the network recovered within seconds. The engineer suspects that TI-LFA did not provide the expected sub-50ms protection for some destinations. Further analysis reveals that the affected prefixes have their BGP next-hop on a router that is multiple hops away, and the P1 failure impacted both the primary path and the backup path computed by TI-LFA. The engineer reviews the TI-LFA configuration and finds that 'fast-reroute per-prefix ti-lfa' is enabled under router isis. The engineer also notes that P1 was not a protecting node for those prefixes. Which action should the engineer take to improve convergence time for these prefixes?

A.Configure TI-LFA on all interfaces using 'fast-reroute per-prefix ti-lfa interface'
B.Add the 'sr-protect' option under the fast-reroute configuration to enable node protection
C.Reduce the IGP timers and enable incremental SPF to accelerate convergence
D.Deploy LDP as a fallback label distribution protocol to provide additional backup paths
AnswerB

The 'sr-protect' option ensures that the node acts as a protecting node for transit traffic, providing node protection even if the node itself is the failure point.

Why this answer

Option B is correct because for TI-LFA to provide node protection, the 'sr-protect' option should be configured, which forces the node to attempt to provide protection even for traffic that transits through the node. Option A is wrong because interface-level TI-LFA would not help; the issue is node-level. Option C is wrong because increasing IGP timers may cause slower convergence.

Option D is wrong because there is no need for an additional LDP backup.

183
MCQhard

An automation engineer is writing a Python script using Cisco's pyATS library to validate QoS configurations across a fleet of routers. The script runs without errors but reports that all routers are compliant even though some are not. What is the most likely issue?

A.The pyATS library does not support QoS features for the specific platform
B.The testbed credentials are incorrect but the script still returns compliant
C.The script uses a single 'show running-config' without filtering, and the parser fails to locate QoS policies applied under interfaces
D.The script is parsing the startup-config instead of running-config
AnswerC

A generic 'show run' parser may not extract nested configurations like interface service-policies, leading to false compliance.

Why this answer

Option C is correct because the pyATS parser for 'show running-config' without filtering may not recursively parse QoS policy-map configurations applied under interfaces. When the script uses a single unfiltered 'show running-config', the parser might fail to extract QoS policies nested under interface sub-configurations, leading to false compliance reports. This is a common issue where the parser's data model does not map deeply nested CLI structures like 'service-policy input/output' under interfaces.

Exam trap

Cisco often tests the misconception that a generic 'show running-config' parser will capture all configuration details, when in reality, nested or interface-specific constructs require targeted parsing or explicit iteration.

How to eliminate wrong answers

Option A is wrong because pyATS supports QoS features across many Cisco platforms via its Genie parsers, and the script runs without errors, indicating the library is compatible. Option B is wrong because incorrect testbed credentials would cause authentication failures or connection errors, not a silent 'compliant' result. Option D is wrong because parsing startup-config instead of running-config would likely show different or no QoS policies, but the script would still detect non-compliance if the parser correctly located QoS policies; the issue is parser depth, not config source.

184
MCQeasy

An SP engineer is configuring QoS on a router and needs to drop traffic that exceeds a certain rate while allowing bursts up to a specified amount. Which QoS feature should be used?

A.Shaping
B.WRED
C.Policing
D.Queueing
AnswerC

Policing uses a token bucket to enforce a maximum data rate; excess packets are either dropped or re-marked.

Why this answer

Policing is the correct QoS feature because it drops traffic that exceeds a configured rate while allowing bursts up to a specified amount. Unlike shaping, which buffers excess traffic, policing enforces a rate limit by immediately dropping or re-marking packets that exceed the configured committed information rate (CIR) and burst size (Bc/Be). This matches the requirement to drop traffic that exceeds a certain rate while permitting bursts.

Exam trap

Cisco often tests the distinction between policing (drops excess traffic) and shaping (buffers excess traffic), so the trap here is that candidates may confuse 'allowing bursts' with shaping's buffering behavior, but policing explicitly permits bursts up to a configured size before dropping.

How to eliminate wrong answers

Option A is wrong because shaping buffers excess traffic in a queue to smooth the output rate, rather than dropping traffic that exceeds a rate; it delays packets instead of discarding them. Option B is wrong because Weighted Random Early Detection (WRED) is a congestion avoidance mechanism that probabilistically drops packets before a queue becomes full based on average queue depth and precedence/DSCP values, not a rate-based policer that enforces a specific traffic rate with burst allowance. Option D is wrong because queueing (e.g., CBWFQ, LLQ) manages the order and priority of packet transmission during congestion but does not enforce a rate limit or drop traffic that exceeds a specific rate.

185
MCQmedium

A service provider is implementing MPLS TE to optimize bandwidth utilization. The engineer notices that tunnels are not using the explicitly configured path. What is the most likely reason?

A.The explicit path contains a link that is down
B.RSVP is not enabled on the headend
C.The tunnel destination is not reachable via IGP
D.The tunnel is configured with 'autoroute announce'
AnswerA

Causes path to be invalid, tunnel may use dynamic or stay down.

Why this answer

When an MPLS TE tunnel is configured with an explicit path, the headend router uses RSVP to signal the path and verify that all links in the path are operational. If any link in the explicit path is down, RSVP signaling fails for that path, and the tunnel may fall back to dynamic path computation or remain down, rather than using the explicitly configured path. This is the most common reason for a tunnel not using its explicit path.

Exam trap

Cisco often tests the misconception that 'autoroute announce' or IGP reachability issues cause path selection problems, when in fact the explicit path failure is due to a down link in the path itself, which is a fundamental RSVP signaling constraint.

How to eliminate wrong answers

Option B is wrong because if RSVP were not enabled on the headend, MPLS TE tunnels would not be able to signal at all, and the tunnel would not come up, not just fail to use an explicit path. Option C is wrong because the tunnel destination being unreachable via IGP would prevent the tunnel from establishing at all, but the question states tunnels are not using the explicit path, implying they may be using a dynamic path instead. Option D is wrong because 'autoroute announce' causes the headend to install the tunnel as a next-hop for IGP destinations, but it does not affect which path the tunnel itself uses; the tunnel path is determined by the explicit or dynamic path configuration.

186
MCQhard

An enterprise uses IPsec VPN to connect branch offices. They apply QoS policies on the tunnel interface but notice that original DSCP markings are not preserved after encryption. Which feature should be enabled to maintain end-to-end QoS?

A.AutoQoS
B.QoS pre-classify
C.MPLS TE
D.NBAR
AnswerB

This feature copies the original DSCP to the tunnel header.

Why this answer

When IPsec encrypts a packet, the original IP header (including DSCP markings) is hidden inside the tunnel payload. The tunnel interface then applies a new outer IP header, and QoS policies applied to the tunnel interface classify based on the outer header's DSCP, which defaults to 0. Enabling 'qos pre-classify' on the crypto map or tunnel interface copies the original DSCP value to the outer IP header before encryption, preserving end-to-end QoS markings across the IPsec tunnel.

Exam trap

Cisco often tests the misconception that QoS policies on the tunnel interface automatically see the inner packet's DSCP, but in reality encryption hides the original header, so 'qos pre-classify' is required to copy the marking to the outer header.

How to eliminate wrong answers

Option A is wrong because AutoQoS is an automated QoS configuration tool that simplifies deployment but does not address the issue of DSCP preservation after IPsec encryption; it still relies on the outer header markings. Option C is wrong because MPLS TE (Traffic Engineering) is a mechanism for optimizing traffic paths in MPLS networks, not a feature for preserving DSCP markings across IPsec tunnels. Option D is wrong because NBAR (Network-Based Application Recognition) is a deep packet inspection tool for classifying traffic based on application signatures, but it cannot preserve original DSCP markings after encryption since the inner header is not visible to the classifier.

187
MCQmedium

A service provider is implementing QoS policies on an access aggregation router. They want to shape traffic to a downstream DSLAM to 10 Mbps, but they do not want to exceed the shaping rate even if the line rate is higher. Which QoS tool should be used on the interface facing the DSLAM?

A.Queuing
B.Marking
C.Policing
D.Shaping
AnswerD

Shaping buffers traffic to stay below a configured rate.

Why this answer

Option C is correct. Shaping buffers traffic to a configured rate, smoothing bursts and ensuring the rate is not exceeded. Option A (Policing) drops or marks traffic that exceeds a rate, but does not buffer.

Option B (Marking) sets DSCP/IP precedence but does not enforce rate. Option D (Queuing) manages congestion but not rate enforcement.

188
MCQeasy

A service provider is deploying MPLS in its core network. The core routers are all configured with LDP. Which label operation does an ingress PE perform on the first packet of a new flow?

A.Push a new label onto the packet
B.Remove the label stack entirely
C.Pop the label (PHP)
D.Swap the incoming label for an outgoing label
AnswerA

The ingress PE pushes the label corresponding to the FEC for the destination.

Why this answer

The ingress PE pushes a new label onto the packet. Option B is correct because LDP assigns labels for each FEC, and the ingress PE pushes an outer label. Option A is wrong because swapping is done at transit LSRs.

Option C is wrong because PHP results in label removal at the penultimate hop. Option D is wrong because pop is the same as removal.

189
MCQhard

An SP engineer is designing a BGP-based MPLS L3VPN service. The PE routers are fully meshed via iBGP for VPNv4 routes, and an RR is deployed to reduce sessions. The engineer notices that all PE routers are receiving duplicate routes from different PEs, causing suboptimal path selection. Which BGP feature should be enabled to ensure proper load balancing across multiple equal-cost paths?

A.Enable BGP additional paths on the RR
B.Deploy a second RR to reduce the number of iBGP sessions
C.Configure the BGP best path selection algorithm to ignore interior cost
D.Enable BGP multipath on the PE routers
AnswerD

BGP multipath allows the installation of multiple best paths for load balancing, given the paths are equal cost and meet similarity conditions.

Why this answer

Option A is correct. BGP multipath allows the router to install multiple equal-cost paths into the routing table, load balancing traffic. Option B is wrong because BGP additional paths allows advertising more than one path per prefix but does not directly install them.

Option C is wrong because BGP best path selection is a process, not a feature to alter outcomes. Option D is wrong because BGP route reflectors do not influence multipath behavior.

190
Multi-Selecteasy

In IS-IS, which TWO are types of Link State PDUs (LSPs)?

Select 2 answers
A.Partial Sequence Numbers PDU (PSNP)
B.Level 2 LSP
C.Hello LSP
D.Complete Sequence Numbers PDU (CSNP)
E.Level 1 LSP
AnswersB, E

Originated by Level 2 routers for inter-area reachability.

Why this answer

IS-IS has three LSP types: Level 1 LSP (by routers within an area), Level 2 LSP (by Level 2 routers), and Level 1-2 LSPs (by routers that are both). However, the standard types are Level 1 and Level 2. There is also a separate pseudonode LSP for broadcast networks, but it is not a different type number.

Options C, D, E are not actual LSP types in IS-IS.

191
MCQhard

In a carrier-supporting carrier (CSC) architecture, the customer carrier runs MPLS in its network. Which technology is used to exchange VPN routes between the provider carrier and the customer carrier?

A.OSPF
B.MP-BGP with VPNv4 address family
C.EIGRP
D.IPv4 BGP
AnswerB

MP-BGP carries VPNv4 routes with labels.

Why this answer

MP-BGP with VPNv4 address family is used to exchange VPN routes between provider and customer carriers. IPv4 BGP does not carry VPN routes, OSPF and EIGRP are IGPs.

192
MCQeasy

A service provider is designing its core network to carry both IPv4 and IPv6 traffic. Which BGP approach best minimizes routing table size on core routers while maintaining full reachability?

A.Use iBGP with route reflectors
B.Use eBGP between all core routers
C.Use static routing for all prefixes
D.Rely on OSPF for external routes
AnswerA

Reduces BGP sessions and maintains full reachability efficiently.

Why this answer

Option C is correct because using an iBGP full mesh with route reflectors reduces the number of BGP sessions and allows efficient prefix propagation. Option A is wrong because eBGP between all core routers creates a full mesh with high session count and administrative overhead. Option B is wrong because static routing cannot scale for the full internet table.

Option D is wrong because OSPF is not designed to carry external BGP routes efficiently.

193
MCQhard

Refer to the exhibit. What is the role of this router for prefix 10.0.1.0/24?

A.Transit LSR.
B.Egress LSR.
C.Penultimate hop.
D.Ingress LSR.
AnswerB

Egress LSR pops the outermost label, shown by 'Pop tag'.

Why this answer

Option C is correct because the outgoing tag is 'Pop tag', indicating that the router removes the MPLS label before forwarding. This is the egress LSR. Option A (ingress) would have 'No label' as local tag.

Option B (transit) would have a non-pop outgoing label. Option D (penultimate hop) would have 'Untagged' or a specific label.

194
Multi-Selecthard

Which THREE components are required to deploy MPLS Layer 3 VPN?

Select 3 answers
A.VRFs on PE routers
B.GRE tunneling
C.OSPF
D.LDP
E.MP-BGP with VPNv4 address family
AnswersA, D, E

VRFs provide per-customer routing separation.

Why this answer

VRFs (Virtual Routing and Forwarding) are required on PE routers to maintain separate, isolated routing tables for each customer VPN. This allows overlapping IP addresses between different customers and ensures that traffic from one VPN does not leak into another. Without VRFs, the PE router cannot distinguish between customer routes, making Layer 3 VPN operation impossible.

Exam trap

Cisco often tests the misconception that an IGP like OSPF is mandatory for MPLS Layer 3 VPN, when in fact the required components are VRFs, LDP (or another label distribution protocol), and MP-BGP with VPNv4 address family—the IGP is only needed to support LDP, not as a direct component of the VPN service.

195
Multi-Selectmedium

Which THREE of the following are key components of an MPLS L3VPN architecture? (Choose three.)

Select 3 answers
A.RSVP-TE for traffic engineering
B.VRF on PE routers
C.LDP for label distribution in the core
D.P routers with full VPN routing tables
E.MP-BGP for VPNv4 route exchange
AnswersB, C, E

VRF provides per-VPN routing.

Why this answer

VRF (Virtual Routing and Forwarding) on PE routers is a key component because it isolates customer routing tables and forwarding planes within the provider edge, allowing multiple customers to share the same physical infrastructure while maintaining separate routing domains. Each VRF maintains its own routing table, CEF (Cisco Express Forwarding) table, and associated interfaces, which is fundamental to L3VPN separation.

Exam trap

Cisco often tests the misconception that P routers must hold VPN routing information, but in reality P routers only perform label switching and have no awareness of customer VPN prefixes.

196
MCQhard

An engineer is troubleshooting MPLS LSP connectivity. The ingress PE router has the label binding for the FEC 10.1.1.0/24, but no LSP is established. Which command should be checked on the P routers to verify the LSP path?

A.show mpls interface
B.show mpls ldp neighbor
C.show mpls forwarding-table
D.show ip route 10.1.1.0
AnswerC

Displays MPLS forwarding entries, revealing label path issues.

Why this answer

Option B is correct because 'show mpls forwarding-table' displays the label forwarding entries and can identify missing or incorrect label assignments along the path. Option A is not specific to MPLS forwarding; option C shows LDP neighbors only; option D shows MPLS interfaces but not forwarding details.

197
Multi-Selectmedium

An engineer is configuring VPLS on a Cisco ASR 9000. After verifying the pseudowire status, they notice that the 'pw status' shows 'down' for one of the PWs. Which two conditions could cause this? (Choose two.)

Select 2 answers
A.Mismatched encapsulation type on the pseudowire (e.g., Ethernet vs. VLAN)
B.VPLS ID mismatch on the same bridge domain
C.SNMP MIB not loaded
D.MTU mismatch between local and remote PE
E.LDP session is missing
AnswersA, D

Encapsulation must match between peers.

Why this answer

Option A is correct because a mismatched encapsulation type (e.g., Ethernet vs. VLAN) on the pseudowire causes the PW to fail to come up. In VPLS, the encapsulation must match between the local and remote PE for the pseudowire to be operational; otherwise, the PW status will show 'down' due to a negotiation failure.

Exam trap

Cisco often tests the distinction between conditions that cause a pseudowire to be 'down' versus conditions that affect VPLS forwarding but leave the PW 'up', leading candidates to incorrectly select VPLS ID mismatch (Option B) as a cause of PW failure.

198
MCQmedium

Refer to the exhibit. A network engineer configures a BGP route-map to set communities on routes advertised to a neighbor. After applying the configuration, the engineer checks the BGP table on the neighbor router and does not see the communities. What is the most likely reason?

A.The prefix-list does not match the exact prefix
B.The community values are not in the format 'AA:NN'
C.The neighbor is missing the 'send-community' command
D.The route-map needs to be applied inbound
AnswerC

Without 'send-community', communities are not advertised.

Why this answer

C is correct because BGP communities are not sent to a neighbor by default. Even if a route-map sets the community values correctly, the neighbor will not receive them unless the 'send-community' command is configured under the neighbor statement. This command enables the advertisement of the community attribute in BGP updates.

Exam trap

Cisco often tests the fact that BGP attributes like communities are not sent by default, and candidates mistakenly focus on route-map logic or prefix matching rather than the explicit neighbor command required to propagate the attribute.

How to eliminate wrong answers

Option A is wrong because the prefix-list is used to match routes for the route-map; if it does not match the exact prefix, the route-map would not apply, but the question states the route-map is configured and the engineer checks the BGP table on the neighbor—the issue is that communities are missing, not that the route is missing. Option B is wrong because while 'AA:NN' is the standard format for BGP communities, the route-map would still set the community value; if the format were incorrect, the router would typically reject the configuration or produce an error, not silently omit the community. Option D is wrong because the route-map is applied to outbound updates to set communities on routes advertised to the neighbor; applying it inbound would affect routes received from the neighbor, not the communities being sent.

199
MCQmedium

Refer to the exhibit. A network engineer is configuring a segment routing traffic engineering policy. The output shows two candidate paths. Why is path1 selected as the active path even though path2 has a bandwidth constraint?

A.path1 has a shorter segment list.
B.path2 is down due to insufficient bandwidth.
C.path1 is explicit and always preferred over dynamic paths.
D.path2 has a lower preference value.
AnswerD

path2 has preference 100, lower than path1's 200; the higher preference wins.

Why this answer

The active path is determined by the highest preference. Path1 has preference 200, which is higher than path2's 100. Option A is incorrect because path1 is explicit, not dynamic.

Option B is incorrect because both paths can be up. Option C is incorrect because color is same for both.

200
MCQmedium

A service provider offers L3VPN services to multiple enterprise customers. One customer reports that they cannot reach some remote sites intermittently. The network uses MPLS L3VPN with MP-BGP for VPN route exchange. The PE routers are configured with route-target import and export. The customer's CE router is dual-homed to two different PEs in the same point of presence. The engineer checks the BGP table on both PEs and sees the customer routes with the correct route-target. However, pings from the CE to a remote site fail about 50% of the time, and the flapping pattern suggests load balancing issues. The engineer discovers that the remote site's network prefix is being advertised from both PEs with the same route-target but with different next-hops. The CE has equal-cost paths via both PEs. What is the most likely cause of the intermittent connectivity?

A.The route-target import on the remote PE is missing the customer's route-target.
B.The CE is performing per-packet load balancing across the two PEs, causing asymmetric routing.
C.The BGP timers are misconfigured, causing the session to flap.
D.The MTU on the CE-PE links is mismatched.
AnswerB

Per-packet load balancing can lead to packets being sent to different PEs, potentially exiting via different remote PEs and causing return packets to arrive out of order or be dropped due to stateful inspection.

Why this answer

Option C is correct because when a CE receives two equal-cost paths from two PEs, the CE may perform per-packet load balancing, which can cause out-of-order packets and asymmetric routing, leading to failures. Option A is wrong because BGP timers would cause immediate session drops, not 50% failure. Option B is wrong because MTU mismatch would cause consistent failures, not intermittent.

Option D is wrong because route-target mismatch would prevent routes from being learned, not cause intermittent connectivity.

201
MCQhard

A network automation engineer needs to retrieve QoS policy statistics from a Cisco IOS XE device using RESTCONF. Which YANG module should be targeted?

A.Cisco-IOS-XE-QoS
B.ietf-qos
C.Cisco-NX-OS-device
D.openconfig-qos
AnswerA

This is the native Cisco YANG module for QoS.

Why this answer

The Cisco-IOS-XE-QoS YANG module is the native Cisco module that provides the data model for QoS policy configuration and operational statistics on IOS XE devices. Since the engineer is using RESTCONF to retrieve QoS statistics from a Cisco IOS XE device, this module is the correct target because it is specifically designed for and supported on IOS XE platforms.

Exam trap

Cisco often tests the distinction between native Cisco YANG modules (like Cisco-IOS-XE-QoS) and open-standard models (like ietf-qos or openconfig-qos), expecting candidates to know that native modules are required for platform-specific features and statistics on IOS XE devices.

How to eliminate wrong answers

Option B is wrong because ietf-qos is an IETF standard YANG model that is not natively supported on Cisco IOS XE for retrieving QoS statistics via RESTCONF; it is more commonly used in multi-vendor environments. Option C is wrong because Cisco-NX-OS-device is a YANG module for NX-OS devices, not IOS XE, and would not be applicable for a Cisco IOS XE device. Option D is wrong because openconfig-qos is an open standard YANG model that may be supported on some platforms but is not the native Cisco module for IOS XE; it is typically used in openconfig-based automation frameworks and may not expose the same detailed statistics as the Cisco native module.

202
Multi-Selecthard

An SP is migrating its core network to Segment Routing (SR-MPLS). The network uses IS-IS as the IGP with SR extensions. Which three statements about SR-MPLS architecture are correct?

Select 3 answers
A.The OSPF protocol cannot be used for SR-MPLS because it does not support SR extensions.
B.Adjacency SIDs are local to a router and indicate a specific link.
C.A prefix SID is a global label that identifies a specific prefix in the network.
D.The SRGB must be identical across all routers in the domain to ensure global uniqueness.
E.Segment IDs (SIDs) are allocated from the SRGB (Segment Routing Global Block) and advertised via IS-IS.
AnswersB, C, E

Correct. Adjacency SIDs are locally significant and represent a specific interface or link.

Why this answer

Segment IDs (SIDs) are allocated from the SRGB and advertised via IS-IS; a prefix SID is a global label identifying a specific prefix; adjacency SIDs are local to a router. The SRGB does not have to be identical across all routers, and OSPF also supports SR.

203
MCQhard

A network operator is deploying segment routing in an MPLS network. They want to use a centralized controller to compute paths based on traffic demand and network constraints. Which architecture is being used?

A.LDP-based MPLS
B.Segment Routing Traffic Engineering (SR-TE)
C.Segment Routing Path Computation Element (SR-PCE)
D.Segment Routing Best Effort (SR-BE)
AnswerC

SR-PCE is a centralized controller for path computation.

Why this answer

The scenario describes a centralized controller computing paths based on traffic demand and network constraints, which is the definition of a Path Computation Element (PCE) architecture. In Segment Routing, the SR-PCE (Segment Routing Path Computation Element) is the centralized controller that calculates optimal paths using traffic engineering constraints and then communicates the path information (via PCEP) to the headend router. This is distinct from distributed control plane approaches like LDP or SR-BE, and from SR-TE which is the overall traffic engineering mechanism but not the specific centralized controller architecture.

Exam trap

Cisco often tests the distinction between the overall traffic engineering mechanism (SR-TE) and the specific centralized controller architecture (SR-PCE), leading candidates to pick SR-TE when the question explicitly mentions a 'centralized controller' for path computation.

How to eliminate wrong answers

Option A is wrong because LDP-based MPLS is a distributed label distribution protocol that does not use a centralized controller for path computation; it relies on IGP shortest-path routing. Option B is wrong because Segment Routing Traffic Engineering (SR-TE) is the overall framework for steering traffic over explicit paths, but it does not inherently require a centralized controller; paths can be configured manually or via a PCE. Option D is wrong because Segment Routing Best Effort (SR-BE) uses IGP-computed shortest paths without any centralized controller or traffic engineering constraints.

204
MCQhard

A service provider is designing a multicast solution for a Layer 3 VPN. They want to use MVPN with BGP signaling (draft-rosen). The PE routers are configured with VRF and multicast routing enabled. Which BGP address family must be enabled between PE routers to carry multicast routing information?

A.MCAST-VPN address family
B.MVPN does not use BGP; it uses PIM.
C.VPNv4 address family
D.IPv4 multicast address family
AnswerA

The MCAST-VPN address family is used for MVPN signaling.

Why this answer

In a draft-rosen MVPN (Multicast VPN) implementation, BGP is used to signal multicast routing information between PE routers. The MCAST-VPN address family (AFI 25, SAFI 5) is specifically defined to carry multicast VPN routes, including Intra-AS I-PMSI A-D routes and S-PMSI A-D routes, enabling the exchange of multicast state and tunnel information across the MPLS/VPN backbone.

Exam trap

Cisco often tests the distinction between the MCAST-VPN address family (used for MVPN signaling) and the VPNv4 address family (used for unicast VPN routes), leading candidates to mistakenly select VPNv4 when multicast is involved.

How to eliminate wrong answers

Option B is wrong because MVPN with BGP signaling (draft-rosen) explicitly uses BGP to carry multicast routing information; PIM is used for control plane signaling within the VRF but not for inter-PE multicast route exchange. Option C is wrong because the VPNv4 address family carries unicast VPN-IPv4 prefixes, not multicast routing information; multicast VPN requires the MCAST-VPN address family. Option D is wrong because the IPv4 multicast address family (AFI 1, SAFI 2) is used for native IPv4 multicast routing (e.g., PIM BSR or Auto-RP) and does not support VRF-scoped multicast VPN signaling.

205
MCQmedium

An engineer is troubleshooting a BGP peering issue between two routers. The peering is established, but routes are not being exchanged. On router R1, 'show bgp neighbors 192.0.2.2' shows the neighbor state as 'Established' but the 'Prefixes received' counter is zero. What is most likely the cause?

A.An outbound route-map on the neighbor is filtering all routes.
B.The 'maximum-prefix' limit is exceeded, causing the session to reset.
C.The BGP session is in the Idle state due to a misconfigured update-source.
D.The 'next-hop-self' command is missing on R1.
AnswerA

An outbound route-map on R2 would filter routes sent to R1, causing zero prefixes received on R1.

Why this answer

The neighbor state is 'Established', confirming that the TCP session and BGP open messages have been successfully exchanged. However, zero prefixes received indicates that R1 is not receiving any routes from the neighbor. An outbound route-map applied on the neighbor (the router sending routes to R1) can filter all prefixes before they are advertised, resulting in zero received prefixes while the session remains up.

Exam trap

Cisco often tests the distinction between session state and route exchange; the trap here is that candidates assume an Established session guarantees route exchange, overlooking outbound filtering on the neighbor side.

How to eliminate wrong answers

Option B is wrong because if the 'maximum-prefix' limit were exceeded, the BGP session would reset or go into an Idle state, not remain Established with zero prefixes received. Option C is wrong because a misconfigured update-source would prevent the BGP session from reaching the Established state entirely; the session would be stuck in Idle or Active. Option D is wrong because the 'next-hop-self' command affects the next-hop attribute of advertised routes, not the reception of prefixes; missing it would not cause zero prefixes received.

206
MCQmedium

An OSPF network uses point-to-point links. The engineer notices that LSAs are being flooded every 30 minutes even when no topology changes occur. What is the most likely reason?

A.The routers are using LSU packets incorrectly.
B.There is a flapping interface on the network.
C.The dead timer is set too low.
D.The LSA refresh interval has expired.
AnswerD

Correct. OSPF refreshes LSAs every 30 minutes.

Why this answer

Option B is correct because OSPF LSAs are periodically refreshed every 1800 seconds (30 minutes) by default. Option A is incorrect; this flooding is expected. Option C is incorrect; LSUs are used for flooding LSAs.

Option D is incorrect; the LS refresh interval is 30 minutes, not a timer issue.

207
MCQmedium

In Inter-AS MPLS Option B, which routers exchange labeled VPNv4 prefixes directly?

A.ASBR routers
B.PE routers
C.P routers
D.CE routers
E.Route reflectors
AnswerA

ASBRs exchange labeled VPNv4 prefixes via MP-eBGP in Option B.

Why this answer

In Option B, ASBRs are directly connected and exchange labeled VPNv4 prefixes via MP-eBGP. They do not require an MPLS LSP between them because they are directly connected. The labels are allocated by each ASBR and advertised to the other.

208
MCQeasy

An engineer is designing an MPLS network and needs to ensure that VPN traffic between two PE routers is label-switched. The PE routers are connected via a P router and have a full mesh of iBGP sessions. Which label distribution method is required for the VPN labels?

A.Segment Routing
B.MP-BGP
C.RSVP-TE
D.LDP
AnswerB

MP-BGP carries VPNv4 routes with MPLS labels.

Why this answer

In MPLS VPN architectures, VPN labels (also known as service labels) are distributed using Multiprotocol BGP (MP-BGP). MP-BGP carries VPN-IPv4 routes that include both the route distinguisher (RD) and the VPN label in the Network Layer Reachability Information (NLRI). This allows PE routers to exchange per-VRF label bindings, enabling label-switched VPN traffic across the MPLS core.

Without MP-BGP, the PE routers cannot signal the VPN-specific labels required for end-to-end label switching.

Exam trap

Cisco often tests the distinction between transport labels (distributed by LDP or RSVP-TE) and service labels (distributed by MP-BGP), leading candidates to incorrectly choose LDP or RSVP-TE for VPN label distribution.

How to eliminate wrong answers

Option A is wrong because Segment Routing (SR) is a source-routing paradigm that can be used for transport label distribution (e.g., SR-MPLS), but it does not distribute VPN service labels; VPN labels still require MP-BGP. Option C is wrong because RSVP-TE is a signaling protocol for traffic-engineered LSPs and is used for transport label distribution, not for VPN service labels. Option D is wrong because LDP distributes transport labels (IGP next-hop labels) for the MPLS core, but it cannot carry VPN-IPv4 routes or VPN labels; VPN label distribution is exclusively handled by MP-BGP.

209
MCQmedium

Refer to the exhibit. An engineer configured a telemetry subscription to push interface state data to a collector. The subscription shows 'State: Invalid'. What is the most likely cause?

A.The encoding 'encode-kvgpb' is not supported; must use 'encode-json'.
B.The collector at 192.168.1.1:57500 is not reachable or the service is down.
C.The xpath filter is malformed; it should be /interfaces/interface/state.
D.The periodic update interval of 500 ms is too fast causing subscription failure.
AnswerB

The last error directly states 'Connection refused', meaning the receiver is not accepting connections. The engineer should check the collector's status.

Why this answer

The 'State: Invalid' with error 'Connection refused' indicates that the receiver (collector) is not accepting the connection. The most likely fix is to ensure the collector is up and listening on the specified port. Option C correctly identifies this.

Option A is wrong because the xpath syntax is correct for the model. Option B is wrong because encoding kvgpb is valid. Option D is wrong because the periodic update policy is correctly configured.

210
MCQeasy

When deploying IS-IS in a large service provider core, what is the recommended network type on Ethernet interfaces to improve scalability?

A.loopback
B.point-to-point
C.point-to-multipoint
D.non-broadcast
E.broadcast
AnswerB

Point-to-point avoids DIS election and simplifies flooding, enhancing scalability.

Why this answer

Setting IS-IS network type to point-to-point on Ethernet interfaces prevents the election of a designated intermediate system (DIS) and reduces LSP flooding overhead, improving scalability. Other options are less effective or incorrect.

211
MCQmedium

A service provider is implementing EVPN for its VPLS replacement. They have configured BGP EVPN on all PEs and have set up an EVPN instance for a customer requiring broadcast, unknown unicast, and multicast (BUM) traffic. The customer reports that broadcast traffic from one site is not being received at another site. The engineer checks the EVPN configuration and finds that the EVI is configured correctly, the route-target matches, and the BGP sessions are established. The engineer also checks the MAC address table on the receiving PE and sees that the source MAC of the broadcast frame is learned on the local interface, but not from the remote VTEP. The engineer suspects an issue with the IMET (Inclusive Multicast Ethernet Tag) route. Which action should the engineer take to verify the IMET route?

A.Use 'show evpn instance detail' to check the EVI configuration.
B.Check the BGP EVPN route table for IMET (route-type 3) routes using 'show bgp l2vpn evpn route-type 3'.
C.Use 'show bgp l2vpn evpn route-type 2' to verify MAC/IP routes.
D.Use 'show l2vpn vfi' to verify the VPLS forwarding instance.
AnswerB

IMET routes are route-type 3 in EVPN; checking their presence and reachability is essential for BUM traffic.

Why this answer

Option A is correct because the 'show bgp l2vpn evpn route-type 3' command displays IMET routes, which are needed for BUM traffic forwarding. Option B is wrong because route-type 2 is for MAC/IP advertisement. Option C is wrong because 'show evpn instance detail' shows local configuration but not remote routes.

Option D is wrong because 'show l2vpn vfi' is for VPLS, not EVPN.

212
Multi-Selecthard

Which THREE of the following are correct statements about EVPN-VXLAN in a data center fabric? (Select three.)

Select 3 answers
A.EVPN route type 3 is used for BUM traffic forwarding.
B.VXLAN encapsulation adds a 50-byte outer header (14 Ethernet + 20 IP + 8 UDP + 8 VXLAN).
C.EVPN route type 2 is used to advertise MAC and IP addresses.
D.VXLAN is a Layer 3 overlay that requires an IGP in the overlay.
E.VXLAN always requires IP multicast in the underlay for BUM traffic.
AnswersA, B, C

Route type 3 is the inclusive multicast route.

Why this answer

Options A, B, and D are correct. EVPN-VXLAN uses BGP EVPN route type 2 for MAC/IP advertisement, route type 3 for inclusive multicast, and VXLAN encapsulation uses a UDP header. Option C is wrong: VXLAN uses multicast or BGP EVPN but not necessarily ingress replication for BUM traffic; it can use multicast or ARP suppression.

Option E is wrong: VXLAN is a Layer 2 overlay over a Layer 3 underlay.

213
MCQmedium

A service provider is troubleshooting an MPLS L3VPN where customers behind CE-A cannot reach CE-B. The PE routers are Cisco ASR 9000 series. On PE-A, the show cef vrf CUSTOMER prefix 10.1.1.0/24 command displays 'punt' as the forwarding path. What is the most likely cause?

A.The IP prefix is not resolved via an MPLS label in the LFIB
B.The MPLS MTU on the interface is too small
C.The VRF is missing the route-target import statement
D.The CE is not running OSPF with the PE
AnswerA

Punt indicates the CEF cannot find a label for the next hop; likely missing LDP adjacency.

Why this answer

Option C is correct because when VRF routes are punted to the CPU, it typically indicates that the label for the next hop is missing or that the FIB resolution failed, often due to missing MPLS label binding. Option A is wrong because BGP VPNv4 routes are not required for local VRF forwarding. Option B is wrong because MTU would cause drop, not punt.

Option D is wrong because CE-PE routing is usually static or BGP, not OSPF in most designs.

214
MCQmedium

A service provider is deploying segment routing in their MPLS core. They want to use an IGP as the control plane for label distribution without running LDP or RSVP-TE. Which IGP is best suited for this purpose?

A.BGP
B.EIGRP
C.IS-IS
D.RIP
AnswerC

IS-IS supports segment routing extensions and is widely used in SP cores.

Why this answer

IS-IS is the best-suited IGP for segment routing in an MPLS core because it natively supports the Segment Routing (SR) extensions defined in RFC 8667. These extensions allow IS-IS to advertise Prefix-SIDs and Adjacency-SIDs directly within the link-state database, enabling label distribution without requiring LDP or RSVP-TE. This makes IS-IS a natural fit for service providers deploying SR-MPLS.

Exam trap

The trap here is that candidates may think OSPF is also a valid choice, but the question specifically asks for the IGP best suited for segment routing without LDP or RSVP-TE, and while OSPF does support SR (RFC 8665), IS-IS is historically more common in service provider cores due to its native support for CLNS and easier migration from LDP to SR.

How to eliminate wrong answers

Option A is wrong because BGP is not an IGP; it is an EGP used for inter-domain routing and, while it can carry SR policies via BGP-LS or BGP SR-TE, it does not function as the IGP control plane for label distribution within a single IGP domain. Option B is wrong because EIGRP is a Cisco-proprietary distance-vector protocol that does not support segment routing extensions; it relies on its own RIB-based label distribution and is not standardized for SR-MPLS. Option D is wrong because RIP is a legacy distance-vector protocol that lacks any support for MPLS or segment routing, and it cannot distribute labels or SIDs.

215
MCQhard

An SP engineer is configuring model-driven telemetry (MDT) to monitor interface utilization on Cisco routers. The telemetry receiver uses gRPC and is experiencing high CPU load due to excessive subscription data. Which MDT subscription parameter should be adjusted to reduce the data rate without losing critical threshold events?

A.Use a smaller path XPath.
B.Increase the sensor-group period.
C.Increase the sample-interval.
D.Enable on-change reporting with suppression.
AnswerD

On-change reporting sends updates only when the value changes, and suppression limits the update frequency, reducing load while still reporting events.

Why this answer

On-change reporting with suppression reduces data rate by sending updates only when values change, and suppression prevents too-frequent updates. Increasing sample interval risks missing threshold events. Other options do not effectively reduce data rate while preserving event detection.

216
MCQmedium

Given the output, which configuration mismatch would prevent a remote PE in the same VPN from installing this route into its VRF?

A.The remote PE has an import RT that does not include RT:65000:200.
B.The remote PE uses a different route distinguisher for its VRF.
C.The remote PE filters routes based on BGP AS-path containing AS 65000.
D.The next-hop 10.1.1.2 is not reachable in the remote PE's global routing table.
AnswerA

Correct: The route's RT must match an import RT on the remote VRF for the route to be installed.

Why this answer

The route carries RT:65000:200. A remote PE must have a VRF with an import RT that matches this RT to install the route. If the remote PE's VRF imports RT:65000:100 instead, the route will not be installed.

Option A is incorrect because different RDs do not prevent route installation as long as the RT matches. Option B is incorrect because the next-hop is reachable (10.1.1.2) via the global table. Option D is incorrect because MPLS VPN does not use AS-path filtering by default.

217
Multi-Selectmedium

Which TWO tasks are required when implementing segment routing in an MPLS network?

Select 2 answers
A.Configure RSVP-TE to establish LSPs
B.Enable CEF on all routers
C.Configure the IGP (OSPF or IS-IS) with segment routing extensions
D.Enable MPLS on all interfaces that participate in segment routing forwarding
E.Enable LDP on all routers and interfaces
AnswersC, D

IGP must be configured to support segment routing and advertise labels (prefix-SIDs).

Why this answer

Options A and B are correct. Configuring the IGP (OSPF or IS-IS) for segment routing is essential to advertise prefix-SIDs and adjacency-SIDs. Enabling MPLS on interfaces ensures MPLS forwarding.

Option C is not required because LDP is replaced by segment routing. Option D is not required as RSVP-TE is a different traffic engineering mechanism. Option E is part of the MPLS forwarding plane setup but not unique to segment routing; it is a prerequisite.

218
MCQeasy

Which technology allows a service provider to offer different classes of service over a single MPLS network?

A.QoS
B.BGP
C.LDP
D.MPLS VPN (VRF)
AnswerA

QoS provides classification and prioritization for service classes.

Why this answer

Option B is correct because QoS enables traffic differentiation. Option A is wrong because VRF is for separation, not service classes. Option C is wrong because BGP is routing.

Option D is wrong because LDP is label distribution.

219
Multi-Selecteasy

Which TWO statements correctly describe differences between PIM dense mode and PIM sparse mode? (Choose two.)

Select 2 answers
A.PIM-DM supports the use of a bootstrap router (BSR) for RP discovery.
B.PIM-SM is more bandwidth efficient for high density groups.
C.PIM-DM uses explicit join messages, while PIM-SM uses flood and prune.
D.PIM-DM assumes all downstream routers want to receive multicast traffic, so it initially floods traffic.
E.PIM-SM requires a Rendezvous Point (RP) to facilitate group membership.
AnswersD, E

Dense mode floods to all interfaces and then prunes where not wanted.

Why this answer

PIM-DM floods everywhere and prunes; PIM-SM uses RPs and explicit join. Dense mode uses flood-and-prune; sparse mode uses pull model.

220
MCQmedium

A customer has a 100 Mbps access link and wants to limit traffic to 95 Mbps with burst allowance up to 100 Mbps. Which QoS action should be applied on the egress interface?

A.shape
B.priority
C.bandwidth
D.police
AnswerD

Policing limits the rate and can drop or remark exceeding traffic, allowing bursts.

Why this answer

Police is the correct QoS action because it allows you to enforce a maximum traffic rate (95 Mbps) while permitting bursts up to 100 Mbps, dropping or remarking excess traffic. Unlike shaping, policing does not buffer traffic, so it can enforce a hard limit on egress without introducing delay, which matches the requirement to limit traffic with a burst allowance.

Exam trap

Cisco often tests the distinction between policing and shaping, where the trap is that candidates assume shaping is always the answer for rate-limiting on egress, but policing is required when the goal is to enforce a hard burst limit without buffering.

How to eliminate wrong answers

Option A is wrong because shape buffers excess traffic to smooth output to a configured rate (e.g., 95 Mbps), but it cannot enforce a hard burst limit of 100 Mbps; shaping allows bursts to exceed the rate temporarily as long as the average is met, which contradicts the requirement to limit bursts to exactly 100 Mbps. Option B is wrong because priority is used to assign strict priority queuing to traffic classes, not to rate-limit or police traffic; it does not enforce a bandwidth cap or burst allowance. Option C is wrong because bandwidth allocates a minimum guaranteed bandwidth to a class (e.g., 95 Mbps) but does not limit traffic to that rate; traffic can exceed the allocated bandwidth if the link is idle, and it does not provide burst control.

221
MCQhard

What does the output indicate about the TI-LFA protection on R1?

A.All prefixes have backup paths.
B.Only 1 prefix has a backup path.
C.0 prefixes have backup paths.
D.2 prefixes have backup paths.
AnswerB

The line 'Number of prefixes with backup paths: 1' confirms this.

Why this answer

The output shows that only one prefix has a backup path. Node protection is enabled, and SRLG protection is disabled.

222
MCQmedium

You are a network automation engineer for a large service provider. Your team is tasked with automating the provisioning of new MPLS L3VPN services across a multi-vendor environment (Cisco and Juniper). The automation framework uses Ansible with Jinja2 templates and NETCONF as the transport protocol. During a pilot deployment, the automation successfully configures the Cisco devices but fails on Juniper devices with a 'syntax error' when applying the generated XML configuration. The Jinja2 templates are designed to generate Cisco-style configuration. You need to modify the automation to support both vendors. Which approach is most effective?

A.Use IETF YANG models and create separate Jinja2 templates for Cisco and Juniper that map to their respective native YANG models.
B.Write a Python script that translates Cisco XML to Juniper XML before sending.
C.Switch to CLI-based automation using SSH to avoid XML syntax issues.
D.Create a single Jinja2 template that uses conditional statements to generate different XML for each vendor.
AnswerA

Vendor-neutral models with separate templates ensure compatibility.

Why this answer

Option A is correct because using IETF YANG models (e.g., RFC 8299 for L3VPN) provides a vendor-neutral data model that both Cisco and Juniper support via NETCONF. Creating separate Jinja2 templates for each vendor ensures the generated XML conforms to each device's native YANG models, avoiding syntax errors. This approach maintains automation consistency while respecting vendor-specific implementations.

Exam trap

Cisco often tests the misconception that a single template or translation script can handle multi-vendor environments, but the correct approach is to use IETF YANG models with vendor-specific templates to ensure schema compliance.

How to eliminate wrong answers

Option B is wrong because translating Cisco XML to Juniper XML post-generation is fragile, error-prone, and does not leverage standardized YANG models; it introduces an unnecessary translation layer that can break with firmware updates. Option C is wrong because switching to CLI-based automation with SSH abandons the structured, programmatic benefits of NETCONF and YANG, leading to brittle scripts that are harder to maintain and validate. Option D is wrong because a single Jinja2 template with conditionals for different XML structures becomes complex and unmanageable, especially as the number of vendors or service variations grows; it also does not address the root cause of using vendor-native YANG models.

223
Matchingmedium

Match each MPLS protection mechanism to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fast Reroute to bypass a failed link or node locally

End-to-end path protection for MPLS TE tunnels

Graceful restart for LDP to preserve forwarding during control plane restart

Prefix Independent Convergence for fast BGP failover

Fast Reroute for RSVP-TE tunnels using backup paths

Why these pairings

These are high-availability features in service provider MPLS networks.

224
Multi-Selectmedium

Which three are required components for deploying Segment Routing in an MPLS network? (Choose three.)

Select 3 answers
A.RSVP-TE signaling protocol
B.MPLS forwarding capability on routers
C.Node-SID and Adj-SID assignments
D.IGP with Segment Routing extensions (OSPF or IS-IS)
E.LDP for label distribution
AnswersB, C, D

Routers must support MPLS forwarding to process labels.

Why this answer

A correct: IGP must be extended with Segment Routing extensions (OSPF or IS-IS). C correct: Node-SID and Adj-SID are the basic SID types. D correct: MPLS forwarding plane is needed to forward labeled packets.

B is optional for traffic engineering. E is not an SR component; it's for RSVP-TE.

225
MCQeasy

Refer to the exhibit. Which statement is true about this configuration?

A.LDP is manually configured
B.MPLS VPN is enabled
C.LDP is automatically enabled on the interface
D.MPLS forwarding is disabled
AnswerC

The autocfg command enables LDP automatically.

Why this answer

The command 'mpls ldp autocfg' enables LDP automatically on the interface. MPLS forwarding is enabled by 'mpls ip'. LDP is not manually configured, and MPLS VPN is not specifically enabled by these commands.

Page 2

Page 3 of 7

Page 4

All pages