Cisco SPCOR / CCNP Service Provider Core 350-501 (350-501) — Questions 526600

988 questions total · 14pages · All types, answers revealed

Page 7

Page 8 of 14

Page 9
526
Multi-Selecthard

Which THREE are valid SRv6 endpoint behaviors for VPN services? (Choose three.)

Select 3 answers
A.End.DT2U
B.End.B6
C.End.DT4
D.End.X
E.End.DT6
AnswersA, C, E

Decapsulation and L2VPN forwarding.

Why this answer

End.DT4 for IPv4 L3VPN, End.DT6 for IPv6 L3VPN, and End.DT2U for L2VPN are defined SRv6 behaviors.

527
MCQmedium

In BGP route selection, if two routes have the same weight, local preference, and are both locally originated, which attribute is considered next?

A.ORIGIN code
B.NEXT_HOP metric
C.AS_PATH length
D.MED
AnswerC

Shorter AS_PATH is preferred.

Why this answer

After weight, local pref, and locally originated, BGP compares AS_PATH length (shorter is preferred).

528
MCQhard

An ISP is implementing BGP PIC (Prefix Independent Convergence) for edge routers. Which BGP feature must be enabled to support PIC for core-facing failures?

A.BGP additional-paths install
B.BGP deterministic-med
C.BGP route refresh
D.BGP bestpath as-path multipath-relax
AnswerA

This allows installation of backup paths for PIC.

Why this answer

BGP PIC relies on installing a backup path in the FIB. For core-facing failures, BGP Fast External Fallover and BGP PIC with backup paths are used; specifically, 'bgp additional-paths install' is needed to install backup paths.

529
Multi-Selectmedium

A service provider is designing a BGP-based network. Which TWO are characteristics of BGP within a service provider core?

Select 2 answers
A.IBGP sessions require a full mesh or route reflectors to avoid routing loops
B.BGP MED attribute is mandatory for all routes
C.BGP uses the AS path for loop prevention in iBGP
D.BGP route reflectors always modify the AS path
E.BGP relies on an IGP for next-hop reachability within the AS
AnswersA, E

iBGP does not advertise routes learned from another iBGP peer to prevent loops; thus full mesh or RR is needed.

Why this answer

Option A is correct because iBGP requires either a full mesh of sessions or route reflectors to prevent routing loops. The BGP split-horizon rule states that routes learned from an iBGP peer are not advertised to another iBGP peer, so without a full mesh or route reflectors, reachability information cannot propagate within the AS. Route reflectors break this rule by allowing selected iBGP speakers to re-advertise routes, but they must be deployed with proper cluster and originator ID attributes to avoid loops.

Exam trap

Cisco often tests the misconception that iBGP uses the AS path for loop prevention, but in reality, iBGP relies on the split-horizon rule and attributes like originator ID and cluster list, while the AS path is only used for eBGP loop prevention.

530
MCQeasy

What is the default range of the Segment Routing Global Block (SRGB) on Cisco IOS XR?

A.16000-23999
B.15000-25000
C.16000-24000
D.16-23999
AnswerA

Correct. This is the default SRGB.

Why this answer

Default SRGB is 16000-23999, but can be configured. The label range is global across SR domain.

531
MCQhard

An engineer is configuring an MPLS L3VPN and needs to ensure that the PE router installs VPNv4 routes from a remote PE into the VRF of a customer. The remote PE sends a VPNv4 route with route-target 100:1. Which configuration on the local PE causes the route to be imported into the VRF?

A.router bgp 100 address-family ipv4 vrf CUSTOMER route-target import 100:1
B.vrf definition CUSTOMER rd 100:1 route-target both 100:1 route-map IMPORT
C.vrf definition CUSTOMER rd 100:1 route-target import 100:1
D.vrf definition CUSTOMER rd 100:1 route-target export 100:1
AnswerC

This imports routes with RT 100:1 into the VRF.

Why this answer

Option C is correct because the `route-target import 100:1` command under the VRF definition configures the local PE to accept VPNv4 routes that carry the specified route-target (100:1) from the remote PE. This import RT must match the export RT of the remote PE for the route to be installed into the VRF's routing table. The `rd 100:1` defines the route distinguisher, which is separate from the RT and ensures uniqueness of the VPNv4 prefix.

Exam trap

Cisco often tests the distinction between `route-target import` and `route-target export`, and the trap here is that candidates may select the export-only option (D) or misplace the RT command under BGP (A), failing to recognize that import must be explicitly configured under the VRF definition to receive routes from a remote PE.

How to eliminate wrong answers

Option A is wrong because the `route-target import 100:1` command is placed under `address-family ipv4 vrf CUSTOMER` within BGP, which is not a valid configuration; route-target import/export is configured under the VRF definition, not under the BGP address-family for the VRF. Option B is wrong because it uses the `route-target both 100:1 route-map IMPORT` syntax; while `route-target both` is valid, appending a route-map to the import/export RT statement is not supported in standard IOS/IOS-XE — route-maps can only be applied to `import` or `export` individually, not to `both`, and the syntax is incorrect. Option D is wrong because `route-target export 100:1` only configures the local PE to attach that RT to outgoing VPNv4 routes; it does not cause the import of incoming routes from the remote PE, which requires the `import` keyword.

532
MCQhard

A large service provider is migrating its L2VPN services (VPWS and VPLS) to EVPN-based solutions to improve scalability and support multi-homing. During the rollout for a customer using VLAN-based EVPN for a data center interconnect, the operations team notices frequent MAC address flapping and broadcast storms on one of the attachment circuits connected to a PE router. The PE is configured for EVPN-MPLS with ESI multihoming using all-active mode. The customer has two PEs (PE1 and PE2) connected to the same CE via two separate Ethernet links. The MAC table on PE1 shows the same MAC address alternating between the local AC interface and the remote EVPN peers. What is the most likely cause and the correct action to resolve this issue?

A.Implement ESI multihoming with per-flow load balancing to ensure consistent designated forwarder election.
B.Disable split-horizon on the local AC interface to allow MAC learning from the CE directly.
C.Enable selective multicast on the EVPN instance to reduce broadcast traffic.
D.Use MPLS encapsulation instead of VXLAN to avoid MAC address issues.
AnswerA

Proper ESI configuration and DF election prevent duplicate MACs and loops; per-flow load balancing can help but the key is correct ESI.

Why this answer

Option C is correct because in all-active multihoming, split-horizon is required to prevent loops, but if the ESI is misconfigured (e.g., different ESI on each PE), the designated forwarder (DF) election may fail, causing both PEs to forward traffic and create loops, leading to MAC flapping. Implementing ESI multihoming with per-flow load balancing (option C) is not a direct fix; the correct action is to ensure ESI values match and that split-horizon is enabled. However, the options are designed such that option C is the only one that addresses the root cause (incorrect ESI configuration).

Option A (disable split-horizon) would worsen the problem. Option B (enable selective multicast) is for multicast, not MAC flapping. Option D (use MPLS encapsulation instead of VXLAN) does not affect MAC learning loops.

Therefore, the correct answer is C.

533
MCQmedium

A network engineer is troubleshooting slow BGP convergence after a link failure in an MPLS core. Which feature can be enabled on the PE routers to fast-failover traffic upon BGP next-hop unreachability?

A.Route Reflector clustering
B.Bidirectional Forwarding Detection (BFD)
C.Local Preference manipulation
D.BGP Prefix Independent Convergence (PIC)
AnswerD

BGP PIC pre-installs backup paths for fast failover.

Why this answer

BGP Prefix Independent Convergence (PIC) enables fast failover by pre-installing backup paths into the forwarding table, so when a BGP next-hop becomes unreachable, traffic is immediately switched to the backup path without waiting for BGP reconvergence. This is critical in MPLS cores where slow BGP convergence after a link failure can cause prolonged traffic loss.

Exam trap

Cisco often tests the distinction between fast detection (BFD) and fast failover (PIC), so candidates mistakenly choose BFD thinking it alone solves slow convergence, but BFD only detects failure faster—it does not pre-install backup paths.

How to eliminate wrong answers

Option A is wrong because Route Reflector clustering reduces the number of iBGP sessions and improves scalability, but does not provide fast failover upon next-hop unreachability. Option B is wrong because BFD provides fast link failure detection, but it does not pre-install backup forwarding paths; it only speeds up the detection of failure, after which BGP still needs to reconverge. Option C is wrong because Local Preference manipulation influences BGP path selection but does not enable fast failover; it is a policy tool, not a convergence acceleration mechanism.

534
MCQhard

An SP is deploying IS-IS fast convergence using Partial Route Computation (PRC). Under which condition does PRC occur?

A.When the IS-IS metric changes
B.When the system ID changes
C.When a new adjacency is formed
D.When a prefix is added or removed without topology change
AnswerD

PRC handles prefix changes only.

Why this answer

PRC is triggered when a prefix changes but the topology remains unchanged. It recalculates only the affected prefixes, not the entire SPF tree.

535
MCQeasy

In MPLS, which forwarding table is used to determine the outgoing label and interface for a labeled packet?

A.FIB
B.LIB
C.LFIB
D.RIB
AnswerC

Correct. LFIB is used for label switching.

Why this answer

The LFIB (Label Forwarding Information Base) is the MPLS forwarding table that maps incoming labels to outgoing labels and interfaces.

536
MCQmedium

In the context of SR-PCE, which protocol does the PCE use to communicate with the path computation client (PCC) to set up SR-TE policies?

A.NETCONF
B.OSPF
C.PCEP
D.BGP-LS
AnswerC

PCEP is used for path computation requests and responses.

Why this answer

PCEP is the protocol used between PCE and PCC for path computation and setup.

537
Multi-Selectmedium

A service provider is configuring BGP route reflectors to scale iBGP. Which two mechanisms are used to prevent routing loops in a route reflector environment? (Choose two.)

Select 2 answers
A.CLUSTER_LIST
B.ORIGINATOR_ID
C.AS_PATH
D.LOCAL_PREF
E.NEXT_HOP
AnswersA, B

Correct. CLUSTER_LIST contains the cluster-ids and prevents loops.

Why this answer

BGP route reflectors use the CLUSTER_LIST attribute (which includes the cluster-id) and the ORIGINATOR_ID attribute to prevent loops. CLUSTER_LIST lists the cluster-ids that a route has passed through, and ORIGINATOR_ID identifies the originator of the route to prevent it from being reflected back.

538
MCQmedium

In MPLS, which label operation is performed by a Penultimate Hop Popping (PHP) router?

A.Swap the top label with a new label
B.Push a new label onto the stack
C.Pop the top label from the stack
D.Swap and push an additional label
AnswerC

Correct: PHP removes the label.

Why this answer

In PHP, the penultimate router pops the label before forwarding to the egress, reducing the egress router's work.

539
MCQmedium

Which BGP attribute is used to prefer a specific entry point into an AS when multiple ASBRs are advertising the same prefix to a neighboring AS?

A.LOCAL_PREF
B.MED
C.WEIGHT
D.AS_PATH
AnswerB

MED is exchanged between ASes to influence inbound traffic.

Why this answer

MED (Multi-Exit Discriminator) is used to influence the inbound traffic by suggesting the preferred entry point.

540
MCQeasy

Which encapsulation technology is commonly used in service provider networks to separate subscriber traffic in an Ethernet aggregation network?

A.Q-in-Q (802.1ad)
B.VXLAN
C.802.1Q
D.MPLS
AnswerA

Double tagging separates subscriber from service VLAN.

Why this answer

Q-in-Q (802.1ad) is the correct encapsulation technology because it allows service providers to stack an outer service VLAN tag (S-Tag) on top of a customer's inner VLAN tag (C-Tag), effectively separating subscriber traffic in an Ethernet aggregation network. This double-tagging mechanism preserves the customer's VLAN space while enabling the provider to aggregate multiple subscribers over a single physical port, which is essential for Metro Ethernet and DSLAM aggregation scenarios.

Exam trap

Cisco often tests the distinction between 802.1Q (single tagging) and 802.1ad (Q-in-Q) in aggregation networks, where candidates mistakenly choose 802.1Q because they overlook the need to preserve customer VLANs while scaling beyond 4096 VLANs.

How to eliminate wrong answers

Option B (VXLAN) is wrong because it is an overlay encapsulation that uses UDP and a 24-bit VNI to tunnel Layer 2 over Layer 3 networks, typically in data center fabrics, not for simple subscriber separation in an Ethernet aggregation network. Option C (802.1Q) is wrong because it provides only a single VLAN tag (12-bit VID), which cannot separate overlapping customer VLANs in an aggregation environment without exhausting the 4096 VLAN limit. Option D (MPLS) is wrong because it is a label-switching technology used for traffic engineering and VPNs in the core, not a direct encapsulation for separating subscriber traffic at the Ethernet aggregation layer.

541
MCQeasy

A network engineer is using Cisco NSO to create a managed L3VPN service. After deploying the service, the engineer notices that the configuration on the devices is not being updated. What is the most likely cause?

A.The service model is not compiled.
B.The service has not been committed.
C.The device is not in the device list.
D.The sync-from command was not run.
AnswerB

In NSO, commit is required to push the configuration to devices; without it, the configuration remains in the candidate.

Why this answer

In NSO, services are committed to push configuration changes to devices. If the commit is not performed, the changes remain in the candidate database and are not applied. Other options are less likely given the symptom.

542
MCQmedium

In SP automation, which protocol is used by NSO to communicate with network devices for configuration management?

A.RESTCONF
B.SNMP
C.CLI
D.NETCONF
AnswerD

NETCONF is the standard protocol for device configuration in NSO.

Why this answer

NSO uses NETCONF as the southbound protocol to communicate with devices. NETCONF provides transactional configuration operations like edit-config and get-config.

543
MCQeasy

To secure NTP in a service provider network, which feature should be enabled on IOS XR routers to prevent time synchronization with unauthorized NTP servers?

A.NTP authentication with MD5 keys
B.NTP symmetric active mode
C.NTP broadcast client mode
D.NTP access group with read-only community
AnswerA

Authentication verifies the identity of the NTP server.

Why this answer

NTP authentication ensures that the router only synchronizes with trusted servers that have the correct key. Access lists can also limit, but authentication provides cryptographic verification. NTP broadcast mode is less secure; symmetric mode is for peer-to-peer.

544
Multi-Selectmedium

A service provider is designing an OSPF network with multiple areas. Which TWO area types allow external routes (Type 5 LSAs) to be injected into the area? (Choose two.)

Select 2 answers
A.NSSA
B.Standard area
C.Stub area
D.Backbone area (Area 0)
E.Totally stubby area
AnswersB, D

Standard area (non-stub) accepts Type 5 LSAs.

Why this answer

Standard areas and the backbone area (Area 0) allow Type 5 LSAs. Stub, totally stubby, and NSSA do not accept Type 5 LSAs (NSSA converts Type 7 to Type 5 at ABR, but internally uses Type 7).

545
Multi-Selectmedium

Which two statements about MPLS label distribution are correct? (Choose two)

Select 2 answers
A.RSVP-TE allocates labels based on LDP.
B.LDP can establish sessions with non-directly connected neighbors using targeted LDP.
C.LDP uses the BGP next-hop as the label FEC.
D.LDP distributes labels for all IGP routes in the routing table.
E.TDP is the Cisco proprietary version of LDP.
AnswersB, D

Targeted LDP allows LDP sessions between non-adjacent routers.

Why this answer

Option B is correct because LDP can establish sessions with non-directly connected neighbors using targeted LDP, which uses UDP discovery (port 646) and TCP (port 646) to form a session even when the peers are not directly connected at Layer 3. This is defined in RFC 5036 and is commonly used in MPLS VPN inter-AS options and AToM scenarios.

Exam trap

Cisco often tests the distinction between LDP and TDP, and candidates mistakenly think TDP is a version of LDP, but TDP is a separate, obsolete protocol that was replaced by the standards-based LDP.

546
MCQhard

An SP uses NSO with a YANG service model to provision L3VPNs. Which database in NSO stores the configuration and state for all managed devices?

A.Operational database
B.YANG repository
C.NED database
D.Configuration Database (CDB)
AnswerD

CDB is the central database in NSO.

Why this answer

NSO's CDB (Configuration Database) holds the configuration and state of all managed devices, acting as the authoritative data store.

547
MCQeasy

Which label distribution protocol is replaced by segment routing in SR-MPLS deployments?

A.RSVP-TE
B.LDP
C.IGP itself
D.BGP
AnswerB

Correct: SR replaces LDP.

Why this answer

In SR-MPLS deployments, segment routing replaces LDP as the label distribution protocol. LDP traditionally distributes labels for each prefix in the IGP, while segment routing uses the IGP itself to advertise prefix-SIDs and adjacency-SIDs, eliminating the need for a separate label distribution protocol. This simplifies the control plane and removes the dependency on LDP.

Exam trap

Cisco often tests the misconception that segment routing replaces RSVP-TE for traffic engineering, but the question specifically asks about the label distribution protocol replaced by SR-MPLS, which is LDP, not RSVP-TE.

How to eliminate wrong answers

Option A is wrong because RSVP-TE is a traffic engineering protocol that provides explicit path setup and bandwidth reservation, not a general label distribution protocol replaced by segment routing; segment routing can actually replace RSVP-TE for traffic engineering using segment lists, but the question specifically asks about the label distribution protocol replaced by SR-MPLS. Option C is wrong because the IGP itself is not a label distribution protocol; segment routing leverages the IGP to distribute SIDs, but the IGP is not replaced—it is enhanced. Option D is wrong because BGP is used for inter-domain label distribution (e.g., BGP-LU) and is not replaced by segment routing; segment routing can work with BGP for inter-domain scenarios, but BGP remains in use.

548
MCQmedium

A service provider is designing a QoS policy for a business VPN service that carries voice, video, and data. The policy must ensure that voice (EF) is never dropped even during congestion, while video (AF41) and data (AF21) share the remaining bandwidth in a ratio 2:1. Which queuing strategy should be used?

A.Use only LLQ for all three classes.
B.Apply LLQ for voice and CBWFQ for video and data with bandwidth ratio 2:1.
C.Apply CBWFQ with bandwidth percentages to all three classes.
D.Use FIFO queuing with WRED for all classes.
AnswerB

LLQ provides strict priority; CBWFQ allocates bandwidth as needed.

Why this answer

Option B is correct because LLQ provides strict priority queuing for voice (EF), ensuring it is never dropped during congestion, while CBWFQ allows the remaining bandwidth to be shared among video (AF41) and data (AF21) in a 2:1 ratio. LLQ is designed to guarantee low latency for real-time traffic, and CBWFQ enables explicit bandwidth allocation for non-real-time classes. This combination meets the requirement of zero-drop for voice and proportional sharing for video and data.

Exam trap

Cisco often tests the misconception that LLQ can be applied to multiple traffic classes simultaneously without understanding that only one strict priority queue is supported, and that CBWFQ alone cannot guarantee zero-drop for real-time traffic.

How to eliminate wrong answers

Option A is wrong because using LLQ for all three classes would give all traffic strict priority, defeating the purpose of bandwidth sharing and potentially starving video and data during congestion. Option C is wrong because CBWFQ does not provide strict priority queuing; voice (EF) would compete with other classes and could be dropped during congestion, violating the requirement that voice is never dropped. Option D is wrong because FIFO queuing with WRED does not offer any bandwidth guarantees or priority treatment; voice would be subject to the same drop probability as other traffic, and the 2:1 ratio for video and data cannot be enforced.

549
MCQhard

An SP engineer is designing a QoS policy for a customer with three traffic classes: voice (priority), premium data (bandwidth guarantee), and best effort. The total bandwidth is 10 Mbps, with voice limited to 1 Mbps, premium data to 4 Mbps, and best effort to the remaining. Which policy-map configuration correctly uses LLQ and CBWFQ?

A.policy-map QOS class VOICE priority percent 10 class PREMIUM bandwidth percent 40 class class-default shape average 5000
B.policy-map QOS class VOICE bandwidth 1000 class PREMIUM priority 4000 class class-default fair-queue
C.policy-map QOS class VOICE priority 1000 class PREMIUM priority 4000 class class-default fair-queue
D.policy-map QOS class VOICE priority 1000 class PREMIUM bandwidth 4000 class class-default fair-queue
AnswerD

Correct: voice uses priority, premium uses bandwidth, default uses fair-queue.

Why this answer

LLQ is used for voice (priority), CBWFQ for premium data (bandwidth), and default class for best effort.

550
Multi-Selectmedium

Which TWO statements about MPLS label operations are correct? (Choose two.)

Select 2 answers
A.Label operations are performed based on the IP destination address.
B.At the ingress LSR, a label is pushed onto the packet.
C.At the ingress LSR, the label is popped.
D.At the egress LSR, a label is swapped.
E.At an intermediate LSR, a label is swapped.
AnswersB, E

Correct. The ingress adds the label.

Why this answer

At the ingress, a label is pushed; at the egress, the label is popped. Swap occurs at intermediate routers.

551
MCQeasy

In the MQC (Modular QoS CLI) framework, which component is used to match traffic based on DSCP values?

A.Class-map
B.Service-policy
C.Access-list
D.Policy-map
AnswerA

Class-maps define match conditions for traffic classification.

Why this answer

Class-maps define match criteria (e.g., match ip dscp 46) to classify traffic in MQC.

552
Multi-Selectmedium

Which THREE steps are required when configuring MPLS L3VPN on a PE router? (Choose three.)

Select 3 answers
A.Configure BGP on the CE router to advertise routes to PE
B.Create a VRF definition
C.Configure BGP address-family ipv4 vrf to exchange VPN routes
D.Configure route-target import/export using route-map
E.Assign the customer-facing interface to the VRF
AnswersB, C, E

The VRF must be created on the PE.

Why this answer

Creating a VRF definition on the PE router is required to separate customer routing tables and forwarding instances in an MPLS L3VPN. The VRF provides the logical isolation needed to keep each customer's routes and traffic distinct, and it is the foundation for associating interfaces, route targets, and VRF-specific routing processes.

Exam trap

Cisco often tests the distinction between configuring route-target values directly under the VRF versus using a route-map; candidates mistakenly think a route-map is required for RT import/export, but route-maps are only used for advanced filtering or attribute modification, not for setting the RT values themselves.

553
MCQmedium

Which architecture feature of IOS XR ensures that a failure in one routing protocol process does not affect other processes on the same router?

A.Admin plane vs default SDR
B.Commit/rollback configuration model
C.Process separation with each protocol as a separate process
D.CPU and memory allocation per card
AnswerC

Process separation isolates failures.

Why this answer

IOS XR uses a distributed OS with process separation; each protocol runs as a separate process in its own memory space, providing fault isolation.

554
MCQmedium

An engineer is designing an MPLS L3VPN for a customer with multiple sites. The customer requires overlapping IP addresses between sites. Which method allows the provider to support overlapping customer addresses?

A.Implement VPLS instead of L3VPN.
B.Use separate VRF per site with route distinguisher.
C.Use BGP communities to control route distribution.
D.Use the same VRF for all sites with different route targets.
AnswerB

Each VRF has its own routing table, and the RD makes routes globally unique even with overlapping IPs.

Why this answer

B is correct because a separate VRF per site with a unique route distinguisher (RD) allows the provider to maintain isolated routing tables for each customer site. This isolation enables overlapping IP addresses between sites, as each VRF treats its prefixes as unique within the MPLS L3VPN backbone, regardless of address duplication.

Exam trap

Cisco often tests the misconception that route targets alone solve overlapping address issues, but the trap here is that route targets control route propagation, not address uniqueness—only the route distinguisher (RD) within a VRF provides the necessary prefix uniqueness.

How to eliminate wrong answers

Option A is wrong because VPLS is a Layer 2 VPN technology that provides Ethernet multipoint connectivity, not IP routing; it does not inherently support overlapping IP addresses without additional mechanisms like VLAN segmentation. Option C is wrong because BGP communities control route distribution and policy (e.g., filtering or preference), but they do not create separate routing tables or address space isolation required for overlapping IPs. Option D is wrong because using the same VRF for all sites with different route targets would merge routes into a single routing table, causing conflicts with overlapping addresses; route targets control import/export policies, not address uniqueness.

555
MCQmedium

An engineer is configuring SR-MPLS in an IS-IS network. Which IS-IS TLV is used to advertise the Segment Routing Global Block (SRGB) and Node-SID assignments?

A.TLV 135
B.TLV 229
C.TLV 242
D.TLV 22
AnswerC

TLV 242 contains SR-Capabilities and SR-Algorithm.

Why this answer

The IS-IS SR-Capabilities sub-TLV (TLV 242) advertises the SRGB range, while the SR-Algorithm sub-TLV (TLV 242) and Prefix-SID sub-TLV (TLV 135) advertise Node-SIDs.

556
Multi-Selecthard

Which THREE YANG data nodes are part of the Cisco-IOS-XR-qos-ma-cfg module for defining a QoS policy-map? (Choose three.)

Select 3 answers
A.class
B.urn:cisco:params:xml:ns:yang:Cisco-IOS-XR-qos-ma-cfg
C.shape
D.police
E.interface
AnswersA, C, D

Correct: The 'class' node groups match and actions.

Why this answer

Option A is correct because the 'class' YANG data node is defined in the Cisco-IOS-XR-qos-ma-cfg module to specify a traffic class within a QoS policy-map. This node allows you to associate a class-map with the policy, enabling differentiated treatment of traffic based on classification criteria.

Exam trap

Cisco often tests the distinction between YANG data nodes and module metadata (like namespace URIs), tricking candidates into selecting the namespace as a valid data node when it is merely a module identifier.

557
Multi-Selecthard

When implementing RPKI for BGP origin validation, which three states can a route be marked as? (Choose three.)

Select 3 answers
A.Invalid
B.Trusted
C.Not-found
D.Unknown
E.Valid
AnswersA, C, E

Route origin conflicts with a ROA.

Why this answer

RPKI validation results in three states: valid (matches a ROA), invalid (conflicts with a ROA), and not-found (no ROA exists). These states are used to influence BGP decision.

558
MCQeasy

In SR-MPLS, which mechanism replaces LDP for label distribution?

A.RSVP-TE
B.IGP (IS-IS or OSPF) with Segment Routing extensions
C.MPLS-TE
D.BGP-LU
AnswerB

Correct: IGP distributes SIDs.

Why this answer

Segment Routing replaces LDP by using IGP extensions (IS-IS or OSPF) to advertise Prefix-SIDs and Adjacency-SIDs, eliminating the need for a separate label distribution protocol.

559
Multi-Selecthard

Which THREE of the following are key characteristics of Cisco IOS XR operating system?

Select 4 answers
A.Each routing protocol runs as a separate process.
B.Atomic commit and rollback configuration model.
C.Supports non-stop forwarding (NSF) with graceful restart.
D.Monolithic kernel where all processes run in a single memory space.
E.Distributed OS architecture with separate control and data planes.
AnswersA, B, C, E

Process separation enhances stability.

Why this answer

IOS XR is a distributed OS (A), uses commit/rollback (B), and runs each protocol as a separate process (E). It does not have a monolithic kernel (C) and uses modular packages (D is true but not listed; actually IOS XR uses RPM packages, but 'single image' is false).

560
Multi-Selecthard

A service provider is automating QoS policy deployment using Cisco NSO and YANG. During validation, the engineer discovers that the pushed policy is not taking effect. Which three possible causes should be investigated? (Choose three.)

Select 3 answers
A.The device has a feature license missing for QoS
B.The device does not support the YANG model used
C.The policy was applied to a subinterface but the YANG path specifies a main interface
D.The NETCONF transaction was not committed
E.The policy-map name conflicts with an existing one
AnswersB, C, D

If the device lacks the required YANG modules, the configuration push may succeed but the policy may not be effective.

Why this answer

Option B is correct because Cisco NSO uses YANG models to translate service definitions into device-specific CLI or NETCONF operations. If the target device does not support the YANG model referenced in the service package, the NETCONF or CLI operations will fail silently or produce no effect, as the device cannot interpret the configuration intent. This is a common validation failure when using model-driven orchestration with heterogeneous device populations.

Exam trap

Cisco often tests the distinction between a configuration that is accepted by the device (no commit errors) versus one that actually takes effect, trapping candidates who assume a successful commit means the policy is active.

561
MCQmedium

An SP is deploying BGP FlowSpec (RFC 8955) to distribute traffic filtering rules. Which component is responsible for disseminating FlowSpec rules to routers in the network?

A.OSPF
B.MP-BGP
C.PIM
D.LDP
AnswerB

MP-BGP carries FlowSpec NLRI in address family IPv4/IPv6 FlowSpec.

Why this answer

BGP FlowSpec uses a separate BGP address family (AFI 1, SAFI 133) to carry flow specifications. The rules are encoded as BGP NLRIs and distributed via BGP sessions.

562
MCQhard

In Cisco IOS XR architecture, using Secure Domain Routers (SDRs) allows partitioning a physical router into multiple logical routers. Which statement about admin plane and SDRs is correct?

A.The admin plane runs only on route processor cards, while default SDR runs on line cards.
B.The admin plane and default SDR are the same logical entity and share all configuration.
C.The admin plane is a separate SDR that manages hardware resources and system-level functions, while the default SDR handles routing and forwarding.
D.SDRs are only supported on Cisco CRS, not on ASR 9000.
AnswerC

Admin plane is dedicated to system management; default SDR is for data plane and control plane services.

Why this answer

The admin plane is a special SDR used for managing the system (e.g., hardware inventory, shared resources). Default SDR is the primary forwarding SDR, but admin SDR is separate.

563
MCQeasy

A service provider wants to ensure that customer traffic is not impacted during a planned maintenance on a core LSR in an MPLS network. Which MPLS feature should be used?

A.MPLS TE Fast Reroute
B.MPLS TTL propagation
C.MPLS LDP synchronization
D.MPLS OAM
AnswerA

FRR provides sub-50ms protection by pre-computing backup paths.

Why this answer

MPLS TE Fast Reroute (FRR) is the correct feature because it provides local protection against link or node failures by pre-computing backup paths (bypass tunnels) that are activated within 50 milliseconds of a failure. This ensures that customer traffic is not impacted during planned maintenance on a core LSR, as the backup path is already in place and can be triggered by a manual administrative action (e.g., shutting down the interface) to seamlessly redirect traffic before the maintenance begins.

Exam trap

The trap here is that candidates often confuse MPLS TE FRR with MPLS LDP synchronization or MPLS OAM, mistakenly thinking that any 'protection' or 'monitoring' feature can handle planned maintenance, when only FRR provides the sub-50 ms local repair capability required for hitless maintenance.

How to eliminate wrong answers

Option B (MPLS TTL propagation) is wrong because it controls how the TTL field is copied between the IP and MPLS headers for traceroute and hop-count visibility, and it has no role in traffic protection or maintenance scenarios. Option C (MPLS LDP synchronization) is wrong because it ensures that IGP and LDP are synchronized to prevent black-holing during link restoration, but it does not provide fast local protection or pre-computed backup paths for planned maintenance. Option D (MPLS OAM) is wrong because it is a set of tools for fault detection, connectivity verification, and performance monitoring (e.g., LSP ping/traceroute, VCCV), not a mechanism to reroute traffic during maintenance.

564
MCQeasy

A network engineer needs to automate configuration of multiple Cisco routers and wants to use a protocol that supports both datastore operations and selective retrieval of configuration. Which protocol should be used?

A.SNMPv3
B.gRPC
C.NETCONF
D.OpenFlow
E.RESTCONF
AnswerC

NETCONF supports full datastore operations and selective retrieval using XPath filters.

Why this answer

NETCONF (RFC 6241) is the correct choice because it is designed specifically for network configuration management, supporting full datastore operations (e.g., <get-config>, <edit-config>, <copy-config>) and selective retrieval of configuration data using subtree or XPath filtering. This aligns directly with the engineer's requirement for both datastore operations and selective retrieval.

Exam trap

Cisco often tests the distinction between NETCONF and RESTCONF, where candidates may pick RESTCONF because it is simpler or more modern, but the question's emphasis on 'selective retrieval' and 'datastore operations' points to NETCONF's richer filtering and transactional capabilities.

How to eliminate wrong answers

Option A (SNMPv3) is wrong because it is primarily a monitoring and fault-management protocol that uses MIBs and OIDs for data retrieval, not a configuration protocol with native datastore operations or selective configuration retrieval. Option B (gRPC) is wrong because it is a high-performance RPC framework that can stream telemetry but lacks standardized datastore operations and selective configuration retrieval as defined in NETCONF. Option D (OpenFlow) is wrong because it is a southbound protocol for controlling forwarding tables in SDN switches, not for managing device configurations or datastores.

Option E (RESTCONF) is wrong because while it supports datastore operations and selective retrieval via RESTful APIs, it is a lightweight alternative to NETCONF that uses HTTP methods and JSON/YANG, but the question specifically asks for a protocol that supports both datastore operations and selective retrieval—NETCONF is the more mature, full-featured protocol for this purpose, and RESTCONF is not the best answer when NETCONF is listed.

565
Multi-Selectmedium

Which two are requirements for deploying Segment Routing in a service provider network? (Choose two.)

Select 2 answers
A.TE tunnels must be configured
B.IGP supporting segment routing (OSPF or IS-IS)
C.LDP must be enabled
D.All routers must run BGP
E.MPLS forwarding
AnswersB, E

The IGP must support SR extensions.

Why this answer

Segment Routing (SR) relies on an IGP (OSPF or IS-IS) that has been extended to advertise prefix-SIDs and adjacency-SIDs. The IGP extensions (RFC 8665 for IS-IS, RFC 8666 for OSPF) enable routers to compute source-routed paths without a separate signaling protocol. This is a fundamental requirement because SR-MPLS encodes the path as a stack of labels derived directly from the IGP SIDs.

Exam trap

The trap here is that candidates often assume LDP is still required for MPLS forwarding, but SR-MPLS replaces LDP entirely by using IGP-distributed SIDs, so the correct answer requires recognizing that LDP must be disabled, not enabled.

566
MCQeasy

Which Cisco router platform is designed for the aggregation layer and runs IOS XR, supporting both L2 and L3 services at high density?

A.Cisco NCS 5500
B.Cisco CRS
C.Cisco ASR 9000
D.Cisco ISR 4000
AnswerC

ASR 9000 is optimized for the aggregation layer with IOS XR.

Why this answer

The ASR 9000 is a widely used aggregation router with IOS XR and supports L2/L3 services. CRS is core, NCS 5500 is edge/aggregation but more focused on 100GE, and ISR is enterprise.

567
MCQeasy

In MPLS-TE, what is the purpose of the Explicit Route Object (ERO) in the RSVP PATH message?

A.To specify the desired path as a list of nodes or links.
B.To label the path with a tunnel ID.
C.To reserve bandwidth along the path.
D.To record the actual path taken by the LSP.
AnswerA

Correct.

Why this answer

ERO specifies the strict or loose hops that the TE LSP must traverse. It allows the headend to enforce a specific path through the network.

568
MCQhard

An engineer is troubleshooting BGP convergence. The router has multiple paths for a prefix, but it selects a path with a lower local preference over a path with a higher local preference. The higher local preference path is from an EBGP peer. What could cause this?

A.The router is configured with 'bgp deterministic-med'.
B.The path with lower local preference has a higher weight.
C.The path with lower local preference has a higher router ID.
D.The path with lower local preference has a lower MED.
AnswerB

Correct. Weight is checked before local preference.

Why this answer

B is correct because BGP selects the path with the highest weight first, before considering local preference. Weight is a Cisco-proprietary attribute that is local to the router and takes precedence over all other BGP attributes. Therefore, a path with a lower local preference but a higher weight will be preferred over a path with a higher local preference but a lower weight, even if the higher local preference path comes from an EBGP peer.

Exam trap

Cisco often tests the BGP path selection order by presenting a scenario where a lower-priority attribute (like local preference) is overridden by a higher-priority attribute (like weight), and candidates mistakenly assume that local preference is always the deciding factor because it is the first global attribute in the algorithm.

How to eliminate wrong answers

Option A is wrong because 'bgp deterministic-med' ensures that MED is compared only among paths from the same neighboring AS, but it does not override the weight or local preference comparison order; it affects MED handling, not the local preference selection issue described. Option C is wrong because router ID is used as a tie-breaker only after comparing weight, local preference, AS-path length, origin code, and MED; it cannot override a higher local preference unless all higher-priority attributes are equal. Option D is wrong because MED is compared after local preference in the BGP best-path selection algorithm; a lower MED would only matter if local preference were equal, so it cannot cause a path with lower local preference to be selected over one with higher local preference.

569
MCQeasy

A network engineer is designing an MPLS core using Segment Routing. They want to minimize label stack depth while still providing fast convergence using TI-LFA. Which prefix-SID assignment strategy should be used?

A.Assign a node-SID to each loopback interface
B.Use per-interface label mode from SRGB
C.Allocate labels per-VRF on PE routers
D.Advertise prefix-SIDs for all IGP prefixes
AnswerD

Prefix-SIDs enable TI-LFA with minimal label depth.

Why this answer

Option D is correct because advertising prefix-SIDs for all IGP prefixes allows TI-LFA to compute backup paths using any prefix in the network, not just loopbacks. This minimizes label stack depth by enabling TI-LFA to use a single prefix-SID for the repair path, avoiding the need for additional labels or explicit path constructs. Fast convergence is achieved because TI-LFA precomputes a backup next-hop that can be activated immediately upon failure, and having all prefixes as SIDs ensures the backup path can be expressed with minimal label imposition.

Exam trap

Cisco often tests the misconception that node-SIDs (loopbacks) are sufficient for TI-LFA, but the trap is that TI-LFA requires prefix-SIDs for all prefixes to achieve optimal label stack depth and fast convergence, as node-SIDs alone may force deeper stacks or suboptimal backup paths.

How to eliminate wrong answers

Option A is wrong because assigning a node-SID only to loopback interfaces restricts TI-LFA to using only those loopback addresses as repair targets, which may force deeper label stacks or suboptimal backup paths when the failure involves a non-loopback prefix. Option B is wrong because per-interface label mode from SRGB is used for adjacency-SIDs, not for prefix-SIDs, and TI-LFA relies on prefix-SIDs for fast reroute; adjacency-SIDs would increase label stack depth and are not designed for TI-LFA's loop-free alternate computation. Option C is wrong because per-VRF label allocation on PE routers is a BGP/MPLS VPN concept unrelated to Segment Routing prefix-SID assignment and does not affect TI-LFA convergence or label stack depth in the MPLS core.

570
MCQhard

In a VXLAN EVPN deployment, a host sends a broadcast ARP request. Which component in the fabric is responsible for replying on behalf of the target host to reduce flooding?

A.The VTEP that receives the broadcast
B.The spine switch
C.The VTEP that has the target host's MAC address in its local table (ARP suppression)
D.The default gateway (anycast IP)
AnswerC

ARP suppression allows VTEP to proxy-reply.

Why this answer

In VXLAN EVPN, ARP suppression is a feature implemented on the ingress VTEP (the VTEP that receives the broadcast ARP request). The ingress VTEP maintains a local ARP/ND cache populated via EVPN Type-2 routes (MAC/IP advertisement routes). When a broadcast ARP request arrives, the ingress VTEP checks its local cache for the target IP; if found, it replies directly on behalf of the target host, suppressing the broadcast and preventing unnecessary flooding across the fabric.

Option C correctly identifies this VTEP as the component responsible for the reply.

Exam trap

Cisco often tests the misconception that the spine switch or the default gateway handles ARP suppression, when in fact it is the ingress VTEP that performs this function using its locally cached EVPN-learned MAC/IP entries.

How to eliminate wrong answers

Option A is wrong because the VTEP that receives the broadcast is the ingress VTEP, which performs ARP suppression only if it has the target host's MAC address in its local table; it does not automatically reply simply because it received the broadcast. Option B is wrong because spine switches in a VXLAN EVPN fabric operate as pure IP underlay routers (typically running an IGP like OSPF or IS-IS) and do not participate in the overlay control plane or maintain ARP caches for tenant hosts. Option D is wrong because the default gateway (anycast IP) is used for routing traffic between subnets, not for replying to intra-subnet ARP requests; ARP suppression is a function of the VTEP, not the gateway.

571
MCQeasy

Which label operation is performed on a router when an MPLS packet arrives with a top label that matches a local label assigned to a directly connected prefix?

A.No operation, label is ignored
B.Push
C.Pop
D.Swap
AnswerC

Correct operation for directly connected prefix.

Why this answer

If the top label corresponds to a directly connected prefix, the router will pop the label (penultimate hop popping or explicit null) and forward the packet based on the inner header.

572
MCQmedium

An SP is deploying Inter-AS MPLS VPN option B. Which design characteristic is unique to Option B compared to Option A?

A.ASBRs exchange VPNv4 routes directly via MP-EBGP
B.Requires a full mesh of MP-IBGP sessions between all PEs
C.ASBRs maintain separate VRF for each VPN
D.Traffic is forwarded using IP, not MPLS
AnswerA

Option B uses MP-EBGP between ASBRs to exchange VPNv4 routes.

Why this answer

In Option B, ASBRs exchange VPNv4 routes directly via MP-EBGP without requiring a full mesh of MP-IBGP sessions between PEs. This eliminates the need for per-VPN VRF configuration on ASBRs, as they only carry labeled VPNv4 routes and perform label allocation per next-hop, not per VPN.

Exam trap

Cisco often tests the misconception that Option B requires a full mesh of MP-IBGP sessions (like Option A), when in fact it uses MP-EBGP between ASBRs to eliminate that requirement.

How to eliminate wrong answers

Option B is wrong because a full mesh of MP-IBGP sessions between all PEs is a requirement for Option A (Inter-AS MPLS VPN Option A), not Option B; Option B uses MP-EBGP between ASBRs to avoid this full mesh. Option C is wrong because ASBRs in Option B do not maintain separate VRFs for each VPN; they use a single global routing table with VPNv4 prefixes and label forwarding, whereas Option A requires per-VPN VRFs on ASBRs. Option D is wrong because traffic in Option B is forwarded using MPLS labels (not IP) between ASBRs, leveraging label stacking for end-to-end transport; IP forwarding would be used in Option A or in non-MPLS scenarios.

573
Multi-Selecteasy

A network engineer is designing a new MPLS core. Which three of the following are recommended best practices for MPLS LDP configuration? (Choose three.)

Select 3 answers
A.Use explicit null label for BGP prefixes
B.Set the LDP session holdtime to 180 seconds
C.Enable LDP authentication using MD5
D.Enable LDP on all core interfaces
E.Configure label filtering to limit label distribution
AnswersC, D, E

LDP authentication protects against spoofing and is a security best practice.

Why this answer

C is correct because enabling LDP authentication using MD5 protects the LDP session from spoofing and tampering by verifying the integrity of TCP segments exchanged between LDP peers. This is a recommended security best practice in MPLS networks to prevent unauthorized label distribution and route hijacking.

Exam trap

Cisco often tests the distinction between explicit null (label 0) and implicit null (label 3) for BGP prefixes, leading candidates to mistakenly choose explicit null as a best practice when it is actually used only for specific purposes like QoS marking.

574
Multi-Selectmedium

Which TWO QoS mechanisms are used to provide congestion avoidance? (Choose two.)

Select 2 answers
A.Policing
B.RED
C.CBWFQ
D.LLQ
E.WRED
AnswersB, E

RED (Random Early Detection) is a congestion avoidance mechanism.

Why this answer

RED (Random Early Detection) and WRED (Weighted Random Early Detection) are congestion avoidance mechanisms that proactively drop packets before a queue becomes full, signaling TCP senders to reduce their transmission rate. Unlike congestion management tools (like CBWFQ or LLQ) that queue packets during congestion, RED/WRED monitor average queue depth and drop packets probabilistically to prevent tail drops and global TCP synchronization.

Exam trap

Cisco often tests the distinction between congestion management (queuing/scheduling) and congestion avoidance (active queue management), so the trap here is that candidates confuse mechanisms like CBWFQ or LLQ (which manage congestion after it occurs) with RED/WRED (which avoid congestion by dropping packets early).

575
MCQhard

In SRv6 micro-SID (uSID) compression, which part of the SID is used to carry a compressed instruction set, enabling efficient forwarding with a shorter SID list?

A.Block
B.Function
C.Locator
D.Argument
AnswerB

The function part encodes the behavior in compressed form.

Why this answer

The micro-SID block consists of a locator followed by compressed function and argument, reducing the SID list size.

576
MCQhard

In a Carrier Supporting Carrier (CSC) architecture, which condition is necessary for the customer carrier's BGP routes to be carried over the provider carrier's MPLS backbone?

A.The BGP next-hop on the customer carrier's routes must be reachable via IGP in the provider carrier.
B.The provider carrier's VRF must have the route-target matching the customer carrier's.
C.The provider carrier must be in the same AS as the customer carrier.
D.The customer carrier must use LDP for label distribution.
AnswerA

For the provider carrier to switch MPLS packets, the BGP next-hop must be reachable via the IGP and have a label binding.

Why this answer

In a Carrier Supporting Carrier (CSC) architecture, the provider carrier's MPLS backbone must be able to forward packets toward the BGP next-hop of the customer carrier's routes. For this to happen, the BGP next-hop (typically a loopback interface on the customer carrier's PE router) must be reachable via an IGP (e.g., OSPF or IS-IS) running within the provider carrier's core. Without IGP reachability to that next-hop, the provider carrier's P routers cannot perform MPLS label switching to deliver traffic to the customer carrier's egress router, breaking end-to-end connectivity.

Exam trap

Cisco often tests the misconception that route-target matching (Option B) is required for CSC, when in fact the critical requirement is IGP reachability to the BGP next-hop, not VRF route-target alignment.

How to eliminate wrong answers

Option B is wrong because route-target matching is used in MPLS Layer 3 VPNs to control route import/export between VRFs, but in CSC the customer carrier's BGP routes are carried as VPNv4 routes across the provider carrier's backbone; the provider carrier does not need its VRF to match the customer carrier's route-target — instead, the provider carrier uses its own VRF to import/export routes based on configured policies. Option C is wrong because the provider carrier and customer carrier can be in different autonomous systems; CSC explicitly supports inter-AS scenarios where the customer carrier operates its own AS and runs eBGP with the provider carrier. Option D is wrong because LDP is used for label distribution within the provider carrier's MPLS core, but the customer carrier can use any label distribution protocol (e.g., LDP, RSVP-TE, or even BGP-labeled unicast) — LDP is not a mandatory condition for the customer carrier's BGP routes to be carried over the provider carrier's backbone.

577
MCQhard

In an MPLS L3VPN network, a customer has overlapping IP addresses between two VPNs. The provider edge routers are configured with VRF instances. Which method ensures that traffic from one VPN does not leak into the other when using MPLS labels?

A.Assign different MPLS label ranges to each VRF.
B.Apply BGP community strings to filter routes.
C.Use distinct route targets for import and export per VRF.
D.Configure different route distinguishers for each VPN.
AnswerC

RTs control which routes are imported into a VRF, preventing leakage.

Why this answer

Route targets (RTs) control the import and export of VPNv4 routes between VRFs on a PE router. By assigning distinct import and export RTs per VRF, the PE ensures that routes from one VPN are not installed into the routing table of another VPN, even if the customer uses overlapping IP addresses. MPLS labels are allocated per VRF forwarding instance, but the isolation is enforced by the RT-based filtering of BGP VPNv4 routes, not by label ranges or route distinguishers alone.

Exam trap

Cisco often tests the misconception that route distinguishers (RDs) alone provide VPN isolation, but RDs only ensure IP uniqueness in the BGP table, while route targets (RTs) are the actual mechanism for controlling route import/export between VRFs.

How to eliminate wrong answers

Option A is wrong because MPLS label ranges are allocated per forwarding equivalence class (FEC) or per platform, not per VRF; different label ranges do not prevent route leakage since labels are only locally significant and do not filter route distribution. Option B is wrong because BGP community strings are used for route policy and attribute manipulation, but they do not provide the mandatory import/export filtering mechanism that RTs enforce; communities are optional and can be overridden. Option D is wrong because route distinguishers (RDs) make IPv4 prefixes unique across VPNs, but they do not control route import/export; two VRFs with different RDs can still leak routes if they share the same RTs.

578
MCQmedium

Which BGP extended community is used to signal the OSPF domain ID between PE routers in an MPLS L3VPN when OSPF is the PE-CE protocol?

A.Site of Origin
B.OSPF Domain ID
C.OSPF Route Type
D.Route Target
AnswerB

This community specifically carries the OSPF domain ID.

Why this answer

In an MPLS L3VPN where OSPF is the PE-CE protocol, the OSPF Domain ID extended community is used to signal the OSPF domain identifier between PE routers. This allows the receiving PE to determine whether the OSPF route originated from the same OSPF domain (and thus should be redistributed as an intra-area or inter-area route) or from a different domain (requiring a Type 5 LSA). The OSPF Domain ID is carried as a BGP extended community (type 0x0005 or 0x8005) and is critical for maintaining OSPF route type semantics across the MPLS backbone.

Exam trap

Cisco often tests the confusion between the OSPF Domain ID and the OSPF Route Type extended communities, where candidates mistakenly think the Route Type carries the domain information, but in reality the Route Type only encodes the OSPF path type and metric, while the Domain ID identifies the originating OSPF domain.

How to eliminate wrong answers

Option A is wrong because the Site of Origin (SoO) extended community is used to prevent routing loops in MPLS L3VPN environments, not to signal the OSPF domain ID. Option C is wrong because the OSPF Route Type extended community carries the OSPF route type (e.g., intra-area, inter-area, external) and the metric type, but it does not convey the domain identifier. Option D is wrong because the Route Target extended community controls VPN route import/export between VRF instances and has no role in signaling OSPF domain identity.

579
MCQmedium

Refer to the exhibit. An engineer is troubleshooting packet loss in the MPLS core. For prefix 10.3.3.0/24, the outgoing label is 'Untagged'. What does this indicate?

A.The packet will have an implicit null label (label 3) imposed
B.The prefix is not reachable and packets will be dropped
C.The outgoing label is the same as the local label (label 18)
D.No MPLS label is being imposed on outgoing packets for this prefix
AnswerD

Untagged means no label.

Why this answer

When the outgoing label for a prefix in the MPLS forwarding table shows 'Untagged', it means that for packets destined to that prefix, no MPLS label is imposed. The router will forward the packet as a standard IP packet (without an MPLS header) out the egress interface. This typically occurs when the next-hop router has signaled an implicit null label (label 3) via LDP, instructing the upstream router to pop the label stack and send the packet as IP.

Exam trap

Cisco often tests the distinction between 'Untagged' (meaning no label is imposed, typically due to PHP with implicit null) and 'Pop' (which explicitly indicates the label is removed), leading candidates to confuse the two or incorrectly associate 'Untagged' with unreachability.

How to eliminate wrong answers

Option A is wrong because an implicit null label (label 3) causes the upstream router to pop the top label and forward the packet without any label, not to impose label 3. Option B is wrong because 'Untagged' does not indicate unreachability; the prefix is reachable and packets are forwarded as IP. Option C is wrong because the outgoing label being the same as the local label (label 18) would be described as 'Pop' or 'Implicit Null', not 'Untagged'.

580
MCQhard

An SP is deploying 6VPE (IPv6 L3VPN). Which BGP extensions are used to carry IPv6 VPN prefixes?

A.AFI=1 (IPv4), SAFI=128 with IPv6 next-hop.
B.AFI=2, SAFI=1 (unicast) with MPLS labels.
C.AFI=2 (IPv6), SAFI=128 with IPv4 next-hop encoded as IPv6-mapped.
D.AFI=1, SAFI=128 with IPv6 VPN prefixes.
AnswerC

Correct. 6VPE uses AFI=2, SAFI=128, and the next-hop is an IPv4 address mapped to IPv6.

Why this answer

6VPE uses MP-BGP with the IPv6 VPN AFI (AFI=2) and SAFI=128 (MPLS-labeled VPN). The next-hop is an IPv4 address (the PE's loopback) encoded as a mapped IPv6 address, but the VPNv6 address family carries the prefixes.

581
MCQmedium

A service provider is deploying EVPN-MPLS for L2VPN services. The customer requires that MAC addresses learned from one PE are not advertised to other PEs unless they are active. Which EVPN route type is used for MAC address withdrawal?

A.Route Type 5: IP Prefix
B.Route Type 1: Ethernet Auto-Discovery (A-D)
C.Route Type 2: MAC/IP Advertisement
D.Route Type 3: Inclusive Multicast Ethernet Tag
AnswerC

MAC addresses are advertised in Type 2 routes; withdrawal is done by withdrawing the route.

Why this answer

Option C is correct because EVPN Route Type 2 (MAC/IP Advertisement) carries both MAC addresses and their associated IP addresses, and it supports a 'sticky' or 'withdraw' mechanism via the BGP Withdraw message. When a MAC address becomes inactive on a PE, the PE sends a BGP Withdraw for the specific Route Type 2 route, effectively removing that MAC from the control plane of other PEs. This ensures that only active MAC addresses are advertised, meeting the customer requirement.

Exam trap

Cisco often tests the distinction between Route Type 2 for individual MAC withdrawal and Route Type 1 for mass Ethernet segment withdrawal, leading candidates to confuse the two when the question specifies 'MAC addresses learned from one PE' rather than a segment-level failure.

How to eliminate wrong answers

Option A is wrong because Route Type 5 (IP Prefix) is used for inter-subnet forwarding (EVPN-VPN) to advertise IP prefixes, not for MAC address withdrawal. Option B is wrong because Route Type 1 (Ethernet Auto-Discovery) is used for mass withdrawal of all MAC addresses associated with an Ethernet segment (e.g., during link failure) or for aliasing/backup paths, not for individual MAC address withdrawal. Option D is wrong because Route Type 3 (Inclusive Multicast Ethernet Tag) is used to advertise multicast tunnel endpoints for BUM traffic, not for MAC address withdrawal.

582
MCQhard

A network operator is deploying Segment Routing with TI-LFA across an OSPF network. After configuring OSPF with 'segment-routing mpls' and 'fast-reroute per-prefix', they notice that backup paths are not being installed for some prefixes. 'Show ip ospf segment-routing protected' shows 'No FRR backup' for those prefixes. What is a possible reason?

A.LDP label distribution is still active
B.The prefix-SID index is not globally unique
C.OSPF does not support TI-LFA for per-prefix prefixes
D.Adjacency-SIDs are not configured on neighboring routers
AnswerD

TI-LFA uses adjacency-SIDs to create the repair path.

Why this answer

Option D is correct because TI-LFA (Topology Independent Loop-Free Alternate) for per-prefix fast-reroute in OSPF requires that adjacency-SIDs be configured on neighboring routers. Without adjacency-SIDs, OSPF cannot compute the necessary repair paths to provide backup protection, resulting in 'No FRR backup' for those prefixes.

Exam trap

Cisco often tests the misconception that TI-LFA works automatically with just 'fast-reroute per-prefix', when in fact adjacency-SIDs are a prerequisite for the repair path computation in OSPF.

How to eliminate wrong answers

Option A is wrong because LDP label distribution being active does not prevent OSPF from installing TI-LFA backup paths; OSPF Segment Routing and LDP can coexist, and the issue is specifically about SR-TI-LFA operation. Option B is wrong because a non-globally unique prefix-SID index would cause label conflicts or forwarding issues, but it would not prevent the installation of backup paths via TI-LFA; the 'No FRR backup' output indicates a failure in repair path computation, not a label allocation problem. Option C is wrong because OSPF does support TI-LFA for per-prefix prefixes when properly configured with adjacency-SIDs; the statement that OSPF does not support it is incorrect.

583
MCQmedium

A service provider is deploying MPLS L3VPN and wants to ensure that routes from a specific customer VRF are only advertised to a specific remote PE. Which mechanism should be used?

A.Applying a route-map to the VRF export statement
B.Configuring a separate VPNv4 address-family for that PE
C.Using a unique route-distinguisher per VRF
D.Setting the next-hop-self on the PE
AnswerA

Correct. A route-map on export can filter routes before they are advertised to other PEs via VPNv4.

Why this answer

A route-map applied to the VRF export statement allows granular control over which routes are advertised to specific BGP VPNv4 neighbors. By matching on route targets or other attributes, the route-map can filter outbound routes per neighbor, ensuring that routes from a specific customer VRF are only sent to a designated remote PE.

Exam trap

Cisco often tests the misconception that route-distinguishers or next-hop-self control route advertisement scope, when in fact they serve entirely different purposes (prefix uniqueness and next-hop resolution, respectively).

How to eliminate wrong answers

Option B is wrong because configuring a separate VPNv4 address-family for that PE does not inherently restrict which VRF routes are advertised; it merely creates a separate BGP session, but without additional filtering, all VPNv4 routes would still be exchanged. Option C is wrong because a unique route-distinguisher per VRF is used to make IPv4 prefixes unique across VRFs, not to control advertisement scope; it does not filter which routes are sent to specific PEs. Option D is wrong because setting next-hop-self on the PE changes the next-hop IP address in BGP updates but does not limit which routes are advertised to a particular remote PE.

584
MCQmedium

Which BGP attribute is used to influence inbound traffic to an AS by advertising a preferred path to a neighbor AS?

A.WEIGHT
B.LOCAL_PREF
C.MED
D.AS_PATH
AnswerC

MED is used to influence inbound traffic from a neighbor AS.

Why this answer

MED (Multi-Exit Discriminator) is sent to a neighboring AS to suggest the best entry point into the local AS. Lower MED is preferred.

585
MCQeasy

A service provider is migrating from a legacy MPLS network using LDP to Segment Routing (SR-MPLS). They have enabled SR on all routers and are using IS-IS. The migration plan is to keep LDP running alongside SR during the transition. After enabling SR, some traffic is being forwarded using the SR path, but the network operator notices that some CEs in an L2VPN are experiencing packet loss during failover scenarios. Troubleshooting shows that the primary pseudowire is using SR labels, but the backup pseudowire is still using LDP labels. The backup path is not working correctly. What is the most likely cause?

A.The backup path uses a different IGP metric
B.The backup pseudowire is still using LDP labels and the LDP session for the backup path is down
C.The MTU on the backup path is smaller than on the primary
D.The prefix-SID for the remote PE is missing in the SR-TE database
AnswerB

If LDP sessions are down for the backup path, the backup pseudowire cannot use SR labels, leading to packet loss.

Why this answer

During coexistence of LDP and SR, there might be a mismatch in label switching. The backup pseudowire might be using LDP labels that are not consistent with the SR forwarding plane. The most likely cause is that the backup path is not properly programmed to use SR labels, or the LDP session for the backup path is down.

The correct action is to ensure that the pseudowire's backup signaling is using the same transport mechanisms as the primary, or to disable LDP gradually.

586
MCQhard

A service provider is experiencing intermittent multicast issues in their core network. They use PIM-SM with a static RP at 10.1.1.1. The multicast traffic originates from a source connected to PE1 and is received by customers connected to PE2. Recently, after a firewall upgrade between the PE routers and the core, some multicast streams stopped working, while others continue. The network team notices that 'show ip mroute' on PE2 shows the (*, G) entry but not the (S, G) entry for the affected groups. The RP is reachable via OSPF. The firewall logs show no dropped packets for known multicast addresses. Which action should the engineer take to restore full multicast forwarding?

A.Increase the PIM register suppression interval on the source's first-hop router
B.Configure a static RP at the customer site (PE2) to bypass the firewall for registration traffic
C.Change the multicast mode from PIM-SM to PIM-DM on all interfaces
D.Enable Auto-RP on the network to dynamically learn the RP
AnswerB

A static RP on PE2 ensures that the source's registration reaches the RP even if the firewall blocks unicast PIM register messages. This allows the (S,G) to be formed.

Why this answer

Option B is correct. The firewall upgrade likely blocked PIM register messages from PE1 to the RP, preventing the RP from learning about the source. By configuring a static RP on the customer-facing interface or using a different RP that can receive registration, the (S,G) state can be built.

Option A is wrong because PIM-SM is correct for sparse-mode groups. Option C is wrong because adjusting timers would not fix the absence of (S,G). Option D is wrong because Auto-RP would add complexity and might be blocked by the firewall as well.

587
MCQeasy

A service provider is implementing QoS for voice traffic using the DiffServ model. Which DSCP value should be assigned to voice packets to ensure the highest priority treatment?

A.DSCP 26
B.DSCP 46
C.DSCP 34
D.DSCP 0
AnswerB

Correct; DSCP 46 (EF) is used for voice.

Why this answer

DSCP 46 (binary 101110) corresponds to the Per-Hop Behavior (PHB) of Expedited Forwarding (EF), which is defined in RFC 3246 for low-loss, low-latency, and low-jitter treatment. Voice traffic requires the highest priority in a DiffServ domain, and EF (DSCP 46) is the standard marking for voice bearer packets to ensure they receive strict priority queuing.

Exam trap

Cisco often tests the distinction between voice bearer (DSCP 46/EF) and voice signaling (DSCP 26/AF31), so the trap here is that candidates may confuse DSCP 26 (signaling) with the highest priority for voice payloads.

How to eliminate wrong answers

Option A (DSCP 26) is wrong because DSCP 26 (binary 011010) corresponds to Assured Forwarding (AF31), which is used for data traffic requiring a guaranteed bandwidth but not the strict priority needed for real-time voice. Option C (DSCP 34) is wrong because DSCP 34 (binary 100010) corresponds to AF41, which is a high-priority data class but still not the Expedited Forwarding PHB required for voice. Option D (DSCP 0) is wrong because DSCP 0 is the default Best Effort (BE) PHB, which provides no priority treatment and would cause voice packets to be dropped or delayed under congestion.

588
MCQhard

A service provider deploys BGP route reflectors in the core. Which mechanism prevents routing loops within the route reflector cluster?

A.Next-hop-self command
B.Originator-id attribute
C.Cluster-list attribute and cluster-id
D.AS_PATH loop detection
AnswerB

Originator-id identifies the originator; if a router receives its own originator-id, it discards the route.

Why this answer

The originator-id attribute is set by the route reflector to the router-id of the originating router, preventing loops by checking if the originator-id matches the local router-id.

589
MCQhard

A service provider operates a large MPLS VPN network using OSPF as the IGP and LDP for label distribution. The PE routers (PE1, PE2, PE3) are connected to a core of P routers. Recently, a new link was added between P2 and P3. After the link came up, the engineering team noticed that several VPN routes that were previously reachable via PE2 are now being blackholed when traffic is sent from PE1 to those prefixes. The teams verify that the VPNv4 routes are present in the BGP table on PE1 with valid next-hops, but traffic fails. The traceroute from PE1 to the CE behind PE2 stops at P2. The show mpls forwarding-table on P2 shows the correct label for the VPN prefix, but the outgoing interface is null. Which action should the engineer take to resolve the issue without causing additional disruption?

A.Clear LDP neighbor sessions on P2 to re-initiate label exchange.
B.Add a static route on P2 for the BGP next-hop pointing to Null0.
C.Shut down the new link between P2 and P3.
D.Clear BGP sessions on PE1 to force re-advertisement of VPN routes.
AnswerA

Correct. This forces LDP to re-establish and exchange labels, likely resolving the missing label.

Why this answer

The issue is that P2 has a label for the VPN prefix but a null outgoing interface, indicating an LDP label mapping problem. Clearing LDP neighbor sessions on P2 forces re-establishment of LDP sessions and re-exchange of label bindings, which should resolve the missing or incorrect label mapping for the BGP next-hop without disrupting other services.

Exam trap

Cisco often tests the misconception that clearing BGP sessions (Option D) fixes MPLS forwarding issues, but the real problem is at the LDP label distribution layer, not the BGP VPN route advertisement.

How to eliminate wrong answers

Option B is wrong because adding a static route to Null0 for the BGP next-hop would blackhole all traffic to that next-hop, worsening the issue. Option C is wrong because shutting down the new link between P2 and P3 is a disruptive workaround that does not address the root cause (LDP label inconsistency) and may cause routing loops or suboptimal paths. Option D is wrong because clearing BGP sessions on PE1 would only re-advertise VPN routes but does not fix the underlying MPLS label forwarding issue on P2; the VPNv4 routes are already present with valid next-hops in BGP.

590
MCQmedium

An SP is designing a QoS policy for a customer VPN that carries voice, video conferencing, and bulk data. The voice traffic requires low latency, video conferencing requires assured bandwidth, and bulk data should use any remaining bandwidth. Which queuing strategy should be applied on the PE-CE link?

A.LLQ with CBWFQ
B.Policing with drop probability
C.FIFO with WRED
D.CBWFQ only
AnswerA

LLQ provides strict priority for voice, and CBWFQ allows bandwidth guarantees for video and bulk data.

Why this answer

LLQ provides a strict priority queue for voice (low latency) and CBWFQ for other classes with bandwidth guarantees. Video conferencing can be assigned to a class with a bandwidth percent, and bulk data to the default class with fair queuing.

591
MCQhard

A network engineer is automating BGP configuration using the Cisco IOS-XE YANG model. They want to enable the 'always-compare-med' feature under BGP. Which XPath expression correctly targets this leaf?

A./bgp/global/always-compare-med
B./native/router/bgp/scope/global/always-compare-med
C./native/router/bgp/always-compare-med
D./router/bgp/global/always-compare-med
AnswerB

Correct path according to Cisco IOS-XE YANG model.

Why this answer

Option B is correct because the Cisco IOS-XE native YANG model (urn:cisco:params:xml:ns:yang:cisco-native) structures BGP configuration under /native/router/bgp/scope/global/always-compare-med. The 'scope' container is required to differentiate between global and VRF-specific BGP settings, and 'always-compare-med' is a leaf within the global scope. This path accurately reflects the hierarchical model used by Cisco for BGP automation.

Exam trap

Cisco often tests the exact hierarchical path in the native YANG model, and the trap here is that candidates assume a simplified path like /bgp/global/always-compare-med or forget the mandatory 'scope' container, leading them to choose an incomplete or incorrect XPath expression.

How to eliminate wrong answers

Option A is wrong because /bgp/global/always-compare-med does not match the Cisco IOS-XE native YANG model; the root must be /native/router/bgp and the 'scope' container is mandatory. Option C is wrong because /native/router/bgp/always-compare-med omits the 'scope/global' container, which is required to correctly target the global BGP configuration leaf. Option D is wrong because /router/bgp/global/always-compare-med lacks the /native root and the 'scope' container, and does not follow the Cisco native YANG model structure.

592
MCQhard

In Segment Routing for MPLS (SR-MPLS), which TLV is used in IS-IS to advertise the Node SID?

A.TLV 232
B.TLV 135
C.TLV 22
D.TLV 149
AnswerD

Correct: TLV 149 is SR-MPLS SID/Label Binding.

Why this answer

IS-IS uses the SR-Capabilities sub-TLV and the SR-Algorithm sub-TLV, but the Node SID is advertised in the SR-MPLS SID/Label Binding TLV (TLV 149) with a sub-TLV. The exact TLV is 149 for SR-MPLS.

593
MCQhard

A service provider wants to provide IPv6 connectivity over an existing MPLS IPv4 core using BGP extensions. Which technology should be used?

A.6PE
B.NAT64
C.Dual-stack
D.6VPE
AnswerA

6PE uses BGP to carry IPv6 over MPLS with IPv4 next-hop.

Why this answer

6PE (IPv6 Provider Edge) uses BGP to carry IPv6 prefixes with an IPv4 next-hop over an MPLS core, avoiding the need for IPv6 in the core.

594
MCQhard

An MPLS network is experiencing micro-loops during convergence after a link failure. The network uses LDP and IS-IS as IGP. Which of the following solutions can prevent micro-loops during IGP convergence without requiring additional protocols?

A.Implement MPLS-TE FRR using bypass tunnels.
B.Enable BGP PIC (Prefix Independent Convergence).
C.Configure LFA (Loop-Free Alternate) on the IGP.
D.Deploy RSVP-TE with fast-reroute.
AnswerC

LFA computes backup paths that avoid loops during convergence.

Why this answer

Option C is correct because LFA (Loop-Free Alternate) is a feature built directly into IGPs like IS-IS and OSPF that precomputes a backup next-hop that does not loop back to the failed link. This prevents micro-loops during IGP convergence without requiring any additional protocols such as RSVP-TE or BGP, making it a lightweight, protocol-integrated solution.

Exam trap

Cisco often tests the distinction between IGP-integrated solutions (LFA) and overlay protocols (RSVP-TE, BGP), so the trap here is assuming that any fast-reroute mechanism requires an additional protocol like RSVP-TE, when LFA is a native IGP feature.

How to eliminate wrong answers

Option A is wrong because MPLS-TE FRR using bypass tunnels requires RSVP-TE, an additional protocol beyond the IGP, and is designed for link/node protection in MPLS-TE, not specifically for preventing micro-loops during IGP convergence. Option B is wrong because BGP PIC (Prefix Independent Convergence) is a BGP feature that improves convergence for BGP routes, not for IGP routes, and does not address micro-loops caused by IGP convergence. Option D is wrong because RSVP-TE with fast-reroute also requires RSVP-TE as an additional protocol and is focused on MPLS-TE tunnel protection, not on preventing micro-loops during IGP convergence.

595
MCQeasy

Which OSPF network type elects a Designated Router (DR) and Backup Designated Router (BDR) to reduce the number of adjacencies on a multi-access segment?

A.Point-to-point
B.Loopback
C.Point-to-multipoint
D.Broadcast
AnswerD

Broadcast elects DR and BDR.

Why this answer

Broadcast network type uses DR/BDR election. Point-to-point and NBMA do not elect DR/BDR (NBMA does elect DR/BDR but is less common).

596
MCQmedium

A service provider is deploying MPLS L2VPN using Virtual Private Wire Service (VPWS). After configuration, the two CEs cannot ping each other. The PE routers show the xconnect interface is up, but no MAC addresses are learned. What is the most likely cause?

A.The MTU on the core links is less than 1500
B.The control word is enabled on one PE but not the other
C.The VC ID mismatch between the two PEs
D.The encapsulation type on the AC is different on the two PEs
AnswerC

VC ID must match for the pseudowire to be established.

Why this answer

In MPLS L2VPN VPWS, the VC ID (Virtual Circuit ID) must match on both PE routers to establish the pseudowire between them. A mismatch prevents the pseudowire from coming up, so even though the local xconnect interface shows as up (because the attachment circuit is operational), no MAC learning can occur because the pseudowire control plane (e.g., LDP or BGP signaled) fails to bind the two endpoints. This directly explains why the CEs cannot ping and no MAC addresses are learned.

Exam trap

Cisco often tests the distinction between local interface status (attachment circuit up) and pseudowire status (VC ID match required), leading candidates to mistakenly focus on MTU or encapsulation issues when the real problem is a control plane mismatch.

How to eliminate wrong answers

Option A is wrong because an MTU less than 1500 on core links would cause fragmentation or drop of large packets, but it would not prevent the pseudowire from being established or MAC learning; the xconnect interface would still show up and MACs could be learned if the control plane is functional. Option B is wrong because the control word is an optional feature for operations like sequencing or fragmentation; a mismatch in its configuration does not prevent pseudowire establishment or MAC learning—it may cause packet corruption or drop, but the pseudowire would still come up and MACs could be learned. Option D is wrong because the encapsulation type on the attachment circuit (e.g., Ethernet, VLAN, PPP) must match the CE-facing configuration, but a mismatch between the two PEs would affect how traffic is encapsulated on the local AC, not the pseudowire signaling or MAC learning across the MPLS core; the pseudowire itself would still be established if VC IDs match.

597
Multi-Selectmedium

A service provider is troubleshooting an L2VPN where a CE is unable to ping the remote CE. The PE-CE interfaces are up, and the pseudowire status shows 'up'. Which two actions should be taken to further isolate the issue? (Choose two.)

Select 2 answers
A.Check the MAC address table on the CE
B.Check the LDP session between PEs
C.Verify the VFI configuration on the PE
D.Verify the VC ID match on both PEs
E.Verify the MTU consistency on the pseudowire
AnswersD, E

Mismatched VC IDs can cause traffic to be dropped despite pseudowire being up.

Why this answer

Option D is correct because the VC ID (Virtual Circuit ID) must match on both PEs for the pseudowire to be established correctly. If the VC IDs are mismatched, the pseudowire status may show as 'up' due to local signaling, but traffic will not be forwarded between the CEs because the pseudowire endpoints are not logically connected. Verifying the VC ID ensures that the L2VPN circuit is properly configured end-to-end.

Exam trap

Cisco often tests the misconception that a pseudowire status of 'up' guarantees end-to-end connectivity, when in fact control-plane up does not ensure data-plane forwarding if parameters like VC ID or MTU are mismatched.

598
MCQmedium

Which OSPF adjacency type requires DR/BDR election on a multi-access network?

A.Non-broadcast
B.Broadcast
C.Point-to-multipoint
D.Point-to-point
AnswerB

Broadcast networks use DR/BDR election.

Why this answer

On broadcast and NBMA networks, OSPF elects a Designated Router (DR) and Backup Designated Router (BDR) to reduce adjacencies.

599
Multi-Selecteasy

Which TWO are characteristics of Segment Routing (SR-MPLS)? (Choose two.)

Select 2 answers
A.It relies on source routing
B.It requires a centralized controller for traffic engineering
C.It forwards packets based on destination IP address at each hop
D.It requires MPLS LDP for label distribution
E.It supports both MPLS and IPv6 data planes
AnswersA, E

SR performs source routing by encoding the path as a segment list.

Why this answer

Option A is correct because Segment Routing (SR-MPLS) is a source routing paradigm where the ingress node encodes a list of segment identifiers (SIDs) into the packet header, specifying the path the packet must take through the network. This eliminates the need for per-hop signaling protocols like LDP or RSVP-TE, as each intermediate node simply forwards based on the top SID.

Exam trap

Cisco often tests the misconception that SR-MPLS requires a centralized controller for traffic engineering, but the distributed IGP-based control plane is fully capable of steering traffic using segment lists without any controller.

600
MCQmedium

A service provider is migrating from LDP to Segment Routing in its MPLS core. The team has enabled IS-IS as the IGP and configured segment routing under the IS-IS process on all core routers. However, after the migration, some LSPs are not being signaled correctly and traffic is blackholing. Which action should be taken to ensure seamless interworking between LDP and SR during the migration?

A.Configure 'segment-routing mpls sr-prefer' under the IS-IS process.
B.Change the IGP to OSPF with segment routing enabled.
C.Remove the 'mpls ldp' configuration from all routers that have SR enabled.
D.Enable 'mpls ldp igp sync' on the IGP interfaces.
AnswerA

This ensures the router prefers SR labels but still allocates LDP labels for backward compatibility.

Why this answer

Option C is correct because during migration, both LDP and SR need to signal the same labels. The 'segment-routing mpls sr-prefer' command tells the router to prefer SR labels but still maintain LDP forwarding entries for fallback. Option A is incorrect because removing LDP globally would cause loss of LDP sessions for routers not yet SR-capable.

Option B is incorrect because 'mpls ldp igp sync' is for LDP-IGP synchronization, not SR-LDP interworking. Option D is incorrect because OSPF is not the IGP in use.

Page 7

Page 8 of 14

Page 9
Cisco SPCOR / CCNP Service Provider Core 350-501 350-501 Questions 526–600 | Page 8/14 | Courseiva