CCNA Sp Automation Qos Questions

61 questions · Sp Automation Qos topic · All types, answers revealed

1
MCQmedium

A network engineer is troubleshooting QoS on a Cisco ASR 1000 router. The router has a service-policy applied on the ingress interface GigabitEthernet0/0/0. The policy uses a class-map to match traffic based on NBAR protocol discovery for 'cisco-jabber'. The goal is to mark the traffic with DSCP AF41. However, when the engineer checks the policy statistics, the class 'jabber' shows zero matches, even though the users are actively using Cisco Jabber. The NBAR protocol discovery is enabled globally and on the interface. The engineer verifies that the NBAR protocol pack is up-to-date. What is the most likely reason for the class-map not matching?

A.The service-policy should be applied on the egress interface instead
B.Cisco Jabber traffic is encrypted, so NBAR cannot identify it
C.The class-map is using 'match access-group' instead of 'match protocol'
D.The NBAR protocol pack is not activated on this interface
AnswerB

NBAR relies on deep packet inspection; encryption hides application signatures.

Why this answer

Cisco Jabber uses encrypted signaling and media (SRTP/TLS), which prevents NBAR from performing deep packet inspection to identify the application. Even with an up-to-date protocol pack, NBAR cannot match encrypted traffic unless decryption is performed elsewhere. Therefore, the class-map matching 'cisco-jabber' via NBAR protocol discovery will show zero matches.

Exam trap

Cisco often tests the limitation that NBAR cannot classify encrypted or obfuscated traffic, leading candidates to incorrectly assume the issue is with policy direction, match method, or protocol pack activation.

How to eliminate wrong answers

Option A is wrong because applying the service-policy on the egress interface would not solve the NBAR identification issue; marking is typically done on ingress to preserve the DSCP value across the network, and egress policies are for queuing/shaping, not for matching encrypted traffic. Option C is wrong because the question states the class-map uses NBAR protocol discovery, not 'match access-group', so this is a misdirection; the issue is encryption, not the match method. Option D is wrong because the engineer verified the NBAR protocol pack is up-to-date and NBAR is enabled globally and on the interface, so the protocol pack is activated; the problem is that encrypted traffic cannot be inspected.

2
MCQmedium

Based on the exhibit, which statement is true about the QoS policy?

A.The class-default will use weighted fair queuing (WFQ).
B.The VIDEO class will be limited to 30% of the total interface bandwidth.
C.The VOICE class is allocated a strict priority queue with a bandwidth limit of 10% of the interface bandwidth.
D.The VIDEO class is guaranteed at least 30% of the total interface bandwidth.
AnswerC

The 'priority percent 10' command provides a strict priority queue with a bandwidth limit of 10%.

Why this answer

The exhibit shows a QoS policy where the VOICE class is configured with the 'priority' command and a bandwidth statement of 10 percent. In Cisco IOS, the 'priority' command under a class map creates a strict priority queue (LLQ), and the bandwidth percentage defines the maximum amount of interface bandwidth that can be used by this queue, ensuring low-latency treatment for voice traffic. Therefore, option C is correct.

Exam trap

Cisco often tests the distinction between 'bandwidth' (which guarantees a minimum bandwidth) and 'bandwidth remaining percent' (which guarantees a percentage of the leftover bandwidth after priority queues), and the trap here is that candidates mistakenly interpret 'bandwidth remaining percent' as a guarantee of total interface bandwidth rather than a share of the remaining bandwidth.

How to eliminate wrong answers

Option A is wrong because the class-default in a policy map that includes a priority queue (LLQ) automatically uses the default queuing mechanism, which is FIFO, not WFQ; WFQ is only used in class-default when no priority queue is configured. Option B is wrong because the VIDEO class is configured with the 'bandwidth remaining percent 30' command, which guarantees a minimum bandwidth share of the remaining bandwidth after the priority queue is serviced, not a hard limit of 30% of the total interface bandwidth. Option D is wrong because the VIDEO class is not guaranteed at least 30% of the total interface bandwidth; the 'bandwidth remaining percent' command only guarantees a percentage of the leftover bandwidth after the priority queue's traffic is served, and it does not provide a minimum guarantee of the total interface bandwidth.

3
MCQmedium

Refer to the exhibit. An engineer applies two service policies to the same subinterface in the outbound direction. Which statement describes the expected behavior?

A.The router automatically nests CHILD-QOS inside SHAKE-1M creating hierarchical QoS.
B.The router compiles a combined policy that merges classifications.
C.Only the SHAKE-1M policy is applied; the CHILD-QOS policy is ignored.
D.Both policies are applied sequentially; traffic is shaped then classified.
AnswerC

Correct: Only one output policy allowed per interface on IOS XR.

Why this answer

When two service policies are applied to the same subinterface in the same direction, the router only honors the first policy applied; the second policy is ignored. In this case, SHAKE-1M was applied first, so CHILD-QOS is not processed. Cisco IOS does not allow multiple service policies in the same direction on a single interface or subinterface, as each direction can have only one active policy-map.

Exam trap

The trap here is that candidates assume multiple service policies can be stacked or merged in the same direction, but Cisco enforces a strict one-policy-per-direction rule, making the second policy silently ignored.

How to eliminate wrong answers

Option A is wrong because hierarchical QoS is created by nesting a child policy inside a parent policy using the 'service-policy' command within a policy-map class, not by applying two separate service policies to the same subinterface. Option B is wrong because the router does not merge or compile classifications from multiple service policies; it simply ignores the second policy. Option D is wrong because both policies are not applied sequentially; only the first policy applied (SHAKE-1M) is active, and the second (CHILD-QOS) is disregarded entirely.

4
MCQhard

An SP uses BGP FlowSpec to mitigate DDoS attacks. They also want to rate-limit the traffic per FlowSpec rule. Which configuration is required to enable policing within a FlowSpec action?

A.Configure MPLS TE bandwidth reservation for the FlowSpec routes.
B.Use policy-based routing (PBR) to set QoS parameters.
C.Apply a QoS policy-map to the interface and match the FlowSpec destination.
D.Include the 'rate-limit' action in the FlowSpec rule using the 'action' clause.
AnswerD

FlowSpec allows rate-limiting directly in the rule definition.

Why this answer

Option D is correct because BGP FlowSpec allows the inclusion of a 'rate-limit' action within the FlowSpec rule's 'action' clause to enforce policing. This action directly applies a traffic rate limit (in bits per second) to the matched flow, enabling DDoS mitigation without requiring external QoS policies or MPLS TE reservations.

Exam trap

Cisco often tests the misconception that FlowSpec actions require external QoS mechanisms (like policy-maps or PBR), when in fact the 'rate-limit' action is a native, built-in FlowSpec action that directly enables policing within the rule.

How to eliminate wrong answers

Option A is wrong because MPLS TE bandwidth reservation is used for traffic engineering and path selection, not for per-flow policing within BGP FlowSpec actions. Option B is wrong because policy-based routing (PBR) operates on routing decisions and cannot be dynamically triggered by FlowSpec rules to apply QoS parameters; FlowSpec uses its own action mechanism. Option C is wrong because applying a QoS policy-map to an interface and matching the FlowSpec destination is an indirect, static approach that does not leverage the dynamic, rule-based policing capabilities of BGP FlowSpec's built-in 'rate-limit' action.

5
MCQeasy

Refer to the exhibit. An engineer checks the policy and notices that the policing is not working as expected—traffic is not being dropped even when exceeding 1 Mbps. What could be the issue?

A.The service-policy is applied inbound, but police should be applied outbound to be effective
B.The police command is missing an exceed-action, so traffic is transmitted instead of dropped
C.The police rate is too high compared to interface speed
D.The shape command is interfering with the police command
AnswerB

Without an explicit exceed-action, Cisco IOS defaults to 'transmit' for conforming and exceeding traffic, meaning no packets are dropped.

Why this answer

Option B is correct because the `police` command in Cisco IOS QoS requires an explicit `exceed-action` to define what happens to traffic that exceeds the committed information rate (CIR). Without specifying an action like `drop`, the default behavior is to transmit the excess traffic, which explains why no packets are being dropped even when the rate exceeds 1 Mbps. The policing logic is still applied, but without an exceed-action, the router simply forwards all traffic, rendering the policer ineffective.

Exam trap

Cisco often tests the default behavior of the `police` command, specifically that without an `exceed-action`, traffic is transmitted rather than dropped, which catches candidates who assume policing always drops excess traffic.

How to eliminate wrong answers

Option A is wrong because policing can be applied inbound or outbound; there is no requirement that police must be applied outbound to be effective. In fact, inbound policing is commonly used to rate-limit traffic before it enters the network. Option C is wrong because the police rate being too high compared to the interface speed would not prevent dropping; it would simply mean that traffic rarely exceeds the policer, but if it does exceed, the missing exceed-action is the root cause.

Option D is wrong because the `shape` command does not inherently interfere with the `police` command; they can coexist, and shaping queues traffic while policing drops or marks it, but the absence of an exceed-action is the direct cause of the issue.

6
MCQmedium

A service provider is deploying QoS on a Cisco ASR 9000 router to support a triple-play service (voice, video, data) over an Ethernet access network. The network engineer must ensure that voice traffic (EF) is prioritized, video traffic (AF41) is treated with low loss, and data traffic (default) gets best-effort service. Additionally, the engineer must implement a hierarchical QoS policy to shape the aggregate subscriber traffic to 100 Mbps on a GigabitEthernet interface, with the following per-class bandwidth allocations: voice 10 Mbps, video 40 Mbps, and data 50 Mbps. During testing, voice packets are being dropped under congestion, and video traffic is experiencing jitter. The current QoS configuration is as follows: policy-map CHILD class VOICE priority level 1 police rate 10 mbps class VIDEO bandwidth remaining ratio 40 class DATA bandwidth remaining ratio 50 ! policy-map PARENT class class-default shape average 100 mbps service-policy CHILD ! Which action should the engineer take to resolve the issues while maintaining the design objectives?

A.Change the video class to 'priority level 2' to give it preferential treatment over data.
B.Remove the police from the voice class and add 'priority level 1' without police; this ensures voice is priority queued without dropping.
C.Add a 'police' to the video class with a CIR of 40 Mbps and 'conform-action transmit exceed-action drop' to protect voice.
D.Change the voice class to use 'bandwidth remaining percent 10' and remove the police.
AnswerB

Priority queuing with no police allows voice packets to be transmitted ahead of other queues, avoiding drops.

Why this answer

Option B is correct because the current configuration uses a police rate of 10 Mbps under the voice priority class, which causes voice packets to be dropped when they exceed that rate, even though priority queuing should guarantee low latency. Removing the police and keeping 'priority level 1' allows voice traffic to be strictly prioritized without a hard rate limit, ensuring no drops for voice while still allowing the parent shaper to enforce the aggregate 100 Mbps. This resolves the voice drops and, by preventing voice from being policed, reduces jitter for video traffic that might otherwise be affected by bursty voice drops.

Exam trap

Cisco often tests the misconception that a police rate on a priority class is necessary to protect other classes, when in fact the parent shaper already limits the aggregate, and the priority queue should be left unpoliced to avoid dropping delay-sensitive voice traffic.

How to eliminate wrong answers

Option A is wrong because changing video to 'priority level 2' would make it a second-level priority queue, which still does not address the root cause of voice drops (the police) and could starve data traffic, violating the design objective of low-loss video (AF41) without priority queuing. Option C is wrong because adding a police to the video class with a CIR of 40 Mbps and exceed-action drop would not protect voice; it would only drop video packets that exceed 40 Mbps, but voice drops are caused by the police on the voice class itself, not by video oversubscription. Option D is wrong because changing voice to 'bandwidth remaining percent 10' removes priority queuing entirely, which would introduce latency and jitter for voice, contradicting the requirement that EF traffic be prioritized with low latency.

7
Multi-Selecteasy

Which TWO conditions cause a router to drop packets when a police action is configured?

Select 2 answers
A.exceed action is drop
B.conform action is drop
C.no bandwidth is reserved
D.violate action is drop
E.queue is full
AnswersA, D

When a packet exceeds the rate, it can be dropped if configured.

Why this answer

When a police action is configured, the router uses a token bucket model to meter traffic. If traffic exceeds the committed information rate (CIR) and burst size, it falls into the 'exceed' or 'violate' category depending on the configured conform and exceed burst parameters. The 'drop' action for exceed or violate conditions explicitly instructs the router to discard those packets, enforcing traffic shaping or policing at the hardware or software level.

Exam trap

Cisco often tests the distinction between 'exceed' and 'violate' actions in policing, where candidates mistakenly think only 'violate' can drop packets, but 'exceed' can also be configured to drop, and both are valid conditions for packet loss.

8
MCQeasy

Refer to the exhibit. An engineer monitors the queue depths on a core interface. Which class is experiencing the most congestion?

A.The interface is not congested because bandwidth is 1 Gbps.
B.Voice class, because it has a taildrop threshold.
C.Both classes equally, because they both have taildropping.
D.Best-effort class, because its average depth is 580.
AnswerD

Correct: Nearly at taildrop threshold of 600, and exceeded max.

Why this answer

Option D is correct. Best-effort queue has average depth 580 near its taildrop threshold of 600, and max depth 650 which exceeds the threshold, indicating drops. Voice queue depth is low.

Option A is wrong because voice is under threshold. Option B is wrong because best-effort is near threshold. Option C is wrong because the command already shows the data.

9
MCQmedium

An engineer is using NETCONF to retrieve the operational QoS statistics from a router. The response contains XML data but does not include the queueing statistics. What is the most likely reason?

A.The NETCONF filter did not include the correct YANG path for QoS statistics
B.The user does not have enough privilege level
C.The statistics are only available via SNMP
D.The router is running an older IOS that does not support NETCONF
AnswerA

NETCONF filters are used to select specific data; omitting the path for queueing statistics results in their omission from the response.

Why this answer

NETCONF retrieves data based on YANG models. If the filter does not specify the correct YANG path for QoS queueing statistics, the server will not include that data in the response. The YANG data model for QoS (e.g., Cisco‑IOS‑XE‑qos‑oper.yang) defines specific paths for queueing counters; omitting or mis‑specifying the filter path results in an incomplete reply.

Exam trap

Cisco often tests the misconception that a successful NETCONF reply means all requested data is present, when in reality a missing or incorrect YANG path filter silently omits specific subtrees like queueing statistics.

How to eliminate wrong answers

Option B is wrong because insufficient privilege would cause an authentication or authorization error (e.g., rpc‑error with access‑denied), not a successful response missing specific data. Option C is wrong because NETCONF is a standards‑based management protocol (RFC 6241) that can retrieve all operational data, including QoS statistics, if the corresponding YANG model is supported; SNMP is not the exclusive source. Option D is wrong because even older IOS versions that support NETCONF (e.g., IOS‑XE 16.x) include QoS YANG models; the absence of queueing statistics is a filtering issue, not a NETCONF capability issue.

10
MCQmedium

Refer to the exhibit. The policy above is applied on a PE router. The customer complains that voice quality is poor. Based on the exhibit, what is the most likely cause?

A.The police rate for voice is too low for the offered traffic
B.The policy is applied to the wrong direction
C.The class-default is empty
D.The DATA class is not matching any traffic
AnswerA

The offered rate of 100 kbps exceeds the policed rate of 64 kbps, causing significant drops (over 40% of packets dropped), which directly impacts voice quality.

Why this answer

The police rate for voice is too low for the offered traffic. Voice traffic requires a guaranteed bandwidth to maintain low jitter and packet loss; if the policer rate is set below the actual voice flow rate, packets are dropped or marked down, causing poor voice quality. In the exhibit, the voice class has a police rate that is insufficient for the offered load, leading to excessive drops.

Exam trap

Cisco often tests the misconception that applying a policy in the correct direction is sufficient, but the trap here is that the police rate itself must be properly sized for the actual voice traffic load, not just the classification.

How to eliminate wrong answers

Option B is wrong because the policy is applied in the ingress direction on the PE router, which is correct for policing inbound customer traffic before it enters the service provider core; applying it egress would not prevent oversubscription at the edge. Option C is wrong because class-default being empty means no traffic is classified there, but voice and data are matched in other classes, so this does not cause voice quality issues. Option D is wrong because the DATA class not matching traffic would only affect data, not voice; the voice class is matching traffic, so the problem lies in the voice policing rate.

11
MCQhard

A SP wants to automate the deployment of QoS policies on numerous PE routers using NETCONF. Which YANG module is most appropriate for modeling the QoS policy-map configuration?

A.ietf-interfaces
B.Cisco-IOS-XR-qos-ma-cfg
C.Cisco-IOS-XR-ip-tcp-yang
D.ietf-netconf-acm
AnswerB

This YANG module defines QoS policy-map structures.

Why this answer

Option B is correct because the Cisco-IOS-XR-qos-ma-cfg YANG module is specifically designed to model QoS policy-map configurations on Cisco IOS XR platforms. Since the SP is using NETCONF to automate QoS policies on PE routers running IOS XR, this native module provides the exact data model for defining class-maps, policy-maps, and service policies, aligning with the task's requirement.

Exam trap

Cisco often tests the distinction between native YANG modules (like Cisco-IOS-XR-qos-ma-cfg) and standard IETF modules (like ietf-interfaces), where candidates mistakenly choose a generic interface module instead of the specific QoS policy-map module.

How to eliminate wrong answers

Option A is wrong because ietf-interfaces is a standard YANG module for modeling interface configurations (e.g., IP addresses, MTU), not QoS policy-map definitions. Option C is wrong because Cisco-IOS-XR-ip-tcp-yang models TCP parameters (e.g., window scaling, timestamps), not QoS policy-map structures. Option D is wrong because ietf-netconf-acm defines NETCONF Access Control Model (NACM) for restricting NETCONF operations, not for modeling QoS configurations.

12
MCQhard

A service provider uses an MPLS-TE tunnel to carry voice and data traffic. The tunnel is experiencing packet loss during congestion. The engineer wants to ensure that voice traffic receives guaranteed bandwidth and low latency while data traffic uses remaining bandwidth. Which QoS configuration should be applied on the tunnel interface?

A.LLQ with a priority queue for voice and a default class for data
B.CBWFQ with bandwidth allocation for voice and data
C.Policing on voice traffic to limit its rate
D.Shaping on the tunnel to 75% of bandwidth with no queuing
AnswerA

LLQ ensures low latency for voice, and the default class uses remaining bandwidth for data.

Why this answer

Option A is correct because Low Latency Queuing (LLQ) allows you to place voice traffic into a strict priority queue, ensuring guaranteed bandwidth and low latency during congestion, while the default class uses CBWFQ to allocate remaining bandwidth to data traffic. This matches the requirement of prioritizing voice without starving data entirely, as the priority queue is policed to prevent voice from consuming all bandwidth.

Exam trap

Cisco often tests the misconception that CBWFQ alone can provide low latency for voice, but the trap here is that CBWFQ lacks a strict priority queue, so voice traffic will experience delay and jitter, making LLQ the only correct choice for real-time traffic.

How to eliminate wrong answers

Option B is wrong because CBWFQ alone cannot provide the strict low latency required for voice; it allocates bandwidth fairly but does not have a priority queue, so voice would experience jitter and delay during congestion. Option C is wrong because policing on voice traffic limits its rate but does not guarantee low latency or bandwidth; policing drops excess traffic without queuing, which can cause voice packet loss even within the contracted rate. Option D is wrong because shaping to 75% of bandwidth with no queuing only smooths traffic but provides no QoS differentiation; without queuing, both voice and data are treated equally, leading to packet loss for voice during congestion.

13
MCQmedium

An SP's core router experiences excessive packet drops on a congested link. The QoS policy uses CBWFQ with 4 queues. The drops occur only in the queue for a premium business class. Which is the most likely cause?

A.The 'bandwidth remaining' command is missing from the policy-map.
B.The interface is using MLP with interleaving.
C.The queue is using tail-drop without WRED.
D.The premium class is configured with a police action that drops traffic when it exceeds the committed information rate.
AnswerD

Policing drops excess traffic; if the police rate is lower than the guaranteed bandwidth, drops occur.

Why this answer

The premium business class queue is experiencing excessive packet drops because a police action configured with a 'drop' exceed-action is discarding traffic that exceeds the committed information rate (CIR). Unlike congestion management (queuing), policing is a congestion avoidance mechanism that drops packets immediately when the traffic rate surpasses the configured CIR, regardless of the queue depth or available bandwidth. This explains why drops occur only in the premium class queue, as the policer is explicitly dropping excess packets before they even enter the CBWFQ scheduler.

Exam trap

Cisco often tests the distinction between policing (which drops excess traffic regardless of congestion) and queuing (which drops only when buffers are full), leading candidates to mistakenly attribute drops to congestion management mechanisms like tail-drop or WRED when the real cause is a police action configured with a drop exceed-action.

How to eliminate wrong answers

Option A is wrong because the 'bandwidth remaining' command is used to allocate excess bandwidth among queues in a class-based weighted fair queuing (CBWFQ) policy; its absence would not cause drops in a specific queue, but rather affect how unused bandwidth is distributed. Option B is wrong because MLP with interleaving is a technique to reduce serialization delay on multilink interfaces by fragmenting and interleaving small packets; it does not cause packet drops in a specific queue. Option C is wrong because tail-drop without WRED would cause drops when the queue is full, but the drops would occur in any queue that reaches its maximum threshold, not exclusively in the premium class queue; the question states drops occur only in the premium class queue, which points to a policing action rather than a congestion management drop mechanism.

14
MCQhard

Refer to the exhibit. An engineer pushes this XML configuration via NETCONF, but the device rejects it with an error stating 'invalid policy-map structure'. What is the problem?

A.The class name must be defined in a class-map before being referenced in the policy-map
B.The configuration is missing the class-default class
C.The YANG model does not support the 'police' keyword
D.The priority and police commands cannot coexist in the same class
AnswerA

The YANG model requires that class-maps are defined separately. This XML attempts to define a class inline, which is not allowed.

Why this answer

The error 'invalid policy-map structure' occurs because the policy-map references a class name that has not been defined in a class-map beforehand. In Cisco IOS, a class-map must exist before it can be used inside a policy-map; otherwise, the device rejects the configuration as structurally invalid.

Exam trap

Cisco often tests the dependency between class-maps and policy-maps, where candidates mistakenly think the error is about missing class-default or command incompatibility, rather than the fundamental requirement that a class must be defined before it is referenced.

How to eliminate wrong answers

Option B is wrong because the class-default class is automatically created by the system and does not need to be explicitly defined; its absence is not the cause of the error. Option C is wrong because the YANG model for Cisco IOS-XE NETCONF fully supports the 'police' keyword for traffic policing under a policy-map class. Option D is wrong because priority and police can coexist in the same class when used correctly (e.g., priority with police for bandwidth policing), though certain restrictions apply; this is not the cause of the 'invalid policy-map structure' error.

15
MCQeasy

Which congestion avoidance technique drops packets probabilistically before the queue becomes full?

A.FIFO
B.Priority Queuing
C.WRED
D.Custom Queuing
AnswerC

WRED proactively drops packets to avoid congestion.

Why this answer

WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that monitors the average queue depth and, when it exceeds a configured threshold, begins dropping packets probabilistically before the queue becomes completely full. This proactive dropping signals TCP senders to reduce their transmission rates, thereby preventing tail drop and global synchronization.

Exam trap

The trap here is that candidates often confuse congestion avoidance (WRED) with congestion management (queuing algorithms like PQ, CQ, or FIFO), mistakenly thinking that any queuing mechanism that drops packets qualifies as congestion avoidance.

How to eliminate wrong answers

Option A is wrong because FIFO (First-In, First-Out) is a simple queuing method that does not perform any congestion avoidance; it simply transmits packets in the order they arrive and drops packets only when the queue is full (tail drop). Option B is wrong because Priority Queuing (PQ) is a congestion management technique that services high-priority queues first and can starve lower-priority queues, but it does not proactively drop packets based on queue depth. Option D is wrong because Custom Queuing (CQ) is a congestion management technique that allocates a fixed amount of bandwidth to each queue by round-robin servicing, but it does not perform random early detection or probabilistic dropping.

16
MCQeasy

An SP engineer configures a QoS policy on an IOS XR router to re-mark DSCP from AF11 to AF22 for traffic matching a specific ACL. The policy compiles successfully but traffic is not re-marked. What is a likely reason?

A.The ACL cannot match on DSCP values.
B.The ACL is applied to the wrong interface.
C.The interface does not have the 'qos' feature enabled, or the policy-map is not attached.
D.The policy is applied in the output direction; marking can only be done on ingress.
AnswerC

Even with policy-map compiled, without attaching it to the interface, no action occurs.

Why this answer

Option C is correct because on IOS XR routers, QoS policies require explicit feature enablement via the 'qos' command under the interface configuration, and the policy-map must be attached in the correct direction. Without the 'qos' feature enabled, the router will compile the policy but silently ignore it, resulting in no re-marking of DSCP from AF11 to AF22.

Exam trap

Cisco often tests the IOS XR-specific requirement to explicitly enable the 'qos' feature on an interface, which catches candidates accustomed to classic IOS where policy-map attachment alone enables QoS.

How to eliminate wrong answers

Option A is wrong because ACLs on IOS XR can match on DSCP values using the 'ip dscp' keyword within the access-list entries, so this is not a limitation. Option B is wrong because while applying the ACL to the wrong interface could cause traffic to not match, the question states the policy compiles successfully and traffic is not re-marked, implying the ACL is correctly placed but the QoS feature itself is not operational. Option D is wrong because marking can be performed on both ingress and egress directions in IOS XR; the statement that marking can only be done on ingress is incorrect, as egress marking is supported and commonly used.

17
MCQhard

A service provider operates a large MPLS network with hundreds of PE routers. They have deployed QoS policies to ensure real-time traffic (voice and video) receives priority. The policy uses LLQ with a strict priority queue for voice (DSCP EF) and another for video (DSCP AF41). Each priority queue has a policer to prevent starvation of other classes. Recently, a customer reports that their video calls are experiencing jitter and packet loss. The engineer examines the PE router connected to this customer. The interface is GigabitEthernet0/0/1 with the policy applied in the output direction. Show commands indicate that the video priority queue is frequently dropping packets, while the voice queue has no drops. The police for the video queue is set to 10 Mbps. The customer's contract guarantees 20 Mbps for video traffic. However, the actual video traffic is averaging 15 Mbps with bursts to 18 Mbps. The engineer notes that the video class also has a bandwidth command of 10 Mbps under the priority statement. What is the most likely cause of the video packet loss?

A.The bandwidth command under priority is too low; increase it to 20 Mbps.
B.The video queue is using the wrong queue limit; increase the queue limit to accommodate bursts.
C.The video traffic is not being classified correctly; check the class-map match criteria.
D.The police rate for the video queue is too low; increase it to at least 20 Mbps.
AnswerD

The policer drops traffic exceeding 10 Mbps, causing loss for 15-18 Mbps traffic.

Why this answer

The video priority queue is dropping packets because the police rate (10 Mbps) is lower than the actual traffic rate (15 Mbps average, bursts to 18 Mbps). In LLQ, the priority queue uses a policer to enforce a maximum rate; traffic exceeding the police rate is dropped. The bandwidth command under priority only reserves bandwidth for the queue in the absence of congestion or for shaping purposes, but the policer is the active enforcement mechanism that causes drops.

Increasing the police rate to at least 20 Mbps aligns with the customer's guaranteed rate and prevents drops.

Exam trap

Cisco often tests the distinction between the bandwidth command (which reserves bandwidth for CBWFQ) and the policer rate (which enforces a hard limit on priority traffic), leading candidates to mistakenly think increasing bandwidth will solve the drops.

How to eliminate wrong answers

Option A is wrong because the bandwidth command under priority in LLQ does not directly limit the queue's throughput; it is used for CBWFQ bandwidth allocation and does not affect the policer's drop behavior. Option B is wrong because queue limit (tail-drop threshold) is not the cause; the drops are due to the policer exceeding its configured rate, not due to buffer exhaustion. Option C is wrong because the question states the video traffic is classified as DSCP AF41 and is being placed into the correct priority queue (drops are occurring in that queue), so classification is working correctly.

18
Multi-Selecteasy

Which TWO actions are required to implement QoS trust boundaries correctly in a service provider network?

Select 2 answers
A.Configure classification at the edge
B.Enable auto QoS on all interfaces
C.Apply shaping at customer premises
D.Set trust to CoS on access ports
E.Use MPLS EXP bits for core marking
AnswersA, D

Classification marks packets at the edge, defining the trust boundary.

Why this answer

Option A is correct because trust should be set on access ports to accept marking from trusted sources. Option C is correct because classification must be performed at the network edge to enforce policy. Option B is incorrect because auto QoS is not a mandatory requirement.

Option D is incorrect because MPLS EXP bits are used for core marking, not trust boundary. Option E is incorrect because shaping is applied at customer premises, not related to trust boundary.

19
Multi-Selectmedium

Which THREE QoS mechanisms can be used for traffic policing?

Select 3 answers
A.dual-rate three-color
B.token bucket
C.single-rate two-color
D.WRED
E.shaping
AnswersA, B, C

This is another common policing implementation.

Why this answer

Traffic policing uses token bucket mechanisms to measure and enforce traffic rates. Dual-rate three-color (RFC 2698) uses two token buckets (CIR/PIR) to mark packets as green, yellow, or red, allowing separate policing of committed and peak rates. Single-rate two-color (RFC 2697) uses one token bucket to mark packets as either conforming (green) or exceeding (red).

Both are standard policing implementations.

Exam trap

Cisco often tests the distinction between policing and shaping, where candidates mistakenly select shaping as a policing mechanism because both control traffic rates, but shaping buffers while policing drops/re-marks.

20
Multi-Selectmedium

Which TWO statements accurately describe the behavior of the QoS policy shown in the exhibit?

Select 2 answers
A.The policy shapes the total output traffic to 30 Mbps.
B.During congestion, video traffic is allocated 30% of the remaining bandwidth after voice is served.
C.Video traffic is placed in a strict priority queue.
D.The policy polices voice traffic to a maximum of 30% of the interface bandwidth.
E.Voice traffic is guaranteed to be sent before any other traffic.
AnswersB, E

Bandwidth remaining percent allocates a percentage of the available bandwidth after priority queues are serviced.

Why this answer

Option B is correct because the policy uses the 'bandwidth remaining percent' command under the video class, which allocates 30% of the remaining bandwidth after the voice class (which is in a strict priority queue) has been served. This is the standard behavior for class-based weighted fair queuing (CBWFQ) when a priority queue is present: the priority traffic is serviced first, and then the remaining bandwidth is distributed according to the 'bandwidth remaining percent' values assigned to the non-priority classes.

Exam trap

Cisco often tests the distinction between 'bandwidth' (which allocates a guaranteed minimum during congestion) and 'bandwidth remaining percent' (which allocates a percentage of leftover bandwidth after priority queues), and candidates frequently confuse 'police' with 'shape' or misinterpret a fixed police rate as a percentage of interface bandwidth.

21
MCQmedium

A large enterprise recently implemented centralized QoS policies using Cisco DNA Center. The policies are pushed via RESTCONF to the branch routers. After the deployment, the branch office reports that critical business applications (like ERP) are being delayed. The network team verifies that the QoS policy is applied correctly on the WAN interface (Serial0/0/0) with a shape of 10 Mbps. The policy-map has a class for 'critical-data' with bandwidth 5 Mbps and another class for 'transactional-data' with bandwidth 3 Mbps. The remaining traffic is in class-default with fair-queue. The branch router's CPU utilization is normal. The interface output shows that the queue for critical-data is rarely full, but packets are experiencing high latency. The engineer pings from the branch server to the central site and sees 200 ms RTT normally, but up to 500 ms during peak hours. What is the most likely cause of the high latency for critical-data?

A.The shape rate is too low; increase it to match the access link speed (e.g., 20 Mbps).
B.The critical-data class needs a priority command to reduce latency.
C.The queue-limit for critical-data is too high; reduce it to force early drops.
D.The bandwidth command in critical-data should be increased above 5 Mbps.
AnswerA

If shaped to 10 Mbps but the actual link is faster, traffic buffers, increasing latency. Increasing shape rate reduces buffering.

Why this answer

The correct answer is A because the shape rate of 10 Mbps is the bottleneck. Even though the critical-data class has a bandwidth guarantee of 5 Mbps, the overall interface is shaped to 10 Mbps. During peak hours, when the sum of all traffic (critical, transactional, and default) exceeds 10 Mbps, packets are queued at the shaper.

This queueing introduces additional delay (up to 500 ms) for all classes, including critical-data, because the shaper enforces a single token bucket for the entire interface. Increasing the shape rate to match the actual access link speed (e.g., 20 Mbps) would reduce the queuing delay by allowing more traffic to be transmitted immediately.

Exam trap

Cisco often tests the distinction between shaping and policing, and the trap here is that candidates assume the bandwidth command inside a class provides low latency, when in fact a shaper at the interface level introduces queuing delay for all traffic, regardless of class-level guarantees.

How to eliminate wrong answers

Option B is wrong because the priority command is used for low-latency queuing (LLQ) to provide strict priority for voice or video, but the question states that the critical-data queue is rarely full and the issue is overall queuing delay caused by the shaper, not a lack of priority. Option C is wrong because reducing the queue-limit would cause tail drops, which would increase packet loss, not reduce latency; the problem is excessive buffering delay, not a full queue. Option D is wrong because increasing the bandwidth for critical-data would not solve the root cause—the shaper at 10 Mbps is the bottleneck; even with more bandwidth allocation, the shaper still queues all traffic when the aggregate exceeds 10 Mbps, so latency would remain high.

22
Multi-Selectmedium

Which TWO statements about model-driven telemetry compared to SNMP are correct? (Choose two.)

Select 2 answers
A.Model-driven telemetry uses UDP for transport by default.
B.Model-driven telemetry can stream data at sub-second intervals.
C.Model-driven telemetry uses a push model while SNMP primarily uses a pull model.
D.Model-driven telemetry only sends data on change (event-driven).
E.Model-driven telemetry uses MIBs to define data structures.
AnswersB, C

Correct: Telemetry supports high-frequency streaming.

Why this answer

Model-driven telemetry (MDT) uses a push model where the network device streams structured data (e.g., YANG-modeled) to a collector, enabling sub-second intervals for real-time monitoring. This contrasts with SNMP's pull model, where the manager polls the device at intervals limited by CPU and network overhead, making sub-second polling impractical.

Exam trap

Cisco often tests the misconception that model-driven telemetry is purely event-driven, but it supports periodic streaming as a primary mode, and candidates confuse the transport protocol (UDP vs. TCP) because SNMP uses UDP by default.

23
MCQhard

An SP router is configured with a hierarchical QoS policy (parent policy shaper, child policy with CBWFQ). When applying this policy to an interface, the router reports 'Policy map not found' error. What is the most likely cause?

A.The interface speed is not configured.
B.The interface is not part of a bridge domain.
C.The child policy-map specified in the parent's 'service-policy' command does not exist.
D.The shape average command in the parent policy uses an unsupported value.
AnswerC

The child policy must exist before applying the parent.

Why this answer

The 'Policy map not found' error occurs when the parent policy-map references a child policy-map via the 'service-policy' command, but that child policy-map does not exist in the router's configuration. Hierarchical QoS requires both the parent and child policy-maps to be created and correctly named; a missing child policy-map prevents the router from applying the nested policy.

Exam trap

Cisco often tests the distinction between configuration errors (e.g., missing policy-map) and operational errors (e.g., unsupported values), leading candidates to overthink interface or shaping parameters when the actual issue is a simple missing object.

How to eliminate wrong answers

Option A is wrong because the interface speed does not need to be explicitly configured for a hierarchical QoS policy to be applied; the router can auto-negotiate or use default speed settings, and a missing speed configuration would not cause a 'Policy map not found' error. Option B is wrong because bridge domains are relevant to Layer 2 VPN or EVPN configurations, not to the existence of a policy-map; the error is purely about a missing policy-map object, not about the interface's Layer 2 membership. Option D is wrong because an unsupported shape average value would cause a configuration rejection or a different error (e.g., 'Invalid shape rate'), not a 'Policy map not found' error; the error message explicitly indicates the child policy-map is missing.

24
MCQhard

An automation engineer is writing a Python script using Cisco's pyATS library to validate QoS configurations across a fleet of routers. The script runs without errors but reports that all routers are compliant even though some are not. What is the most likely issue?

A.The pyATS library does not support QoS features for the specific platform
B.The testbed credentials are incorrect but the script still returns compliant
C.The script uses a single 'show running-config' without filtering, and the parser fails to locate QoS policies applied under interfaces
D.The script is parsing the startup-config instead of running-config
AnswerC

A generic 'show run' parser may not extract nested configurations like interface service-policies, leading to false compliance.

Why this answer

Option C is correct because the pyATS parser for 'show running-config' without filtering may not recursively parse QoS policy-map configurations applied under interfaces. When the script uses a single unfiltered 'show running-config', the parser might fail to extract QoS policies nested under interface sub-configurations, leading to false compliance reports. This is a common issue where the parser's data model does not map deeply nested CLI structures like 'service-policy input/output' under interfaces.

Exam trap

Cisco often tests the misconception that a generic 'show running-config' parser will capture all configuration details, when in reality, nested or interface-specific constructs require targeted parsing or explicit iteration.

How to eliminate wrong answers

Option A is wrong because pyATS supports QoS features across many Cisco platforms via its Genie parsers, and the script runs without errors, indicating the library is compatible. Option B is wrong because incorrect testbed credentials would cause authentication failures or connection errors, not a silent 'compliant' result. Option D is wrong because parsing startup-config instead of running-config would likely show different or no QoS policies, but the script would still detect non-compliance if the parser correctly located QoS policies; the issue is parser depth, not config source.

25
MCQeasy

An SP engineer is configuring QoS on a router and needs to drop traffic that exceeds a certain rate while allowing bursts up to a specified amount. Which QoS feature should be used?

A.Shaping
B.WRED
C.Policing
D.Queueing
AnswerC

Policing uses a token bucket to enforce a maximum data rate; excess packets are either dropped or re-marked.

Why this answer

Policing is the correct QoS feature because it drops traffic that exceeds a configured rate while allowing bursts up to a specified amount. Unlike shaping, which buffers excess traffic, policing enforces a rate limit by immediately dropping or re-marking packets that exceed the configured committed information rate (CIR) and burst size (Bc/Be). This matches the requirement to drop traffic that exceeds a certain rate while permitting bursts.

Exam trap

Cisco often tests the distinction between policing (drops excess traffic) and shaping (buffers excess traffic), so the trap here is that candidates may confuse 'allowing bursts' with shaping's buffering behavior, but policing explicitly permits bursts up to a configured size before dropping.

How to eliminate wrong answers

Option A is wrong because shaping buffers excess traffic in a queue to smooth the output rate, rather than dropping traffic that exceeds a rate; it delays packets instead of discarding them. Option B is wrong because Weighted Random Early Detection (WRED) is a congestion avoidance mechanism that probabilistically drops packets before a queue becomes full based on average queue depth and precedence/DSCP values, not a rate-based policer that enforces a specific traffic rate with burst allowance. Option D is wrong because queueing (e.g., CBWFQ, LLQ) manages the order and priority of packet transmission during congestion but does not enforce a rate limit or drop traffic that exceeds a specific rate.

26
MCQhard

An enterprise uses IPsec VPN to connect branch offices. They apply QoS policies on the tunnel interface but notice that original DSCP markings are not preserved after encryption. Which feature should be enabled to maintain end-to-end QoS?

A.AutoQoS
B.QoS pre-classify
C.MPLS TE
D.NBAR
AnswerB

This feature copies the original DSCP to the tunnel header.

Why this answer

When IPsec encrypts a packet, the original IP header (including DSCP markings) is hidden inside the tunnel payload. The tunnel interface then applies a new outer IP header, and QoS policies applied to the tunnel interface classify based on the outer header's DSCP, which defaults to 0. Enabling 'qos pre-classify' on the crypto map or tunnel interface copies the original DSCP value to the outer IP header before encryption, preserving end-to-end QoS markings across the IPsec tunnel.

Exam trap

Cisco often tests the misconception that QoS policies on the tunnel interface automatically see the inner packet's DSCP, but in reality encryption hides the original header, so 'qos pre-classify' is required to copy the marking to the outer header.

How to eliminate wrong answers

Option A is wrong because AutoQoS is an automated QoS configuration tool that simplifies deployment but does not address the issue of DSCP preservation after IPsec encryption; it still relies on the outer header markings. Option C is wrong because MPLS TE (Traffic Engineering) is a mechanism for optimizing traffic paths in MPLS networks, not a feature for preserving DSCP markings across IPsec tunnels. Option D is wrong because NBAR (Network-Based Application Recognition) is a deep packet inspection tool for classifying traffic based on application signatures, but it cannot preserve original DSCP markings after encryption since the inner header is not visible to the classifier.

27
MCQhard

A network automation engineer needs to retrieve QoS policy statistics from a Cisco IOS XE device using RESTCONF. Which YANG module should be targeted?

A.Cisco-IOS-XE-QoS
B.ietf-qos
C.Cisco-NX-OS-device
D.openconfig-qos
AnswerA

This is the native Cisco YANG module for QoS.

Why this answer

The Cisco-IOS-XE-QoS YANG module is the native Cisco module that provides the data model for QoS policy configuration and operational statistics on IOS XE devices. Since the engineer is using RESTCONF to retrieve QoS statistics from a Cisco IOS XE device, this module is the correct target because it is specifically designed for and supported on IOS XE platforms.

Exam trap

Cisco often tests the distinction between native Cisco YANG modules (like Cisco-IOS-XE-QoS) and open-standard models (like ietf-qos or openconfig-qos), expecting candidates to know that native modules are required for platform-specific features and statistics on IOS XE devices.

How to eliminate wrong answers

Option B is wrong because ietf-qos is an IETF standard YANG model that is not natively supported on Cisco IOS XE for retrieving QoS statistics via RESTCONF; it is more commonly used in multi-vendor environments. Option C is wrong because Cisco-NX-OS-device is a YANG module for NX-OS devices, not IOS XE, and would not be applicable for a Cisco IOS XE device. Option D is wrong because openconfig-qos is an open standard YANG model that may be supported on some platforms but is not the native Cisco module for IOS XE; it is typically used in openconfig-based automation frameworks and may not expose the same detailed statistics as the Cisco native module.

28
MCQmedium

A customer has a 100 Mbps access link and wants to limit traffic to 95 Mbps with burst allowance up to 100 Mbps. Which QoS action should be applied on the egress interface?

A.shape
B.priority
C.bandwidth
D.police
AnswerD

Policing limits the rate and can drop or remark exceeding traffic, allowing bursts.

Why this answer

Police is the correct QoS action because it allows you to enforce a maximum traffic rate (95 Mbps) while permitting bursts up to 100 Mbps, dropping or remarking excess traffic. Unlike shaping, policing does not buffer traffic, so it can enforce a hard limit on egress without introducing delay, which matches the requirement to limit traffic with a burst allowance.

Exam trap

Cisco often tests the distinction between policing and shaping, where the trap is that candidates assume shaping is always the answer for rate-limiting on egress, but policing is required when the goal is to enforce a hard burst limit without buffering.

How to eliminate wrong answers

Option A is wrong because shape buffers excess traffic to smooth output to a configured rate (e.g., 95 Mbps), but it cannot enforce a hard burst limit of 100 Mbps; shaping allows bursts to exceed the rate temporarily as long as the average is met, which contradicts the requirement to limit bursts to exactly 100 Mbps. Option B is wrong because priority is used to assign strict priority queuing to traffic classes, not to rate-limit or police traffic; it does not enforce a bandwidth cap or burst allowance. Option C is wrong because bandwidth allocates a minimum guaranteed bandwidth to a class (e.g., 95 Mbps) but does not limit traffic to that rate; traffic can exceed the allocated bandwidth if the link is idle, and it does not provide burst control.

29
MCQmedium

In an MPLS network, which field in the MPLS label header is used to carry QoS information between LSRs?

A.ToS
B.IP Precedence
C.EXP bits
AnswerC

EXP bits are used for QoS in MPLS.

Why this answer

In MPLS, the EXP (Experimental) bits, also known as the Traffic Class (TC) field per RFC 5462, are 3 bits in the MPLS label header used to carry Quality of Service (QoS) information between Label Switch Routers (LSRs). These bits allow LSRs to apply per-hop behaviors (PHBs) such as queuing and scheduling based on the packet's QoS class, enabling differentiated services across the MPLS network.

Exam trap

Cisco often tests the distinction between IP-layer QoS fields (ToS, IP Precedence, DSCP) and MPLS-layer QoS fields (EXP bits), so the trap here is that candidates mistakenly choose DSCP or IP Precedence because they are familiar QoS markings, forgetting that MPLS uses its own label header field for QoS between LSRs.

How to eliminate wrong answers

Option A is wrong because ToS (Type of Service) is an 8-bit field in the IP header, not in the MPLS label header; it is used for QoS in IP networks, not between LSRs. Option B is wrong because IP Precedence is a 3-bit subset of the IP ToS field, used in IP networks for QoS classification, but it is not part of the MPLS label header. Option D is wrong because DSCP (Differentiated Services Code Point) is a 6-bit field in the IP header (replacing the older ToS field) used for QoS in IP networks, not in the MPLS label header; MPLS uses EXP bits to carry QoS information between LSRs.

30
Multi-Selecteasy

During QoS troubleshooting, you capture traffic and see that DSCP markings are not being applied as configured. Which two common misconfigurations could cause this? (Choose two.)

Select 2 answers
A.The policy-map is not applied to the correct interface direction (input vs output)
B.The class-map is using the wrong match criteria (e.g., DSCP value)
C.The policy-map is applied to a loopback interface
D.The marking is configured under the wrong policy-map
E.The device is running out of TCAM space
AnswersA, B

DSCP marking can be done inbound or outbound; applying to the wrong direction means the marking never occurs on the traffic path.

Why this answer

Option A is correct because a policy-map must be applied in the correct direction (input or output) for the marking to take effect. If a marking policy is applied to the wrong direction, the packets will not be processed by the policy, and DSCP values will remain unchanged. This is a common misconfiguration when the intended marking should occur on ingress but the policy is applied to egress, or vice versa.

Exam trap

Cisco often tests the distinction between input and output policy application, as candidates may overlook that a marking policy applied to the wrong direction will silently fail to modify DSCP values.

31
MCQhard

While troubleshooting a customer complaint about slow data transfers, you notice that traffic from a specific site is being dropped. The QoS policy on the PE router includes a police command for the customer's traffic. The observed drop rate is exactly half of the configured police rate. What is the most probable reason?

A.The police is using a token-bucket algorithm with a small burst size that is being exceeded
B.The police rate is configured in bits per second but the traffic is measured in bytes per second
C.The traffic is using a different DSCP value than expected
D.The police action is set to drop, but the exceed-action is transmit
AnswerA

A small burst size means the bucket drains quickly, causing more packets to exceed the rate and be dropped, even if the long-term average is below the police rate.

Why this answer

The observed drop rate being exactly half the configured police rate strongly suggests that the token-bucket algorithm is operating with a burst size that is too small. When the burst size is insufficient, the bucket empties quickly under sustained traffic, causing packets to be marked as exceeding the rate and dropped. The police command in Cisco IOS uses a single-rate two-color marker (RFC 2697) or a two-rate three-color marker (RFC 2698), and a small burst size leads to premature drops even when the average rate is below the configured police rate.

Exam trap

Cisco often tests the misconception that the police rate alone determines drops, but the trap here is that the burst size (bc/be) directly controls the token-bucket depth, and an undersized burst causes the policer to drop packets at a fixed ratio (e.g., 50%) even when the average rate is below the CIR.

How to eliminate wrong answers

Option B is wrong because the police rate is configured in bits per second (bps) by default, and traffic is measured in bits per second as well; a mismatch with bytes per second would cause a consistent 8x discrepancy, not exactly half. Option C is wrong because a different DSCP value would affect classification and marking, but it would not cause a precise 50% drop rate relative to the configured police rate; it would either match or not match the class map. Option D is wrong because if the police action is set to drop and the exceed-action is transmit, then packets that conform are transmitted and packets that exceed are dropped, but this would not produce a drop rate exactly half of the configured rate; the drop rate would depend on traffic burstiness and bucket depth, not a fixed ratio.

32
Multi-Selectmedium

Which THREE are common causes of QoS misconfiguration on PE routers? (Choose three.)

Select 3 answers
A.Applying a policy-map in the wrong direction (input vs output).
B.Using the 'bandwidth percent' command in a class that also has a priority queue.
C.Insufficient bandwidth on the subscriber line.
D.Class-map match criteria that do not correctly identify the intended traffic.
E.Attaching a QoS policy to a VRF interface using a policy-map that references a non-VRF-aware class-map.
AnswersA, D, E

Correct: Common mistake that causes policy to have no effect.

Why this answer

Applying a policy-map in the wrong direction (input vs output) is a common QoS misconfiguration because QoS actions like shaping, policing, and queuing are direction-specific. For example, shaping is typically applied on the egress interface to control outbound traffic, while policing can be applied inbound to rate-limit incoming traffic. Misapplying a policy-map (e.g., attaching a shaper to the input direction) will either be ignored by the router or cause unexpected behavior, leading to QoS failures.

Exam trap

Cisco often tests the distinction between QoS misconfiguration (e.g., wrong direction, incorrect match criteria) and capacity issues (e.g., insufficient bandwidth), so candidates mistakenly select 'insufficient bandwidth' as a misconfiguration when it is actually a resource constraint that QoS cannot fix.

33
Drag & Dropmedium

Drag and drop the steps to configure MPLS LDP on a Cisco router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

MPLS LDP requires CEF, enabling MPLS on interfaces, and setting the LDP router-id.

34
MCQmedium

A network administrator configures a class map to match VoIP traffic using 'match ip dscp ef' on a Cisco router. However, the QoS policy is not applying the expected marking to VoIP packets. What is a possible reason?

A.The policy is applied in the output direction instead of input.
B.The VoIP traffic is not marked with DSCP EF from the source.
C.The policy is applied to the wrong interface.
D.The class map uses the wrong match type.
AnswerB

If the source does not set DSCP EF, the match will fail and the traffic will not be classified.

Why this answer

Option B is correct because the 'match ip dscp ef' command in the class map checks the DSCP value already present in the incoming VoIP packets. If the source device (e.g., an IP phone) does not mark the packets with DSCP EF (46), the class map will not match, and the QoS policy will not apply the expected marking. The policy can only re-mark packets that are already matched by the class map.

Exam trap

Cisco often tests the misconception that a QoS policy can re-mark traffic regardless of the original packet markings, when in fact the class map must first match the existing DSCP value for the policy to take effect.

How to eliminate wrong answers

Option A is wrong because applying the policy in the output direction does not prevent matching on DSCP EF; the 'match ip dscp ef' command inspects the packet header regardless of direction, and marking policies can be applied in either direction as long as the match criteria are met. Option C is wrong because the policy being applied to the wrong interface would cause no traffic to be matched at all, but the question states the policy is not applying the expected marking to VoIP packets, implying the policy is present but not matching; the issue is with the match criteria, not the interface assignment. Option D is wrong because the class map uses the correct match type ('match ip dscp ef') for matching DSCP values; there is no alternative match type for DSCP in a class map that would be more appropriate.

35
Multi-Selecthard

Which THREE YANG data nodes are part of the Cisco-IOS-XR-qos-ma-cfg module for defining a QoS policy-map? (Choose three.)

Select 3 answers
A.class
B.urn:cisco:params:xml:ns:yang:Cisco-IOS-XR-qos-ma-cfg
C.shape
D.police
E.interface
AnswersA, C, D

Correct: The 'class' node groups match and actions.

Why this answer

Option A is correct because the 'class' YANG data node is defined in the Cisco-IOS-XR-qos-ma-cfg module to specify a traffic class within a QoS policy-map. This node allows you to associate a class-map with the policy, enabling differentiated treatment of traffic based on classification criteria.

Exam trap

Cisco often tests the distinction between YANG data nodes and module metadata (like namespace URIs), tricking candidates into selecting the namespace as a valid data node when it is merely a module identifier.

36
Multi-Selecthard

A service provider is automating QoS policy deployment using Cisco NSO and YANG. During validation, the engineer discovers that the pushed policy is not taking effect. Which three possible causes should be investigated? (Choose three.)

Select 3 answers
A.The device has a feature license missing for QoS
B.The device does not support the YANG model used
C.The policy was applied to a subinterface but the YANG path specifies a main interface
D.The NETCONF transaction was not committed
E.The policy-map name conflicts with an existing one
AnswersB, C, D

If the device lacks the required YANG modules, the configuration push may succeed but the policy may not be effective.

Why this answer

Option B is correct because Cisco NSO uses YANG models to translate service definitions into device-specific CLI or NETCONF operations. If the target device does not support the YANG model referenced in the service package, the NETCONF or CLI operations will fail silently or produce no effect, as the device cannot interpret the configuration intent. This is a common validation failure when using model-driven orchestration with heterogeneous device populations.

Exam trap

Cisco often tests the distinction between a configuration that is accepted by the device (no commit errors) versus one that actually takes effect, trapping candidates who assume a successful commit means the policy is active.

37
Multi-Selectmedium

Which TWO QoS mechanisms are used to provide congestion avoidance? (Choose two.)

Select 2 answers
A.Policing
B.RED
C.CBWFQ
D.LLQ
E.WRED
AnswersB, E

RED (Random Early Detection) is a congestion avoidance mechanism.

Why this answer

RED (Random Early Detection) and WRED (Weighted Random Early Detection) are congestion avoidance mechanisms that proactively drop packets before a queue becomes full, signaling TCP senders to reduce their transmission rate. Unlike congestion management tools (like CBWFQ or LLQ) that queue packets during congestion, RED/WRED monitor average queue depth and drop packets probabilistically to prevent tail drops and global TCP synchronization.

Exam trap

Cisco often tests the distinction between congestion management (queuing/scheduling) and congestion avoidance (active queue management), so the trap here is that candidates confuse mechanisms like CBWFQ or LLQ (which manage congestion after it occurs) with RED/WRED (which avoid congestion by dropping packets early).

38
Matchingmedium

Match each network automation tool to its primary use.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network configuration protocol using XML-based data encoding

Data modeling language for network device configuration and state

HTTP-based API for NETCONF data stores

Automation tool for configuration management and orchestration

High-performance RPC framework for telemetry and streaming

Why these pairings

These are key automation and programmability tools for service provider networks.

39
Multi-Selecthard

Which THREE statements about implementing QoS in an MPLS VPN environment are correct? (Choose three.)

Select 3 answers
A.DSCP values can be set at the PE router to classify customer traffic into different classes.
B.MPLS EXP bits can be used to prioritize traffic across the service provider backbone.
C.QoS policies cannot be applied to MPLS interfaces due to label encapsulation.
D.802.1p CoS marking is preserved across the MPLS backbone by default.
E.Hierarchical QoS (HQoS) can be used to apply per-VPN QoS policies on a PE router.
AnswersA, B, E

PE routers can mark DSCP for customer traffic before entering the MPLS backbone.

Why this answer

Option A is correct because on a PE router, DSCP values can be set or remarked to classify incoming customer traffic into distinct service classes. This classification is performed at the ingress edge of the MPLS VPN network, allowing the provider to apply appropriate per-hop behaviors (PHBs) before the traffic is label-switched.

Exam trap

Cisco often tests the misconception that MPLS encapsulation prevents QoS application, when in fact QoS policies are fully supported on MPLS interfaces, and the trap is that 802.1p CoS is not automatically preserved across the MPLS backbone—it must be explicitly mapped to MPLS EXP bits.

40
Multi-Selecteasy

Which TWO are valid benefits of automating QoS policy management in a large SP network? (Choose two.)

Select 2 answers
A.Eliminates the need for monitoring QoS performance.
B.Slower deployment of QoS changes.
C.Requires no validation of configurations before apply.
D.Reduced human error in configuration.
E.Ability to roll back to a previous configuration easily.
AnswersD, E

Correct: Automation minimizes manual mistakes.

Why this answer

Option D is correct because automating QoS policy management eliminates manual configuration steps, reducing the risk of syntax errors, misapplied policies, or inconsistent deployments across thousands of devices. Automation tools like Ansible or NSO enforce standardized templates and pre-validated configurations, directly lowering human error rates in large SP networks.

Exam trap

Cisco often tests the misconception that automation completely removes the need for human oversight (like monitoring or validation), when in fact automation augments but does not replace these critical operational steps.

41
Matchingmedium

Match each BGP attribute to its category or purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Well-known mandatory attribute for loop prevention

Well-known mandatory attribute indicating next-hop IP

Well-known discretionary attribute for best path selection

Optional non-transitive attribute to influence inbound traffic

Optional transitive attribute for route tagging and policy

Why these pairings

These are critical BGP attributes for service provider routing policies.

42
MCQeasy

An engineer is configuring QoS for voice traffic on a Cisco router. Which marking should be applied to voice packets to ensure proper end-to-end prioritization?

A.DSCP AF41
B.DSCP CS3
C.DSCP EF
D.IP Precedence 3
AnswerC

DSCP EF is the correct marking for voice payload.

Why this answer

Voice traffic requires low latency, jitter, and packet loss. DSCP EF (Expedited Forwarding, per-hop behavior value 46) is the standard marking for real-time voice payloads, ensuring strict priority queuing (PQ) across the network. RFC 3246 defines EF for this purpose, and Cisco routers use it to map voice to the priority queue.

Exam trap

Cisco often tests the distinction between voice bearer (RTP) and voice signaling (SIP/H.323) markings, so the trap here is that candidates confuse DSCP CS3 (for signaling) with DSCP EF (for actual voice payload), or assume IP Precedence 3 is sufficient despite its lack of strict priority behavior.

How to eliminate wrong answers

Option A is wrong because DSCP AF41 (Assured Forwarding class 4, low drop probability) is designed for data traffic that needs bandwidth guarantees but can tolerate some loss, not for real-time voice. Option B is wrong because DSCP CS3 (Class Selector 3, value 24) is a legacy marking often used for voice signaling (e.g., SIP, H.323), not for voice bearer (RTP) packets. Option D is wrong because IP Precedence 3 (value 3) is an older, less granular marking that does not provide the strict priority queuing behavior required for voice; it maps to DSCP 24 (CS3) by default, which is for signaling, not bearer traffic.

43
MCQmedium

An engineer is troubleshooting a QoS policy on a Cisco router. The policy is intended to mark voice traffic with DSCP EF and video traffic with DSCP AF41. After applying the policy, voice traffic is correctly marked, but video traffic is marked as DSCP 0. What is the most likely cause?

A.The class map for video traffic does not match the traffic correctly.
B.The video traffic is being policed and dropped.
C.The trust boundary is set to 'trust dscp' and the incoming video traffic is not marked.
D.The policy is not applied to the correct interface direction.
AnswerA

A misconfigured match statement would cause video traffic to fall into the default class, resulting in DSCP 0.

Why this answer

Option A is correct because the most common reason for video traffic being marked as DSCP 0 (default) while voice traffic is correctly marked is that the class map for video traffic fails to match the intended packets. This could be due to an incorrect match statement (e.g., using the wrong ACL, protocol, or DSCP value) or a misconfigured match criterion that does not capture the video flows. Since voice traffic is marked correctly, the policy itself is applied and functional, isolating the issue to the video class map's matching logic.

Exam trap

Cisco often tests the misconception that a marking policy failure is due to interface direction or trust boundaries, when the real issue is a misconfigured class map that does not match the intended traffic, especially when one traffic type works and another does not.

How to eliminate wrong answers

Option B is wrong because policing drops or re-marks traffic based on a configured rate, but the symptom here is that video traffic is marked as DSCP 0, not dropped; policing would either drop packets or re-mark them to a lower DSCP value, but DSCP 0 is the default marking for unclassified traffic, not a typical policed re-mark value. Option C is wrong because if the trust boundary is set to 'trust dscp', the router would preserve any existing DSCP markings on incoming traffic; if video traffic arrived unmarked (DSCP 0), it would remain DSCP 0, but the policy should still be able to mark it via the class map—this option implies the policy cannot override trust, which is incorrect because a marking policy applied in the correct direction will overwrite the DSCP value regardless of trust settings. Option D is wrong because if the policy were not applied to the correct interface direction, voice traffic would also fail to be marked correctly; since voice is marked as DSCP EF, the policy is clearly applied in the correct direction (likely input) and is functioning for at least one traffic class.

44
MCQeasy

A service provider is implementing QoS on an MPLS network to support voice, video, and data traffic. Which queuing mechanism provides the lowest latency for real-time traffic?

A.FIFO
B.WRED
C.LLQ
D.CBWFQ
AnswerC

LLQ provides a strict priority queue that ensures low latency and jitter for real-time traffic.

Why this answer

LLQ (Low Latency Queuing) is the correct choice because it provides a strict priority queue specifically designed for real-time traffic like voice and video. By placing delay-sensitive packets into a dedicated priority queue that is serviced before all other queues, LLQ ensures minimal and predictable latency, which is essential for maintaining voice quality in an MPLS network.

Exam trap

Cisco often tests the misconception that CBWFQ alone can handle real-time traffic, but the trap is that CBWFQ lacks a strict priority queue, so only LLQ provides the necessary low-latency guarantee for voice and video.

How to eliminate wrong answers

Option A is wrong because FIFO (First In, First Out) offers no traffic differentiation or priority handling, so real-time packets can be delayed behind large data packets, causing jitter and unacceptable latency. Option B is wrong because WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that drops packets proactively to prevent tail drops, but it does not provide any queuing or priority scheduling, so it cannot guarantee low latency for real-time traffic. Option D is wrong because CBWFQ (Class-Based Weighted Fair Queuing) provides bandwidth guarantees per class but does not include a strict priority queue; real-time traffic can still experience delay if competing with other classes for service.

45
MCQeasy

A network operator deploys a QoS policy on a route reflector to classify traffic based on BGP community values. However, the policy is not matching the intended traffic. Which is the most likely cause?

A.The policy-map is applied to the wrong interface.
B.The class-map uses a match statement referencing BGP community values, which are not visible at the QoS classification stage.
C.The service-policy is applied in the wrong direction (input vs output).
D.The class-default class is consuming all traffic.
AnswerB

BGP communities are control-plane attributes; QoS uses packet headers.

Why this answer

BGP community values are exchanged as part of the BGP routing update and are stored in the BGP table, but they are not carried in the IP packet header. QoS classification in Cisco IOS operates on fields within the Layer 2 or Layer 3 packet header (e.g., DSCP, IP precedence, CoS) and cannot inspect BGP attributes like community values. Therefore, a class-map using a match statement for BGP communities will never match traffic at the QoS classification stage, making this the most likely cause of the policy not working.

Exam trap

Cisco often tests the distinction between control-plane attributes (like BGP communities) and data-plane packet headers, leading candidates to incorrectly assume that any attribute visible in the routing table can be used for QoS classification.

How to eliminate wrong answers

Option A is wrong because the question states the policy is deployed on a route reflector, and the issue is that the policy is not matching the intended traffic; applying the policy-map to the wrong interface would cause no traffic to be classified at all, but the core problem is that the classification criteria (BGP community) are invalid for QoS, not the interface selection. Option C is wrong because the direction (input vs output) affects when the policy is applied relative to packet forwarding, but even if the direction is correct, the policy still cannot match on BGP communities since they are not present in the packet header. Option D is wrong because the class-default class consuming all traffic would indicate that no other class matches, which is exactly what happens when the match criteria are invalid, but the root cause is the inability to match on BGP communities, not a misconfiguration of class-default; class-default is a catch-all and would only be relevant if other classes had valid match statements.

46
MCQmedium

Based on the exhibit, which statement is true about the applied QoS policy?

A.The default class matches only best-effort traffic.
B.The policy uses low-latency queuing for voice.
C.Video traffic is being dropped at a rate of 5 kbps.
D.Voice traffic is experiencing drops due to policer.
AnswerC

The video class shows an exceed rate of 5 kbps, confirming drops.

Why this answer

Option B is correct because the video class is exceeding its police rate (CIR 20 kbps) with an exceed rate of 5 kbps, indicating that 5 kbps of video traffic is being dropped. Option A is false because the voice class has no drops. Option C is false because the default class matches any traffic.

Option D is false because no priority or LLQ is configured, only policing.

47
MCQhard

A service provider is experiencing congestion on a core link connecting two P routers. The customer traffic is classified into three classes: voice (low latency), video (low loss), and data (best effort). The current configuration uses DSCP-based classification at the PE ingress, but many customers are remarking DSCP values to gain better service, bypassing the provider's QoS policy. The provider wants to enforce a strict trust boundary at the PE and re-mark all traffic according to a per-customer contract. Additionally, the provider must offer per-customer bandwidth guarantees, ensuring that one customer's traffic does not starve another customer's traffic on the congested core link. The solution must be scalable to hundreds of customers. What should the designer recommend?

A.Apply a flat QoS policy on the core interfaces that polices each DSCP value to a fixed rate; trust is not needed because the core enforces its own limits.
B.Use auto-qos on all PE interfaces and rely on CoS trust; the core uses MPLS EXP derived from CoS to ensure proper queuing.
C.Implement hierarchical QoS on the PE egress to customer-facing interfaces, with parent-level shaping per customer and child-level policing per class, and set a trust boundary to mark all traffic based on the customer contract at ingress.
D.Configure MPLS Traffic Engineering tunnels on the core with bandwidth reservation per customer class; use EXP-null to preserve markings end-to-end.
AnswerC

Hierarchical QoS provides both per-customer and per-class enforcement, and setting trust boundary at ingress solves the remarking issue.

Why this answer

Option A is correct because hierarchical QoS allows per-customer shaping at the parent level to enforce per-customer bandwidth limits, and per-class policing at the child level to enforce per-class contracts. This provides the required trust boundary and per-customer guarantees. Option B is wrong because auto-qos does not provide per-customer granularity and relies on trust which is already broken.

Option C is wrong because MPLS TE tunnels reserve bandwidth but do not solve the trust boundary issue; also resetting EXP is complex. Option D is wrong because a flat policy on core does not allow per-customer differentiation and cannot enforce per-customer guarantees.

48
MCQmedium

A service provider needs to prioritize voice traffic over best-effort data in an MPLS VPN. The PE router uses a QoS policy applied to the ingress interface. Which action ensures that voice packets are marked with the correct DSCP value before entering the MPLS core?

A.Apply a policy-map that matches voice traffic using a class-map and the 'set dscp ef' action.
B.Configure the ingress interface with 'mls qos trust dscp' to preserve the customer marking.
C.Use a policy-map with the 'set mpls experimental 5' command.
D.Apply a police action to drop traffic exceeding the voice bandwidth.
AnswerA

Sets DSCP EF for voice packets on ingress.

Why this answer

Option A is correct because the question specifies that the PE router must mark voice packets with the correct DSCP value before they enter the MPLS core. The 'set dscp ef' action in a policy-map applied to the ingress interface explicitly sets the DSCP field to EF (46) for voice traffic matched by a class-map, ensuring proper classification and treatment across the MPLS network. This is the standard method for marking IP packets at the edge before MPLS encapsulation.

Exam trap

Cisco often tests the distinction between IP-layer marking (DSCP) and MPLS-layer marking (EXP), so the trap here is that candidates may choose 'set mpls experimental 5' thinking it achieves the same result, but the question explicitly requires DSCP marking before MPLS encapsulation.

How to eliminate wrong answers

Option B is wrong because 'mls qos trust dscp' preserves the existing DSCP marking from the customer, but the question requires the service provider to actively mark voice packets, not just trust markings that may be absent or incorrect. Option C is wrong because 'set mpls experimental 5' sets the MPLS EXP bits on the MPLS label, not the DSCP value in the IP header; the question explicitly asks for DSCP marking before entering the MPLS core, which is an IP-layer action. Option D is wrong because a police action that drops excess traffic does not mark packets with a DSCP value; it only enforces bandwidth limits, failing to address the requirement to set the DSCP value for voice traffic.

49
MCQeasy

A network engineer notices that voice traffic is being dropped during congestion. The traffic is marked with DSCP EF. After reviewing the QoS policy, it is discovered that the voice traffic is not being placed into a priority queue. Which configuration change would ensure voice traffic receives priority treatment?

A.Increase the queue limit to 1000 packets
B.Increase the bandwidth percentage for the voice class
C.Enable WRED on the voice class
D.Add the 'priority' command under the voice class in the policy map
AnswerD

The 'priority' command places traffic into a low-latency queue, which is essential for real-time traffic like voice.

Why this answer

DSCP EF (Expedited Forwarding, per RFC 3246) requires strict priority queuing to guarantee low latency and jitter for voice traffic. The 'priority' command under the voice class in a policy map places the traffic into a strict priority queue (LLQ), ensuring it is serviced before any other queue during congestion. Without this command, the voice traffic is treated as a regular class, subject to bandwidth constraints and potential drops.

Exam trap

Cisco often tests the misconception that bandwidth guarantees or queue tuning alone can provide priority treatment, when in fact only the 'priority' command creates the strict priority queue required for real-time traffic like voice.

How to eliminate wrong answers

Option A is wrong because increasing the queue limit only allows more packets to be buffered, but does not provide priority treatment; during congestion, the queue can still experience tail drops and delay. Option B is wrong because increasing the bandwidth percentage for the voice class only guarantees a minimum bandwidth share, but does not create a priority queue; voice traffic can still be delayed by other queues. Option C is wrong because WRED (Weighted Random Early Detection) is a congestion avoidance mechanism that drops packets before the queue is full, which is inappropriate for real-time voice traffic that requires low jitter and minimal drops; WRED would introduce additional delay and potential packet loss.

50
MCQeasy

An SP engineer implements LLQ for VoIP traffic on a DS3 link. The policy-map calls for a priority queue of 500 kbps. The actual VoIP traffic averages 400 kbps with bursts to 600 kbps. What is the expected behavior during bursts?

A.The excess traffic is reclassified to best-effort and placed in the default queue.
B.The priority queue uses tail-drop and discards only when the queue is full.
C.The priority queue drops all traffic above the configured 500 kbps during the burst.
D.The excess traffic is queued in the priority queue until bandwidth is available.
AnswerC

LLQ polices the priority queue to its configured rate; excess is dropped.

Why this answer

C is correct because the priority queue in a Low Latency Queueing (LLQ) policy is policed at the configured rate (500 kbps). When VoIP traffic bursts exceed this rate, the excess packets are dropped immediately by the policer, not queued or reclassified. This ensures that the priority queue does not starve other queues and maintains low latency for conforming traffic.

Exam trap

Cisco often tests the misconception that the priority queue can buffer excess traffic or reclassify it, when in fact LLQ uses a policer to drop traffic exceeding the configured bandwidth to protect other queues.

How to eliminate wrong answers

Option A is wrong because LLQ does not reclassify excess priority traffic to best-effort; instead, it drops the excess packets via policing. Option B is wrong because the priority queue does not use tail-drop; it uses a policer that drops packets exceeding the configured bandwidth, regardless of queue depth. Option D is wrong because the priority queue cannot queue excess traffic above the configured rate; LLQ strictly polices the priority queue to prevent it from monopolizing bandwidth.

51
MCQhard

A service provider is designing a QoS policy for a multi-service MPLS VPN network that carries voice, video, and data traffic. The network uses DiffServ and MPLS EXP markings. The design must ensure that voice traffic is given priority over video and data, while video traffic should have better treatment than data but not at the expense of voice. The provider plans to use a hierarchical QoS (HQoS) policy at the PE-CE interfaces. Which configuration approach best meets these requirements?

A.Mark voice traffic with EXP 5, video with EXP 4, and data with EXP 0, and rely on the core to prioritize based on EXP.
B.Use a single-level policy with LLQ for voice and video together, and CBWFQ for data.
C.Apply a parent policy with a shape for the total bandwidth and a child policy with LLQ for voice and CBWFQ for video and data.
D.Apply class-based shaping to each traffic class separately on the interface.
AnswerC

This provides hierarchical control, ensuring voice gets priority within the shaped bandwidth while video and data get fair treatment.

Why this answer

Option C is correct because hierarchical QoS (HQoS) allows the service provider to enforce a total bandwidth shape at the parent level while using a child policy to apply LLQ for voice (ensuring strict priority) and CBWFQ for video and data (ensuring video gets better treatment than data without starving voice). This meets the requirement that video should not degrade voice, as the parent shape prevents any single class from monopolizing the link, and the child policy’s LLQ guarantees voice priority over all other traffic.

Exam trap

Cisco often tests the misconception that a single-level LLQ can handle multiple priority classes together, but the trap here is that combining voice and video in one LLQ queue violates the strict priority requirement for voice over video, which HQoS with separate child policies resolves.

How to eliminate wrong answers

Option A is wrong because relying solely on EXP markings in the core does not enforce per-interface queuing or bandwidth guarantees at the PE-CE edge; the core may treat EXP 5 and EXP 4 similarly if no DiffServ PHB is strictly mapped, and it cannot prevent video from competing with voice on the access link. Option B is wrong because placing voice and video together in a single LLQ class gives them equal priority, violating the requirement that video must not degrade voice; LLQ treats all traffic in the priority queue the same, so voice could be delayed by video bursts. Option D is wrong because applying class-based shaping separately to each traffic class does not provide a hierarchical structure to enforce a total bandwidth limit or guarantee that voice gets strict priority over video and data; it only shapes individual classes independently, which can lead to oversubscription and no priority queuing.

52
Drag & Dropmedium

Drag and drop the steps to configure a standard ACL on a Cisco router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Standard ACL configuration requires creating the ACL and applying it to an interface in the appropriate direction.

53
MCQmedium

A customer is using a Cisco ASR 9000 router with hierarchical QoS (HQoS) on a subscriber interface. The parent policy sets a shape rate of 10 Mbps, but the observed traffic rate is only 8 Mbps. What is a common misconfiguration that would cause this?

A.The child policy includes a police command that is limiting traffic below the parent shaper rate
B.The child policy uses 'bandwidth remaining' instead of 'bandwidth'
C.The child policy includes a bandwidth command that exceeds the parent shaper rate
D.The parent shaper uses 'shape peak' instead of 'shape average'
AnswerA

If a child policy has a police command with a rate of 8 Mbps, that overrides the parent shaper for that class, resulting in a lower observed rate.

Why this answer

In hierarchical QoS (HQoS) on a Cisco ASR 9000, the parent policy shapes traffic to a specified rate, but if the child policy includes a police command, that policer can independently drop or mark down traffic before it reaches the parent shaper. This causes the observed traffic rate to be lower than the parent shape rate, as the child policer is the actual bottleneck. The correct answer is A because the police command in the child policy is limiting traffic below the 10 Mbps parent shaper, resulting in only 8 Mbps observed.

Exam trap

Cisco often tests the distinction between shaping and policing in HQoS, where candidates mistakenly think the parent shaper always controls the final rate, ignoring that a child policer can override it by dropping traffic earlier in the pipeline.

How to eliminate wrong answers

Option B is wrong because 'bandwidth remaining' allocates unused bandwidth from the parent shaper and does not cap the rate; it would not cause the observed rate to be lower than the parent shape. Option C is wrong because a 'bandwidth' command that exceeds the parent shaper rate would simply be constrained by the parent shaper, resulting in traffic at the parent shape rate (10 Mbps), not below it. Option D is wrong because 'shape peak' allows bursts above the committed rate, which would increase the observed rate, not reduce it below the parent shape; 'shape average' is the typical command for strict rate limiting.

54
MCQhard

Refer to the exhibit. A network automation engineer uses NETCONF to retrieve the QoS policy 'POLICE-CUSTOMER'. Based on the response, what is the effect of this policy?

A.It polices all traffic to a maximum of 256 kbps and drops excess.
B.It sets DSCP CS4 on traffic exceeding 256 kbps.
C.It guarantees a priority queue for traffic up to 256 kbps.
D.It shapes traffic to an average rate of 256 kbps.
AnswerA

Correct: Policer with exceed-action drop.

Why this answer

The NETCONF response shows a 'police' configuration under the QoS policy 'POLICE-CUSTOMER' with a committed information rate (CIR) of 256000 bps (256 kbps) and a conform-action of 'transmit' with an exceed-action of 'drop'. This is a standard policing action that meters traffic to the specified rate and drops any packets that exceed it, as defined in RFC 2697 (Single Rate Three Color Marker). Option A correctly identifies this behavior.

Exam trap

Cisco often tests the distinction between policing (drops/marks excess) and shaping (buffers excess), and candidates mistakenly associate any rate-limiting action with shaping or marking without checking the specific action keywords in the configuration.

How to eliminate wrong answers

Option B is wrong because the configuration shows an exceed-action of 'drop', not 'set-dscp-transmit' or any marking action; DSCP CS4 would require a 'set-dscp' action in the exceed-action or violate-action. Option C is wrong because policing does not guarantee a priority queue; priority queuing is a scheduling mechanism configured under a class-map with 'priority' command, not a police action. Option D is wrong because shaping buffers and delays excess traffic to smooth bursts, whereas policing drops or marks excess traffic without buffering; the configuration explicitly uses 'police' not 'shape'.

55
MCQeasy

A service provider has deployed a new MPLS L3VPN service for a customer with multiple sites. The customer reports intermittent voice quality issues during peak hours. The provider uses a DiffServ QoS model with MPLS EXP markings. The PE routers apply the following policy on the customer-facing interfaces: policy-map CUSTOMER-OUT class VOICE priority percent 10 set mpls experimental topmost 5 class VIDEO bandwidth remaining percent 30 set mpls experimental topmost 4 class DATA bandwidth remaining percent 70 set mpls experimental topmost 0 The core network has a simple policy that maps EXP 5 to PQ, EXP 4 to a low-latency queue, and EXP 0 to best effort. The provider monitors the network and finds that the PE-CE interfaces are not congested (average utilization is 40%), but the voice packets are experiencing jitter. The customer's voice traffic is about 5% of the link capacity. Which action is most likely to reduce the jitter?

A.Add a police command under the VOICE class to limit voice traffic to 5% and shape the priority queue.
B.Configure the core routers to map EXP 5 to a low latency queue instead of PQ.
C.Increase the priority percent to 20 for voice traffic.
D.Change the set mpls experimental topmost to set ip dscp ef for voice.
AnswerA

Policing and shaping the priority queue prevents bursts and reduces jitter.

Why this answer

The voice traffic is only 5% of link capacity, but the priority percent 10 command allows up to 10% of the link to be treated as priority. During peak hours, if other traffic (e.g., video or data) bursts and exceeds the remaining bandwidth, the priority queue can still be policed implicitly by the scheduler, but jitter arises because the priority queue is not rate-limited. Adding a police command under the VOICE class to limit voice to 5% and shaping the priority queue ensures that voice traffic does not exceed its actual rate, preventing microbursts that cause jitter in the priority queue.

Exam trap

Cisco often tests the misconception that simply increasing priority percentage or changing marking will solve jitter, when the real issue is the lack of explicit policing on the priority queue to match the actual traffic rate.

How to eliminate wrong answers

Option B is wrong because mapping EXP 5 to a low-latency queue instead of PQ would actually increase jitter for voice, as PQ provides the strictest priority and lowest jitter. Option C is wrong because increasing priority percent to 20 would allow more traffic into the priority queue, potentially worsening jitter due to increased queuing delay from bursts. Option D is wrong because changing the marking from MPLS EXP to IP DSCP EF does not address the root cause of jitter (unpoliced priority queue); the core network already maps EXP 5 to PQ, and DSCP marking would be irrelevant in the MPLS core unless the core also maps DSCP.

56
MCQeasy

A network administrator needs to automate the deployment of a new QoS policy on dozens of provider edge routers. Which Cisco tool is best suited for this purpose?

A.Cisco Network Services Orchestrator (NSO)
B.Cisco SecureX
C.Cisco Prime Infrastructure
D.Cisco ISE
AnswerA

NSO is a multi-vendor orchestration platform that can automate the deployment of QoS policies via NETCONF or CLI.

Why this answer

Cisco Network Services Orchestrator (NSO) is the correct tool because it provides model-driven orchestration and automation for deploying and managing network configurations across hundreds of devices using YANG data models and NETCONF. For QoS policy deployment, NSO can push consistent service definitions (e.g., class-maps, policy-maps, service-policy) to multiple provider edge routers simultaneously, ensuring compliance and reducing manual errors.

Exam trap

Cisco often tests the distinction between lifecycle management tools (Prime Infrastructure) and true orchestration platforms (NSO), where candidates mistakenly choose Prime Infrastructure for bulk configuration deployment because of its template features, but NSO is the only option that provides model-driven, transactional, and multi-vendor orchestration required for automated QoS policy deployment at scale.

How to eliminate wrong answers

Option B is wrong because Cisco SecureX is a cloud-native security platform focused on threat detection, response, and integration of security products, not on network configuration automation or QoS policy deployment. Option C is wrong because Cisco Prime Infrastructure is a lifecycle management tool for wired and wireless networks that provides monitoring, troubleshooting, and template-based configuration, but it lacks the model-driven orchestration and multi-vendor support of NSO for large-scale automated service deployment. Option D is wrong because Cisco ISE (Identity Services Engine) is a policy-based access control and authentication server for network admission control (NAC) and security, not designed for automating QoS policy deployment on provider edge routers.

57
Multi-Selectmedium

A network engineer is implementing QoS on a Cisco ASR 1000 for a customer with multiple service classes. The customer requires that mission-critical data not be starved when voice traffic bursts. Which two actions should the engineer take? (Choose two.)

Select 2 answers
A.Configure a policer on the voice class to limit its bandwidth
B.Enable WRED on the voice class
C.Use tail drop with a high threshold for the data class
D.Allocate a minimum bandwidth guarantee to the data class
E.Configure a shape on the voice class to 75% of interface bandwidth
AnswersA, D

Policing the voice class prevents it from exceeding a set rate, protecting other classes from starvation.

Why this answer

Option A is correct because policing the voice class limits its bandwidth to a configured rate (e.g., using the `police` command under the class-map), preventing voice bursts from starving mission-critical data. This ensures that voice traffic does not exceed its allocated share, leaving enough bandwidth for other classes. Option D is correct because allocating a minimum bandwidth guarantee to the data class (e.g., using the `bandwidth` command under the class-map) ensures that even when voice bursts occur, the data class receives a reserved amount of bandwidth, preventing starvation.

Together, these actions enforce admission control and bandwidth reservation, aligning with the customer's requirement.

Exam trap

Cisco often tests the distinction between policing (which limits bandwidth) and shaping (which buffers and smooths traffic), and between bandwidth guarantees (which reserve capacity) and WRED (which manages congestion but does not prevent starvation), leading candidates to confuse these mechanisms.

58
MCQmedium

An SP uses model-driven telemetry to monitor queue depths on core interfaces. They observe periodic spikes in the queue depth for EF traffic, causing increased latency. Which automation technique could dynamically adjust the QoS policy to mitigate the spikes?

A.Use a Python script that consumes telemetry data and adjusts the EF bandwith percentage via NETCONF when queue depth exceeds a threshold.
B.Deploy NETCONF YANG modules for VRF configuration.
C.Configure WRED on the EF queue.
D.Implement streaming telemetry to collect data every 5 seconds.
AnswerA

Closed-loop automation enables dynamic QoS adjustment.

Why this answer

Option A is correct because it combines model-driven telemetry (to detect queue depth spikes in real time) with a closed-loop automation approach: a Python script consumes the telemetry data, and when the EF queue depth exceeds a threshold, it dynamically adjusts the EF bandwidth percentage via NETCONF. This directly addresses the periodic spikes by modifying the QoS policy on the fly, reducing latency without manual intervention.

Exam trap

Cisco often tests the distinction between monitoring (telemetry) and active remediation (automation), so the trap here is that candidates see 'streaming telemetry' in Option D and think it solves the problem, but it only provides data—not the dynamic adjustment needed to mitigate the spikes.

How to eliminate wrong answers

Option B is wrong because deploying NETCONF YANG modules for VRF configuration does nothing to monitor or adjust queue depths or QoS policies; it is focused on VRF provisioning, not dynamic QoS tuning. Option C is wrong because configuring WRED on the EF queue would drop packets during congestion, which is inappropriate for EF (Expedited Forwarding) traffic that requires low loss and low latency; WRED is typically used for best-effort or AF traffic, not for EF. Option D is wrong because implementing streaming telemetry to collect data every 5 seconds only provides monitoring data—it does not include any mechanism to dynamically adjust the QoS policy; it is a passive observation tool, not an active remediation technique.

59
MCQeasy

An engineer is configuring MPLS VPN and needs to ensure that customer traffic is automatically marked with a specific QoS policy based on the VPN. Which method should be used to propagate QoS markings across the MPLS network?

A.Use 802.1p CoS on the CE-PE link and preserve it across the MPLS backbone
B.Use MPLS EXP bits to mark traffic at the ingress PE and map to QoS at egress
C.Use IP ToS bits to mark traffic and rely on MPLS to preserve them
D.Set DSCP at the ingress PE and preserve it across the MPLS backbone
AnswerB

MPLS EXP bits are designed to carry QoS information across the MPLS network.

Why this answer

In an MPLS VPN environment, QoS markings must be preserved across the MPLS backbone. MPLS EXP (Experimental) bits are the standard mechanism to carry QoS information within the MPLS label stack. At the ingress PE, customer traffic is classified and marked with the appropriate EXP bits based on the VPN or other criteria.

The egress PE then uses these EXP bits to map traffic to the correct QoS policy, ensuring end-to-end QoS treatment.

Exam trap

Cisco often tests the misconception that IP ToS or DSCP markings are automatically preserved across an MPLS backbone, when in fact MPLS EXP bits are the dedicated field for QoS propagation and must be explicitly set and mapped.

How to eliminate wrong answers

Option A is wrong because 802.1p CoS is a Layer 2 marking used on Ethernet links; it is not preserved across an MPLS backbone where the original Ethernet header is removed. Option C is wrong because IP ToS bits (including DSCP) are not automatically preserved when MPLS labels are imposed; the MPLS label stack replaces the IP header for forwarding, and ToS bits are not copied to EXP bits by default unless explicitly configured. Option D is wrong because DSCP is an IP-layer marking; while it can be preserved if the MPLS backbone is configured to copy DSCP to EXP bits, simply setting DSCP at the ingress PE does not guarantee propagation across the MPLS network without an explicit mapping mechanism like MPLS EXP.

60
MCQhard

During a maintenance window, an automation script pushed a QoS policy that inadvertently changed the marking for all inbound traffic on a core interface. The change was rolled back, but performance reports show that some traffic is still being marked incorrectly. What is the most logical explanation?

A.The automation script used RESTCONF which requires a commit to finalize
B.The device requires a reload to clear the old marking
C.The rollback script only applied to the outbound direction
D.The rolled back policy was applied inbound, but the outbound policy that also applies marking was not rolled back
AnswerD

The automation may have only rolled back the inbound policy, leaving the outbound marking policy active, which continues to mark traffic.

Why this answer

Option D is correct because QoS policies can be applied independently in the inbound and outbound directions on an interface. If the original automation script modified the inbound marking policy, and the rollback only reverted that inbound policy, any outbound policy that also performs marking would remain unchanged and continue to incorrectly mark traffic. This explains why some traffic still shows incorrect marking after the rollback.

Exam trap

Cisco often tests the concept that QoS policies are directional and that a rollback must consider both inbound and outbound policies independently, leading candidates to overlook the possibility of a separate outbound marking policy still being active.

How to eliminate wrong answers

Option A is wrong because RESTCONF does not require a separate commit operation; it uses HTTP methods (POST, PUT, PATCH, DELETE) that take effect immediately on the device, unlike NETCONF which uses a commit. Option B is wrong because QoS policies in modern Cisco IOS/IOS-XE are applied dynamically and do not require a reload to take effect or clear; a simple 'no service-policy' or removal of the policy class-map is sufficient. Option C is wrong because the rollback script was applied to the same inbound direction where the original change was made; the issue is not about direction mismatch in the rollback but about a separate outbound policy that was never touched by the rollback.

61
MCQmedium

A service provider uses a centralized automation system to manage QoS policies via NETCONF and YANG. When attempting to push a new policy-map, the device returns an error indicating that the policy-map type is not supported in the specified location. What is the most likely cause?

A.The YANG module for QoS is not installed on the device
B.The NETCONF session is not authenticated
C.The automation system is using the wrong namespace
D.The policy-map is being applied to an interface that does not support hierarchical QoS
AnswerD

Some interface types, like tunnel interfaces, do not support hierarchical QoS policies; applying one results in this error.

Why this answer

The error indicates that the policy-map type is not supported in the specified location. This typically occurs when a policy-map is applied to an interface that does not support hierarchical QoS (HQoS), such as a physical interface that requires a service-policy under a parent policy-map. The NETCONF/YANG operation succeeds in syntax but fails due to device-level capability constraints.

Exam trap

Cisco often tests the distinction between YANG schema validation and device capability enforcement, leading candidates to incorrectly blame namespace or module issues when the real problem is a hardware or software feature limitation.

How to eliminate wrong answers

Option A is wrong because if the YANG module for QoS were not installed, the NETCONF server would return a 'data-missing' or 'operation-not-supported' error, not a location-specific policy-map type error. Option B is wrong because an unauthenticated NETCONF session would fail at the session establishment phase with an 'access-denied' error, not during a policy-map push. Option C is wrong because using the wrong namespace would cause a 'bad-attribute' or 'unknown-element' error during XML parsing, not a runtime error about policy-map type support.

Ready to test yourself?

Try a timed practice session using only Sp Automation Qos questions.