CCNA Sp Networking Questions

75 of 104 questions · Page 1/2 · Sp Networking topic · Answers revealed

1
MCQhard

A network engineer is troubleshooting MPLS LSP connectivity. The MPLS LDP session is up on both endpoints, but some MPLS labels are missing in the LFIB. Which configuration change would most likely resolve the issue?

A.Configure 'label protocol ldp' on all routers
B.Enable 'mpls ldp advertise-labels'
C.Configure 'mpls ip' on all interfaces
D.Enable 'mpls ldp explicit-null' on the ingress
AnswerB

This command ensures that LDP advertises labels for all FECs.

Why this answer

Option B is correct because the 'mpls ldp advertise-labels' command ensures that LDP advertises label bindings to its peers. If this is disabled (default is enabled, but can be overridden), LDP sessions may be up but no labels are distributed, resulting in missing labels in the LFIB. Re-enabling it forces LDP to send label mappings for all FECs, resolving the connectivity issue.

Exam trap

Cisco often tests the distinction between LDP session establishment (which can be up) and label advertisement (which can be suppressed via filters), leading candidates to overlook the 'advertise-labels' command and instead focus on interface-level MPLS enablement or protocol selection.

How to eliminate wrong answers

Option A is wrong because 'label protocol ldp' is used to select LDP as the label distribution protocol on a per-interface basis, but if LDP sessions are already up, this command is not needed and does not address missing label advertisements. Option C is wrong because 'mpls ip' enables MPLS forwarding on an interface, but if LDP sessions are up and labels are missing, the issue is with label advertisement, not MPLS enablement on interfaces. Option D is wrong because 'mpls ldp explicit-null' configures the use of explicit null labels (label 0) for certain FECs, which is a traffic-engineering optimization and does not cause missing labels in the LFIB; it would only affect label values, not their presence.

2
MCQeasy

Which LISP feature allows a device to register its location to a mapping system so that another device can find it?

A.ETR
B.Map-Resolver (MR)
C.Proxy ITR (PITR)
D.xTR
AnswerA

ETR registers EID-to-RLOC mappings with the mapping system.

Why this answer

Option B is correct: In LISP, the ITR (Ingress Tunnel Router) performs mapping lookup, but the ETR (Egress Tunnel Router) registers mappings with the MR/MS (Map-Resolver/Map-Server). Option A (xTR) is both; Option C (MR) resolves mappings; Option D (PITR) is proxy ITR for non-LISP sites.

3
Drag & Dropmedium

Drag and drop the steps to configure a Layer 3 interface on a Cisco switch (SVI) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SVI configuration requires creating the VLAN, then the interface VLAN, assigning an IP, and enabling it.

4
MCQmedium

Based on the exhibit, what is preventing the BGP session from establishing?

A.The BGP MD5 password is mismatched
B.The BGP update-source is misconfigured
C.The neighbor has reached its maximum prefix limit
D.The TTL security check is blocking the connection
AnswerD

The error 'Connection is not permitted by TTL security check (TTL=1)' clearly indicates the TTL security mechanism is rejecting the packet.

Why this answer

Option C is correct. The error message indicates the TTL security check is rejecting the connection because the incoming TTL is not 255 (as expected for an eBGP multihop session). The remote AS is shown as 65000, so it is eBGP.

The neighbor is reached via a single-hop but the TTL check expects TTL=255, but the router sees a TTL less than that. Option A is wrong because no prefix limit is mentioned. Option B is wrong because no MD5 error is shown.

Option D is wrong because the message clearly states TTL security check.

5
MCQmedium

In an MPLS network, a PE router receives a VPNv4 route from a route reflector. The route is not being installed in the VRF table. Which condition could cause this?

A.The route target does not match the VRF import map.
B.The MPLS label is missing.
C.The route distinguisher is incorrect.
D.The next-hop is unreachable.
AnswerA

VRF import filters based on route targets; if mismatch, the route is not installed.

Why this answer

A VPNv4 route is installed into a VRF table only if its Route Target (RT) matches an import statement in the VRF's route-target import list or import map. If the RT does not match, the PE router will not import the route into the VRF, even though the route is valid in the BGP VPNv4 table. This is the most common cause for a VPNv4 route being present in BGP but missing from the VRF.

Exam trap

Cisco often tests the distinction between the Route Distinguisher (which makes prefixes unique) and the Route Target (which controls import/export), leading candidates to incorrectly blame the RD when the RT is the actual filter.

How to eliminate wrong answers

Option B is wrong because a missing MPLS label would prevent the route from being usable for forwarding, but the route can still be installed in the VRF table as long as the RT matches and next-hop is reachable. Option C is wrong because the Route Distinguisher (RD) is used to make VPNv4 prefixes unique across VRFs; an incorrect RD would cause a different issue (e.g., prefix collision or wrong VRF association), but it does not prevent installation if the RT matches. Option D is wrong because an unreachable next-hop would cause the route to be marked as invalid in the BGP table and not installed in the IP routing table, but the route could still be present in the VRF table if the RT matches; the next-hop check occurs after import.

6
MCQmedium

Refer to the exhibit. The router cannot form a full OSPF adjacency with 10.0.0.2. Which is the most likely cause?

A.Duplicate router IDs.
B.Mismatched authentication.
C.Mismatched hello interval.
D.Mismatched MTU.
AnswerD

OSPF Database Description packets include MTU; a mismatch prevents progression from EXSTART.

Why this answer

Option A is correct because a mismatched MTU commonly causes OSPF to get stuck in EXSTART state. Option B (hello interval) would prevent INIT. Option C (duplicate router ID) might cause other issues.

Option D (authentication) would cause failure earlier.

7
MCQeasy

Which OSPF neighbor state indicates that a router has received a hello packet from a neighbor but the neighbor's Router ID is not yet seen in its own hello packet?

A.Down
B.Two-way
C.Init
D.ExStart
AnswerC

Init state indicates hello received but not bidirectional.

Why this answer

The Init state is the first step in OSPF neighbor formation after the Down state. A router enters Init when it receives a Hello packet from a neighbor but does not yet see its own Router ID in the neighbor's Hello packet, indicating that bidirectional communication is not yet confirmed.

Exam trap

Cisco often tests the distinction between Init and Two-way states, and the trap here is confusing the receipt of a Hello packet (Init) with the confirmation of bidirectional communication (Two-way).

How to eliminate wrong answers

Option A is wrong because the Down state means no Hello packets have been received from the neighbor at all, not that a Hello was received without the router's ID. Option B is wrong because the Two-way state is reached after both routers have seen each other's Router IDs in their respective Hello packets, confirming bidirectional communication. Option D is wrong because ExStart is a later state in the database exchange process, occurring after the Two-way state and the election of the Designated Router and Backup Designated Router.

8
Multi-Selecthard

Which THREE of the following are characteristics of Segment Routing (SR-MPLS) compared to traditional MPLS with LDP?

Select 3 answers
A.It can only be used for transit, not for egress routers.
B.The IGP (IS-IS or OSPF) is used to advertise prefix SIDs.
C.It supports explicit path control via segment lists.
D.Labels are distributed via multicast to all routers.
E.No need for LDP or RSVP-TE for label distribution.
AnswersB, C, E

Correct. IGP extensions carry label information.

Why this answer

Options A, C, and E are correct. SR-MPLS does not require LDP (A), uses IGP to distribute labels (C), and supports traffic engineering via segment lists (E). Option B is incorrect; LDP uses multicast for discovery, but SR-MPLS uses IGP flooding, not multicast.

Option D is incorrect; LDP can be used for both transit and egress.

9
Multi-Selectmedium

A network engineer is troubleshooting a BGP route selection issue on a router that receives the same prefix from two different peers. Which THREE BGP attributes are considered in the route selection process before the 'prefer the route with the lowest metric' step?

Select 3 answers
A.Highest weight
B.Shortest AS_PATH
C.Prefer locally originated routes (network or aggregate)
D.Highest local preference
E.Lowest origin type (IGP < EGP < incomplete)
AnswersA, C, D

Weight is the first attribute considered; higher weight is preferred.

Why this answer

Weight is a Cisco-proprietary BGP attribute that is locally significant to the router and is checked first in the BGP best-path selection process. A route with a higher weight is preferred over all other attributes, including local preference and AS_PATH length, making it the most influential attribute for inbound traffic engineering on a single router.

Exam trap

Cisco often tests the exact order of BGP path selection steps, and the trap here is that candidates confuse the sequence by thinking AS_PATH or Origin type are evaluated before locally originated routes or local preference, when in fact they come later.

10
MCQeasy

Which technology should be used to provide per-flow load balancing across multiple equal-cost paths in an MPLS network while preserving packet order?

A.ECMP with a hash algorithm based on layer 3 and layer 4 headers
B.LAG with default hashing
C.Policy-based routing with next-hop per destination
D.Per-packet round-robin load balancing
AnswerA

ECMP hashing preserves flow ordering.

Why this answer

ECMP with a hash algorithm based on Layer 3 and Layer 4 headers is the correct choice because it provides per-flow load balancing by computing a hash over source/destination IP addresses and TCP/UDP port numbers, ensuring that all packets belonging to the same flow are forwarded over the same equal-cost path. This preserves packet order while distributing different flows across multiple paths in an MPLS network.

Exam trap

Cisco often tests the distinction between per-flow and per-packet load balancing, and the trap here is that candidates confuse ECMP with per-packet round-robin, assuming both preserve order, but only per-flow hashing guarantees packet ordering within a flow.

How to eliminate wrong answers

Option B is wrong because LAG (Link Aggregation Group) with default hashing operates at the link level, not at the network layer, and does not provide per-flow load balancing across multiple equal-cost paths in an MPLS network; it bundles physical links into a single logical link and may reorder packets if the hash is not flow-aware. Option C is wrong because policy-based routing with next-hop per destination is a static, destination-based forwarding mechanism that does not dynamically load balance per flow across equal-cost paths and can lead to packet reordering if policies change. Option D is wrong because per-packet round-robin load balancing sends packets sequentially across paths without considering flow affinity, which breaks packet order and causes severe reordering issues in TCP and other stateful protocols.

11
Multi-Selecthard

Which THREE actions can help mitigate the impact of BGP prefix flapping in a service provider network?

Select 3 answers
A.Use route summarization.
B.Implement route dampening.
C.Use BGP peer groups.
D.Increase the BGP hold timer.
E.Apply BGP graceful restart.
AnswersA, B, D

Summarization aggregates multiple prefixes, reducing the impact of individual flaps.

Why this answer

Route summarization (A) reduces the number of BGP prefixes advertised, which inherently limits the impact of flapping because a single summary prefix represents many more-specific prefixes. If a specific subprefix flaps, the aggregate remains stable, preventing the flapping from propagating to BGP peers. This is a proactive approach to minimize the control-plane churn caused by unstable routes.

Exam trap

Cisco often tests the distinction between mechanisms that reduce control-plane churn (summarization, dampening) versus those that maintain forwarding during failures (graceful restart), leading candidates to incorrectly select graceful restart as a flapping mitigation tool.

12
MCQeasy

A network engineer needs to ensure that a specific customer's traffic is not adversely affected by other customers' traffic in a shared MPLS core. Which technology should be used?

A.QoS policies on PE routers with shaping and policing
B.iBGP route reflectors
C.MPLS Traffic Engineering
D.802.1Q VLANs
AnswerA

QoS allows per-customer traffic controls.

Why this answer

Option C is correct: QoS on the PE routers can shape and police traffic per customer. Option A (MPLS TE) is for bandwidth optimization, not per-customer guarantee; Option B (VLANs) is layer 2; Option D (iBGP) is routing.

13
Multi-Selectmedium

Which TWO statements about BGP route reflectors are true?

Select 2 answers
A.The cluster ID is used to detect routing loops.
B.A route reflector does not modify the next-hop attribute.
C.Route reflectors modify the AS_PATH attribute.
D.Route reflectors must be fully meshed.
E.A route reflector passes routes from non-client to non-client.
AnswersA, B

Multiple RRs in the same cluster use the cluster ID to avoid loops.

Why this answer

Option A is correct because BGP route reflectors use the cluster ID to detect and prevent routing loops. When a route reflector receives an update containing its own cluster ID in the cluster-list attribute, it discards the route, breaking the loop. This mechanism is defined in RFC 4456 and is essential for loop-free route propagation in non-full-mesh iBGP topologies.

Exam trap

Cisco often tests the misconception that route reflectors modify the AS_PATH or that they pass routes between non-clients, when in fact they preserve the AS_PATH and only reflect routes from non-clients to clients, not between non-clients.

14
MCQhard

A network engineer is troubleshooting an OSPF adjacency issue between two routers connected via a serial link. The routers are configured with point-to-point network type. The adjacency stays in EXSTART state. What is the most likely cause?

A.Mismatched OSPF area ID.
B.Mismatched hello/dead intervals.
C.Mismatched MTU.
D.Duplicate router IDs.
AnswerC

OSPF uses the MTU in Database Description packets; a mismatch causes the adjacency to stay in EXSTART.

Why this answer

On a point-to-point OSPF link, the EXSTART state indicates that the routers have formed a bidirectional communication (2WAY) and are now negotiating the master/slave relationship for database description (DBD) packet exchange. A mismatched MTU between the two interfaces causes the DBD packets to be dropped or rejected, preventing the adjacency from progressing beyond EXSTART. This is a common issue on serial links where one side may have a different MTU configured.

Exam trap

Cisco often tests the EXSTART state trap by making candidates confuse it with the more common mismatched hello/dead intervals or area ID issues, which actually prevent reaching EXSTART, while MTU mismatch is the specific cause of stalling in EXSTART.

How to eliminate wrong answers

Option A is wrong because a mismatched OSPF area ID would prevent the adjacency from forming at all, typically stalling in the INIT or 2WAY state, not EXSTART. Option B is wrong because mismatched hello/dead intervals would cause the adjacency to fail during the INIT or 2WAY state, as routers would not receive Hello packets within the expected interval. Option D is wrong because duplicate router IDs would cause one router to reject the other's Hello packets, leading to a state of DOWN or INIT, not EXSTART.

15
MCQhard

A network engineer is troubleshooting an MPLS L3VPN where the CE router is receiving the correct VPN prefixes from the PE, but traffic from the CE to those prefixes is being dropped. The PE has a default route pointing to the CE. What is the most likely cause?

A.The VRF on the PE is not configured with the correct route-target import.
B.The PE does not have a specific route for the destination in its global routing table.
C.The CE does not have a route back to the PE's loopback.
D.The PE-CE link MTU is smaller than the packet size.
AnswerB

Without a specific route, the PE may not push the correct MPLS label, causing the core to drop the packet.

Why this answer

The CE is receiving the correct VPN prefixes from the PE, so the VRF import/export is working. However, when the CE sends traffic to those prefixes, the PE must forward the packets. The PE has a default route pointing to the CE, but if the PE's global routing table lacks a specific route for the destination prefix (which is normal for L3VPN, as VPN routes are in the VRF, not the global table), the PE will drop the traffic because it cannot find a valid next hop in the global table for the outer IP header.

This is a classic issue where the PE's global table must have a route to the CE's loopback or the PE-CE link subnet to enable recursive forwarding.

Exam trap

Cisco often tests the misconception that a VRF route alone is sufficient for forwarding, but in reality, the PE must have a global route to the BGP next-hop (typically the remote PE's loopback) for the MPLS label-switched path to function.

How to eliminate wrong answers

Option A is wrong because the CE is already receiving the correct VPN prefixes, which proves the VRF route-target import is functioning correctly; if it were misconfigured, the prefixes would not be present on the CE. Option C is wrong because the CE does not need a route back to the PE's loopback; the CE only needs a route to the PE's interface IP (or a default route) to send traffic, and the problem is on the PE side, not the CE. Option D is wrong because an MTU mismatch would typically cause fragmentation issues or ICMP unreachables, not a complete drop of all traffic to the VPN prefixes, and the CE is receiving routes, so the control plane is unaffected.

16
Multi-Selectmedium

Which TWO statements correctly describe the use of OSPF in a service provider network?

Select 2 answers
A.OSPF uses the Bellman-Ford algorithm to compute routes.
B.OSPF uses different LSA types to advertise different types of routing information.
C.OSPF is a distance-vector routing protocol.
D.OSPF can support multiple areas with a backbone area 0.
E.OSPF uses TLVs to encode routing information.
AnswersB, D

LSA types 1-5 and 7 are used.

Why this answer

Option B is correct because OSPF uses different LSA types (e.g., Type 1 Router LSA, Type 2 Network LSA, Type 3 Summary LSA, Type 5 AS-External LSA) to advertise different categories of routing information, such as router links, network links, inter-area routes, and external routes. This LSA-type differentiation is fundamental to OSPF's link-state architecture, enabling efficient flooding and route computation within and across areas.

Exam trap

Cisco often tests the distinction between link-state and distance-vector protocols, and candidates may mistakenly associate OSPF with Bellman-Ford or TLVs due to superficial similarities with other protocols like IS-IS or EIGRP.

17
MCQhard

A network engineer applies the above configuration on a PE router. The PE receives route 172.16.1.0/24 from eBGP peer 10.1.1.1. Which communities will be attached to this route?

A.65000:100 only
B.No communities are attached because the route-map does not specify additive.
C.65000:200 only
D.65000:100 and 65000:200
AnswerD

The set community command can include multiple values.

Why this answer

The route-map SET_COMM matches prefix 172.16.1.0/24 (permitted by prefix-list CUSTOMER). It sets two communities: 65000:100 and 65000:200. Standard community list includes both.

18
MCQmedium

A service provider's network uses MPLS TE with Fast Reroute (FRR) for link protection. After a fiber cut on a core link, the traffic is rerouted via a backup tunnel, but the backup tunnel's path suffers from high latency. The customer complains about poor voice quality. What can be done to avoid this scenario in future deployments?

A.Configure backup tunnels with explicit paths that avoid high-latency links
B.Increase the bandwidth reservations on the backup tunnel
C.Implement BGP PIC for edge routers
D.Use node protection instead of link protection
AnswerA

Explicit path constraint ensures backup tunnel follows desired low-latency links.

Why this answer

Option B is correct. By explicitly configuring the backup tunnel with a path specification (e.g., using explicit path objects) that avoids high-latency links, the backup path can be engineered to meet latency requirements. Option A (node protection) does not address latency.

Option C (BGP PIC) is for edge convergence, not core protection. Option D (increasing bandwidth reservation) affects bandwidth but not latency.

19
Multi-Selectmedium

Which TWO statements accurately describe MPLS LDP label distribution and autoconfiguration? (Choose two.)

Select 2 answers
A.LDP can be configured to allocate labels only for specific prefixes using label filtering.
B.LDP uses hello messages sent to multicast address 224.0.0.2.
C.LDP allocates labels for all prefixes in the IGP routing table by default.
D.LDP sessions are always established using the physical interface IP address.
E.LDP label allocation is per interface by default.
AnswersA, C

You can filter which prefixes get labels via ACL or prefix-list.

Why this answer

LDP allocates labels for every IGP prefix by default. It uses the Transport address (usually loopback) to establish sessions. Option D is incorrect because LDP can also use targeted discovery.

20
Multi-Selecthard

Which THREE are valid methods for label distribution in an MPLS network?

Select 3 answers
A.Segment Routing via IGP
B.RSVP-TE
C.BGP
D.LDP
E.TDP
AnswersA, B, D

Segment routing uses IGP extensions to distribute prefix SIDs.

Why this answer

Segment Routing via IGP (Option A) is a valid label distribution method because it uses the IGP (OSPF or IS-IS) to advertise prefix-SIDs, which are MPLS labels. The IGP distributes these labels as part of its link-state database, eliminating the need for a separate label distribution protocol like LDP. This is defined in RFC 8660 and RFC 8665 for OSPF and IS-IS respectively.

Exam trap

Cisco often tests the distinction between label distribution protocols for core LSP establishment versus label-carrying protocols for services, so candidates may mistakenly select BGP as a core label distribution method when it is actually used for VPN label distribution.

21
Multi-Selectmedium

Which TWO queuing mechanisms best meet the requirements for voice traffic (low latency and jitter) in a service provider network?

Select 2 answers
A.LLQ (Low Latency Queuing)
B.WRED (Weighted Random Early Detection)
C.Priority queuing
D.CBWFQ without LLQ
E.FIFO (First In First Out)
AnswersA, C

LLQ provides a strict priority queue for real-time traffic.

Why this answer

LLQ is correct because it combines a strict priority queue with CBWFQ, ensuring voice traffic (which is delay-sensitive) is always serviced first, thereby minimizing latency and jitter. The priority queue is policed to prevent starvation of other traffic, making it ideal for real-time applications like VoIP in service provider networks.

Exam trap

Cisco often tests the misconception that WRED or CBWFQ alone can handle voice traffic, but the trap here is that only LLQ (or strict priority queuing) provides the necessary low latency and jitter by guaranteeing immediate service for voice packets, while other mechanisms introduce delay or drop packets.

22
MCQeasy

A service provider router receives a route with a higher specific prefix length than the same prefix in the routing table. Which route will be preferred?

A.The route with higher administrative distance.
B.The route with lower metric.
C.The more specific prefix.
D.The less specific prefix.
AnswerC

Longest prefix match is the primary criterion in IP routing.

Why this answer

C is correct because a router always prefers the most specific prefix (longest prefix length) when forwarding packets, regardless of administrative distance or metric. This is a fundamental rule of IP routing: the route with the longest subnet mask match is chosen first, as it represents the most precise path to the destination.

Exam trap

Cisco often tests the misconception that administrative distance or metric can override the longest prefix match, leading candidates to incorrectly choose option A or B when the question explicitly states a higher specific prefix length.

How to eliminate wrong answers

Option A is wrong because administrative distance is only used to compare routes to the same prefix length; a less specific route with a lower AD cannot override a more specific route. Option B is wrong because metric is compared only among routes with the same prefix length and same routing protocol; a lower metric on a less specific route does not make it preferred over a more specific route. Option D is wrong because the less specific prefix is never preferred when a more specific prefix exists for the same destination; the longest prefix match rule always takes precedence.

23
Multi-Selecthard

Which TWO BGP path attributes are considered before AS-path length in the default best-path selection process?

Select 2 answers
A.Origin code
B.Community
C.MED
D.Weight
E.Local Preference
AnswersD, E

Weight is the first tie-breaker.

Why this answer

Weight (D) is a Cisco-proprietary attribute that is checked first in the BGP best-path selection process, before AS-path length. Local Preference (E) is the second attribute evaluated, also preceding AS-path length. Both are considered before the AS-path length comparison in the default BGP decision process.

Exam trap

Cisco often tests the exact order of BGP path selection attributes, and the trap here is that candidates mistakenly think MED or Origin are evaluated before AS-path length, when in fact they come later in the decision process.

24
Matchingmedium

Match each service provider architecture term to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provider Edge router connecting to customer equipment

Provider core router forwarding traffic without VPN awareness

Customer Edge router connecting to the provider network

Route Reflector to scale BGP in a service provider backbone

Autonomous System Boundary Router connecting to other ASes

Why these pairings

These are fundamental roles in a service provider network.

25
MCQmedium

A service provider's network is experiencing suboptimal routing for BGP prefixes received from a customer. The customer is multihomed to two different PE routers in the same AS. Which BGP feature can ensure that traffic ingresses via the correct PE?

A.MED
B.Local Preference
C.AS-path prepend
D.Weight
AnswerA

MED is used to influence inbound traffic by advertising different metrics to different peers.

Why this answer

MED (Multi-Exit Discriminator) is the correct BGP attribute for influencing inbound traffic from a multihomed customer. When the customer advertises the same prefix to two PE routers in the same AS, setting a lower MED value on one PE will cause the customer's upstream AS to prefer that path for returning traffic. This allows the service provider to control which PE receives the ingress traffic without altering any outbound routing policies.

Exam trap

Cisco often tests the distinction between attributes that influence inbound vs. outbound traffic, and the trap here is confusing Local Preference (outbound) with MED (inbound) when both are used for path selection within an AS.

How to eliminate wrong answers

Option B (Local Preference) is wrong because Local Preference is used to influence outbound traffic from the local AS, not inbound traffic from a customer. Option C (AS-path prepend) is wrong because it influences path selection by making a route appear longer, but it is typically applied on egress updates to affect inbound traffic from external ASes, not within the same AS for multihomed customers. Option D (Weight) is wrong because Weight is a Cisco-proprietary attribute that is local to the router and influences outbound path selection, not inbound traffic from a customer.

26
MCQhard

A service provider wants to influence inbound traffic from a customer AS. The customer AS is multi-homed to two provider ASes. Which BGP community is most effective to make the customer prefer a specific entry point?

A.Set community 'no-export' on routes from the undesired entry point.
B.Set community 'prepend 3' on routes from the desired entry point.
C.Set community 'local-preference 200' on routes from the desired entry point.
D.Set community 'no-advertise' on routes from the undesired entry point.
AnswerC

This community instructs the customer to set local preference higher for those routes, making that entry point preferred.

Why this answer

The provider can set the 'prepend' community (e.g., 100:1) to request the customer to prepend AS path, but that is outbound. To influence inbound, the provider should use communities that affect the customer's BGP decision process, like local preference. However, the most effective is to set a higher local preference on routes advertised to the customer from the desired entry point.

This is typically done via the 'local-preference' community (e.g., 2:100).

27
MCQeasy

A service provider is migrating from OSPF to IS-IS in the core. During the migration, both protocols are running. Some prefixes are learned via both OSPF and IS-IS. The network uses BGP for external routes and MPLS for VPNs. The engineer notices that BGP routes are pointing to a next-hop that is reachable via OSPF but not via IS-IS, causing traffic to be dropped. What is the best course of action to ensure that during the migration, BGP uses only one IGP protocol?

A.Use BGP next-hop tracking to prefer IS-IS routes
B.Configure a route-map to selectively distribute routes
C.Increase the administrative distance of IS-IS to be higher than OSPF
D.Implement MPLS TE tunnels for BGP next-hops
AnswerC

Higher admin distance makes IS-IS less preferred, ensuring OSPF routes are used for next-hop resolution.

Why this answer

Option C is correct because increasing the administrative distance of IS-IS to be higher than OSPF (e.g., from 115 to 120) makes OSPF routes preferred over IS-IS routes in the routing table. Since BGP uses the IGP route to resolve its next-hop, this ensures BGP always selects the OSPF path, preventing traffic drops when the next-hop is only reachable via OSPF. This is a simple, protocol-agnostic way to control IGP preference during a migration without altering route redistribution or tunneling.

Exam trap

Cisco often tests the misconception that BGP next-hop tracking (Option A) or route-maps (Option B) can influence IGP preference, when in fact administrative distance is the direct and simplest mechanism to control route selection between two IGPs.

How to eliminate wrong answers

Option A is wrong because BGP next-hop tracking (NHT) monitors reachability changes but does not influence which IGP protocol is preferred; it only triggers BGP to re-evaluate next-hops, not to prefer one IGP over another. Option B is wrong because a route-map for selective distribution controls which prefixes are advertised between protocols, not the administrative distance or next-hop resolution behavior of BGP; it would not force BGP to use only OSPF for next-hop resolution. Option D is wrong because MPLS TE tunnels can steer traffic but add complexity and do not address the fundamental issue of BGP next-hop resolution preferring one IGP over another; they are an over-engineered solution for a simple administrative distance fix.

28
MCQeasy

Based on the exhibit, which OSPF network type is configured on this interface?

A.Non-Broadcast
B.Point-to-Point
C.Broadcast
D.Point-to-Multipoint
AnswerB

Correct as displayed.

Why this answer

The output shows 'Network Type POINT_TO_POINT', so the interface is configured as point-to-point.

29
MCQmedium

A service provider is running OSPF in their core network. After a link failure, routing convergence is taking longer than expected. The engineer suspects the issue is related to the SPF calculation. Which OSPF feature can reduce the SPF calculation time?

A.OSPF database overload protection
B.Bidirectional Forwarding Detection (BFD)
C.Incremental SPF (iSPF)
D.LSA pacing timers (pacing-interval)
AnswerC

Reduces SPF computation by recalculating only changed parts.

Why this answer

Option C is correct: incremental SPF (iSPF) recalculates only affected routes, reducing convergence time. Option A (LSA pacing) is for flooding; Option B (LSDB overload) is unrelated; Option D (BFD) speeds up failure detection, not SPF calculation.

30
MCQeasy

A service provider is designing a Layer 2 MPLS VPN to connect multiple customer sites. Which technology should be used to provide end-to-end Ethernet service with MAC address transparency and support for multiple customer VLANs?

A.MPLS Traffic Engineering (MPLS TE)
B.VPLS (Virtual Private LAN Service)
C.VPWS (Virtual Private Wire Service)
D.RSVP-TE signaling
AnswerB

VPLS provides multipoint Ethernet services with MAC address transparency and supports multiple VLANs via QinQ or VLAN mapping.

Why this answer

VPLS (Virtual Private LAN Service) is the correct choice because it emulates an Ethernet bridge across an MPLS core, providing MAC address transparency and supporting multiple customer VLANs through a multipoint-to-multipoint topology. Unlike point-to-point services, VPLS learns MAC addresses and forwards frames based on them, enabling end-to-end Ethernet service across distributed sites.

Exam trap

Cisco often tests the distinction between point-to-point (VPWS) and multipoint (VPLS) services, and candidates mistakenly choose VPWS when the question explicitly requires connecting multiple sites with MAC transparency.

How to eliminate wrong answers

Option A is wrong because MPLS Traffic Engineering (MPLS TE) is a mechanism for optimizing traffic paths based on bandwidth and constraints, not for providing Layer 2 Ethernet services with MAC transparency. Option C is wrong because VPWS (Virtual Private Wire Service) offers only point-to-point Ethernet connections, lacking the multipoint capability and MAC learning required for connecting multiple sites with VLAN transparency. Option D is wrong because RSVP-TE is a signaling protocol used for MPLS label distribution and traffic engineering, not a Layer 2 VPN service technology.

31
MCQmedium

A service provider is deploying segment routing in its MPLS core. Which label allocation method is used by segment routing to distribute prefix SIDs?

A.LDP
B.BGP
C.RSVP-TE
D.IGP (IS-IS or OSPF)
AnswerD

Segment routing encodes prefix SIDs in IGP updates.

Why this answer

Segment routing uses the IGP (IS-IS or OSPF) to distribute prefix SIDs. The IGP extensions for segment routing (RFC 8665 for OSPF, RFC 8667 for IS-IS) carry the prefix SID sub-TLV within the prefix reachability information, allowing each router to allocate and advertise the SID associated with a prefix. This is the native label allocation method for segment routing, as it leverages the existing IGP database without requiring a separate label distribution protocol.

Exam trap

Cisco often tests the misconception that segment routing requires a separate label distribution protocol like LDP or RSVP-TE, but the trap here is that segment routing uses the IGP itself to distribute prefix SIDs, making it a control-plane-less label distribution method.

How to eliminate wrong answers

Option A is wrong because LDP (Label Distribution Protocol) is a separate label distribution protocol used in traditional MPLS, but segment routing eliminates the need for LDP by encoding labels directly in the IGP. Option B is wrong because BGP is used for distributing VPN labels or inter-domain prefix SIDs (e.g., BGP-LU), but not for allocating prefix SIDs within a single IGP domain. Option C is wrong because RSVP-TE is a signaling protocol for traffic engineering that establishes explicit LSPs with resource reservations, whereas segment routing uses source-routed paths without signaling.

32
MCQeasy

A network administrator is designing an MPLS TE tunnel for a service provider backbone. The goal is to provide bandwidth protection for voice traffic. Which MPLS TE feature should be configured?

A.Autoroute announce
B.Path-option
C.Fast Reroute (FRR)
D.Bandwidth protection
AnswerC

FRR provides backup LSPs to protect against link or node failures.

Why this answer

MPLS TE Fast Reroute (FRR) provides sub-50 ms protection against link or node failures by pre-computing and pre-signaling a backup tunnel that bypasses the protected element. This meets the requirement for bandwidth protection of voice traffic, which is sensitive to packet loss and delay during network convergence.

Exam trap

Cisco often tests the distinction between features that provide path selection (Path-option) or traffic steering (Autoroute announce) versus features that provide actual failure protection (FRR), leading candidates to confuse 'bandwidth protection' as a separate feature rather than a benefit of FRR.

How to eliminate wrong answers

Option A is wrong because Autoroute announce is used to automatically inject the TE tunnel's destination into the IGP routing table, enabling traffic to be routed into the tunnel without explicit static routes; it does not provide any failure protection. Option B is wrong because Path-option defines the explicit or dynamic path for the primary TE tunnel but does not create a backup path or offer fast failover. Option D is wrong because 'Bandwidth protection' is not a standalone MPLS TE feature; it is a capability provided by FRR (specifically link or node protection) and is not a configurable command or feature name in Cisco IOS XR or classic IOS.

33
MCQeasy

A network administrator is configuring a Cisco ASR 9000 router for MPLS L3VPN. The PE receives customer routes via eBGP from the CE. Which command is required to redistribute these routes into the VPNv4 BGP table on the PE?

A.Configure 'address-family ipv4 unicast' under the VRF configuration and then 'address-family vpnv4 unicast' under the BGP process.
B.Configure 'address-family ipv4 vrf CUSTOMER' under the BGP process and activate the neighbor.
C.Enter 'vrf CUSTOMER' in the BGP process and then 'address-family ipv4 unicast' under the VRF.
D.Enter 'redistribute bgp 100' under the VRF's OSPF or static route configuration.
AnswerA

The VRF address-family ipv4 unicast imports routes into the VRF, and the VPNv4 address-family enables VPNv4 BGP to carry these routes.

Why this answer

Option A is correct because in MPLS L3VPN, customer routes learned via eBGP from the CE must be placed into the VRF's IPv4 unicast table first, and then the 'address-family vpnv4 unicast' under BGP is required to redistribute those VRF routes into the VPNv4 BGP table, which carries the route with its route distinguisher (RD) and extended community. This two-step process ensures the PE can advertise the route as a VPNv4 prefix to other PEs via MP-BGP.

Exam trap

Cisco often tests the distinction between configuring BGP within a VRF (for CE-PE eBGP) and enabling the VPNv4 address family to propagate those routes across the MPLS core, leading candidates to mistakenly think that simply configuring 'address-family ipv4 vrf CUSTOMER' is sufficient for VPNv4 redistribution.

How to eliminate wrong answers

Option B is wrong because 'address-family ipv4 vrf CUSTOMER' under BGP is used to configure BGP peering within the VRF (e.g., for eBGP with the CE), but it does not automatically redistribute those routes into the VPNv4 address family; the VPNv4 address family must be explicitly configured and the VRF routes must be injected via network statements or redistribution. Option C is wrong because entering 'vrf CUSTOMER' in the BGP process and then 'address-family ipv4 unicast' under the VRF is not a valid BGP configuration; the VRF is defined globally, and BGP uses 'address-family ipv4 vrf CUSTOMER' to handle VRF-specific BGP sessions, not a nested 'address-family ipv4 unicast' under the VRF. Option D is wrong because 'redistribute bgp 100' under the VRF's OSPF or static route configuration would redistribute BGP routes into an IGP or static routes, not into the VPNv4 BGP table; the VPNv4 table is populated by MP-BGP, not by redistribution from an IGP.

34
MCQhard

During multicast troubleshooting, the command 'show ip mroute' shows that the RPF neighbor for a particular (S,G) entry is incorrect. What is the most likely cause?

A.The unicast routing table does not have a route back to the source.
B.The multicast routing protocol is not enabled globally.
C.TTL threshold is set too high on the incoming interface.
D.IGMP snooping is disabled on the switch.
AnswerA

RPF check uses unicast route towards source; missing or incorrect route leads to wrong RPF neighbor.

Why this answer

The RPF neighbor is determined by the unicast routing table towards the source. If the unicast route points to a different next-hop than the actual multicast path (e.g., due to asymmetric routing or incorrect unicast route), the RPF check fails and the multicast tree is not built correctly.

35
MCQhard

Refer to the exhibit. An engineer is troubleshooting an MPLS LDP session between two routers. The output shows that the LDP session is operational. However, MPLS labels are not being exchanged. What is the most likely cause?

A.The peer's addresses are not bound to the LDP Ident.
B.The TCP connection is not using port 646.
C.The LDP label advertisement mode is 'downstream on demand'.
D.The LDP session is not established.
AnswerC

In this mode, labels are only sent on request; if the peer expects unsolicited, labels may not be exchanged.

Why this answer

The exhibit shows that the LDP session is operational (state = Operational), but no labels are being exchanged. In 'downstream on demand' mode, a router does not advertise labels unless explicitly requested by an upstream neighbor via a Label Request message. Since the session is up but no labels are exchanged, this mismatch in label advertisement mode is the most likely cause.

Exam trap

The trap here is that candidates see the LDP session is 'Operational' and assume label exchange must be working, but Cisco tests the subtle distinction that session state and label advertisement are independent processes.

How to eliminate wrong answers

Option A is wrong because the LDP Ident is used to identify the label space and is bound to the router ID; the peer's addresses not being bound would prevent session establishment, not just label exchange. Option B is wrong because LDP uses TCP port 646 by default; if the TCP connection were not using port 646, the session would not be established at all. Option D is wrong because the output explicitly states the LDP session is operational, meaning it is established.

36
Multi-Selecteasy

Which THREE of the following are required for successful operation of OSPFv3 in an IPv6 service provider network?

Select 3 answers
A.Interface activation with 'ipv6 ospf <process> area <area>'
B.OSPFv3 process configuration with router-id
C.IPv6 unicast routing enabled globally
D.OSPFv3 authentication configured
E.OSPFv3 LSA type 9 for link-local addresses
AnswersA, B, C

Each interface must be explicitly activated for OSPFv3.

Why this answer

Option A is correct because OSPFv3 requires interface-level activation using the 'ipv6 ospf <process> area <area>' command to enable the OSPFv3 process on a specific interface and associate it with an area. Without this, the interface will not participate in OSPFv3 neighbor discovery or routing updates, even if the process is configured globally.

Exam trap

Cisco often tests the misconception that OSPFv3 authentication is mandatory, but it is optional and uses IPsec AH/ESP headers, not the simple authentication mechanisms of OSPFv2.

37
MCQhard

An SP engineer is designing a BGP-based MPLS L3VPN service. The PE routers are fully meshed via iBGP for VPNv4 routes, and an RR is deployed to reduce sessions. The engineer notices that all PE routers are receiving duplicate routes from different PEs, causing suboptimal path selection. Which BGP feature should be enabled to ensure proper load balancing across multiple equal-cost paths?

A.Enable BGP additional paths on the RR
B.Deploy a second RR to reduce the number of iBGP sessions
C.Configure the BGP best path selection algorithm to ignore interior cost
D.Enable BGP multipath on the PE routers
AnswerD

BGP multipath allows the installation of multiple best paths for load balancing, given the paths are equal cost and meet similarity conditions.

Why this answer

Option A is correct. BGP multipath allows the router to install multiple equal-cost paths into the routing table, load balancing traffic. Option B is wrong because BGP additional paths allows advertising more than one path per prefix but does not directly install them.

Option C is wrong because BGP best path selection is a process, not a feature to alter outcomes. Option D is wrong because BGP route reflectors do not influence multipath behavior.

38
MCQhard

Refer to the exhibit. What is the role of this router for prefix 10.0.1.0/24?

A.Transit LSR.
B.Egress LSR.
C.Penultimate hop.
D.Ingress LSR.
AnswerB

Egress LSR pops the outermost label, shown by 'Pop tag'.

Why this answer

Option C is correct because the outgoing tag is 'Pop tag', indicating that the router removes the MPLS label before forwarding. This is the egress LSR. Option A (ingress) would have 'No label' as local tag.

Option B (transit) would have a non-pop outgoing label. Option D (penultimate hop) would have 'Untagged' or a specific label.

39
MCQhard

An engineer is troubleshooting MPLS LSP connectivity. The ingress PE router has the label binding for the FEC 10.1.1.0/24, but no LSP is established. Which command should be checked on the P routers to verify the LSP path?

A.show mpls interface
B.show mpls ldp neighbor
C.show mpls forwarding-table
D.show ip route 10.1.1.0
AnswerC

Displays MPLS forwarding entries, revealing label path issues.

Why this answer

Option B is correct because 'show mpls forwarding-table' displays the label forwarding entries and can identify missing or incorrect label assignments along the path. Option A is not specific to MPLS forwarding; option C shows LDP neighbors only; option D shows MPLS interfaces but not forwarding details.

40
Multi-Selectmedium

An engineer is configuring VPLS on a Cisco ASR 9000. After verifying the pseudowire status, they notice that the 'pw status' shows 'down' for one of the PWs. Which two conditions could cause this? (Choose two.)

Select 2 answers
A.Mismatched encapsulation type on the pseudowire (e.g., Ethernet vs. VLAN)
B.VPLS ID mismatch on the same bridge domain
C.SNMP MIB not loaded
D.MTU mismatch between local and remote PE
E.LDP session is missing
AnswersA, D

Encapsulation must match between peers.

Why this answer

Option A is correct because a mismatched encapsulation type (e.g., Ethernet vs. VLAN) on the pseudowire causes the PW to fail to come up. In VPLS, the encapsulation must match between the local and remote PE for the pseudowire to be operational; otherwise, the PW status will show 'down' due to a negotiation failure.

Exam trap

Cisco often tests the distinction between conditions that cause a pseudowire to be 'down' versus conditions that affect VPLS forwarding but leave the PW 'up', leading candidates to incorrectly select VPLS ID mismatch (Option B) as a cause of PW failure.

41
MCQmedium

An engineer is troubleshooting a BGP peering issue between two routers. The peering is established, but routes are not being exchanged. On router R1, 'show bgp neighbors 192.0.2.2' shows the neighbor state as 'Established' but the 'Prefixes received' counter is zero. What is most likely the cause?

A.An outbound route-map on the neighbor is filtering all routes.
B.The 'maximum-prefix' limit is exceeded, causing the session to reset.
C.The BGP session is in the Idle state due to a misconfigured update-source.
D.The 'next-hop-self' command is missing on R1.
AnswerA

An outbound route-map on R2 would filter routes sent to R1, causing zero prefixes received on R1.

Why this answer

The neighbor state is 'Established', confirming that the TCP session and BGP open messages have been successfully exchanged. However, zero prefixes received indicates that R1 is not receiving any routes from the neighbor. An outbound route-map applied on the neighbor (the router sending routes to R1) can filter all prefixes before they are advertised, resulting in zero received prefixes while the session remains up.

Exam trap

Cisco often tests the distinction between session state and route exchange; the trap here is that candidates assume an Established session guarantees route exchange, overlooking outbound filtering on the neighbor side.

How to eliminate wrong answers

Option B is wrong because if the 'maximum-prefix' limit were exceeded, the BGP session would reset or go into an Idle state, not remain Established with zero prefixes received. Option C is wrong because a misconfigured update-source would prevent the BGP session from reaching the Established state entirely; the session would be stuck in Idle or Active. Option D is wrong because the 'next-hop-self' command affects the next-hop attribute of advertised routes, not the reception of prefixes; missing it would not cause zero prefixes received.

42
MCQmedium

An OSPF network uses point-to-point links. The engineer notices that LSAs are being flooded every 30 minutes even when no topology changes occur. What is the most likely reason?

A.The routers are using LSU packets incorrectly.
B.There is a flapping interface on the network.
C.The dead timer is set too low.
D.The LSA refresh interval has expired.
AnswerD

Correct. OSPF refreshes LSAs every 30 minutes.

Why this answer

Option B is correct because OSPF LSAs are periodically refreshed every 1800 seconds (30 minutes) by default. Option A is incorrect; this flooding is expected. Option C is incorrect; LSUs are used for flooding LSAs.

Option D is incorrect; the LS refresh interval is 30 minutes, not a timer issue.

43
MCQmedium

A service provider is deploying segment routing in their MPLS core. They want to use an IGP as the control plane for label distribution without running LDP or RSVP-TE. Which IGP is best suited for this purpose?

A.BGP
C.IS-IS
D.RIP
AnswerC

IS-IS supports segment routing extensions and is widely used in SP cores.

Why this answer

IS-IS is the best-suited IGP for segment routing in an MPLS core because it natively supports the Segment Routing (SR) extensions defined in RFC 8667. These extensions allow IS-IS to advertise Prefix-SIDs and Adjacency-SIDs directly within the link-state database, enabling label distribution without requiring LDP or RSVP-TE. This makes IS-IS a natural fit for service providers deploying SR-MPLS.

Exam trap

The trap here is that candidates may think OSPF is also a valid choice, but the question specifically asks for the IGP best suited for segment routing without LDP or RSVP-TE, and while OSPF does support SR (RFC 8665), IS-IS is historically more common in service provider cores due to its native support for CLNS and easier migration from LDP to SR.

How to eliminate wrong answers

Option A is wrong because BGP is not an IGP; it is an EGP used for inter-domain routing and, while it can carry SR policies via BGP-LS or BGP SR-TE, it does not function as the IGP control plane for label distribution within a single IGP domain. Option B is wrong because EIGRP is a Cisco-proprietary distance-vector protocol that does not support segment routing extensions; it relies on its own RIB-based label distribution and is not standardized for SR-MPLS. Option D is wrong because RIP is a legacy distance-vector protocol that lacks any support for MPLS or segment routing, and it cannot distribute labels or SIDs.

44
Multi-Selectmedium

Which TWO tasks are required when implementing segment routing in an MPLS network?

Select 2 answers
A.Configure RSVP-TE to establish LSPs
B.Enable CEF on all routers
C.Configure the IGP (OSPF or IS-IS) with segment routing extensions
D.Enable MPLS on all interfaces that participate in segment routing forwarding
E.Enable LDP on all routers and interfaces
AnswersC, D

IGP must be configured to support segment routing and advertise labels (prefix-SIDs).

Why this answer

Options A and B are correct. Configuring the IGP (OSPF or IS-IS) for segment routing is essential to advertise prefix-SIDs and adjacency-SIDs. Enabling MPLS on interfaces ensures MPLS forwarding.

Option C is not required because LDP is replaced by segment routing. Option D is not required as RSVP-TE is a different traffic engineering mechanism. Option E is part of the MPLS forwarding plane setup but not unique to segment routing; it is a prerequisite.

45
Multi-Selecteasy

Which TWO statements correctly describe differences between PIM dense mode and PIM sparse mode? (Choose two.)

Select 2 answers
A.PIM-DM supports the use of a bootstrap router (BSR) for RP discovery.
B.PIM-SM is more bandwidth efficient for high density groups.
C.PIM-DM uses explicit join messages, while PIM-SM uses flood and prune.
D.PIM-DM assumes all downstream routers want to receive multicast traffic, so it initially floods traffic.
E.PIM-SM requires a Rendezvous Point (RP) to facilitate group membership.
AnswersD, E

Dense mode floods to all interfaces and then prunes where not wanted.

Why this answer

PIM-DM floods everywhere and prunes; PIM-SM uses RPs and explicit join. Dense mode uses flood-and-prune; sparse mode uses pull model.

46
MCQhard

A service provider is deploying segment routing (SR) with MPLS data plane. The network uses OSPF as the IGP. Which configuration is required to enable SR-MPLS and ensure that routers advertise prefix-SIDs for their loopback interfaces?

A.Configure 'mpls ip' on all interfaces and 'router ospf 1 mpls ldp auto-config'.
B.Configure 'label mode per-prefix' under the OSPF process and assign a label to the loopback.
C.Configure 'segment-routing global-block 16000 23999' globally and enable 'mpls ip' on all interfaces.
D.Configure 'segment-routing mpls' globally and assign a prefix-SID to the loopback interface under OSPF.
AnswerD

This enables SR-MPLS and advertises a prefix-SID for the loopback.

Why this answer

Option D is correct because to enable SR-MPLS with OSPF, you must globally enable segment routing with the 'segment-routing mpls' command, and then assign a prefix-SID to the loopback interface under the OSPF process using the 'prefix-sid' command. This ensures that routers advertise the prefix-SID for their loopback via OSPF extensions, which is the fundamental requirement for SR-MPLS operation without LDP.

Exam trap

Cisco often tests the distinction between enabling segment routing globally versus configuring the SRGB; candidates mistakenly think that setting the SRGB alone enables SR-MPLS, but the 'segment-routing mpls' command is the actual enabler.

How to eliminate wrong answers

Option A is wrong because it enables MPLS LDP via auto-config, which is not required for SR-MPLS and actually introduces a different label distribution protocol (LDP) that conflicts with the segment routing paradigm. Option B is wrong because 'label mode per-prefix' is a command used for MPLS LDP label allocation, not for SR-MPLS prefix-SID assignment; SR-MPLS uses the 'prefix-sid' command under OSPF, not label mode configuration. Option C is wrong because while configuring the segment-routing global block (SRGB) is important for SR-MPLS, it does not enable segment routing itself; the 'segment-routing mpls' global command is mandatory, and 'mpls ip' on interfaces is not required for SR-MPLS as it relies on IGP extensions, not LDP.

47
MCQmedium

A network operator wants to prefer a specific BGP route from a peer for a prefix. After applying a route-map to set local preference to 200, the route is still not preferred over a route from another peer with local preference 150. What could be the issue?

A.The prefix was received with a higher weight.
B.The neighbor address-family is not correct.
C.The route-map was applied on the wrong BGP neighbor direction.
D.The route is received via an IBGP session.
AnswerA

Correct. Weight is considered before local preference, so a higher weight overrides a lower local preference.

Why this answer

Option D is correct because BGP path selection checks weight first. If the other route has a higher weight (Cisco proprietary), it will be preferred regardless of local preference. Option A is incorrect because even if applied incorrectly, local preference would still take effect from internal peers.

Option B is plausible but less likely; address-family mismatch would prevent route exchange entirely. Option C is incorrect because local preference is compared among all received routes.

48
MCQeasy

A router is receiving a BGP prefix with community 100:100. The operator wants to modify the local preference to 200 for this prefix. Which configuration will achieve this?

A.route-map SET_LP permit 10, match community 100, set local-preference 200
B.route-map SET_LP permit 10, match ip address prefix-list, set weight 200
C.ip bgp-community new-format, route-map SET_LP permit 10, match community 100, set community 200
D.route-map SET_LP permit 10, match community 100, set metric 200
AnswerA

Correct. This sets local preference as desired.

Why this answer

Option D is correct because the 'set local-preference 200' command under a route-map that matches the community will achieve this. Option A is incorrect because the 'set community' modifies community, not local preference. Option B is incorrect because 'set weight' modifies weight.

Option C is incorrect because 'set metric' modifies MED.

49
Multi-Selectmedium

An ISP is designing a new core network using MPLS-TE. They require very fast failure detection for link and node failures to minimize traffic loss. Which two technologies should they combine? (Choose two.)

Select 2 answers
A.OSPF with hello timers set to 1 second
B.MPLS-TE Fast Reroute (FRR)
C.Bidirectional Forwarding Detection (BFD)
D.LSP Ping and Traceroute
E.Label Distribution Protocol (LDP)
AnswersB, C

Provides local repair via backup tunnels.

Why this answer

Option A and D are correct. BFD provides fast failure detection (sub-second), and MPLS-TE Fast Reroute (FRR) provides local protection with backup tunnels. Option B (LDP) does not provide fast detection; Option C (OSPF) alone is too slow; Option E (LSP ping) is for troubleshooting.

50
MCQhard

An MPLS-TE tunnel is configured with Fast Reroute using link protection. The primary path traverses links A-B and B-C. If link B-C fails, which action does the head-end router take?

A.The router at node B switches traffic to a pre-computed backup tunnel around link B-C.
B.The head-end router immediately switches to a secondary explicit path.
C.RSVP-TE signals a new LSP from the head-end after detecting the failure.
D.Traffic is dropped until the IGP converges on the new topology.
AnswerA

Link protection works by having the PLR (point of local repair) at the upstream node.

Why this answer

Option A is correct because MPLS-TE Fast Reroute (FRR) with link protection pre-computes a backup tunnel that bypasses the protected link. When link B-C fails, the router at node B (the Point of Local Repair, or PLR) immediately switches traffic to this pre-established backup tunnel, ensuring sub-50ms failover without involving the head-end router.

Exam trap

Cisco often tests the misconception that the head-end router handles all rerouting decisions in MPLS-TE, but FRR delegates local repair to the PLR, so candidates must remember that link protection is handled at the point of failure, not the head-end.

How to eliminate wrong answers

Option B is wrong because the head-end router does not immediately switch to a secondary explicit path; FRR is designed for local repair at the PLR, and head-end path switching would be slower and is not triggered by link protection. Option C is wrong because RSVP-TE does not signal a new LSP from the head-end upon failure detection; FRR uses pre-signaled backup tunnels, and new LSP signaling would exceed the sub-50ms recovery target. Option D is wrong because traffic is not dropped until IGP convergence; FRR provides fast reroute before IGP reconverges, preventing packet loss.

51
MCQeasy

A service provider is experiencing high CPU usage on a router running BGP. Which action should be taken first to mitigate the issue without disrupting traffic?

A.Disable BGP on the router.
B.Increase the BGP keepalive timer.
C.Apply inbound route filtering using prefix lists.
D.Implement BGP route dampening.
AnswerC

Filtering unnecessary inbound routes reduces the number of prefixes the router must process, lowering CPU utilization.

Why this answer

High CPU usage on a BGP-speaking router is often caused by processing a large number of BGP updates. Applying inbound route filtering using prefix lists (option C) reduces the number of routes the router must process and store, directly lowering CPU load without disrupting existing traffic flows. This is a non-disruptive, targeted mitigation that addresses the root cause of excessive route processing.

Exam trap

Cisco often tests the misconception that route dampening is a first-line CPU mitigation tool, when in fact it is a stability mechanism for flapping routes and can itself be CPU-intensive; the correct first step is to filter unwanted routes at the point of entry.

How to eliminate wrong answers

Option A is wrong because disabling BGP entirely would drop all BGP sessions and disrupt traffic, which violates the requirement to not disrupt traffic. Option B is wrong because increasing the BGP keepalive timer reduces the frequency of keepalive messages but does not address the CPU load caused by processing BGP updates or route churn; it may even delay failure detection. Option D is wrong because BGP route dampening is designed to suppress flapping routes over time, not to reduce immediate CPU usage from a high volume of updates; it can actually increase CPU load during the dampening calculation phase and does not filter routes.

52
MCQmedium

A service provider is deploying MPLS L3VPN to connect multiple customer sites. The PE router receives a route from a CE router via MP-BGP. Which attribute must the PE router add to the route before advertising it to the route reflector?

A.MPLS label
B.Route distinguisher (RD)
C.Route target (RT)
D.IGP metric
AnswerB

RD makes the customer prefix unique across the MPLS VPN backbone.

Why this answer

When a PE router receives a customer route from a CE router via MP-BGP, it must first make the route unique within the MPLS VPN context by adding a Route Distinguisher (RD). The RD prepended to the IPv4 prefix creates a VPNv4 address (per RFC 4364), which is the format required for advertisement to a route reflector. Without the RD, the route would not be distinguishable from other customers' overlapping IP prefixes in the BGP table.

Exam trap

Cisco often tests the distinction between RD and RT, where candidates mistakenly think RT is required for route advertisement to the route reflector, but the RD is the attribute that makes the route globally unique in the VPNv4 address family.

How to eliminate wrong answers

Option A is wrong because the MPLS label is added by the PE router during label allocation for the VPN route, but it is not an attribute added before advertising to the route reflector; the label is part of the NLRI in the MP-BGP update, not a separate attribute. Option C is wrong because the Route Target (RT) controls route import/export between VRF instances and is attached to the route, but it is not required for the route to be advertised to the route reflector; the RD is the mandatory attribute for VPNv4 address uniqueness. Option D is wrong because the IGP metric is a routing metric used within the IGP (e.g., OSPF or IS-IS) and is not added by the PE router to MP-BGP VPNv4 updates; BGP uses MED or local preference for path selection, not IGP metrics.

53
Multi-Selecteasy

Which TWO MPLS VPN features are used to provide Layer 3 VPN services in a service provider network?

Select 2 answers
A.LDP
B.VRF
C.MPLS labels
D.RSVP-TE
E.MP-BGP
AnswersC, E

MPLS labels are used to encapsulate and forward VPN traffic across the provider core.

Why this answer

MP-BGP (Option E) is used to exchange VPNv4 routes between Provider Edge (PE) routers, carrying both the route and its corresponding MPLS label. MPLS labels (Option C) are used to forward packets across the provider core via label-switched paths (LSPs), enabling the separation of customer traffic. Together, MP-BGP and MPLS labels form the foundation of Layer 3 MPLS VPN services.

Exam trap

Cisco often tests the distinction between the control plane protocols (MP-BGP) and data plane mechanisms (MPLS labels) versus supporting protocols like LDP or RSVP-TE, leading candidates to mistakenly include LDP as a VPN service feature.

54
MCQeasy

Which statement about the use of MTU in an MPLS network is correct?

A.MPLS adds a label stack to packets, reducing the payload MTU.
B.MPLS does not affect the MTU because labels are part of the header.
C.MTU must be increased on all MPLS interfaces.
D.MPLS eliminates the need for IP fragmentation.
AnswerA

The label overhead reduces available MTU for data.

Why this answer

Option C is correct. MPLS adds a label stack header, which reduces the effective MTU for payload. If the packet size exceeds the MTU of the outgoing interface after label imposition, fragmentation may be needed.

Option A is false because MPLS can fragment (though not always desirable); Option B is false because MTU is not automatically increased; Option D is false because MPLS adds overhead.

55
MCQhard

An engineer is configuring an MPLS L3VPN and needs to ensure that the PE router installs VPNv4 routes from a remote PE into the VRF of a customer. The remote PE sends a VPNv4 route with route-target 100:1. Which configuration on the local PE causes the route to be imported into the VRF?

A.router bgp 100 address-family ipv4 vrf CUSTOMER route-target import 100:1
B.vrf definition CUSTOMER rd 100:1 route-target both 100:1 route-map IMPORT
C.vrf definition CUSTOMER rd 100:1 route-target import 100:1
D.vrf definition CUSTOMER rd 100:1 route-target export 100:1
AnswerC

This imports routes with RT 100:1 into the VRF.

Why this answer

Option C is correct because the `route-target import 100:1` command under the VRF definition configures the local PE to accept VPNv4 routes that carry the specified route-target (100:1) from the remote PE. This import RT must match the export RT of the remote PE for the route to be installed into the VRF's routing table. The `rd 100:1` defines the route distinguisher, which is separate from the RT and ensures uniqueness of the VPNv4 prefix.

Exam trap

Cisco often tests the distinction between `route-target import` and `route-target export`, and the trap here is that candidates may select the export-only option (D) or misplace the RT command under BGP (A), failing to recognize that import must be explicitly configured under the VRF definition to receive routes from a remote PE.

How to eliminate wrong answers

Option A is wrong because the `route-target import 100:1` command is placed under `address-family ipv4 vrf CUSTOMER` within BGP, which is not a valid configuration; route-target import/export is configured under the VRF definition, not under the BGP address-family for the VRF. Option B is wrong because it uses the `route-target both 100:1 route-map IMPORT` syntax; while `route-target both` is valid, appending a route-map to the import/export RT statement is not supported in standard IOS/IOS-XE — route-maps can only be applied to `import` or `export` individually, not to `both`, and the syntax is incorrect. Option D is wrong because `route-target export 100:1` only configures the local PE to attach that RT to outgoing VPNv4 routes; it does not cause the import of incoming routes from the remote PE, which requires the `import` keyword.

56
MCQmedium

An engineer is designing an MPLS L3VPN for a customer with multiple sites. The customer requires overlapping IP addresses between sites. Which method allows the provider to support overlapping customer addresses?

A.Implement VPLS instead of L3VPN.
B.Use separate VRF per site with route distinguisher.
C.Use BGP communities to control route distribution.
D.Use the same VRF for all sites with different route targets.
AnswerB

Each VRF has its own routing table, and the RD makes routes globally unique even with overlapping IPs.

Why this answer

B is correct because a separate VRF per site with a unique route distinguisher (RD) allows the provider to maintain isolated routing tables for each customer site. This isolation enables overlapping IP addresses between sites, as each VRF treats its prefixes as unique within the MPLS L3VPN backbone, regardless of address duplication.

Exam trap

Cisco often tests the misconception that route targets alone solve overlapping address issues, but the trap here is that route targets control route propagation, not address uniqueness—only the route distinguisher (RD) within a VRF provides the necessary prefix uniqueness.

How to eliminate wrong answers

Option A is wrong because VPLS is a Layer 2 VPN technology that provides Ethernet multipoint connectivity, not IP routing; it does not inherently support overlapping IP addresses without additional mechanisms like VLAN segmentation. Option C is wrong because BGP communities control route distribution and policy (e.g., filtering or preference), but they do not create separate routing tables or address space isolation required for overlapping IPs. Option D is wrong because using the same VRF for all sites with different route targets would merge routes into a single routing table, causing conflicts with overlapping addresses; route targets control import/export policies, not address uniqueness.

57
MCQeasy

A service provider wants to ensure that customer traffic is not impacted during a planned maintenance on a core LSR in an MPLS network. Which MPLS feature should be used?

A.MPLS TE Fast Reroute
B.MPLS TTL propagation
C.MPLS LDP synchronization
D.MPLS OAM
AnswerA

FRR provides sub-50ms protection by pre-computing backup paths.

Why this answer

MPLS TE Fast Reroute (FRR) is the correct feature because it provides local protection against link or node failures by pre-computing backup paths (bypass tunnels) that are activated within 50 milliseconds of a failure. This ensures that customer traffic is not impacted during planned maintenance on a core LSR, as the backup path is already in place and can be triggered by a manual administrative action (e.g., shutting down the interface) to seamlessly redirect traffic before the maintenance begins.

Exam trap

The trap here is that candidates often confuse MPLS TE FRR with MPLS LDP synchronization or MPLS OAM, mistakenly thinking that any 'protection' or 'monitoring' feature can handle planned maintenance, when only FRR provides the sub-50 ms local repair capability required for hitless maintenance.

How to eliminate wrong answers

Option B (MPLS TTL propagation) is wrong because it controls how the TTL field is copied between the IP and MPLS headers for traceroute and hop-count visibility, and it has no role in traffic protection or maintenance scenarios. Option C (MPLS LDP synchronization) is wrong because it ensures that IGP and LDP are synchronized to prevent black-holing during link restoration, but it does not provide fast local protection or pre-computed backup paths for planned maintenance. Option D (MPLS OAM) is wrong because it is a set of tools for fault detection, connectivity verification, and performance monitoring (e.g., LSP ping/traceroute, VCCV), not a mechanism to reroute traffic during maintenance.

58
MCQhard

An engineer is troubleshooting BGP convergence. The router has multiple paths for a prefix, but it selects a path with a lower local preference over a path with a higher local preference. The higher local preference path is from an EBGP peer. What could cause this?

A.The router is configured with 'bgp deterministic-med'.
B.The path with lower local preference has a higher weight.
C.The path with lower local preference has a higher router ID.
D.The path with lower local preference has a lower MED.
AnswerB

Correct. Weight is checked before local preference.

Why this answer

Option D is correct because if the router is configured with 'bgp bestpath compare-routerid', the router ID can override local preference if all other attributes are equal? No, local preference is compared before router ID. Actually, weight is compared first. If the lower local preference path has a higher weight, it wins.

So option A (weight) is also plausible. But we need to be specific: The scenario says lower local preference is chosen over higher local preference. The only way is if weight is higher on the lower local preference path.

So option A is correct. But we also have option D: 'The router was configured with 'bgp deterministic-med'? That affects MED comparison, not local preference. So let's rethink: Actually, weight is compared first.

So if the lower local preference path has a higher weight, it will be chosen. So correct is A. But we need to vary positions.

Let's set correct as A. But we have A already used in Q1, Q6. Let's change Q9 to correct B? Let's use 'The router has a higher weight on the lower local preference path' as B.

So correct B. Alternatively, we can make the correct answer 'The path with lower local preference was received from a peer with a higher weight' which is B. So set B as correct.

Options: A: The router has a lower MED on that path. B: The router has a higher weight on that path. C: The router has a higher router ID on that path.

D: The router has 'bgp deterministic-med' enabled. Correct: B.

59
MCQhard

In a VXLAN EVPN deployment, a host sends a broadcast ARP request. Which component in the fabric is responsible for replying on behalf of the target host to reduce flooding?

A.The VTEP that receives the broadcast
B.The spine switch
C.The VTEP that has the target host's MAC address in its local table (ARP suppression)
D.The default gateway (anycast IP)
AnswerC

ARP suppression allows VTEP to proxy-reply.

Why this answer

In VXLAN EVPN, ARP suppression is a feature implemented on the ingress VTEP (the VTEP that receives the broadcast ARP request). The ingress VTEP maintains a local ARP/ND cache populated via EVPN Type-2 routes (MAC/IP advertisement routes). When a broadcast ARP request arrives, the ingress VTEP checks its local cache for the target IP; if found, it replies directly on behalf of the target host, suppressing the broadcast and preventing unnecessary flooding across the fabric.

Option C correctly identifies this VTEP as the component responsible for the reply.

Exam trap

Cisco often tests the misconception that the spine switch or the default gateway handles ARP suppression, when in fact it is the ingress VTEP that performs this function using its locally cached EVPN-learned MAC/IP entries.

How to eliminate wrong answers

Option A is wrong because the VTEP that receives the broadcast is the ingress VTEP, which performs ARP suppression only if it has the target host's MAC address in its local table; it does not automatically reply simply because it received the broadcast. Option B is wrong because spine switches in a VXLAN EVPN fabric operate as pure IP underlay routers (typically running an IGP like OSPF or IS-IS) and do not participate in the overlay control plane or maintain ARP caches for tenant hosts. Option D is wrong because the default gateway (anycast IP) is used for routing traffic between subnets, not for replying to intra-subnet ARP requests; ARP suppression is a function of the VTEP, not the gateway.

60
MCQhard

A service provider is experiencing intermittent multicast issues in their core network. They use PIM-SM with a static RP at 10.1.1.1. The multicast traffic originates from a source connected to PE1 and is received by customers connected to PE2. Recently, after a firewall upgrade between the PE routers and the core, some multicast streams stopped working, while others continue. The network team notices that 'show ip mroute' on PE2 shows the (*, G) entry but not the (S, G) entry for the affected groups. The RP is reachable via OSPF. The firewall logs show no dropped packets for known multicast addresses. Which action should the engineer take to restore full multicast forwarding?

A.Increase the PIM register suppression interval on the source's first-hop router
B.Configure a static RP at the customer site (PE2) to bypass the firewall for registration traffic
C.Change the multicast mode from PIM-SM to PIM-DM on all interfaces
D.Enable Auto-RP on the network to dynamically learn the RP
AnswerB

A static RP on PE2 ensures that the source's registration reaches the RP even if the firewall blocks unicast PIM register messages. This allows the (S,G) to be formed.

Why this answer

Option B is correct. The firewall upgrade likely blocked PIM register messages from PE1 to the RP, preventing the RP from learning about the source. By configuring a static RP on the customer-facing interface or using a different RP that can receive registration, the (S,G) state can be built.

Option A is wrong because PIM-SM is correct for sparse-mode groups. Option C is wrong because adjusting timers would not fix the absence of (S,G). Option D is wrong because Auto-RP would add complexity and might be blocked by the firewall as well.

61
MCQhard

A service provider operates a large MPLS VPN network using OSPF as the IGP and LDP for label distribution. The PE routers (PE1, PE2, PE3) are connected to a core of P routers. Recently, a new link was added between P2 and P3. After the link came up, the engineering team noticed that several VPN routes that were previously reachable via PE2 are now being blackholed when traffic is sent from PE1 to those prefixes. The teams verify that the VPNv4 routes are present in the BGP table on PE1 with valid next-hops, but traffic fails. The traceroute from PE1 to the CE behind PE2 stops at P2. The show mpls forwarding-table on P2 shows the correct label for the VPN prefix, but the outgoing interface is null. Which action should the engineer take to resolve the issue without causing additional disruption?

A.Clear LDP neighbor sessions on P2 to re-initiate label exchange.
B.Add a static route on P2 for the BGP next-hop pointing to Null0.
C.Shut down the new link between P2 and P3.
D.Clear BGP sessions on PE1 to force re-advertisement of VPN routes.
AnswerA

Correct. This forces LDP to re-establish and exchange labels, likely resolving the missing label.

Why this answer

The issue is that P2 has a label for the VPN prefix but a null outgoing interface, indicating an LDP label mapping problem. Clearing LDP neighbor sessions on P2 forces re-establishment of LDP sessions and re-exchange of label bindings, which should resolve the missing or incorrect label mapping for the BGP next-hop without disrupting other services.

Exam trap

Cisco often tests the misconception that clearing BGP sessions (Option D) fixes MPLS forwarding issues, but the real problem is at the LDP label distribution layer, not the BGP VPN route advertisement.

How to eliminate wrong answers

Option B is wrong because adding a static route to Null0 for the BGP next-hop would blackhole all traffic to that next-hop, worsening the issue. Option C is wrong because shutting down the new link between P2 and P3 is a disruptive workaround that does not address the root cause (LDP label inconsistency) and may cause routing loops or suboptimal paths. Option D is wrong because clearing BGP sessions on PE1 would only re-advertise VPN routes but does not fix the underlying MPLS label forwarding issue on P2; the VPNv4 routes are already present with valid next-hops in BGP.

62
MCQhard

An engineer configures MPLS TE tunnels. After configuration, the tunnel remains down. The 'show mpls traffic-eng tunnels' output shows 'Tunnel is down - path computation failed'. What is the most likely cause?

A.IGP TE extensions are not enabled on the head-end router.
B.RSVP is not enabled on the head-end router.
C.MPLS LDP is not enabled on the head-end router.
D.There is an MTU mismatch along the path.
AnswerA

Correct. Without TE extensions, the router cannot compute a path.

Why this answer

Option A is correct because path computation failure often indicates that IGP TE extensions (e.g., IS-IS TE or OSPF TE) are not enabled, so routers do not have the required link attributes. Option B is incorrect; LDP is not required for TE. Option C is incorrect; RSVP is used for signaling but the issue is path computation, not signaling.

Option D is plausible but less common; MTU mismatch would cause signaling issues, not path computation failure.

63
MCQhard

During a network migration from EIGRP to OSPF, you notice that some routes are being redistributed incorrectly, causing routing loops. The OSPF domain uses area 0 and area 1. The EIGRP domain uses AS 100. Which configuration change would best prevent loops during the migration?

A.Implement OSPF stub areas to limit external routes.
B.Use route-maps to tag EIGRP routes and filter them on OSPF routers.
C.Use distribute-list in EIGRP to block OSPF routes.
D.Set a high administrative distance on redistributed routes in OSPF.
AnswerB

Tags allow conditional redistribution filtering, preventing routes from being sent back to EIGRP.

Why this answer

Option B is correct because route-maps allow you to tag redistributed EIGRP routes with a specific tag value (e.g., 'tag 100') and then filter those tagged routes on OSPF routers using a distribute-list in or prefix-list combined with the route-map. This prevents the redistributed routes from being re-injected back into EIGRP, breaking the redistribution loop. Without such tagging and filtering, mutual redistribution between EIGRP and OSPF can cause routing loops due to the two-way redistribution of routes.

Exam trap

Cisco often tests the misconception that simply adjusting administrative distance or using stub areas can prevent redistribution loops, when in fact only explicit tagging and filtering (or route-map-based control) can break the two-way redistribution cycle.

How to eliminate wrong answers

Option A is wrong because OSPF stub areas limit the injection of external routes (Type 5 LSAs) into the area, but they do not prevent redistribution loops between EIGRP and OSPF; loops occur due to mutual redistribution, not the presence of external routes in non-stub areas. Option C is wrong because using a distribute-list in EIGRP to block OSPF routes only prevents OSPF-learned routes from entering the EIGRP domain, but it does not address the reverse direction where EIGRP routes are redistributed into OSPF and then potentially re-redistributed back into EIGRP; a one-way filter is insufficient to break the loop. Option D is wrong because setting a high administrative distance on redistributed routes in OSPF (e.g., to 170) does not prevent the routes from being redistributed back into EIGRP; administrative distance affects route preference within a single routing table, not the redistribution process itself, so loops can still occur.

64
Multi-Selectmedium

Which TWO conditions must be met for a BGP route to be considered valid and used for forwarding?

Select 2 answers
A.The BGP synchronization must be enabled.
B.The AS path must not contain the router's own AS.
C.The route must be the best path selected by BGP.
D.The prefix must be in the BGP table.
E.The next-hop IP must be reachable via an IGP route.
AnswersC, E

Correct. Only the best path is installed in the routing table.

Why this answer

Options A and D are correct. A valid BGP route must have a reachable next-hop (A) and must be the best path for the prefix (D). Option B is not required; synchronization is not needed in modern networks.

Option C is incorrect; the prefix must be in the routing table, not the BGP table. Option E is incorrect; AS path loop detection is inherent, but not a validity condition per se.

65
MCQhard

A service provider uses MP-BGP with IPv6 address family. They notice that routes redistributed from OSPFv3 are not being advertised to iBGP peers. The OSPF routes are internal. What is a likely reason?

A.The network command is missing under IPv6 address family.
B.The bgp default ipv4-unicast command is disabled.
C.The next-hop is not resolved for IPv6.
D.The routes are not in the IPv6 unicast table.
AnswerC

If the BGP next-hop for the redistributed routes is not reachable via the IPv6 routing table, BGP will not advertise them to iBGP peers.

Why this answer

In MP-BGP for IPv6, the next-hop address for iBGP peers must be reachable via an IPv6 route in the global routing table or the appropriate VRF. When OSPFv3 redistributes internal routes into BGP, the next-hop is often set to the OSPFv3 router's own IPv6 address; if that address is not reachable (e.g., because the interface is not in the IPv6 unicast routing table or the next-hop is link-local), iBGP peers will not install the routes. This is a common cause of routes being learned but not advertised to iBGP peers.

Exam trap

The trap here is that candidates often assume the issue is with the network command or the IPv4 unicast default, but the real problem is the IPv6 next-hop reachability, which is a subtle but critical requirement for MP-BGP IPv6 route propagation.

How to eliminate wrong answers

Option A is wrong because the network command is not used under the IPv6 address family in MP-BGP; instead, the network command is used under the IPv4 unicast address family, and for IPv6, you use the network command under the IPv6 unicast address family, but the issue here is about redistribution from OSPFv3, not about originating a network. Option B is wrong because disabling bgp default ipv4-unicast only affects IPv4 unicast sessions and does not impact IPv6 address family advertisements; it prevents automatic activation of IPv4 unicast for new peers but does not block IPv6 route propagation. Option D is wrong because the OSPFv3 routes are internal and are present in the IPv6 unicast table (OSPFv3 populates the IPv6 unicast RIB); the problem is that they are not being advertised to iBGP peers, not that they are missing from the table.

66
MCQeasy

An engineer is troubleshooting MPLS forwarding. On a router, the 'show mpls forwarding-table' command displays that for a specific FEC, the outgoing label is 'Untagged'. What does this indicate?

A.The label has been explicitly null.
B.The router is the penultimate hop, performing PHP.
C.The router is the egress LSR.
D.The next-hop router does not support MPLS.
AnswerB

Correct. 'Untagged' means the label is removed before forwarding.

Why this answer

Option A is correct because 'Untagged' indicates that the router is performing Penultimate Hop Popping (PHP), meaning it will remove the MPLS label before forwarding to the egress router. Option B is incorrect because the egress LSR would typically show 'Pop Label' or the label itself. Option C is plausible but not standard; 'Untagged' does not indicate lack of MPLS support on the next-hop.

Option D is incorrect because explicit null would show 'ExpNull'.

67
MCQmedium

Refer to the exhibit. Which of the following is true about the BGP table?

A.The route to 192.168.3.0/24 with path 300 400 has an origin of IGP.
B.The prefix 192.168.3.0/24 has two paths, with the best path selected based on some attribute.
C.The prefix 192.168.2.0/24 is not the best path because it has a lower local preference.
D.The route to 192.168.3.0/24 via 10.4.4.4 is the best path because it has a shorter AS path.
AnswerB

Correct. There are two entries, one is best.

Why this answer

Option A is correct because only the prefix 192.168.3.0/24 has two paths, one marked with '>' (best) and one without. Options B, C, and D are incorrect: the '?' indicates incomplete origin, the route with lower local preference is not always best, and AS path 300 400 is longer.

68
Drag & Dropmedium

Drag and drop the steps to configure a VLAN on a Cisco switch into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

VLAN configuration involves creating the VLAN, optionally naming it, and then assigning ports to it.

69
Multi-Selectmedium

Which TWO of the following are characteristics of MPLS-TE (Traffic Engineering)?

Select 2 answers
A.Uses explicit paths to route traffic away from shortest-path IGP.
B.Uses LDP for label distribution along the TE tunnel.
C.Allows bandwidth reservation and priority.
D.Requires per-platform label space for TE tunnels.
E.Requires all routers in the TE tunnel to be in the same OSPF area.
AnswersA, C

MPLS-TE can specify explicit paths for traffic engineering.

Why this answer

MPLS-TE uses explicit paths (either strict or loose) to direct traffic away from the shortest path determined by the IGP (e.g., OSPF or IS-IS). This allows network operators to engineer traffic flows based on administrative policies, such as load balancing or avoiding congested links, rather than relying solely on the IGP's metric-based shortest path.

Exam trap

Cisco often tests the distinction between LDP and RSVP-TE, so the trap here is that candidates mistakenly associate MPLS-TE with LDP because both are label distribution protocols, but TE explicitly requires RSVP-TE for constraint-based path setup.

70
MCQmedium

A service provider is deploying a new MPLS core network. The network has four routers: P1, P2, PE1, and PE2. OSPF is used as the IGP. The engineer configures MPLS LDP on all interfaces. After enabling LDP, the engineer notices that the LDP session between P1 and P2 is established, but no labels are exchanged for the loopback0 interfaces of PE1 and PE2. The loopback0 addresses are advertised in OSPF. The engineer verifies that the OSPF routes are present in the routing table of all routers. What is the most likely reason for the missing labels?

A.An access-list is applied under 'mpls ldp advertise-labels' that denies the loopback prefixes.
B.LDP is using UDP for label exchange.
C.The OSPF cost to the loopbacks is too high.
D.The loopback interfaces are not enabled with 'mpls ip'.
AnswerA

Label advertisement can be filtered; this is a common issue.

Why this answer

The most likely reason is that an access-list is applied under 'mpls ldp advertise-labels' that denies the loopback prefixes. LDP by default advertises labels for all prefixes in the routing table, but the 'advertise-labels' command can filter which prefixes receive labels. If the loopback0 prefixes of PE1 and PE2 are denied by such an access-list, no labels will be advertised for them, even though OSPF routes are present.

Exam trap

Cisco often tests the misconception that 'mpls ip' must be enabled on the loopback interface itself for its prefix to receive a label, when in fact LDP advertises labels for any prefix in the routing table as long as the outgoing interface has 'mpls ip' enabled.

How to eliminate wrong answers

Option B is wrong because LDP uses TCP (port 646) for session establishment and label exchange, not UDP; UDP is used only for LDP discovery (hello messages). Option C is wrong because OSPF cost does not affect LDP label advertisement; LDP advertises labels for all reachable prefixes regardless of metric, as long as they are in the routing table. Option D is wrong because 'mpls ip' must be enabled on interfaces for LDP to form adjacencies and exchange labels, but the loopback interfaces themselves do not need 'mpls ip' for their prefixes to be advertised with labels; the issue is about label advertisement for the loopback prefixes, not LDP session establishment.

71
MCQhard

An engineer is deploying Segment Routing in an MPLS network. To ensure that routers can forward packets based on SR-MPLS labels without requiring LDP, which requirement must be met?

A.IS-IS or OSPF must have the SR extension enabled.
B.MPLS LDP must be enabled on all interfaces.
C.All routers must run BGP-LU.
D.The IGP must have the overload bit set.
AnswerA

Correct. The IGP distributes prefix-SIDs for SR-MPLS label forwarding.

Why this answer

Option C is correct because for SR-MPLS forwarding, the IGP (IS-IS or OSPF) must have the Segment Routing extension enabled to distribute prefix-SIDs. Option A is incorrect; BGP-LU is not required for SR-MPLS. Option B is incorrect; LDP is not needed if SR is used.

Option D is incorrect; the overload bit is unrelated.

72
MCQeasy

A client reports intermittent connectivity issues when accessing a server across a provider MPLS network. The issue occurs only during peak hours. Which component should be checked first?

A.BGP peering status between CE and PE.
B.CPU utilization of the server.
C.Interface errors and discards on the CE router.
D.MPLS labels in the core.
AnswerC

Peak traffic can cause output discards or CRC errors, leading to connectivity drops.

Why this answer

Intermittent connectivity during peak hours strongly suggests a bandwidth or queuing issue at the edge of the MPLS network. Interface errors (e.g., CRC, runts) and discards on the CE router indicate congestion or Layer 1/2 problems, which are the most common cause of such time-dependent symptoms. Checking this first aligns with the standard troubleshooting methodology of verifying the physical and data-link layers before moving to higher-layer protocols.

Exam trap

Cisco often tests the principle that intermittent issues during peak hours are almost always due to congestion or interface errors at the edge, not control-plane or core problems, leading candidates to incorrectly focus on BGP or MPLS labels.

How to eliminate wrong answers

Option A is wrong because BGP peering between CE and PE is a control-plane function; if it were flapping or down, connectivity would be lost entirely or consistently, not just intermittently during peak hours. Option B is wrong because server CPU utilization is an endpoint issue unrelated to the MPLS network; while high CPU could cause slow responses, it would not cause intermittent connectivity across the provider network. Option D is wrong because MPLS labels in the core are typically stable and not affected by peak-hour traffic patterns; label switching is deterministic and congestion in the core would manifest as drops or discards at the CE/PE edge, not as label failures.

73
MCQmedium

Which MPLS VPN technology allows a service provider to offer overlapping IP addresses to different customers while using a single routing table per VPN?

A.Any Transport over MPLS (AToM)
B.VPLS
C.MPLS Traffic Engineering (TE)
D.MPLS Layer 3 VPN (BGP/MPLS IP VPN)
AnswerD

Uses VRFs to isolate routing per VPN.

Why this answer

Option B is correct: MPLS Layer 3 VPN (BGP/MPLS IP VPN) uses VRFs to provide separate routing tables per VPN, allowing overlapping addresses. Option A (VPLS) is layer 2; Option C (AToM) is pseudowire; Option D (MPLS TE) is traffic engineering.

74
MCQhard

A service provider has recently deployed MPLS L3VPN to provide IP connectivity to multiple enterprise customers. One customer reports that they cannot reach a remote site that is connected to a different PE router. The engineer checks the BGP VPNv4 table on the customer's PE and sees the route for the remote site, but the next-hop is unreachable. The interface between the PE and P routers is up/up, and IGP reachability to the PE's loopback is fine. What is the most likely cause? Consider that the network uses LDP for label distribution and OSPF as the IGP.

A.MPLS LDP is not enabled on the interface connecting to the P router
B.BGP next-hop-self is not configured on the PE
C.The VRF route-target import/export is misconfigured
D.The PE router does not have an LSP to the remote PE
AnswerA

LDP must be enabled on the interface to exchange labels for the loopback route.

Why this answer

The correct answer is A. Since the interface between the PE and P routers is up/up and IGP reachability to the PE's loopback is fine, the issue is that MPLS LDP is not enabled on that interface. Without LDP, the PE cannot advertise a label for its loopback to the P router, so the P router cannot push the correct label for packets destined to the remote PE.

This makes the BGP VPNv4 next-hop unreachable even though the route itself is present in the table.

Exam trap

The trap here is that candidates often focus on BGP configuration (like next-hop-self) or VRF import/export when the route is present but unreachable, missing the fundamental MPLS label distribution issue that LDP must be enabled on all transit interfaces for end-to-end LSPs.

How to eliminate wrong answers

Option B is wrong because BGP next-hop-self is used to change the next-hop of VPNv4 routes to the local PE's loopback, but the problem states the route is present with an unreachable next-hop, not that the next-hop is incorrect. Option C is wrong because VRF route-target import/export misconfiguration would cause the route to be missing from the VRF table entirely, not to appear with an unreachable next-hop. Option D is wrong because an LSP to the remote PE is exactly what is missing, but the root cause is that LDP is not enabled on the interface, which prevents label distribution and thus the LSP from being built.

75
Multi-Selecthard

A service provider is deploying L3VPN with inter-AS option B (ASBR-to-ASBR). Which TWO statements are true about this design?

Select 2 answers
A.The VPN label is removed by the ASBR before forwarding to the neighbor AS.
B.ASBRs peer using eBGP and exchange labeled VPN-IPv4 prefixes.
C.Route reflectors are required to propagate VPN routes between ASes.
D.ASBRs perform label swap for VPN labels when forwarding traffic.
E.ASBRs exchange unlabeled IPv4 routes and use MP-BGP to carry VPNv4 routes.
AnswersB, D

ASBRs eBGP peer and exchange VPNv4 prefixes with labels, allowing end-to-end MPLS.

Why this answer

In inter-AS Option B, ASBRs peer using eBGP and exchange labeled VPN-IPv4 prefixes (AFI 1, SAFI 128). This allows the VPNv4 routes to be carried across AS boundaries without requiring a full mesh of MP-IBGP between PEs, as the ASBRs re-advertise the routes with a new next-hop and perform label allocation for the VPN labels.

Exam trap

Cisco often tests the misconception that Option B requires route reflectors or that the VPN label is removed at the ASBR, when in fact the ASBR performs a label swap and directly exchanges VPNv4 prefixes via eBGP without needing route reflectors.

Page 1 of 2 · 104 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Sp Networking questions.