CCNA Sp Networking Questions

29 of 104 questions · Page 2/2 · Sp Networking topic · Answers revealed

76
MCQeasy

An ISP is designing an MPLS core network and needs to choose an IGP that supports fast convergence. Which IGP meets this requirement and is most commonly used in MPLS core networks?

A.IS-IS
B.OSPFv3
D.RIPng
AnswerA

IS-IS provides fast convergence and is the predominant IGP in service provider MPLS cores.

Why this answer

IS-IS is the correct choice because it is a link-state IGP that inherently supports fast convergence through mechanisms like incremental SPF (iSPF) and prefix-independent convergence (PIC). It is widely deployed in MPLS core networks due to its scalability, extensibility via TLVs, and native support for MPLS Traffic Engineering (MPLS-TE) without requiring additional protocol extensions like OSPF's opaque LSA.

Exam trap

Cisco often tests the misconception that OSPF is the default IGP for all networks, but in MPLS core environments, IS-IS is the preferred choice due to its native TE support and hierarchical scalability, making OSPF a distractor despite its fast convergence capabilities.

How to eliminate wrong answers

Option B (OSPFv3) is wrong because while OSPFv3 supports IPv6 and fast convergence, it is less commonly used in MPLS core networks compared to IS-IS due to its reliance on opaque LSAs for MPLS-TE, which adds complexity; IS-IS is the dominant IGP in service provider cores. Option C (EIGRP) is wrong because EIGRP is a Cisco-proprietary distance-vector protocol that does not natively support MPLS-TE and is not designed for the hierarchical, scalable architecture required in MPLS core networks. Option D (RIPng) is wrong because RIPng is a distance-vector protocol with slow convergence (based on hop count) and is unsuitable for any modern MPLS core network due to its lack of fast convergence, scalability, and MPLS-TE support.

77
MCQmedium

An engineer configures the 'set-overload-bit' command on an IS-IS router. What is the immediate effect on the network?

A.The router stops participating in SPF calculations.
B.The router's LSPs are no longer advertised.
C.The router's neighbors drop adjacency.
D.The router is not used as a transit path but still has routes.
AnswerD

Correct. Overload bit prevents transit traffic while still being reachable.

Why this answer

Option C is correct because setting the overload bit in IS-IS LSPs tells other routers not to use this router for transit traffic, but it still advertises its own prefixes and can be a destination. Option A is incorrect; the router still participates in SPF. Option B is incorrect; LSPs are still advertised.

Option D is incorrect; neighbors remain adjacent.

78
MCQeasy

Which QoS mechanism marks packets at the edge of the network to classify traffic into different service classes?

A.Queuing
B.Shaping
C.Policing
D.Marking
AnswerD

Marking sets the QoS bits in the packet header.

Why this answer

Classification and marking are used to identify and mark packets with a specific class of service (e.g., DSCP, IP Precedence). This occurs at the edge before the packet traverses the core.

79
MCQhard

Refer to the exhibit. Which statement is correct about the LDP bindings for prefix 10.0.0.0/24?

A.There are two remote label bindings for this prefix from different LSRs.
B.Both remote bindings are from the same LSR.
C.The local label for this prefix is 18.
D.The router is performing PHP for this prefix.
AnswerA

Correct. Two remote bindings exist.

Why this answer

Option B is correct because the local label is 180, and there are two remote bindings from different LSRs. Option A is incorrect; the local label is 180, not 18. Option C is incorrect; the remote labels are from two different peers.

Option D is incorrect; there is no implied PHP from this output.

80
MCQmedium

Based on the exhibit, which prefix is NOT reachable via MPLS forwarding?

A.10.1.1.1/32
B.10.3.3.3/32
C.10.2.2.2/32
D.10.5.5.5/32
AnswerD

The outgoing label is Untagged, so MPLS forwarding is not applied, likely causing packet drop.

Why this answer

Option D (10.5.5.5/32) is correct because the exhibit shows that the LDP label bindings are only present for prefixes 10.1.1.1/32, 10.2.2.2/32, and 10.3.3.3/32. The prefix 10.5.5.5/32 is not in the LDP label information base (LIB), meaning no MPLS label has been assigned to it, so it cannot be forwarded via MPLS and must be forwarded using standard IP routing instead.

Exam trap

Cisco often tests the distinction between prefixes that have LDP label bindings versus those that are simply present in the routing table, trapping candidates who assume all IGP routes are automatically MPLS-switched without verifying the label bindings.

How to eliminate wrong answers

Option A is wrong because 10.1.1.1/32 has an LDP label binding (label 16) as shown in the exhibit, making it reachable via MPLS forwarding. Option B is wrong because 10.3.3.3/32 has an LDP label binding (label 18) as shown in the exhibit, making it reachable via MPLS forwarding. Option C is wrong because 10.2.2.2/32 has an LDP label binding (label 17) as shown in the exhibit, making it reachable via MPLS forwarding.

81
MCQeasy

A service provider's network core runs IS-IS as the IGP. After adding a new router, some routers have incomplete LSP databases. The new router's interfaces are up, and IS-IS adjacency is up with neighbors. What is the cause? The network has a mix of interface MTUs, with some links having MTU 1500 and others 4470.

A.MTU mismatch on the interface
B.IS-IS overload bit set on the new router
C.IS-IS LSP flooding is inhibited on the new router
D.The new router's system-id is a duplicate
AnswerA

Smaller MTU can cause LSP fragmentation/drop, leading to incomplete databases.

Why this answer

The correct answer is A because an MTU mismatch on the interface causes incomplete LSP databases. IS-IS uses a maximum LSP size derived from the interface MTU minus the IS-IS header overhead (typically 3 bytes for the LSP header). When a router with a smaller MTU (e.g., 1500) receives an LSP that was generated on a larger MTU link (e.g., 4470), the LSP may be too large to be stored or processed, leading to fragmentation or rejection.

This results in an incomplete LSP database on some routers, even though adjacencies are up.

Exam trap

Cisco often tests the misconception that MTU mismatch only affects adjacency formation, but in IS-IS, adjacencies can form even with MTU mismatch, and the real impact is on LSP database synchronization due to LSP size constraints.

How to eliminate wrong answers

Option B is wrong because the IS-IS overload bit prevents the router from being used for transit traffic but does not affect LSP database completeness; it only sets the overload flag in the router's LSP, signaling other routers to avoid using it for transit. Option C is wrong because if LSP flooding were inhibited on the new router, it would not send its own LSPs, but the problem states that adjacencies are up and some routers have incomplete databases, which points to a size mismatch rather than a flooding suppression. Option D is wrong because a duplicate system-id would cause adjacency failures or routing loops, not incomplete LSP databases; IS-IS would detect the duplicate via LSP sequence numbers and reject the newer LSP, but adjacencies would still form.

82
MCQmedium

A customer reports intermittent packet loss on a MPLS L3VPN connection. The PE router shows 'show mpls forwarding' entries for the CE prefix, but ping from the PE to the CE fails intermittently. Which action should be taken to isolate the issue?

A.Check 'show ip route vrf CUSTOMER' and 'show bgp vpnv4 unicast vrf CUSTOMER' to confirm the VRF routes.
B.Use 'show mpls lsp' to verify the LSP to the CE's PE.
C.Examine the 'show mpls forwarding vrf CUSTOMER' output to see label operations.
D.Review the 'show bgp vpnv4 unicast all' output to verify route advertisement.
AnswerA

This verifies that the VRF has the correct routes and that BGP VPNv4 routes are properly imported.

Why this answer

Option A is correct because the intermittent packet loss suggests a control-plane issue rather than a data-plane problem. By checking 'show ip route vrf CUSTOMER' and 'show bgp vpnv4 unicast vrf CUSTOMER', you can verify that the VRF route for the CE prefix is present in the routing table and that BGP is advertising the correct VPNv4 route with the proper next-hop and label. This isolates whether the failure is due to missing or incorrect route propagation, which is a common cause of intermittent reachability in MPLS L3VPN.

Exam trap

Cisco often tests the distinction between control-plane verification (routing table, BGP) and data-plane verification (MPLS forwarding, LSP) in MPLS L3VPN troubleshooting, leading candidates to mistakenly focus on label operations or LSPs when the root cause is a missing or unstable route.

How to eliminate wrong answers

Option B is wrong because 'show mpls lsp' verifies the label-switched path (LSP) between PEs, but the issue is between the PE and the CE, which is a Layer 3 adjacency (often a direct link or static route) and does not involve an LSP. Option C is wrong because 'show mpls forwarding vrf CUSTOMER' shows label operations for packets entering the VRF, but since the ping from PE to CE fails intermittently, the problem is likely in the VRF route presence or BGP advertisement, not in the MPLS forwarding table. Option D is wrong because 'show bgp vpnv4 unicast all' displays all VPNv4 routes from all VRFs, which is too broad and may obscure the specific VRF route; the VRF-specific command is more targeted and efficient for isolating the CE prefix issue.

83
MCQhard

A network engineer is troubleshooting OSPFv3 on a service provider's IPv6 network. The router shows that OSPFv3 adjacency never reaches FULL, says 'Init'. The neighbor is directly connected over a point-to-point link. What is the most likely cause?

A.LSA throttling prevents exchanges
B.Mismatched OSPF router-id
C.Mismatched area IDs
D.Missing 'ipv6 ospf' interface command on one side
AnswerD

OSPFv3 requires explicit interface configuration to activate adjacency.

Why this answer

The 'Init' state in OSPFv3 indicates that the router has received a Hello packet from the neighbor but the neighbor has not received a Hello packet back. On a point-to-point link, the most common cause is that the 'ipv6 ospf <process-id> area <area-id>' interface command is missing on one side, which prevents OSPFv3 from sending Hellos on that interface. Without this command, the interface is not enabled for OSPFv3, so the neighbor never sees a Hello and the adjacency cannot progress to FULL.

Exam trap

Cisco often tests the distinction between OSPFv2 and OSPFv3 interface activation methods, trapping candidates who assume that OSPFv3 uses a similar 'network' command or that a global OSPF process automatically enables all interfaces.

How to eliminate wrong answers

Option A is wrong because LSA throttling controls the rate of LSA generation and flooding, not the formation of adjacencies; it would not cause the adjacency to stall in Init. Option B is wrong because mismatched OSPF router-IDs do not prevent adjacency formation in OSPFv3; the router-ID is used for router identification but is not checked during the Hello exchange for adjacency compatibility. Option C is wrong because mismatched area IDs would cause the adjacency to stall in the ExStart or Exchange state, not in Init; the Init state indicates that the Hello packet was received but not reciprocated, which is unrelated to area ID mismatch.

84
MCQmedium

Segment Routing with TI-LFA (Topology Independent Loop-Free Alternate) provides fast convergence. Which statement accurately describes TI-LFA?

A.TI-LFA only protects against link failures, not node failures.
B.TI-LFA uses a pre-computed backup tunnel signaled via RSVP-TE.
C.TI-LFA computes a backup path that is guaranteed to be loop-free and topology independent.
D.TI-LFA requires BFD to detect failures.
AnswerC

TI-LFA uses post-convergence path and ensures loop avoidance.

Why this answer

TI-LFA computes a backup path using segment lists that are guaranteed to avoid the failed link/node, and it works regardless of the network topology (topology independent). It is based on SR-MPLS or SRv6.

85
MCQmedium

When implementing MPLS TE tunnels in a service provider core, what is the purpose of the 'affinity' attribute?

A.To set the color of the tunnel
B.To adjust the cost of TE tunnels
C.To define administrative groups for link inclusion/exclusion
D.To bind tunnels to specific interfaces
AnswerC

Affinity allows tunnels to restrict links based on administrative group membership.

Why this answer

The 'affinity' attribute in MPLS TE is used to define administrative groups (also known as link colors) that allow you to include or exclude specific links from a TE tunnel path based on user-defined properties. This enables traffic engineering policies such as forcing traffic to avoid certain links or preferring links with specific characteristics, without modifying the underlying IGP metric.

Exam trap

Cisco often tests the confusion between 'affinity' (administrative groups for link inclusion/exclusion) and 'color' (a separate attribute used in Segment Routing or for visual identification), leading candidates to mistakenly choose Option A.

How to eliminate wrong answers

Option A is wrong because 'affinity' does not set the color of the tunnel; it uses color-like bitmask values to represent administrative groups on links, not to assign a visual or logical color to the tunnel itself. Option B is wrong because adjusting the cost of TE tunnels is done via the 'metric' or 'cost' command under the tunnel interface, not through the affinity attribute. Option D is wrong because binding tunnels to specific interfaces is achieved using the 'mpls traffic-eng tunnels' command on the interface or explicit path definitions, not via affinity.

86
MCQhard

An engineer is troubleshooting a BGP route reflector setup. Clients are not receiving all routes. The 'show bgp neighbors' output shows a state of 'Active'. What is the most likely cause?

A.The route reflector does not have a full mesh with clients
B.The route reflector is detecting an AS_PATH loop
C.Next-hop reachability issue
D.Incorrect BGP neighbor statement on the route reflector or client
AnswerD

Active state indicates TCP session failure, often due to misconfiguration.

Why this answer

Option B is correct because the BGP session is in Active state, meaning the router is trying to connect but not succeeding, often due to a missing or incorrect neighbor configuration. Option A (Route reflectors do not peer with clients) is false; Option C (AS_PATH loop detection) would not prevent session establishment; Option D (next-hop reachability) does not affect BGP session state.

87
MCQmedium

A service provider is troubleshooting BGP route selection between two eBGP peers. The router receives a prefix from Peer A with local preference 150 and AS path length 3. From Peer B, the same prefix has local preference 100 and AS path length 2. Which route will be preferred?

A.The route from Peer A because it has a higher weight.
B.The route from Peer A because local preference is higher.
C.Both routes are equally preferred and will be used for load balancing.
D.The route from Peer B because AS path is shorter.
AnswerB

Local preference is the first tiebreaker after weight; higher value wins.

Why this answer

BGP selects the route with highest local preference first. Peer A has local preference 150, which is higher than Peer B's 100, so Peer A's route is preferred regardless of AS path length.

88
MCQeasy

A service provider is implementing MPLS L3VPN and needs to ensure that BGP route advertisement uses a specific next-hop. Which technique ensures BGP advertises the PE-CE next-hop instead of the PE-PE loopback?

A.Route-map with set next-hop
B.next-hop-unchanged
C.next-hop-self
D.Disable next-hop-check
AnswerC

Sets the next-hop to the router's own address for iBGP advertisements.

Why this answer

In MPLS L3VPN, the PE-CE next-hop (the PE interface facing the CE) must be advertised to the remote PE so that the remote PE knows to forward traffic directly to the local PE's CE-facing interface. The `next-hop-self` command on the PE forces BGP to set the next-hop to the PE's own IP address (typically the loopback or the interface used for BGP peering), which overrides the default behavior of preserving the original next-hop. This ensures that the remote PE uses the correct next-hop for VPN traffic.

Exam trap

Cisco often tests the distinction between `next-hop-self` (used to force the PE's own address as the next-hop) and `next-hop-unchanged` (used to preserve the original next-hop in inter-AS scenarios), and candidates confuse these two commands.

How to eliminate wrong answers

Option A is wrong because a route-map with `set next-hop` can manually override the next-hop, but it is not the standard or most efficient technique for this specific requirement; it requires additional configuration and may not be as reliable as `next-hop-self` in all scenarios. Option B is wrong because `next-hop-unchanged` is used in MPLS VPN inter-AS scenarios (option B) to preserve the original next-hop across AS boundaries, which is the opposite of what is needed here. Option D is wrong because disabling next-hop-check (`no bgp next-hop-check`) is used in BGP confederation or route reflector scenarios to allow routes with unreachable next-hops to be accepted, not to change the next-hop value.

89
Matchingmedium

Match each QoS mechanism to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Identifying packets based on specified criteria

Setting QoS bits (e.g., DSCP, CoS) in packet headers

Enforcing traffic rate limits by dropping or remarking excess packets

Buffering excess traffic to smooth output rate

Congestion avoidance by selectively dropping packets based on queue depth

Why these pairings

These are fundamental QoS tools used in service provider networks.

90
MCQmedium

A service provider is deploying MPLS L3VPN over an OSPF backbone. The PE routers are configured with OSPF as the IGP. The CE router of customer A is connected to two PEs for redundancy. Which configuration is required on the PE routers to ensure that the CE router can load-balance traffic across both PEs without loops?

A.Use OSPF sham-links between the two PEs.
B.Use the BGP cost community to adjust the path selection on the CE.
C.Configure OSPF with the capability vrf-lite and enable the down-bit on the PE-CE link.
D.Disable the DN-bit on the PE-CE OSPF interface.
AnswerC

The down-bit prevents the CE from re-advertising routes learned from one PE to the other PE, avoiding loops.

Why this answer

Option C is correct because configuring OSPF with the capability vrf-lite and enabling the down-bit on the PE-CE link prevents routing loops in a multi-homed CE scenario. The down-bit is set by the PE when redistributing routes into OSPF, ensuring that the CE does not re-advertise those routes back to another PE, which would cause a loop. The vrf-lite capability allows the CE to understand the down-bit without requiring full MPLS/VPN functionality, enabling load-balancing across both PEs safely.

Exam trap

Cisco often tests the distinction between the down-bit (DN-bit) used in OSPF PE-CE scenarios and the sham-link concept used for OSPF area 0 extension, leading candidates to mistakenly choose sham-links for loop prevention in multi-homed CE designs.

How to eliminate wrong answers

Option A is wrong because OSPF sham-links are used to connect two PE routers in different OSPF areas within an MPLS L3VPN to maintain OSPF adjacency across the backbone, not to prevent loops or enable load-balancing for a multi-homed CE. Option B is wrong because the BGP cost community influences path selection on the PE side for inter-AS or multi-homing scenarios, but it does not affect the CE's OSPF routing decisions or prevent loops in the PE-CE OSPF domain. Option D is wrong because disabling the DN-bit (down-bit) on the PE-CE OSPF interface would allow the CE to re-advertise routes learned from one PE back to the other PE, creating a routing loop; the DN-bit must be enabled to prevent this.

91
Multi-Selectmedium

Which TWO of the following are characteristics of MPLS LDP?

Select 2 answers
A.Distributes labels for BGP routes
B.Label distribution based on IP routing table
C.Requires an IGP like OSPF for session reachability
D.UDP for discovery, TCP for session
E.TCP for both discovery and session
AnswersB, D

By default, LDP distributes labels for all IGP routes.

Why this answer

B is correct because MPLS LDP distributes labels for routes found in the IP routing table, not for BGP routes. LDP peers exchange label bindings for each prefix in the IGP routing table, enabling label-switched paths (LSPs) for those destinations. This is fundamental to LDP's operation as defined in RFC 5036.

Exam trap

Cisco often tests the misconception that LDP requires an IGP for session reachability, but the trap is that LDP uses its own UDP discovery mechanism and can form sessions over any IP reachable path, though an IGP is commonly used for loopback reachability in practice.

92
MCQeasy

Refer to the exhibit. The VRF CUSTOMER is configured with route-target import 100:1. Why is this route not installed in the VRF table?

A.VRF not properly configured.
B.Route target mismatch.
C.Route distinguisher missing.
D.Next-hop unreachable.
AnswerB

The route carries RT:200:1, but the VRF imports only RT:100:1.

Why this answer

B is correct because the VRF CUSTOMER is configured with route-target import 100:1, but the route in question carries a different route-target value (e.g., 100:2). For a route to be installed into a VRF table, the route-target extended community attached to the route must match at least one of the import route-targets configured on the VRF. A mismatch prevents the route from being imported, even if other conditions are satisfied.

Exam trap

Cisco often tests the distinction between route distinguisher (RD) and route-target (RT) — candidates confuse RD uniqueness with RT import/export matching, leading them to pick 'Route distinguisher missing' when the actual issue is a route-target mismatch.

How to eliminate wrong answers

Option A is wrong because the VRF is properly configured with a route distinguisher and route-target import statement; the issue is not a missing or misconfigured VRF definition. Option C is wrong because a route distinguisher is required for VRF route uniqueness in the BGP table, but its absence would cause a different error (e.g., the route not being carried in BGP at all), not a failure to import a route that already has an RD. Option D is wrong because the next-hop reachability is not the cause here; if the next-hop were unreachable, the route would still be considered for import but would be marked as invalid or not installed due to unreachability, whereas the question explicitly states the route is not installed due to route-target mismatch.

93
MCQeasy

In a Layer 3 MPLS VPN, a customer site that is part of VRF RED is unable to communicate with another site that is also in VRF RED. The 'show ip bgp vpnv4 vrf RED' command shows the routes, but the router does not install them in the routing table. Which configuration element is most likely missing?

A.A BGP session between PEs.
B.The route-target export on the receiving PE.
C.The route-target import on the receiving PE.
D.An MPLS LDP session between PEs.
AnswerC

Correct. Import is needed to accept routes into the VRF.

Why this answer

Option B is correct because route-target import on the receiving PE is required to install VPNv4 routes into the VRF. Option A is incorrect; export is for sending routes. Option C is incorrect; LDP is used for label exchange but not for VRF route installation.

Option D is incorrect; BGP sessions between PEs are usually in place if routes are seen.

94
MCQmedium

In a Layer 3 MPLS VPN, a CE router is dual-homed to two different PE routers. The PE routers advertise the same prefix to the route reflector with different route targets. What ensures that only the best path is installed in the VRF?

A.Each PE router independently selects the best path based on BGP attributes.
B.The route reflector discards duplicate prefixes.
C.MPLS labels ensure that only one path is used.
D.The CE router must advertise the same route to only one PE.
AnswerA

BGP best path selection runs in the VRF context on each PE, using standard attributes.

Why this answer

BGP path selection applies within the VRF. The route with higher local preference or shorter IGP metric to the next-hop determines the best path. Route targets are used for import/export only.

95
Multi-Selecthard

Which THREE BGP path attributes are considered during the best path selection process after local preference? (Choose three.)

Select 3 answers
A.Multi-exit discriminator (MED)
B.Next-hop IP address
C.AS path length
E.Origin code
AnswersA, C, E

Lower MED is preferred.

Why this answer

After local preference, BGP considers: AS path length, origin type, MED (multi-exit discriminator). Next-hop is considered earlier? Actually order: weight, local pref, local (originate), AS path, origin, MED, etc. So correct: AS path, origin, MED.

96
MCQmedium

Based on the exhibit, which statement about label allocation for prefix 10.1.1.0/24 is true?

A.Router 192.168.2.2 is the penultimate hop for this prefix.
B.The local router will use PHP for this prefix.
C.The local router allocated label 161 for the prefix
D.Router 192.168.1.1 is the egress LSR for this prefix.
AnswerC

Yes, local binding tag is 161.

Why this answer

The remote binding from 192.168.2.2 shows 'imp-null', meaning that router is advertising an implicit null label (POP). This indicates that the next-hop is directly connected or the router is the egress for that prefix.

97
Multi-Selecteasy

Which THREE are valid reasons for using the 'ipv6 unicast-routing' command on a Cisco router?

Select 3 answers
A.It enables IPv6 on all interfaces.
B.It enables global IPv6 routing.
C.It enables IPv6 CEF.
D.It enables IPv6 multicast routing.
E.It allows configuration of IPv6 routing protocols like OSPFv3.
AnswersB, C, E

Correct. This is the primary purpose.

Why this answer

Options B, D, and E are correct. This command enables IPv6 routing globally (B), enables IPv6 CEF (D), and allows configuration of IPv6 routing protocols (E). Option A is incorrect; it does not enable IPv6 on interfaces.

Option C is incorrect; IPv6 is enabled by default on some platforms, but the command does not enable multicast routing.

98
MCQeasy

Which routing protocol is used between CE and PE routers in a typical MPLS L3VPN deployment?

A.RIP
B.BGP
D.IS-IS
AnswerB

eBGP is commonly used for CE-PE routing in L3VPN to carry customer routes and support multi-homing.

Why this answer

The CE-PE routing protocol can be any: static, RIP, EIGRP, OSPF, or BGP. However, in service provider networks, eBGP or OSPF are common. The question asks for typical; BGP is often used for multi-homing and scalability.

99
MCQhard

A service provider is deploying multicast service for IPTV using PIM-SM with a single RP. During high traffic periods, the RP becomes overloaded. What is the most scalable solution to distribute the load across multiple RPs?

A.Use Anycast-RP
B.Use Bidirectional PIM
C.Increase the RP's memory and CPU
D.Use PIM-DM
AnswerA

Anycast-RP allows multiple RPs under a single RP address, distributing the load.

Why this answer

Anycast-RP allows multiple RPs to share the same IP address, enabling load distribution and redundancy. In PIM-SM, sources register with the nearest RP via unicast routing, and receivers join toward the same Anycast-RP address, which is routed to the closest physical RP. This distributes the registration and join processing load across multiple RPs without requiring protocol changes.

Exam trap

Cisco often tests the misconception that Bidirectional PIM or simply upgrading hardware can solve RP overload, but the key is that Anycast-RP is the only option that distributes the RP load across multiple devices while maintaining a single RP address for the multicast domain.

How to eliminate wrong answers

Option B is wrong because Bidirectional PIM is designed for many-to-many multicast applications and uses a shared tree rooted at the RP, but it does not inherently distribute load across multiple RPs; it still relies on a single RP per group. Option C is wrong because increasing the RP's memory and CPU is a vertical scaling approach that does not address the fundamental architecture limitation of a single RP becoming a bottleneck; it is not a scalable solution for load distribution. Option D is wrong because PIM-DM uses a flood-and-prune mechanism that is inefficient for sparse-mode IPTV deployments and does not use an RP at all, so it cannot distribute RP load.

100
MCQmedium

You are a network engineer at a service provider. Your network uses MPLS L3VPN with OSPF as the IGP and LDP for label distribution. A customer has two sites connected to different PEs (PE1 and PE2) in the same VPN. The customer's CE routers are running eBGP with the PEs. Recently, the customer reports that traffic between the two sites is intermittently dropping. Upon investigation, you find that the BGP session between PE1 and the CE at site A goes down briefly every few minutes. The logs on PE1 show BGP notifications with error code 'Hold Timer Expired'. The CE router at site A is a low-end device with limited CPU. What is the most likely cause and the best course of action?

A.Configure BGP route dampening on PE1 to suppress flapping routes.
B.Disable LDP on the link between PE1 and CE1.
C.Change the IGP from OSPF to IS-IS to reduce routing updates.
D.Increase the BGP hold time on PE1 to 180 seconds.
AnswerD

Increasing the hold time gives the CE more time to send keepalives, reducing session drops.

Why this answer

The BGP session drops due to 'Hold Timer Expired' because the low-end CE router's CPU is overloaded, causing it to fail sending BGP keepalives within the default 90-second hold time. Increasing the hold time on PE1 to 180 seconds (option D) gives the CE more time to send keepalives, reducing false timeouts. This directly addresses the root cause—insufficient CPU to maintain timely keepalives—without changing routing protocols or suppressing routes.

Exam trap

Cisco often tests the misconception that route dampening or IGP changes fix BGP session stability issues, when the real problem is a mismatch in BGP timers due to peer resource constraints.

How to eliminate wrong answers

Option A is wrong because BGP route dampening suppresses flapping routes but does not prevent the BGP session from going down due to hold timer expiry; it would only penalize routes after the session flaps, not fix the underlying keepalive issue. Option B is wrong because LDP is used for label distribution in the MPLS core and is not involved in the CE-PE eBGP session; disabling it would break MPLS L3VPN functionality. Option C is wrong because changing the IGP from OSPF to IS-IS does not affect BGP keepalive timing or CE router CPU load; it would only alter interior routing updates, which are unrelated to the hold timer expiry between PE and CE.

101
MCQmedium

An ISP is implementing BGP communities to influence routing behavior for their customers. They want to ensure that a customer's routes are not advertised to a specific transit provider. Which BGP community should be used?

A.LOCAL_AS
B.NO_EXPORT
C.NO_PEER
D.NO_ADVERTISE
AnswerB

This community ensures the route stays within the local AS and is not sent to any external AS.

Why this answer

The NO_EXPORT community (RFC 1997) tells a router to advertise the route to iBGP peers within the same AS but not to any eBGP peers. In this scenario, the ISP wants to prevent a customer's routes from being advertised to a specific transit provider, which is an eBGP neighbor. Applying the NO_EXPORT community to those routes ensures they stay within the ISP's AS and are not sent to any external transit provider.

Exam trap

Cisco often tests the distinction between NO_EXPORT and NO_ADVERTISE, where candidates mistakenly choose NO_ADVERTISE because they think it only blocks eBGP advertisements, but in reality NO_ADVERTISE blocks all advertisements (including iBGP), making NO_EXPORT the correct choice when the goal is to block only external (eBGP) propagation.

How to eliminate wrong answers

Option A (LOCAL_AS) is wrong because it is not a standard BGP community; it is a BGP feature (often used with 'allowas-in' or 'local-as' on a neighbor statement) that prepends the local AS number in the AS_PATH, but it does not control route advertisement to a specific transit provider. Option C (NO_PEER) is wrong because it is not a standard BGP well-known community; the correct community to prevent advertisement to any eBGP peer is NO_EXPORT, and NO_PEER is a common distractor that does not exist in RFC 1997. Option D (NO_ADVERTISE) is wrong because it prevents the route from being advertised to any BGP peer (iBGP or eBGP), which is too restrictive; the requirement is only to block advertisement to a specific transit provider (an eBGP peer), not to all peers.

102
MCQmedium

A network engineer is troubleshooting a BGP convergence issue in a large service provider network. After a link failure in the core, BGP sessions between route reflectors take a long time to reconverge. The RRs are receiving updates from many clients. Which technology can be implemented to improve convergence time? The network currently uses standard BGP with default timers.

A.BGP Add-Path
B.BGP TCP MD5 authentication
C.BGP route-refresh
D.BGP next-hop-self
AnswerA

Add-Path allows multiple paths per prefix, enabling fast failover.

Why this answer

BGP Add-Path allows a route reflector to advertise multiple paths for the same prefix to its clients, which reduces the need for clients to re-advertise updates after a failure. This speeds up convergence by enabling the route reflector to immediately select and propagate an alternate path without waiting for BGP reconvergence from other clients. In large service provider networks with many clients, this minimizes the delay caused by the route reflector having only a single best path per prefix.

Exam trap

Cisco often tests the misconception that BGP route-refresh or next-hop-self speeds up convergence, but the key is that Add-Path directly reduces reconvergence time by providing pre-computed alternate paths, while the other options address security, soft reconfiguration, or next-hop manipulation without affecting convergence speed.

How to eliminate wrong answers

Option B (BGP TCP MD5 authentication) is wrong because it secures BGP sessions against spoofing but does not affect convergence time or path selection. Option C (BGP route-refresh) is wrong because it triggers a soft reconfiguration to request updates from a peer, which is a manual or triggered operation that does not proactively improve convergence after a failure. Option D (BGP next-hop-self) is wrong because it modifies the next-hop attribute on routes advertised to eBGP peers, typically used in iBGP to ensure reachability, but it does not reduce the number of updates or speed up convergence in a route reflector topology.

103
MCQeasy

A network engineer is troubleshooting an OSPF adjacency failure between two directly connected routers, R1 and R2. Both routers are configured with the same OSPF process ID and area. The engineer verifies that the interfaces are up and IP connectivity exists. Which configuration mismatch is most likely causing the adjacency to fail?

A.MTU mismatch between the interfaces
B.Passive interface configuration on one router
C.Area ID mismatch on the interfaces
D.OSPF network type mismatch between the interfaces
AnswerD

Network type mismatch (e.g., broadcast vs. point-to-point) causes the routers to disagree on DR/BDR election and hello behavior, preventing adjacency.

Why this answer

Option C is correct because OSPF network type mismatch, such as one side configured as point-to-point and the other as broadcast, prevents adjacency formation. Option A is wrong because an MTU mismatch would cause the adjacency to form but show problems during LSA exchange. Option B is wrong because area mismatch would cause a mismatch in area ID.

Option D is wrong because a passive interface would allow the neighbor to be seen but not become full.

104
MCQhard

Based on the exhibit, what is the purpose of the 'mpls ldp neighbor ... password cisco' commands?

A.To synchronize LDP and IGP convergence.
B.To control the label allocation for prefixes from that neighbor.
C.To authenticate the LDP session using MD5.
D.To enable LDP session protection for the neighbor.
AnswerC

The password command enables MD5 authentication for the LDP session.

Why this answer

The 'mpls ldp neighbor ... password cisco' command configures a Message Digest 5 (MD5) authentication password for the LDP session with a specific neighbor. This ensures that the TCP connection used for LDP exchanges is authenticated, preventing spoofed or unauthorized LDP messages from being accepted, as defined in RFC 5036.

Exam trap

Cisco often tests the distinction between LDP authentication (password) and LDP session protection (holdtime/graceful restart), so the trap here is confusing the 'password' keyword with session protection features that maintain adjacency state.

How to eliminate wrong answers

Option A is wrong because synchronizing LDP and IGP convergence is achieved through LDP-IGP synchronization (e.g., 'mpls ldp sync' on an interface), not by setting a password. Option B is wrong because controlling label allocation for prefixes from a neighbor is done via label filtering (e.g., 'mpls ldp neighbor ... label accept' or 'mpls ldp neighbor ... label advertise'), not by a password. Option D is wrong because LDP session protection (e.g., 'mpls ldp session protection') is a separate feature that maintains LDP hello adjacencies and re-establishes sessions after link flaps, unrelated to authentication.

← PreviousPage 2 of 2 · 104 questions total

Ready to test yourself?

Try a timed practice session using only Sp Networking questions.