Cisco CCNP ENARSI 300-410 (300-410) — Questions 175

2152 questions total · 29pages · All types, answers revealed

Page 1 of 29

Page 2
1
Multi-Selectmedium

Which TWO configuration steps are required to enable OSPFv3 on a Cisco IOS router for IPv6 routing? (Choose TWO.)

Select 2 answers
A.Enable IPv6 unicast routing with 'ipv6 unicast-routing' globally.
B.Use the 'network' command under the OSPFv3 process to specify interfaces.
C.Configure the OSPFv3 process using 'ipv6 router ospf <process-id>'.
D.Assign a router-id using 'router-id <A.B.C.D>' under the OSPFv3 process.
E.Enable OSPFv3 on the interface using 'ip ospf <process-id> area <area-id>'.
AnswersA, C

This is required for any IPv6 routing, including OSPFv3.

Why this answer

You must first enable IPv6 unicast routing globally, then configure the OSPFv3 process and enable it on the interface. The 'network' command is OSPFv2; OSPFv3 uses 'ipv6 ospf' under the interface. The router-id is optional but recommended.

The 'ipv6 router ospf' command creates the process.

2
Multi-Selectmedium

Which TWO statements about NetFlow version 9 and Flexible NetFlow are true? (Choose TWO.)

Select 2 answers
A.NetFlow version 9 uses a fixed-format packet structure for flow export.
B.Flexible NetFlow is built upon the NetFlow version 9 template architecture.
C.Flexible NetFlow can only export data using NetFlow version 9.
D.NetFlow version 9 supports user-defined flow records through templates.
E.Flexible NetFlow only supports IPv4 traffic monitoring.
AnswersB, D

Flexible NetFlow uses NetFlow v9 templates to define variable-length flow records.

Why this answer

NetFlow version 9 uses a template-based design, allowing flexible field definitions, which is the foundation for Flexible NetFlow. Flexible NetFlow extends this by allowing user-defined flow records and support for multiple protocols. Option A is false because NetFlow v5 is fixed-format and does not support templates.

Option C is false because Flexible NetFlow can export using NetFlow v9 or IPFIX (NetFlow v10). Option E is false because Flexible NetFlow supports both IPv4 and IPv6.

3
Multi-Selectmedium

Which TWO configuration steps are required to apply an IPv4 extended access list to an interface in Cisco IOS? (Choose TWO.)

Select 2 answers
A.Configure the ACL using access-list or ip access-list commands.
B.Apply the ACL to the interface with the ip access-group command.
C.Create the ACL directly under the interface configuration mode.
D.Use the access-class command on the interface.
E.Enable the ACL with the ip inspect command.
AnswersA, B

The ACL must be defined first with permit/deny entries.

Why this answer

Option A is correct because an IPv4 extended ACL must first be defined using either the numbered `access-list` command or the named `ip access-list extended` command before it can be applied. Option B is correct because the `ip access-group` command is the only way to bind a configured ACL to an interface in Cisco IOS, specifying the direction (in or out) and optionally the VLAN filter.

Exam trap

Cisco often tests the distinction between `ip access-group` (for interfaces) and `access-class` (for VTY lines), leading candidates to mistakenly choose `access-class` when the question specifies an interface.

4
MCQhard

A network engineer redistributes OSPF routes into BGP on router R1. R1 has: router bgp 65001, redistribute ospf 1 route-map RM_OSPF. The route-map RM_OSPF sets metric 100. OSPF routes from area 0 are redistributed, but routes from area 1 are missing in BGP. R1 shows: show ip ospf database shows area 1 routes as inter-area (IA). What is the root cause?

A.The route-map RM_OSPF uses match ip address prefix-list PL_INTRA that only permits prefixes from area 0, filtering inter-area routes from area 1.
B.OSPF inter-area routes are not redistributed into BGP by default; you must use redistribute ospf 1 match internal external.
C.The metric 100 set in the route-map is too low, causing BGP to ignore the routes.
D.The OSPF process ID is incorrect; redistribution uses process ID 1 but area 1 routes are from a different process.
AnswerA

Inter-area routes are internal but the prefix-list restricts to area 0 prefixes only.

Why this answer

By default, when redistributing OSPF into BGP, only intra-area and inter-area routes are redistributed, but external routes (type 5/7) are not. However, the missing routes are inter-area (IA) from area 1, which should be redistributed. The issue is that the route-map RM_OSPF may have a match clause that inadvertently filters IA routes, or the redistribute command may be missing the match internal keyword.

In this case, the redistribute ospf 1 command without any match option defaults to match internal, which includes intra-area and inter-area. But if the route-map has a match ip address prefix-list that only permits specific prefixes, it could filter others. The root cause is that the route-map RM_OSPF uses match ip address prefix-list PL_INTRA which only permits prefixes from area 0, thus filtering inter-area routes from area 1.

5
Multi-Selecthard

An engineer is troubleshooting IPv6 connectivity issues on a switch that has IPv6 First Hop Security features enabled. Clients are unable to obtain a valid IPv6 address via SLAAC. Which TWO configuration changes could resolve this issue? (Choose TWO.)

Select 2 answers
A.Modify the RA Guard policy to permit Router Advertisements from the trusted router port.
B.Disable DHCPv6 snooping on the VLAN to allow RAs to be forwarded.
C.Enable IPv6 Source Guard on the client-facing interfaces.
D.Add the router's MAC address to the ND inspection allowed-list.
E.Configure a DHCPv6 pool on the switch to provide addresses to clients.
AnswersA, D

Correct. If RA Guard is blocking legitimate RAs, permitting the trusted port resolves the issue.

Why this answer

SLAAC relies on Router Advertisements (RAs) from a router. If RA Guard is blocking legitimate RAs, or if ND inspection is dropping them, clients cannot obtain addresses. Option A is correct: if RA Guard is blocking RAs from the legitimate router, adjusting the policy to permit that router's port will fix the issue.

Option D is correct: if ND inspection is enabled and the router's MAC is not in the allowed list, adding it will allow RAs to pass. Option B is incorrect: disabling DHCPv6 snooping would not help SLAAC, as SLAAC does not use DHCPv6. Option C is incorrect: enabling IPv6 Source Guard would not help; it filters source addresses, not RAs.

Option E is incorrect: configuring a DHCPv6 pool is for stateful DHCPv6, not SLAAC.

6
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip policy Interface Route-map GigabitEthernet0/0 PBR-TEST R1# show route-map PBR-TEST route-map PBR-TEST, permit, sequence 10 Match clauses: ip address (access-lists): 110 Set clauses: ip next-hop 192.168.100.1 Policy routing matches: 0 packets, 0 bytes R1# show access-lists 110 Extended IP access list 110 10 permit tcp 10.0.0.0 0.255.255.255 any eq 80 20 permit tcp 10.0.0.0 0.255.255.255 any eq 443 R1# show ip route 192.168.100.1 Routing entry for 192.168.100.1/32 Known via "ospf 1", distance 110, metric 20 Last update from 10.1.1.2 on GigabitEthernet0/1 Based on this output, what is the most likely reason for zero policy routing matches?

A.The next-hop 192.168.100.1 is not reachable.
B.The access list 110 is not matching any traffic arriving on GigabitEthernet0/0.
C.The route map sequence number is too high.
D.The route map needs to be applied globally.
AnswerB

Zero matches indicate that no packets matching the ACL have been received on the interface where PBR is applied.

Why this answer

The access list 110 matches TCP traffic from 10.0.0.0/8 to any destination on ports 80 and 443. The route map is applied to GigabitEthernet0/0, but traffic arriving on that interface may not match these conditions. The next-hop is reachable, so the issue is likely that no traffic matching ACL 110 is entering GigabitEthernet0/0.

7
MCQhard

A network engineer runs the following command on Router R1: R1# show ip eigrp topology 10.10.10.0/24 EIGRP-IPv4 Topology Entry for AS(100)/ID(192.168.1.1) for 10.10.10.0/24 State: Passive, Reply status: 0, Originating router: 192.168.1.1 Routing Descriptor Blocks: 0.0.0.0 (Null0) from 0.0.0.0, Send flag: 0x0 Composite metric: (2560000000/0), Route is Internal Vector metric: Minimum bandwidth: 100000 Kbit Total delay: 100 microseconds Reliability: 255/255 Load: 1/255 Minimum MTU: 1500 Hop count: 0 Based on this output, what is the problem?

A.The route is a local summary route pointing to Null0, which is normal for EIGRP summarization.
B.The route has a metric of 2560000000, indicating a network failure.
C.The hop count of 0 means the route is not reachable.
D.The route is in Active state, indicating a problem.
AnswerA

EIGRP automatically installs a null0 route for summary addresses to prevent loops.

Why this answer

The route to 10.10.10.0/24 is a local summary or null0 route (via Null0). This is typical for a summary route or a route to a directly connected network. The composite metric of 2560000000/0 indicates a very high metric, which is normal for a null0 route.

There is no problem; this is a common configuration.

8
Drag & Dropmedium

Drag and drop the steps to troubleshoot suboptimal routing due to incorrect Administrative Distance values into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order begins by identifying the routing table entries to see which routes are preferred, then checking the AD values of the competing protocols, verifying the configuration of the protocol with the lower AD, adjusting the AD on the desired protocol to make it preferred, and finally confirming the routing table update.

9
MCQeasy

Which BGP message type is used to advertise, withdraw, and update routes?

A.OPEN
B.UPDATE
C.NOTIFICATION
D.KEEPALIVE
AnswerB

Correct. UPDATE messages carry route information.

Why this answer

BGP UPDATE messages carry path attributes and NLRI for route advertisements and withdrawals.

10
MCQmedium

Consider the following partial EIGRP configuration on router R1: router eigrp 100 network 10.0.0.0 network 192.168.1.0 summary-address 10.0.0.0 255.255.255.0 5 What is the effect of the 'summary-address 10.0.0.0 255.255.255.0 5' command?

A.It creates a summary route 10.0.0.0/24 with an administrative distance of 5, advertised out all EIGRP-enabled interfaces.
B.It creates a summary route 10.0.0.0/24 and sets the metric to 5.
C.It creates a summary route 10.0.0.0/24 and suppresses more specific routes with a metric of 5.
D.It creates a summary route 10.0.0.0/24 with a tag of 5.
AnswerA

Correct. The summary-address command creates a summary route and the optional distance value sets the administrative distance for that summary.

Why this answer

The 'summary-address' command in EIGRP creates a summary route and advertises it out all interfaces enabled for EIGRP. The administrative distance value (5) is optional and sets the distance for the summary route.

11
MCQhard

A network engineer is troubleshooting an OSPFv2 issue where a router R1 is not receiving a specific route for 10.0.0.0/8 from a neighbor R2. The adjacency is FULL, and 'show ip ospf database' on R1 shows the LSA for 10.0.0.0/8 as a type 5 LSA. However, the route is not in the routing table. 'show ip route 10.0.0.0' shows no route. What is the most likely cause?

A.The router R1 has a distribute-list applied to the OSPF process that filters the route 10.0.0.0/8.
B.The route is a type 5 LSA, but the router is in a stub area.
C.The router has a higher administrative distance for OSPF routes, causing it to prefer another routing protocol.
D.The route has a metric of 16777214, which is considered infinite.
AnswerA

A distribute-list can prevent a route from being installed in the routing table even if the LSA is in the database.

Why this answer

If the LSA is in the database, the route should be installed unless there is a filtering mechanism or a routing table issue. One common cause is that the router has a route map that filters the route from being installed. Another possibility is that the router has a static route that is being preferred, but the stem says no route is present.

The most likely cause is that the router has a distribute-list that filters the route.

12
MCQmedium

Which BGP attribute is used as the first tie-breaker in the route selection process when comparing routes from different peers?

A.LOCAL_PREF
B.WEIGHT
C.AS_PATH length
D.MED
AnswerB

Correct. WEIGHT is the first tie-breaker in Cisco BGP.

Why this answer

BGP selects the route with the highest WEIGHT (Cisco proprietary) first, then LOCAL_PREF.

13
MCQeasy

What is the default timeout value (in milliseconds) for an IP SLA operation?

A.5000 ms
B.1000 ms
C.10000 ms
D.60000 ms
AnswerA

The default timeout is 5000 ms.

Why this answer

The default timeout for IP SLA operations is 5000 milliseconds (5 seconds). If no response is received within this time, the probe is considered failed.

14
Multi-Selecthard

Which TWO configuration steps are required to enable IPv6 RA Guard on a Cisco switch interface? (Choose TWO.)

Select 2 answers
A.Create an RA Guard policy using the 'ipv6 nd raguard policy POLICY_NAME' command.
B.Apply the RA Guard policy to the interface with the 'ipv6 nd raguard attach-policy POLICY_NAME' command.
C.Enable IPv6 routing globally with 'ipv6 unicast-routing'.
D.Configure 'ipv6 nd raguard' directly on the interface without a policy.
E.Enable DHCPv6 Guard on the same interface to complement RA Guard.
AnswersA, B

The policy defines the role (router or host) and other parameters; it is a mandatory step.

Why this answer

RA Guard requires defining a policy that specifies the device role (router or host) and then applying that policy to the interface. Simply enabling 'ipv6 nd raguard' without a policy is not sufficient. The other options are either for different features or incorrect.

15
MCQhard

A network engineer runs the following command on Router R1: R1# show snmp statistics SNMP packets input: 150 Bad SNMP version errors: 0 Unknown community name: 25 Illegal operation for community name: 0 Encoding errors: 0 Number of requested variables: 300 Number of altered variables: 0 Get-request PDUs: 120 Get-next PDUs: 30 Set-request PDUs: 0 SNMP packets output: 200 Too big errors: 0 No such name errors: 10 Bad values errors: 0 General errors: 0 Response PDUs: 200 Trap PDUs: 0 Based on this output, which statement is correct?

A.There are 25 SNMP requests with invalid community strings.
B.The router has sent 150 trap PDUs.
C.There were 10 set requests that failed due to bad values.
D.The router received 200 SNMP packets.
AnswerA

The 'Unknown community name' counter of 25 indicates that many requests used community strings not recognized by the router.

Why this answer

The output shows SNMP statistics. There are 25 'Unknown community name' errors, indicating that some SNMP requests are using community strings not configured on the router. Additionally, there are 10 'No such name errors' in the output, meaning the requested MIB objects do not exist.

No set requests were received.

16
Multi-Selecthard

Which TWO actions will prevent IPv6 traffic with a spoofed source address from being forwarded in a network where BGP is used for routing? (Choose TWO.)

Select 2 answers
A.Apply uRPF loose mode on the customer-facing interface.
B.Configure an inbound IPv6 ACL on the edge interface that denies traffic from reserved or internal source prefixes.
C.Use the 'ipv6 verify unicast source reachable-via any allow-default' command to allow traffic with default route.
D.Apply an outbound IPv6 ACL on the BGP neighbor interface to filter spoofed source addresses.
E.Disable BGP prefix filtering to allow all prefixes, then rely on uRPF only.
AnswersA, B

Correct. uRPF loose mode drops packets if the source address is not in the FIB, which helps prevent spoofing.

Why this answer

To prevent spoofed IPv6 traffic, you can use uRPF on edge interfaces to verify source addresses. Additionally, you can use BGP prefix filtering to ensure that only legitimate prefixes are advertised, reducing the chance of spoofed traffic being routed. Another method is to use an inbound IPv6 ACL on the edge interface to block traffic from private or reserved source addresses.

The question asks for two actions among the options.

17
MCQhard

A large enterprise network uses EIGRP with route summarization. Router R1 has the following configuration: interface GigabitEthernet0/0, ip summary-address eigrp 100 10.0.0.0 255.255.252.0. Router R2 shows: show ip route eigrp includes 10.0.0.0/22 but not 10.0.3.0/24. What is the root cause?

A.The summary address is misconfigured; it should be 10.0.0.0/24.
B.R2 has a route filter blocking 10.0.3.0/24.
C.The EIGRP summary address suppresses more specific routes within its range.
D.R1's interface is down, preventing route advertisement.
AnswerC

EIGRP summary addresses automatically suppress more specific routes, causing the missing /24.

Why this answer

Option C is correct because the EIGRP `ip summary-address` command on R1 creates a summary route (10.0.0.0/22) that is advertised to R2, and by default EIGRP suppresses the advertisement of all more specific routes that fall within the summary range (10.0.0.0/22 includes 10.0.3.0/24). This is the intended behavior of EIGRP route summarization: the summary route replaces the component routes to reduce routing table size and update overhead.

Exam trap

Cisco often tests the misconception that EIGRP summarization simply advertises a summary route in addition to the more specific routes, when in fact the default behavior is to suppress all component routes within the summary range.

How to eliminate wrong answers

Option A is wrong because the summary address 10.0.0.0/22 is correctly configured to cover the range 10.0.0.0–10.0.3.255; changing it to /24 would only cover 10.0.0.0/24 and would not suppress 10.0.3.0/24. Option B is wrong because there is no evidence of a route filter; the absence of 10.0.3.0/24 is a direct result of the summary address suppression, not a filter. Option D is wrong because if R1's interface were down, R2 would not see the 10.0.0.0/22 summary route either, but the output shows 10.0.0.0/22 is present in R2's routing table.

18
MCQmedium

A network engineer runs the following command on Router R1: R1# show bgp ipv4 unicast 10.5.5.0/24 BGP routing table entry for 10.5.5.0/24, version 12 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 65007 10.1.17.7 from 10.1.17.7 (10.7.7.7) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 Based on this output, what does the 'r' in the status codes indicate if present? (Not shown here, but the engineer notices a similar route with 'r' status.)

A.The route is suppressed by a route-map.
B.The route is not valid due to next-hop unreachability.
C.The route is a RIB-failure, meaning it is not installed in the routing table because another route with a lower administrative distance exists.
D.The route is dampened.
AnswerC

RIB-failure (r) indicates the BGP route is valid but not installed in the RIB due to a better route from another source.

Why this answer

The 'r' status code stands for RIB-failure, meaning the route is valid in BGP but not installed in the routing table because a route with a lower administrative distance (e.g., from OSPF or EIGRP) already exists.

19
MCQhard

An engineer configures EIGRP named mode with `address-family ipv4 unicast autonomous-system 100` and applies an offset-list to a neighbor using `offset-list 1 out 1000` under the `af-interface` configuration. Unexpectedly, the offset-list does not affect the feasible distance (FD) as expected, but the advertised distance (AD) is increased. Which is the most likely explanation?

A.The offset-list was applied under `af-interface` instead of `address-family`, so it modifies the AD sent to neighbors, not the FD.
B.The offset-list command is not supported in named mode; it must be replaced with a route-map to adjust metrics.
C.The offset-list was applied outbound, which only affects the AD; inbound offset-lists affect the FD.
D.The offset-list value of 1000 is too high and causes the route to be suppressed, so FD is not updated.
AnswerA

Named mode separates interface-specific and address-family-level offset-lists; only the latter adjusts FD.

Why this answer

In EIGRP named mode, offset-lists applied under the `af-interface` affect only the AD (the metric sent to neighbors), not the FD. To affect the FD, the offset-list must be applied under the `address-family` section using `offset-list <acl> {in|out} <metric>`. This is a subtle difference from classic mode where offset-lists always affect the FD for incoming updates.

20
Multi-Selectmedium

Which TWO statements about MPLS label imposition (push) are true? (Choose TWO.)

Select 2 answers
A.Label imposition occurs at the ingress LSR.
B.Label imposition occurs at the egress LSR.
C.The imposed label is determined by the Forwarding Equivalence Class (FEC).
D.The imposed label is always the top label in a label stack.
E.Label imposition is performed using the 'tag-switching' command.
AnswersA, C

The ingress LSR pushes a label onto an incoming IP packet to begin MPLS forwarding.

Why this answer

Label imposition occurs at the ingress LSR, which pushes a label onto an unlabeled IP packet. The label is based on the FEC (Forwarding Equivalence Class) derived from the IP destination. The egress LSR pops the label, not imposes it.

22
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip ospf database summary 172.16.0.0 OSPF Router with ID (1.1.1.1) (Process ID 1) Summary Net Link States (Area 0) LS age: 100 Options: (No TOS-capability, DC) LS Type: Summary Links(Network) Link State ID: 172.16.0.0 (Summary Network Number) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0x1234 Length: 28 Network Mask: /20 TOS: 0 Metric: 10 Based on this output, what does this LSA represent?

A.It is a router LSA from R1.
B.It is a summary route for 172.16.0.0/20 advertised by ABR 2.2.2.2.
C.It is an external route from ASBR.
D.It is a network LSA for the 172.16.0.0 network.
AnswerB

This Type 3 LSA advertises a summary route for 172.16.0.0/20 from ABR 2.2.2.2.

Why this answer

This is a Type 3 Summary LSA, which is used to advertise inter-area routes. The Advertising Router is 2.2.2.2, an ABR.

23
MCQmedium

Consider the following configuration: ``` ip vrf CUSTOMER_E rd 200:1 route-target export 200:1 route-target import 200:1 ! interface GigabitEthernet0/0 ip vrf forwarding CUSTOMER_E ip address 172.16.0.1 255.255.255.0 ! interface GigabitEthernet0/1 ip vrf forwarding CUSTOMER_E ip address 172.16.1.1 255.255.255.0 ``` What is the effect of the route-target commands in this VRF-Lite scenario?

A.The route-targets enable automatic route redistribution between VRFs.
B.The route-targets are ignored because VRF-Lite does not use MP-BGP.
C.The route-targets cause the VRF to import and export routes from the global routing table.
D.The configuration will fail because route-targets are not allowed in VRF-Lite.
AnswerB

This is correct. In VRF-Lite, route-targets are not processed unless there is an MP-BGP configuration.

Why this answer

In VRF-Lite, route-targets are not used unless route leaking is configured. They are typically used in MPLS VPN environments. Here, they have no effect because there is no MP-BGP or route leaking configured.

24
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip access-lists Extended IP access list 170 10 permit icmp any any echo (100 matches) 20 permit icmp any any echo-reply (80 matches) 30 deny ip any any (10 matches) Based on this output, which statement is correct?

A.All ICMP traffic is permitted.
B.Only ICMP echo and echo-reply are permitted; all other IP traffic is denied.
C.The ACL permits all IP traffic.
D.The ACL is not applied.
AnswerB

Line 30 denies all other IP traffic, including other ICMP types.

Why this answer

The ACL 170 explicitly permits only ICMP echo (type 8) and echo-reply (type 0) traffic, as shown by the match counters. The final deny ip any any statement blocks all other IP traffic, including other ICMP types and non-ICMP IP protocols. Therefore, only ICMP echo and echo-reply are permitted; all other IP traffic is denied, making option B correct.

Exam trap

Cisco often tests the misconception that an ACL with only two permit statements for specific ICMP types permits all ICMP traffic, but the explicit or implicit deny ip any any at the end blocks all other ICMP types and non-ICMP IP traffic.

How to eliminate wrong answers

Option A is wrong because the ACL does not permit all ICMP traffic; it only permits ICMP echo and echo-reply, while other ICMP types (e.g., destination unreachable, time-exceeded) are denied by the final deny ip any any statement. Option C is wrong because the ACL explicitly denies all IP traffic with the last statement, so it does not permit all IP traffic. Option D is wrong because the show ip access-lists output displays match counters (100 and 80 matches), which indicate the ACL is applied to an interface and actively processing traffic; an unapplied ACL would show zero matches.

25
MCQeasy

A network engineer runs the following command on Router R1: R1# show ip sla statistics 1 IPSLAs Latest Operation Statistics IPSLA operation id: 1 Type of operation: icmp-echo Latest RTT: 10 milliseconds Latest operation start time: 00:15:30 UTC Mon Mar 1 2021 Latest operation return code: OK Number of successes: 100 Number of failures: 0 Operation time to live: Forever Based on this output, which statement is correct?

A.The IP SLA operation has failed 100 times.
B.The IP SLA operation is successful and has a low RTT.
C.The IP SLA operation type is udp-jitter.
D.The IP SLA operation has expired.
AnswerB

Return code OK, RTT 10 ms, 100 successes.

Why this answer

The output shows an IP SLA operation of type icmp-echo with a return code 'OK', 100 successes, and 0 failures. This indicates the operation is functioning correctly.

26
MCQmedium

A network engineer runs the following command on Router R1: R1# show mpls ldp neighbor Peer LDP Ident: 192.168.2.2:0, Local LDP Ident: 192.168.1.1:0 TCP connection: 10.1.1.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:45:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.1.1.2 Addresses bound to peer LDP Ident: 10.1.1.2 192.168.2.2 Based on this output, what is the state of the LDP session?

A.The LDP session is operational and exchanging label information.
B.The LDP session is in a down state due to a TCP reset.
C.The LDP session is in initialization state because no labels have been exchanged.
D.The LDP session is using UDP instead of TCP.
AnswerA

The 'State: Oper' indicates the session is operational, and the message counts confirm label exchange.

Why this answer

The output shows 'State: Oper', which indicates the LDP session is operational. The 'Downstream' label distribution mode and the fact that messages have been sent and received (100/100) confirm that the session is actively exchanging label information. This matches the correct answer that the LDP session is operational and exchanging label information.

Exam trap

Cisco often tests the distinction between LDP discovery (UDP) and session establishment (TCP), and the trap here is that candidates may confuse the 'Oper' state with an initialization state or incorrectly assume UDP is used for the entire LDP process.

How to eliminate wrong answers

Option B is wrong because the state is 'Oper' (operational), not down; a TCP reset would show a different state like 'Down' or 'Initialized'. Option C is wrong because the 'Oper' state indicates the session is fully established and labels are being exchanged, not in an initialization state where no labels have been exchanged. Option D is wrong because LDP uses TCP (port 646) for session establishment and label exchange, as shown in the output (TCP connection: 10.1.1.2.646 - 10.1.1.1.646); UDP is used only for LDP discovery (hello messages).

27
MCQmedium

Consider the following EIGRP configuration on Router R1: router eigrp 100 network 10.0.0.0 passive-interface default no passive-interface GigabitEthernet0/0 What is the effect of this configuration?

A.EIGRP will form neighbor adjacencies on all interfaces.
B.EIGRP will form neighbor adjacencies only on GigabitEthernet0/0.
C.EIGRP will not form any neighbor adjacencies.
D.EIGRP will form neighbor adjacencies on all interfaces except GigabitEthernet0/0.
AnswerB

The no passive-interface command on GigabitEthernet0/0 allows neighbor formation only on that interface.

Why this answer

The configuration sets all interfaces to passive by default, then re-enables EIGRP on GigabitEthernet0/0. This means only GigabitEthernet0/0 will send and receive EIGRP hello packets and form adjacencies; all other interfaces will only advertise networks without forming neighbors.

28
MCQmedium

A network engineer runs the following command to verify BFD operation: R1# show bfd neighbors detail IPv4 Sessions NeighAddr LD/RD RH/RS State Int 10.1.1.2 1/2 Up Up Gi0/0 Session state is UP and not using echo function. Session type: single-hop Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3 Received MinRxInt: 1000000, Received Multiplier: 3 Holddown (hits): 0 (0), Hello (hits): 1000/5 Rx Count: 1000, Rx Interval (ms) min/max/avg: 900/1100/1000 Tx Count: 1000, Tx Interval (ms) min/max/avg: 900/1100/1000 What does this output indicate?

A.BFD session is using echo mode for fast failure detection.
B.BFD session is down and not sending hellos.
C.BFD session is operating with async mode, intervals at 1 second.
D.BFD session has a holddown timer of 3 seconds.
AnswerC

MinTxInt and MinRxInt are 1,000,000 microseconds (1 second), no echo, and session is UP.

Why this answer

The output shows a BFD session in UP state with consistent transmit and receive intervals around 1000 ms, no echo function, and a multiplier of 3. The session is healthy.

29
MCQmedium

Examine this configuration on router R1: crypto isakmp policy 10 encryption aes 256 authentication pre-share group 14 lifetime 86400 ! crypto isakmp key cisco123 address 192.168.1.2 ! crypto ipsec transform-set TSET esp-aes 256 esp-sha-hmac mode tunnel ! crypto map CMAP 10 ipsec-isakmp set peer 192.168.1.2 set transform-set TSET match address 101 ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 crypto map CMAP ! access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 What is missing from this configuration to ensure the tunnel works correctly?

A.Nothing is missing; the configuration is correct.
B.A route to the remote LAN 10.2.2.0/24 is missing.
C.The ISAKMP policy needs a 'lifetime' value.
D.The transform set should include 'mode transport' for site-to-site.
AnswerA

All necessary components: ISAKMP policy, key, transform set, crypto map with peer and ACL, and interface application.

Why this answer

The configuration is complete for a site-to-site IPsec VPN. ISAKMP policy 10 specifies AES-256 encryption, pre-shared key authentication, Diffie-Hellman group 14, and a lifetime of 86400 seconds (the default is 86400, so explicitly setting it is fine). The crypto map CMAP binds the transform set TSET (AES-256, SHA-HMAC) to peer 192.168.1.2 and matches interesting traffic via access-list 101 (10.1.1.0/24 to 10.2.2.0/24).

The interface GigabitEthernet0/1 applies the crypto map. A route to the remote LAN is not required because IPsec encrypts traffic based on the crypto ACL; routing only needs to reach the peer's public IP (192.168.1.2), which is directly connected on the same subnet.

Exam trap

Cisco often tests the misconception that a route to the remote LAN is required for IPsec to work, but in reality, the crypto ACL handles traffic selection, and only a route to the peer's public IP is needed.

How to eliminate wrong answers

Option B is wrong because a route to the remote LAN 10.2.2.0/24 is not required for IPsec; the crypto ACL defines which traffic is encrypted, and the router only needs a route to the peer's public IP (192.168.1.2), which is directly connected. Option C is wrong because the ISAKMP policy already includes a 'lifetime' value of 86400 seconds, which is valid and matches the default; no lifetime is missing. Option D is wrong because the transform set uses 'mode tunnel' (the default for site-to-site VPNs), which is correct; 'mode transport' is used for host-to-host or GRE-over-IPsec, not for site-to-site.

30
MCQhard

A large enterprise network is experiencing intermittent reachability to a specific /24 subnet (192.168.10.0/24) from remote sites. Router R1 has the following relevant configuration: interface GigabitEthernet0/0 ip address 10.0.1.1 255.255.255.0 ! router eigrp 100 network 10.0.0.0 network 192.168.0.0 ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip summary-address eigrp 100 192.168.0.0 255.255.252.0 ! Router R2 shows: R2# show ip route 192.168.10.0 Routing entry for 192.168.0.0/22, supernet Known via "eigrp 100", distance 90, metric 30720, type internal Last update from 10.0.1.1 on GigabitEthernet0/0, 00:00:15 ago * 10.0.1.1, via GigabitEthernet0/0, 00:00:15 ago What is the root cause?

A.The summary route 192.168.0.0/22 does not include 192.168.10.0/24, so the specific route is not advertised and is missing from R2's routing table.
B.EIGRP has a metric mismatch between the summary and the specific route, causing the specific route to be suppressed.
C.The network command for 192.168.0.0 is missing, causing EIGRP to not advertise any 192.168.x.x routes.
D.R2 has a static route for 192.168.10.0/24 that is overriding the EIGRP route.
AnswerA

The summary covers only 192.168.0.0-192.168.3.255, excluding 192.168.10.0/24.

Why this answer

The summary route 192.168.0.0/22 is being advertised by R1, but it blocks the more specific /24 route 192.168.10.0/24 if that subnet is not within the summary range (192.168.0.0/22 covers 192.168.0.0 to 192.168.3.255). Since 192.168.10.0/24 is outside this range, it is not summarized and is not advertised separately, causing reachability failure. The correct fix is to adjust the summary prefix to include the missing subnet, or to not summarize.

31
MCQhard

An engineer configures EIGRP named mode on a DMVPN Phase 3 hub with 'eigrp stub' on the spoke routers. Unexpectedly, when a spoke loses its WAN connection to the hub, the hub's EIGRP table shows the spoke's routes as active (stuck-in-active) for an extended period. Which is the most likely explanation?

A.The spoke's EIGRP stub configuration in named mode does not suppress query propagation for all routes; the hub queries the spoke for routes that are not in the stub's advertised set, causing a stuck-in-active when the spoke is unreachable.
B.The spoke's EIGRP stub configuration in named mode automatically sets the 'receive-only' flag, preventing any queries from being sent to the spoke.
C.The DMVPN tunnel interface on the spoke is configured with 'eigrp stub', which causes the spoke to ignore queries from the hub, but the hub still expects a reply.
D.The hub's EIGRP process is in classic mode, while the spoke is in named mode, causing a mismatch in the stub behavior.
AnswerA

In named mode, the stub command only limits the routes the spoke advertises, but the hub still sends queries to the spoke for all routes. If the spoke is unreachable, the query remains active until the active timer expires.

Why this answer

In EIGRP named mode, the stub feature by default includes 'connected' and 'summary' routes, but not 'static' or 'redistributed'. If the spoke is configured as a stub with the default settings, it does not advertise any routes beyond its connected interfaces. However, if the spoke has a loopback or other network that is not directly connected to the EIGRP process, the hub may still query the spoke for those routes, and if the spoke is unreachable, the query times out, causing a stuck-in-active.

The corner case is that the stub configuration in named mode does not suppress query propagation for all routes unless explicitly configured with 'leak-map' or 'receive-only'.

32
MCQeasy

What is the default behavior of an IPv4 access control list (ACL) when no explicit permit or deny statement matches a packet?

A.The packet is permitted.
B.The packet is denied.
C.The packet is logged and then permitted.
D.The ACL is ignored and the packet is forwarded.
AnswerB

Correct. All ACLs have an implicit deny any at the end.

Why this answer

By default, IPv4 ACLs have an implicit deny any statement at the end. If a packet does not match any explicit permit or deny entry, the implicit deny any is applied, causing the packet to be dropped. This behavior is fundamental to ACL security, ensuring that only explicitly permitted traffic is allowed.

Exam trap

Cisco often tests the misconception that an ACL with no matching entries will permit traffic by default, or that the ACL is simply ignored, when in fact the implicit deny any silently drops all unmatched packets.

How to eliminate wrong answers

Option A is wrong because the default behavior is to deny, not permit; an ACL does not permit unmatched packets. Option C is wrong because logging is not a default action for unmatched packets; logging is only performed if explicitly configured with a log keyword on a permit or deny statement. Option D is wrong because the ACL is never ignored; the implicit deny any is always present and enforced, so unmatched packets are dropped, not forwarded.

33
MCQhard

A network administrator configures an ACL to filter routes during redistribution, but management traffic stops working. Router R1 config: access-list 100 permit ip 10.0.0.0 0.255.255.255 any ! router eigrp 100 redistribute ospf 1 route-map FILTER ! route-map FILTER permit 10 match ip address 100 R1# show ip route 10.1.1.1 Routing entry for 10.1.1.1/32 Known via "connected", distance 0, metric 0 Redistributing via eigrp 100 What is the root cause?

A.The ACL implicit deny blocks all routes not matching 10.0.0.0/8, including management routes.
B.The route-map is missing the set metric command, causing routes to be unreachable.
C.The access-list is applied in the wrong direction.
D.The redistribute command is missing the subnets keyword.
AnswerA

The implicit deny at the end of the ACL filters out management routes, causing them not to be redistributed.

Why this answer

The ACL only permits 10.0.0.0/8, but the management traffic may use a different source or destination. The implicit deny at the end of the ACL blocks all other routes, including management prefixes. The fix is to add a permit statement for the management network or use a more specific ACL.

34
MCQhard

A network engineer runs the following command on Router R1: R1# show policy-map control-plane Control Plane Service-policy input: CoPP-IN Class-map: CoPP-BGP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 120 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop R1# show ip bgp summary BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.2 4 200 10 10 1 0 0 00:05:00 5 Based on this output, what is the most likely problem?

A.The BGP session is down.
B.The access-list 120 is not matching BGP traffic, so it is falling into class-default.
C.The police rate is too low and is dropping all BGP packets.
D.The policy-map is applied to the output direction.
AnswerB

The zero packet count indicates the class is not matching, but BGP is working, so traffic is matched by class-default.

Why this answer

The CoPP-BGP class shows zero packets, but the BGP session is established and exchanging messages. This indicates that BGP traffic is not being classified by the CoPP-BGP class, likely because the access-group 120 is not matching the BGP packets. The BGP session is up, so the traffic is being processed by the class-default instead.

35
MCQhard

An engineer configures mutual redistribution between OSPF and EIGRP on a router. After a few minutes, routing loops occur. The engineer did not configure route tagging. Which is the most likely explanation?

A.The router redistributes routes from OSPF into EIGRP, and then those routes are redistributed back into OSPF, creating a loop.
B.The seed metric is not configured, causing EIGRP to reject the redistributed routes.
C.OSPF has a lower administrative distance than EIGRP, causing route preference issues.
D.The router is running both protocols on the same interface, causing a conflict.
AnswerA

Without tagging, the router cannot prevent re-redistribution of its own routes, leading to a loop.

Why this answer

Mutual redistribution without route tagging can cause a routing loop because a route redistributed from OSPF into EIGRP may be redistributed back into OSPF, creating a feedback loop. Without a tag to mark the origin, the router cannot distinguish between a route it originated and one it learned from another protocol.

36
MCQmedium

Review the following OSPF configuration on router R4: router ospf 1 network 10.0.0.0 0.255.255.255 area 0 area 1 range 10.0.0.0 255.255.255.0 What is missing or incorrect in this configuration for proper route summarization?

A.The router must have interfaces in area 1 for the summarization to take effect.
B.The mask should be 0.0.0.255 instead of 255.255.255.0.
C.The command should be 'summary-address' instead of 'area range'.
D.The network statement should include area 1.
AnswerA

Correct. The area range command only works if the router is an ABR, meaning it has interfaces in multiple areas.

Why this answer

The area range command is used on an ABR to summarize routes from one area into another. Here, area 1 is specified, but router R4 only has network statements in area 0, so it is not an ABR for area 1. The command will have no effect.

37
MCQhard

A company uses EIGRP with route redistribution from OSPF. After configuring Flexible NetFlow to monitor traffic, engineers notice that some routes are missing from the routing table. Router R1 has: router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 route-map FILTER-OSPF. The route-map FILTER-OSPF uses a match ip address prefix-list ALLOWED. The prefix-list ALLOWED permits 10.0.0.0/8 le 24. However, a specific route 10.1.0.0/16 is not being redistributed. What is the root cause?

A.The prefix-list is misconfigured; it should be permit 10.0.0.0/8 le 16 to include /16 prefixes.
B.The route-map includes a match flow monitor statement that only matches NetFlow monitored traffic, not routing prefixes, causing the route to be denied.
C.The EIGRP metric is too high, causing the route to be suppressed.
D.The OSPF route is not in the routing table due to a missing network statement.
AnswerB

If the route-map uses match flow monitor, it will not match any route because routes are not flows. This is a common misconfiguration when combining NetFlow with route-maps.

Why this answer

The prefix-list permits 10.0.0.0/8 le 24, meaning it allows prefixes with a length up to /24. The route 10.1.0.0/16 has a prefix length of /16, which is less than 24, so it should be permitted. However, the issue may be that the route-map also has a match statement for a flow monitor or NetFlow parameters that inadvertently filter the route.

Alternatively, the redistribution may be affected by the order of operations: the route-map is applied to redistribution, but if the route-map also references a flow monitor (e.g., match flow monitor), it will not match routes. The correct answer is that the route-map includes a match flow monitor statement that only matches traffic flows, not routes, causing the route to be denied.

38
MCQmedium

A network engineer is troubleshooting a route redistribution issue between OSPF and EIGRP. Routers R1 (OSPF) and R2 (EIGRP) are redistributing routes into each other. The engineer notices that some OSPF external routes are not appearing in the EIGRP topology table on R2, although the redistribution is configured. The show ip eigrp topology command on R2 does not list the missing prefixes. What is the most likely cause?

A.The redistribute ospf command under EIGRP is missing the match internal keyword.
B.The redistribute ospf command under EIGRP is missing the match external keyword.
C.The OSPF process on R1 has a route filter blocking external routes.
D.EIGRP has a lower administrative distance than OSPF, causing route suppression.
AnswerB

Correct: Without match external, OSPF external routes are not redistributed into EIGRP.

Why this answer

When redistributing from OSPF into EIGRP, by default only OSPF internal routes are redistributed; external OSPF routes (type 5 or 7) are not included unless the match external keyword is specified. This explains why some routes are missing.

39
MCQmedium

A network engineer configures IPv6 Source Guard on an interface: interface GigabitEthernet0/3 ipv6 verify source What is the immediate effect of this command?

A.The interface filters all incoming IPv6 traffic unless the source address is in the DHCP snooping binding table.
B.The interface allows all IPv6 traffic but logs violations.
C.The interface only filters Neighbor Discovery messages.
D.The interface requires a static binding to be configured first.
AnswerA

IPv6 Source Guard checks source IPv6 and MAC against the binding table; unmatched traffic is dropped.

Why this answer

IPv6 Source Guard with no additional parameters uses the DHCPv6 snooping binding table to validate source addresses. It filters traffic based on source IPv6 and MAC addresses.

40
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 interface gigabitethernet 0/0 | include uRPF IPv6 uRPF: loose mode Based on this output, what is the operational state of uRPF on this interface?

A.uRPF is disabled
B.uRPF is enabled in strict mode
C.uRPF is enabled in loose mode
D.uRPF is enabled but only for IPv4
AnswerC

The output confirms loose mode uRPF.

Why this answer

The command 'show ipv6 interface gigabitethernet 0/0 | include uRPF' returns 'IPv6 uRPF: loose mode', which directly indicates that unicast Reverse Path Forwarding (uRPF) is enabled and operating in loose mode on this interface. Loose mode checks only that a source address exists in the routing table, without requiring that the incoming interface matches the best return path.

Exam trap

Cisco often tests the distinction between 'loose mode' and 'strict mode' by presenting output that clearly states the mode, but candidates may confuse 'loose' with 'disabled' or incorrectly assume that any uRPF output implies strict mode.

How to eliminate wrong answers

Option A is wrong because the output explicitly shows 'IPv6 uRPF: loose mode', which means uRPF is enabled, not disabled. Option B is wrong because the output specifies 'loose mode', not 'strict mode'; strict mode would require both a matching routing table entry and that the incoming interface is the best return path. Option D is wrong because the command is specific to IPv6 (as indicated by 'ipv6 interface'), and the output confirms IPv6 uRPF is active; uRPF for IPv4 is configured separately under the 'ip verify unicast source reachable-via' command.

41
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface. Traffic from a legitimate source IP is being dropped. The network has asymmetric routing. Which is the most likely explanation?

A.The router receives the packet on an interface that is not the best return path to the source IP, causing strict uRPF to drop it.
B.The source IP is not in the routing table at all.
C.The uRPF configuration is missing the 'allow-default' option.
D.The router is using loose mode instead of strict mode.
AnswerA

Strict uRPF requires the incoming interface to be the same as the outgoing interface for the source IP; asymmetric routing violates this.

Why this answer

Strict uRPF checks that the source IP of incoming traffic matches the best reverse route via the same interface. In asymmetric routing, traffic may arrive on an interface different from the one the router would use to send traffic back to that source, causing strict uRPF to drop the traffic.

42
MCQmedium

A network engineer is troubleshooting a route summarization issue in a network using RIP. Router R1 is configured with the 'ip summary-address rip 192.168.0.0 255.255.252.0' command on its serial interface. After the configuration, R2, which is connected via that interface, can no longer reach the 192.168.1.0/24 subnet, although other subnets within the summary are reachable. What is the most likely cause?

A.The 192.168.1.0/24 subnet is not directly connected to R1, so it cannot be summarized.
B.The summary route 192.168.0.0/22 is being advertised with a higher metric than the specific routes, causing R2 to prefer a different path.
C.The summary address command was applied on the wrong interface, causing the summary to be sent out all interfaces, including the one facing the 192.168.1.0/24 subnet's origin.
D.The 192.168.1.0/24 subnet is not included in the summary range because the summary mask is /22, but the subnet's network address is 192.168.1.0, which is within the range, but the RIP process may have a split-horizon issue preventing the route from being advertised.
AnswerD

Correct. In RIP, split horizon prevents a route from being advertised out the interface it was learned on. If the 192.168.1.0/24 subnet was learned on the same interface where the summary is applied, it will not be advertised, causing loss of connectivity.

Why this answer

In RIP, the summary-address command suppresses the advertisement of more specific routes. However, if the summary route is not installed in the routing table (e.g., due to a metric issue), the specific routes may still be suppressed, causing loss of connectivity.

43
MCQmedium

What is the default BFD hello timer interval on Cisco IOS-XE when BFD is configured on an interface without any explicit timer settings?

A.100 milliseconds
B.500 milliseconds
C.1000 milliseconds
D.2000 milliseconds
AnswerC

The default BFD hello interval is 1000 ms (1 second) on Cisco IOS-XE.

Why this answer

The default BFD hello interval on Cisco IOS-XE is 1000 milliseconds (1 second) unless overridden by the bfd interval command.

44
MCQhard

An engineer configures SNMPv2c with a community string 'public' and an ACL that permits only the NMS IP address. The NMS can poll the router successfully. Later, the engineer adds a second community string 'monitor' with a different ACL that permits a second NMS. The first NMS now fails to poll. Which is the most likely explanation?

A.The ACL for the 'public' community string was accidentally removed when the 'monitor' community string was added.
B.The second community string 'monitor' has a higher priority and overrides the first.
C.The router can only support one community string at a time.
D.The first NMS must be reconfigured to use the 'monitor' community string.
AnswerA

If the engineer used the 'no snmp-server community public' command to reconfigure, the ACL might have been removed; the new configuration might not include the ACL, allowing all IPs or none.

Why this answer

When multiple community strings are configured, the router matches the community string from the request. If the first NMS sends the community string 'public', it should still work. However, if the ACL for 'public' is inadvertently removed or modified, or if the second community string's ACL inadvertently blocks the first NMS, issues can arise.

45
MCQmedium

A network engineer runs the following command to troubleshoot a BGP Troubleshooting issue: R1# show bgp neighbors 10.1.1.2 received-routes BGP table version is 14, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/24 10.1.1.2 0 100 0 65001 i *> 192.168.1.0/24 10.1.1.2 0 100 0 65001 i Total number of prefixes 2 What does this output indicate?

A.R1 is receiving two routes from neighbor 10.1.1.2, both from AS 65001.
B.R1 is sending two routes to neighbor 10.1.1.2.
C.R1 is receiving two routes, but one is filtered out by inbound policy.
D.R1 is receiving two routes, but the neighbor is not reachable.
AnswerA

The output shows two prefixes with path AS 65001, received from the neighbor.

Why this answer

The show bgp neighbors received-routes command displays routes received from the neighbor 10.1.1.2. Both routes have next hop 10.1.1.2 and originate from AS 65001. The 'valid' and 'best' status indicates they are installed in the routing table.

46
MCQeasy

What is the default maximum hop count for RIP routes in Cisco IOS?

A.15
B.16
C.255
D.10
AnswerA

Correct. 15 is the maximum hop count; 16 is considered infinity.

Why this answer

RIP uses a hop count metric with a maximum of 15 hops; 16 indicates an unreachable route. This is a fundamental loop prevention mechanism.

47
MCQhard

Two routers R1 and R2 are connected via Ethernet. R1 has: interface GigabitEthernet0/0 ip ospf network point-to-point R2 has default OSPF network type (broadcast). R1 shows: R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 10.1.1.2 GigabitEthernet0/0 R2 shows: R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.1 1 FULL/DR 00:00:30 10.1.1.1 GigabitEthernet0/0 R1 is not installing OSPF routes from R2. What is the root cause?

A.OSPF network type mismatch prevents proper LSA exchange, causing R1 to ignore routes from R2.
B.R1 has a higher OSPF priority, causing it to become DR and not accept routes.
C.The dead timer mismatch causes adjacency to be unstable.
D.R2 is not configured with the same OSPF process ID.
AnswerA

R1 is configured as point-to-point, R2 as broadcast. This causes R1 to not process Type 2 LSAs from R2.

Why this answer

OSPF network type mismatch: R1 is point-to-point, R2 is broadcast. On the point-to-point side, R1 expects no DR/BDR election and uses a different LSA format. The broadcast side sees R1 as DR (because R1's priority is 0? Actually R1 has priority 0? Output shows R1's neighbor has priority 0, but R2 shows R1 as DR.

This inconsistency causes adjacency but routes are not exchanged properly due to LSA type mismatch. The fix is to match network types.

48
MCQeasy

Which of the following is a valid 'set' action in a PBR route-map?

A.set metric 100
B.set ip next-hop 10.0.0.1
C.set tag 5
D.set community 100:100
AnswerB

This is a standard PBR action to override the routing table.

Why this answer

PBR supports 'set ip next-hop', 'set interface', 'set ip default next-hop', 'set default interface', and 'set ip tos/precedence'. 'set metric' is not a PBR action.

49
MCQmedium

An engineer is troubleshooting a network where R1 and R2 are running iBGP, and R1 learns the prefix 192.168.1.0/24 from R2 with an AD of 200. R1 also learns the same prefix via OSPF from R3 with AD 110. The engineer notices that R1 uses the iBGP route. What configuration change would cause this?

A.The engineer applied the distance bgp 20 200 200 command, which lowers eBGP AD but not iBGP.
B.The engineer applied the distance 150 0.0.0.0 255.255.255.255 under the OSPF process, raising OSPF AD to 150.
C.The engineer applied the distance bgp 20 100 200 command, lowering iBGP AD to 100.
D.The OSPF route is a type 5 LSA, which has a higher AD than type 3 LSAs.
AnswerB, C

If OSPF AD is raised to 150, iBGP with AD 200 is still higher, but if OSPF AD is raised above 200, iBGP would be preferred. However, raising OSPF to 150 still leaves OSPF preferred. To make iBGP preferred, OSPF AD must be >200 or iBGP AD lowered. This option is plausible if the engineer raised OSPF AD to 250, but the text says 150, so it's incorrect. Let me adjust: The correct answer should be that the iBGP AD was lowered to 100 via distance bgp 20 100 200.

Why this answer

iBGP routes have an AD of 200 by default, which is higher than OSPF's 110, so OSPF should be preferred. If iBGP is preferred, the AD of iBGP must have been lowered or the OSPF AD raised.

50
MCQmedium

In EIGRP, what is the default behavior of auto-summary in IOS-XE versions 15.0 and later?

A.Auto-summary is enabled by default.
B.Auto-summary is disabled by default.
C.Auto-summary is enabled only for EIGRP named mode.
D.Auto-summary is disabled only for EIGRP classic mode.
AnswerB

Cisco changed the default to disabled starting with IOS-XE 15.0.

Why this answer

Cisco IOS-XE 15.0 and later have auto-summary disabled by default for EIGRP, unlike older IOS versions where it was enabled by default.

51
MCQmedium

A network engineer is troubleshooting an issue where IPv6 traffic is being forwarded incorrectly on a switch. The switch is configured with IPv6 Source Guard on access ports. A legitimate host on port Fa0/1 with IPv6 address 2001:db8:1::10 is unable to send traffic to the default gateway. The engineer checks the IPv6 binding table and sees that the host's entry is missing. What is the most likely cause?

A.The host is using a static IPv6 address, and ND snooping is not enabled on the VLAN, so the binding was never learned.
B.The host's MAC address is not in the MAC address table for VLAN 1.
C.The switch is running IPv6 First Hop Security in monitor mode, which logs violations but does not drop traffic.
D.The default gateway router is not sending Router Advertisements, so the host cannot form a default route.
AnswerA

Correct because IPv6 Source Guard relies on ND snooping to learn static addresses; without it, the host's traffic is dropped.

Why this answer

IPv6 Source Guard requires a valid binding entry (learned via DHCPv6 snooping or ND snooping) to permit traffic. If the host is using a static IPv6 address, ND snooping must be enabled to learn the binding; otherwise, traffic is dropped.

52
MCQeasy

A network engineer runs the following command on Router PE3: PE3# show ip vrf interfaces Interface IP-Address VRF Protocol Gi0/0 10.1.1.1 CUSTOMER_C up Gi0/1 10.2.2.1 CUSTOMER_D up Based on this output, which statement is correct?

A.Both interfaces are correctly assigned to VRFs and are operational.
B.Interface Gi0/0 is down.
C.VRF CUSTOMER_C has no routes.
D.The router has no VRF configuration.
AnswerA

The output shows both interfaces are up and assigned to VRFs.

Why this answer

The show ip vrf interfaces command displays VRF-to-interface mappings. Both interfaces are up and assigned to VRFs CUSTOMER_C and CUSTOMER_D respectively. This indicates proper VRF configuration.

53
MCQhard

DMVPN network with hub R1 and spoke R2. R1 has: interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp authentication cisco123 R2 has: interface Tunnel0 ip address 172.16.1.2 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 ip nhrp authentication cisco123 R2 shows: R2# show dmvpn Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete NHRP domain: 1 Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHC:172.16.1.2, NBMA:10.2.2.2 (no NHRP mappings) R2# ping 172.16.1.1 source 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) What is the root cause?

A.The hub R1 is missing the 'ip nhrp map multicast dynamic' command.
B.The authentication string is mismatched between hub and spoke.
C.The tunnel mode on R2 should be 'tunnel mode gre ip' instead of multipoint.
D.The NHRP network ID must be different on hub and spoke.
AnswerA

Without this command, the hub does not accept NHRP registrations from spokes, so the spoke cannot build a mapping.

Why this answer

The NHRP authentication strings do not match: R1 has 'cisco123', R2 has 'cisco123'? They match. But the output shows no NHRP mappings. The issue is that the spoke R2 has not registered with the hub.

This could be due to a mismatch in NHRP network ID, but they match. Another possibility is that the hub's tunnel interface is not configured with 'ip nhrp map multicast dynamic' to accept registrations. Without that, the hub does not add the spoke to its NHRP database, and the spoke cannot resolve the hub's NBMA address.

The ping fails because the spoke has no NHRP mapping for the hub.

54
MCQhard

An MPLS network is experiencing label distribution failures. Router R1 is an LSR connected to R2. R1's show mpls ldp neighbor shows R2 in OPERATIONAL state, but show mpls ldp bindings shows no label bindings for prefixes learned via OSPF from R2. R1's mpls ldp router-id is 1.1.1.1, and R2's is 2.2.2.2. The OSPF process on R1 advertises the loopback0 interface with ip address 1.1.1.1 255.255.255.255, and R2's loopback0 is 2.2.2.2. The link between them is 192.168.1.0/30. What is the root cause?

A.The LDP router-id on R1 is not reachable from R2 because OSPF is not advertising the loopback0 route, causing LDP to not exchange label bindings.
B.The mpls ldp label allocation is configured as 'per-prefix' instead of 'per-interface'.
C.The OSPF process on R1 has a route-map filtering the loopback route.
D.The LDP session is using the interface IP address as transport, but OSPF is not advertising the interface network.
AnswerA

If the router-id is not reachable, LDP session may form using the link address, but label bindings for prefixes learned via OSPF may fail because the transport address is not routable.

Why this answer

R1 shows R2 as an LDP neighbor in OPERATIONAL state, meaning the LDP session (TCP port 646) is established. However, no label bindings are exchanged for OSPF-learned prefixes from R2. LDP uses the router-id (1.1.1.1) as the transport address for label binding exchange.

If OSPF does not advertise R1's loopback0 (1.1.1.1/32), R2 cannot reach this address, so LDP cannot complete the label mapping exchange, even though the neighbor session is up. The correct root cause is that R1's LDP router-id is not reachable from R2.

Exam trap

Cisco often tests the distinction between LDP neighbor adjacency (which can form using link-local addresses) and the actual exchange of label bindings, which requires the LDP router-id to be reachable via the IGP; candidates mistakenly assume an OPERATIONAL neighbor state guarantees full label exchange.

How to eliminate wrong answers

Option B is wrong because 'per-prefix' vs 'per-interface' label allocation affects how labels are assigned to FECs, not the exchange of label bindings between LDP peers; the issue is reachability of the transport address. Option C is wrong because there is no evidence of a route-map filtering the loopback route; the question states OSPF advertises the loopback0 interface, and a missing route is more likely due to OSPF not including the loopback in the routing process (e.g., not configured under router ospf). Option D is wrong because LDP sessions use the LDP router-id (not the interface IP) as the transport address by default; even if the interface network is advertised, the session transport address must be reachable, and the problem is specifically the loopback route.

55
MCQmedium

What is missing from this RSPAN configuration on a switch? monitor session 1 source interface GigabitEthernet1/0/1 both monitor session 1 destination remote vlan 100 Assume VLAN 100 exists but is not configured as an RSPAN VLAN.

A.The 'remote-span' command under VLAN 100.
B.An IP address on the destination interface.
C.A destination interface on the source switch.
D.The 'no shutdown' command on VLAN 100.
AnswerA

This is required to designate the VLAN as an RSPAN VLAN.

Why this answer

For RSPAN to work, the VLAN used as the destination remote VLAN must be configured with the 'remote-span' command. Without it, the session will not function correctly.

56
MCQmedium

A network engineer runs the following command to troubleshoot an EIGRP issue: R1# debug eigrp packets update *Mar 1 00:10:15.456: EIGRP: received packet with opcode = 2 (Update) on GigabitEthernet0/0, src 10.1.2.2 dst 10.1.2.1 *Mar 1 00:10:15.456: EIGRP: Update contains 5 routes, version 145, seq 10 *Mar 1 00:10:15.456: EIGRP: Update update/interval, 10.1.1.0/24 metric 131072 *Mar 1 00:10:15.456: EIGRP: Update update/interval, 10.2.2.0/24 metric 131072 *Mar 1 00:10:15.456: EIGRP: Update update/interval, 10.3.3.0/24 metric 131072 *Mar 1 00:10:15.456: EIGRP: Update update/interval, 10.4.4.0/24 metric 131072 *Mar 1 00:10:15.456: EIGRP: Update update/interval, 10.5.5.0/24 metric 131072 What does this output indicate?

A.The neighbor is sending a partial update with five routes, which is typical for a triggered update after a topology change.
B.The neighbor is sending a full update, which occurs during initial neighbor formation or after a major change.
C.The neighbor is sending a periodic update with five routes, which is normal EIGRP behavior.
D.The neighbor is sending an update with incorrect metrics, causing routing issues.
AnswerC

EIGRP sends periodic updates (every 90 seconds by default) to maintain neighbor state, and this debug shows such an update.

Why this answer

The debug shows an EIGRP Update packet received from 10.1.2.2 containing five routes. This is a normal update, likely sent as a periodic or triggered update. The 'update/interval' indicates the update is being sent due to the periodic update timer.

57
MCQeasy

What is the default EIGRP hello interval on a point-to-point serial interface with bandwidth 1544 Kbps?

A.5 seconds
B.60 seconds
C.10 seconds
D.30 seconds
AnswerA

Correct. EIGRP default hello interval for point-to-point interfaces with bandwidth >= 1544 Kbps is 5 seconds.

Why this answer

EIGRP uses a default hello interval of 5 seconds on high-speed interfaces (bandwidth >= 1544 Kbps) and 60 seconds on low-speed interfaces (bandwidth <= 1544 Kbps).

58
MCQmedium

Which statement correctly describes the behavior of PBR when the next-hop specified in a 'set ip next-hop' command is unreachable?

A.The packet is dropped immediately.
B.The router sends an ICMP unreachable message.
C.The router uses the routing table to forward the packet.
D.The router uses the default route if configured.
AnswerC

If the PBR next-hop is unreachable, the router performs a normal routing table lookup.

Why this answer

If the next-hop is unreachable, PBR will fall back to the normal routing table lookup, unless a 'set ip default next-hop' is configured.

59
MCQhard

An EIGRP network is experiencing a stuck-in-active (SIA) condition for a route 192.168.1.0/24. R1 has the following configuration: router eigrp 100 network 10.0.0.0 distribute-list prefix PL-FILTER in. R2 shows: 'show ip eigrp topology 192.168.1.0/24' is in active state, and 'show ip eigrp events' shows that R1 sent a query but never received a reply. R1's prefix-list PL-FILTER permits only 10.0.0.0/8. What is the root cause?

A.The distribute-list inbound on R1 filters the EIGRP query for 192.168.1.0/24, preventing R1 from replying and causing SIA on R2.
B.The EIGRP K-values are mismatched between R1 and R2.
C.The route 192.168.1.0/24 is not in R1's topology table, so it cannot reply.
D.The EIGRP timers on R1 are set too high, causing a delay in reply.
AnswerA

EIGRP distribute-lists applied inbound also filter queries. Since the prefix 192.168.1.0/24 is not permitted by PL-FILTER, R1 drops the query and does not send a reply, leaving R2 in active state.

Why this answer

The distribute-list prefix PL-FILTER in on R1 filters incoming routes, but it also affects queries. When R2 sends a query for 192.168.1.0/24, R1 receives it but the distribute-list filters the query (since the prefix is not permitted), so R1 does not process it and does not send a reply. This causes R2 to wait indefinitely for a reply, leading to an SIA condition.

The distribute-list should be applied outbound or should permit the necessary prefixes to allow queries to be processed.

60
MCQhard

MPLS network: LDP neighbors are down between R1 and R2. R1 shows: show mpls ldp neighbor includes nothing. R2 has: interface GigabitEthernet0/0, mpls ip, but R1 has no mpls ip on its interface. What is the root cause?

A.R1 and R2 are in different MPLS domains.
B.R1's interface lacks the mpls ip command, preventing LDP hello transmission.
C.LDP router IDs are not reachable.
D.The label distribution protocol is set to TDP instead of LDP.
AnswerB

mpls ip enables LDP on the interface; missing it stops LDP.

Why this answer

The root cause is that R1's interface is missing the 'mpls ip' command. This command is required on each interface to enable MPLS forwarding and to send LDP hello messages (UDP port 646) to neighbors. Without it, R1 cannot discover R2 as an LDP neighbor, so the LDP session never forms, and 'show mpls ldp neighbor' returns nothing on R1.

Exam trap

Cisco often tests the specific requirement of the 'mpls ip' interface command for LDP neighbor discovery, leading candidates to incorrectly focus on reachability or protocol version issues when the problem is a missing interface-level command.

How to eliminate wrong answers

Option A is wrong because MPLS domains are not a standard concept; LDP operates within a single routing domain (e.g., OSPF or IS-IS area), and mismatched domains would not prevent LDP hellos if interfaces are correctly configured. Option C is wrong because LDP router IDs not being reachable would prevent the TCP session from establishing after hellos are exchanged, but here no hellos are sent at all due to the missing 'mpls ip' command. Option D is wrong because TDP is a Cisco proprietary protocol (pre-standard) that is not used in modern IOS; even if TDP were configured, it would still require the 'mpls ip' command on the interface to send TDP hellos.

61
MCQhard

A network engineer configures a DMVPN Phase 3 network with EIGRP and uses the 'ip nhrp redirect' and 'ip nhrp shortcut' commands on the hub and spokes. Unexpectedly, spoke-to-spoke traffic still goes through the hub even after the shortcut is established, based on show ip nhrp shortcut output. Which is the most likely explanation?

A.The EIGRP route to the remote spoke's network still has the hub as the next-hop with a lower metric than the NHRP shortcut, so the router prefers the hub path.
B.The 'ip nhrp shortcut' command is not configured on the spoke's tunnel interface, so the shortcut is not used for forwarding.
C.The NHRP redirect is not enabled on the hub, so the spoke never receives redirect messages to trigger shortcut creation.
D.The spoke's CEF is disabled, causing the shortcut to not be used in the forwarding path.
AnswerA

The NHRP shortcut creates a host route or /32 route, but if the EIGRP route has a lower administrative distance or better metric, the router will use the hub path.

Why this answer

In DMVPN Phase 3, the shortcut is created when the spoke receives a redirect from the hub and sends a resolution request to the target spoke. However, for the shortcut to be used, the routing table must have a route that points to the shortcut next-hop. EIGRP, by default, installs routes with the hub as the next-hop.

The corner case is that the spoke's routing table still prefers the hub as the next-hop because the EIGRP metric for the hub route is lower than the shortcut. The fix is to use 'ip nhrp shortcut' with 'ip nhrp redirect' and ensure that the routing protocol's metric is adjusted (e.g., using offset-list) or that the shortcut is installed with a better metric via NHRP.

63
MCQhard

In a DMVPN phase 3 network, Router R1 (hub) and R2 (spoke) have an mGRE tunnel. R1 has EIGRP configured over the tunnel with 'no ip split-horizon' and 'distance eigrp 90 100'. R2 has default EIGRP configuration. R2 learns a route to 192.168.1.0/24 via the tunnel with AD 90. Later, R2 also learns the same route via a physical interface from another spoke R3 using EIGRP with AD 90. R2's 'show ip route 192.168.1.0' shows the route via R3. What is the root cause?

A.The route via R3 has a better metric (lower composite) than the route via R1, so it is preferred.
B.R2's EIGRP process has 'variance 2' configured, causing load balancing.
C.The route via R1 is an external route (AD 100) due to redistribution, so it is less preferred.
D.R2 has a static route with AD 1 that overrides both.
AnswerA

Equal AD routes are compared by metric; the tunnel may have higher delay/bandwidth.

Why this answer

EIGRP uses metric (composite) to choose between routes with equal AD. The route via R3 might have a better metric. However, if the distance is changed on R1 to 100 for external routes, the route via R1 might have AD 100, but the question says AD 90.

The correct answer is that the route via R3 is an internal route (AD 90) with a lower metric than the route via R1 (also AD 90), so metric decides. But the trick is that the tunnel interface on R2 might have a higher delay, causing a worse metric.

64
MCQmedium

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 172.16.1.0/24 should be forwarded to next-hop 10.10.10.2. The route map 'PBR-172' is applied to interface GigabitEthernet0/0. The engineer notices that the PBR policy is not working at all. The engineer checks the route map configuration and sees 'match ip address 110' and 'set ip next-hop 10.10.10.2'. The engineer also checks the ACL 110 and confirms it matches 172.16.1.0/24. The engineer then checks the interface configuration and sees 'ip policy route-map PBR-172' applied. What should the engineer do next to isolate the issue?

A.Check if the next-hop 10.10.10.2 is reachable via the routing table.
B.Add the 'set ip default next-hop' command to the route map.
C.Change the route map to use 'set interface' instead of 'set ip next-hop'.
D.Apply the route map to the outgoing interface instead of the incoming interface.
AnswerA

Correct because PBR requires the next-hop to be reachable; if not, traffic uses the routing table.

Why this answer

The engineer should verify that the next-hop 10.10.10.2 is reachable via a directly connected interface or a static route. PBR will not forward traffic to a next-hop that is not in the routing table or not directly connected, and will fall back to the routing table. The engineer can use 'show ip route 10.10.10.2' to check reachability.

65
MCQhard

Two VRFs on router R1: VRF A and VRF B. R1 has: ip vrf A rd 100:1 route-target export 100:1 route-target import 100:2 ip vrf B rd 100:2 route-target export 100:2 route-target import 100:1 R1 shows: R1# show ip route vrf A B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 R1# show ip route vrf B B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 Router R2 (in VRF A) can ping 10.1.1.1, but router R3 (in VRF B) cannot. What is the root cause?

A.The next hop 10.2.2.2 is not reachable from VRF B due to missing interface in VRF B.
B.The route targets are reversed, causing VRF B to not import the route.
C.BGP is not configured to advertise VPNv4 routes.
D.R3 has a firewall blocking ICMP.
AnswerA

The route is present, but the next hop is not in VRF B, so the route is not usable.

Why this answer

The route targets are misconfigured for route leaking. VRF A exports with RT 100:1 and imports RT 100:2. VRF B exports with RT 100:2 and imports RT 100:1.

This creates a two-way leak, but the route 10.1.1.0/24 is learned via BGP from R2. If R2 is in VRF A, the route is exported with RT 100:1. VRF B imports RT 100:1, so VRF B should have the route.

However, the issue might be that the route is not being advertised to R3 due to BGP next-hop resolution or VRF interface issues. The output shows both VRFs have the route, so the problem is likely that R3 cannot reach the next hop 10.2.2.2 because it is in a different VRF or the interface is not in VRF B. The root cause is that the next hop is not reachable from VRF B.

66
MCQmedium

Which loop prevention mechanism is used by default in RIP within a VRF-Lite configuration?

A.Split horizon
B.Route poisoning
C.Hold-down timer
D.TTL expiry
AnswerA

Split horizon is enabled by default on RIP interfaces.

Why this answer

RIP uses split horizon as a default loop prevention mechanism, which prevents a route from being advertised out the interface from which it was learned.

67
MCQeasy

What is the default size of the logging buffer on a Cisco IOS-XE router if not explicitly configured?

A.4096 bytes
B.8192 bytes
C.16384 bytes
D.No buffer is allocated by default.
AnswerA

The default buffer size is 4096 bytes.

Why this answer

The default logging buffer size on most Cisco IOS-XE platforms is 4096 bytes. This is a standard default value that candidates should know.

68
MCQhard

Router R1 and R2 are iBGP peers. R1 learns a route 10.10.10.0/24 from an eBGP peer with local preference 200. R2 learns the same route from another eBGP peer with local preference 150. Both routers redistribute the route into OSPF with default settings. R3, an OSPF router, receives two type-5 LSAs for 10.10.10.0/24: one from R1 with metric 20, one from R2 with metric 10. R3's 'show ip route 10.10.10.0' shows the route via R1. What is the root cause?

A.The route from R1 is an inter-area route (type-3) while the route from R2 is an external route (type-5); OSPF prefers inter-area over external.
B.R3 has a static route with AD 1 that points to R1.
C.The route from R2 has a higher administrative distance because R2 is an ASBR.
D.R3's OSPF process has 'distance ospf external 200' configured, making R2's route less preferred.
AnswerA

OSPF route selection prefers intra-area, then inter-area, then external type-1, then external type-2. Inter-area is preferred over external.

Why this answer

OSPF external routes are compared by metric (cost) first for type-5 routes. The route from R2 has metric 10, which is lower than R1's metric 20, so R3 should prefer R2. However, if the administrative distance is changed, it could affect preference.

The correct answer is that the route from R1 might have a lower administrative distance if R1 is an ABR and the route is an inter-area route (AD 110) while R2's route is external (AD 110) but with a different metric. But both are external. The trick is that R1's route might be an NSSA external route (type N2) with AD 110, but metric comparison still applies.

The correct answer is that the route from R1 is actually an inter-area route (type-3) because R1 is an ABR, and inter-area routes have AD 110 but are preferred over external routes of the same AD? No, OSPF prefers intra-area > inter-area > external. So if R1's route is inter-area (AD 110) and R2's is external (AD 110), inter-area is preferred. This is the most likely.

69
MCQhard

Router R4 is configured as an SNMP agent for a large network. The NMS is at 10.10.10.10. The configuration includes: snmp-server community mycom RO, snmp-server host 10.10.10.10 version 2c mycom, snmp-server enable traps. However, the NMS receives no traps. R4's show snmp statistics shows TrapsSent: 0, and show snmp pending shows no pending. The NMS can poll R4 using the community string 'mycom'. What is the root cause?

A.The community string 'mycom' is configured as read-only (RO), but SNMP trap notifications require a read-write (RW) community string on some IOS versions.
B.The NMS is not listening on UDP port 162.
C.The router's SNMP agent is disabled due to low memory.
D.The 'snmp-server enable traps' command is missing specific trap types.
AnswerA

In certain IOS versions, traps are only sent if the community string has RW privileges. The RO community cannot be used for trap generation.

Why this answer

The community string 'mycom' is used for both read-only access and trap notification. However, the 'snmp-server host' command uses the community string as a key for trap authentication. If the community string is configured as RO, it may not be allowed to send traps because traps require RW access in some implementations.

But more commonly, the issue is that the trap source interface is not configured, and the router uses the outgoing interface IP, which may not be reachable from the NMS. However, the NMS can poll, so reachability is fine. The correct answer is: 'The community string 'mycom' is configured as read-only (RO), but SNMP trap notifications require a read-write (RW) community string on some IOS versions.'

70
Multi-Selectmedium

Which TWO commands would a network engineer use to verify the operation of an Embedded Event Manager (EEM) applet that triggers on a syslog pattern? (Choose TWO.)

Select 2 answers
A.show event manager history events
B.show event manager policy active
C.show event manager detector syslog
D.show event manager environment
E.debug event manager action all
AnswersA, B

This command shows the history of EEM events, including syslog-triggered events, allowing verification that the applet fired.

Why this answer

The 'show event manager history events' command displays recent EEM events, including those triggered by syslog patterns, while 'show event manager policy active' lists currently registered and active EEM applets. The other options either show unrelated EEM data or require additional configuration to be useful.

71
MCQmedium

In OSPFv3, what is the purpose of the link-local address in the neighbor adjacency process?

A.The link-local address is used as the router ID for OSPFv3.
B.The link-local address is used as the source address for OSPFv3 packets and for next-hop resolution.
C.The link-local address is only used for DR/BDR election.
D.The link-local address is not used in OSPFv3; global unicast addresses are used instead.
AnswerB

Correct. OSPFv3 packets are sourced from the link-local address, and next hops are link-local addresses.

Why this answer

OSPFv3 uses link-local addresses for neighbor discovery and as the source address for OSPF packets. This is a change from OSPFv2, which uses the interface's IPv4 address. The link-local address is used for next-hop resolution and adjacency formation.

72
MCQmedium

A network engineer runs the following command to troubleshoot a BGP Troubleshooting issue: R1# show bgp ipv4 unicast 192.168.1.0/24 BGP routing table entry for 192.168.1.0/24, version 12 Paths: (2 available, best #2, table default) Advertised to update-groups: 1 Refresh Epoch 1 65001 10.1.1.2 from 10.1.1.2 (10.1.1.2) Origin IGP, metric 0, localpref 100, valid, external, best Refresh Epoch 2 65002 10.2.2.2 from 10.2.2.2 (10.2.2.2) Origin IGP, metric 0, localpref 50, valid, external What does this output indicate?

A.Both paths are equally preferred, and BGP load-balances traffic to 192.168.1.0/24.
B.The path from AS 65002 is preferred because it has a lower local preference.
C.The path from AS 65001 is the best path due to its higher local preference of 100.
D.The path from AS 65002 is the best path because it has a lower metric.
AnswerC

Local preference is a weight attribute; higher values are preferred. The path with localpref 100 is selected as best.

Why this answer

The show bgp ipv4 unicast command displays BGP paths for a specific prefix. Here, two paths are available: one from AS 65001 with local preference 100, and one from AS 65002 with local preference 50. The path with higher local preference (100) is selected as best.

73
MCQmedium

A router has the following BFD configuration for a static route: ip route 10.0.0.0 255.255.255.0 192.168.1.2 bfd map 192.168.1.2 10.0.0.0 255.255.255.0 interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3 ! What is the purpose of the 'bfd map' command in this context?

A.It maps the BFD session to the interface, enabling BFD for all static routes using that interface.
B.It creates a BFD session to the next-hop 192.168.1.2 and associates it with the static route to 10.0.0.0/24.
C.It maps the BFD session to the OSPF process, which is incorrect for static routes.
D.It is used to configure BFD for multiple static routes simultaneously.
AnswerB

Correct. The 'bfd map' command creates a BFD session to the specified next-hop and ties it to the static route so that the route is withdrawn if BFD goes down.

Why this answer

For static routes, BFD must be explicitly mapped to the next-hop and destination prefix. The 'bfd map' command associates a BFD session with a static route so that if BFD detects a failure, the static route is removed from the routing table.

74
MCQhard

An engineer configured IP SLA 40 with a UDP echo probe to monitor a remote server port 80. The IP SLA is used in a track object for a backup static route. The engineer observes that the IP SLA state is 'Timeout' even though the server is reachable via ping from the router. What is the most likely cause?

A.The router's firewall is blocking UDP packets to the server.
B.The server is not running a UDP service on port 80; HTTP uses TCP, so the UDP probe will fail.
C.The IP SLA frequency is set too high, causing the router to miss responses.
D.The track object is misconfigured with the wrong IP SLA number.
AnswerB

UDP echo probes expect a UDP service on the target port. Port 80 is typically TCP, so the probe times out.

Why this answer

UDP echo probes require a service listening on the specified port. If the server does not have a UDP service on port 80 (HTTP uses TCP), the probe will timeout.

75
MCQhard

A router has CoPP configured with a class-map that matches OSPF traffic and polices it to 2000 pps. The router is also configured with an OSPF distribute-list in to filter routes. After applying CoPP, OSPF neighbors form, but routes from a specific neighbor are missing. The distribute-list permits all routes. Which is the most likely explanation?

A.The distribute-list is applied incorrectly and blocks all routes.
B.CoPP drops OSPF LSU packets, preventing route installation, while hello packets still form the adjacency.
C.OSPF uses TCP, and CoPP only polices UDP.
D.The CoPP policy is applied to the wrong control plane subinterface.
AnswerB

LSUs carry the actual routes; if dropped, routes are missing even though the neighbor is up.

Why this answer

CoPP polices OSPF packets, but OSPF uses different packet types (hello, DBD, LSR, LSU, LSAck). If the police rate is exceeded, LSU packets may be dropped while hello packets pass. The distribute-list is not the issue; the missing routes are due to dropped LSUs.

Page 1 of 29

Page 2