Cisco CCNP ENARSI 300-410 (300-410) — Questions 9761050

2152 questions total · 29pages · All types, answers revealed

Page 13

Page 14 of 29

Page 15
976
MCQeasy

Which statement is true about the implicit deny any at the end of an IPv4 ACL?

A.It can be overridden by adding a permit any at the end.
B.It is invisible and applies only to TCP traffic.
C.It is always present and cannot be removed or overridden.
D.It denies all traffic not explicitly permitted and is always present.
AnswerD

The implicit deny any is a fundamental property of Cisco ACLs.

Why this answer

Option D is correct because every IPv4 ACL has an implicit deny any statement at the end that denies all traffic not explicitly permitted by earlier entries. This implicit rule is always present and cannot be removed, ensuring that only traffic matching a permit entry is allowed through the ACL.

Exam trap

Cisco often tests the misconception that the implicit deny any can be removed or that it only applies to specific protocols, when in fact it is a permanent, protocol-agnostic rule that denies all unmatched traffic.

How to eliminate wrong answers

Option A is wrong because the implicit deny any cannot be overridden; adding a permit any at the end explicitly permits all traffic, effectively negating the implicit deny, but the implicit rule itself remains in the ACL logic. Option B is wrong because the implicit deny any applies to all IP traffic, not just TCP; it covers UDP, ICMP, and any other IP protocol. Option C is wrong because while the implicit deny any is always present and cannot be removed, it can be overridden by a permit any statement placed before it in the ACL; the statement 'cannot be overridden' is incorrect.

977
MCQeasy

What is the default hello interval for OSPFv3 on a broadcast network type in Cisco IOS-XE?

A.10 seconds
B.30 seconds
C.40 seconds
D.5 seconds
AnswerA

Default hello interval for OSPFv3 on broadcast networks is 10 seconds.

Why this answer

OSPFv3 uses the same default hello interval as OSPFv2: 10 seconds on broadcast and point-to-point networks.

978
MCQhard

An engineer enables uRPF (strict mode) on an interface facing the Internet. Legitimate traffic from a customer network is being dropped. The customer network uses asymmetric routing where return traffic takes a different path. Which is the most likely explanation?

A.The uRPF strict mode requires that the source IP's best path is out the same interface; asymmetric routing violates this.
B.The uRPF loose mode should be used instead, as it only requires a route to the source IP in the FIB.
C.The customer network is using private IP addresses that are not routable.
D.The uRPF allow-default option is missing, which is required for default routes.
AnswerA

Strict mode drops packets if the reverse path does not match the incoming interface, which occurs with asymmetric routing.

Why this answer

Strict uRPF checks that the source IP of incoming packets has a route in the FIB pointing back to the same interface. With asymmetric routing, the return path may use a different interface, causing the check to fail and the packet to be dropped.

979
MCQhard

R1 and R2 are connected via an IPsec VPN tunnel. R1 has a static route to 10.10.10.0/24 pointing to the tunnel interface. R2 has a static route to 192.168.1.0/24 pointing to the tunnel interface. Both routers have BGP configured between loopback addresses over the tunnel. BGP peering is established, but R1 cannot ping 10.10.10.1 (R2's loopback) from its loopback. R1's show ip bgp shows the route as valid but not best. What is the root cause?

A.The static route to 10.10.10.0/24 via tunnel causes recursive routing failure because the tunnel destination is not reachable.
B.BGP next-hop-self is not configured on R2.
C.The IPsec tunnel is not encrypting BGP traffic.
D.The BGP network statement for 10.10.10.0/24 is missing on R2.
AnswerA

The static route references the tunnel interface, but the tunnel's destination IP must be reachable via another route. If not, the route is invalid, and BGP cannot use the next-hop.

Why this answer

The correct answer is A because R1's static route to 10.10.10.0/24 points to the tunnel interface, but the tunnel destination (the remote peer's public IP) is not reachable via a valid routing path. This creates a recursive routing failure: the router tries to resolve the tunnel interface's next-hop (the tunnel destination) but cannot find a route to it, causing the BGP route to be marked as valid but not best. Without a reachable tunnel destination, the IPsec VPN cannot forward traffic, so pings from R1's loopback to 10.10.10.1 fail.

Exam trap

Cisco often tests the concept of recursive routing failure in IPsec VPN scenarios, where candidates mistakenly focus on BGP configuration issues (like next-hop-self or network statements) instead of recognizing that the tunnel destination must be reachable independently of the tunnel itself.

How to eliminate wrong answers

Option B is wrong because next-hop-self on R2 would change the next-hop of BGP routes advertised to R1 to R2's own IP, but the issue here is that the BGP route is valid but not best due to recursive routing failure, not because of next-hop reachability. Option C is wrong because the IPsec tunnel not encrypting BGP traffic would not cause the BGP route to be valid but not best; it might cause a peering issue or packet drop, but the route would still be considered best if reachable. Option D is wrong because the BGP network statement for 10.10.10.0/24 on R2 is not required for R1 to learn the route via BGP; R2 can advertise the route via network or redistribution, and the problem is on R1's side with recursive routing, not on R2's advertisement.

980
MCQmedium

A network engineer runs the following command to troubleshoot BFD with BGP: R1# show bgp ipv4 unicast 10.3.3.0/24 BGP routing table entry for 10.3.3.0/24, version 2 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local 10.1.1.2 from 10.1.1.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 BFD enabled, BFD state: UP What does this output indicate?

A.BGP is using BFD with state UP, enabling sub-second failure detection for this prefix.
B.BFD is disabled for this BGP neighbor.
C.BFD state is DOWN, so BGP uses its own timers.
D.BGP is using BFD only for IPv6 prefixes.
AnswerA

BFD is enabled and UP, allowing BGP to detect failures faster than BGP keepalive/hold timers.

Why this answer

The output shows that BFD is enabled for the BGP session and the BFD state is UP, indicating fast failure detection for the BGP neighbor.

981
MCQhard

What is the default behavior of PBR when a 'set ip next-hop' is configured with an IP address that is not directly connected?

A.The router performs a recursive lookup to find the next-hop.
B.The packet is forwarded using the routing table.
C.The packet is dropped.
D.The router sends an ICMP redirect.
AnswerC

PBR requires the next-hop to be directly connected by default; otherwise, the packet is dropped.

Why this answer

By default, PBR requires the next-hop to be directly connected. If it is not directly connected, the packet is dropped unless 'set ip next-hop verify-availability' is used or the next-hop is reachable via a recursive lookup (which requires additional configuration).

982
MCQmedium

A network engineer is troubleshooting an OSPFv2 route flapping issue. The router R1 is learning a route to 192.168.1.0/24 via two different paths: one through R2 and one through R3. The route is flapping between the two paths every few seconds. 'show ip ospf interface' shows that both interfaces are stable. What is the most likely cause?

A.The routers R2 and R3 have the same OSPF router ID.
B.The route is being redistributed by both R2 and R3 with different metrics.
C.The OSPF network type on the interfaces is set to broadcast, causing DR/BDR instability.
D.The link between R1 and R2 has a high error rate causing intermittent packet loss.
AnswerA

Duplicate router IDs can cause OSPF to see the same route from two different neighbors as different, leading to route flapping.

Why this answer

Route flapping can be caused by a number of issues, but if the interfaces are stable, the problem is likely due to a routing loop or a metric issue. One common cause is that the routers are using the same router ID, causing OSPF to see the same route from two different neighbors as equal-cost paths, but the route may be flapping due to a change in the metric. Another cause is that the link between R1 and R2 is flapping at Layer 1, but the stem says the interfaces are stable.

The most likely cause is that the routers have duplicate router IDs, which can cause OSPF to treat the same route as two different routes and cause instability.

983
MCQhard

A network engineer runs the following command on Router R1: R1# show ip nhrp 192.168.1.0/24 via 172.16.0.2 Tunnel0 created 00:00:15, expire 00:01:45 Type: dynamic, Flags: unique NBMA address: 10.1.1.2 192.168.2.0/24 via 172.16.0.3 Tunnel0 created 00:00:10, expire 00:01:50 Type: dynamic, Flags: unique NBMA address: 10.1.1.3 Based on this output, what is the problem?

A.The NHRP holdtime is too short, causing frequent re-registrations.
B.The NHRP entries are static and will not expire.
C.The tunnel interface is down.
D.The NBMA addresses are incorrect.
AnswerA

Expire time of 2 minutes indicates a holdtime of 120 seconds, which is low.

Why this answer

The output shows NHRP cache entries for remote networks. The expire time is decreasing, indicating these are dynamic entries learned via NHRP. The problem is that the NHRP holdtime is set to 2 minutes (120 seconds), as seen from the expire time starting at 2 minutes.

This is a short holdtime that may cause frequent re-registrations.

984
Multi-Selectmedium

Which TWO commands can be used to verify route summarization on a Cisco router running OSPF? (Choose TWO.)

Select 2 answers
A.show ip route summary
B.show ip ospf border-routes
C.show ip protocols
D.show ip route
E.show ip ospf database
AnswersA, B

This command provides a summary of the routing table, including the number of routes and memory usage, which helps verify summarization.

Why this answer

The 'show ip route summary' command provides a summary of the routing table including the number of routes and the memory used, while 'show ip ospf border-routes' displays the OSPF route table entries for ABRs and ASBRs, which can include summary routes. 'show ip protocols' does not directly show summarization details. 'show ip route' alone does not summarize. 'show ip ospf database' shows the LSDB, not the summarized routing table.

985
Drag & Dropmedium

Drag and drop the steps to configure SSH access with local AAA on a Cisco router into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, a hostname and domain name must be set to generate the RSA key pair. Then the RSA key pair is generated with the crypto key generate rsa command. Next, local AAA authentication is enabled with aaa new-model and aaa authentication login default local.

The VTY lines are then configured to use SSH transport and the local login authentication. Finally, the SSH version is set to 2 for enhanced security.

986
MCQmedium

snmp-server community public RO\nsnmp-server community private RW\nsnmp-server community secret RW What is wrong with this configuration?

A.There is no access list to restrict SNMP access.
B.The community strings must be at least 8 characters.
C.Only one read-write community is allowed.
D.The 'public' community should be read-write.
AnswerA

Without an ACL, any host can query the device using these community strings, which is a security concern.

Why this answer

Multiple read-write communities are configured (private and secret). While this is allowed, it can be a security risk. More importantly, the 'public' community is read-only, which is typical, but the configuration lacks any access list restrictions, making SNMP accessible from any source if not filtered elsewhere.

987
Multi-Selectmedium

Which TWO statements about route summarization in BGP are true? (Choose TWO.)

Select 2 answers
A.The 'aggregate-address' command creates a summary route in the BGP table.
B.The 'summary-only' keyword can be used with 'aggregate-address' to suppress more specific routes.
C.The 'network' command is used to create a summary route in BGP.
D.BGP summarization requires a route-map to suppress more specific routes.
E.Route summarization in BGP can only be configured on route reflectors.
AnswersA, B

This command is used to create an aggregate route in BGP, which can then be advertised to peers.

Why this answer

In BGP, the 'aggregate-address' command creates a summary route in the BGP table, and it can suppress more specific routes using the 'summary-only' keyword. The 'network' command is used to advertise a specific prefix, not to summarize. The 'aggregate-address' command does not require a route-map to suppress specifics; the 'summary-only' keyword does that.

BGP summarization can be done on any BGP speaker, not just route reflectors.

988
MCQhard

Router R1 is leaking a summary route 10.0.0.0/8 from VRF-A into the global routing table, but hosts in the global table cannot reach subnet 10.1.1.0/24 within VRF-A. R1 configuration: ip vrf VRF-A, rd 100:1, route-target export 100:1, route-target import 100:1. Interface Gig0/0 in VRF-A has ip address 10.1.1.1 255.255.255.0. The leaking is done via route-map: route-map LEAK permit 10, match ip address prefix-list SUMMARY, set global. Prefix-list SUMMARY permits 10.0.0.0/8. What is the root cause?

A.The summary route 10.0.0.0/8 is being installed in the global table, but the more specific route 10.1.1.0/24 is not leaked, causing traffic to be dropped.
B.The route-map should use match ip address prefix-list SPECIFIC instead of SUMMARY.
C.The VRF must have a default route to reach the global table.
D.The prefix-list should permit 10.1.1.0/24 only.
AnswerA

Correct: The summary lacks the specific route; traffic to 10.1.1.0/24 matches the summary but may be discarded if the summary points to null or is not resolved.

Why this answer

The summary route 10.0.0.0/8 covers the more specific subnet 10.1.1.0/24, but the route-map only leaks the summary, not the specific. When the global table has the summary, traffic to 10.1.1.0/24 is forwarded based on the summary, but since the specific route is not leaked, the packet may be dropped or sent to a null interface if the summary points to a discard. The issue is that the summary route does not provide reachability to the specific subnet because the specific route is not leaked.

989
MCQhard

A network engineer is troubleshooting OSPFv3 on a dual-stack network. Routers R1 and R2 are connected via a serial link. Both routers have OSPFv3 configured for IPv6. The engineer runs 'show ipv6 ospf neighbor' on R1 and sees R2 as FULL/DR. However, R1 cannot ping the IPv6 address of R2's loopback interface. 'show ipv6 route ospf' on R1 does not show any OSPF routes. What is the most likely cause?

A.The OSPFv3 process has 'no ipv6 unicast-routing' enabled globally.
B.The interface on R2 is configured as passive under OSPFv3.
C.The interface on R1 does not have an IPv6 address configured.
D.The OSPFv3 process is configured with 'default-information originate always' but no default route exists.
AnswerC

OSPFv3 requires an IPv6 address on the interface to advertise the connected prefix; without it, the router cannot originate a route for that link, and other routes may not be learned if the neighbor also lacks IPv6 addressing.

Why this answer

In OSPFv3, the network type on serial interfaces defaults to POINT-TO-POINT, but if the interface is configured as BROADCAST (e.g., using 'ipv6 ospf network broadcast'), a DR/BDR election occurs. However, the adjacency is FULL, so the issue is not adjacency. The lack of OSPF routes in the routing table suggests that the routes are not being installed.

One common reason is that OSPFv3 requires an IPv6 address on the interface, but the router may have an IPv4-only configuration or the interface may not have an IPv6 address. Another possibility is that the OSPFv3 process is not redistributing connected routes. The most likely cause is that the interface does not have an IPv6 address configured, which is required for OSPFv3 to advertise prefixes.

990
MCQmedium

A network engineer runs the following command on Router R1: R1# show crypto isakmp sa dst src state conn-id slot status 10.1.1.2 10.1.1.1 MM_ACTIVE 1 0 ACTIVE 10.1.1.3 10.1.1.1 MM_ACTIVE 2 0 ACTIVE Based on this output, which statement is correct?

A.IKE phase 1 is complete for both peers.
B.IKE phase 2 is complete for both peers.
C.The IPsec tunnels are established.
D.The peers are not responding.
AnswerA

MM_ACTIVE indicates successful IKE phase 1.

Why this answer

The show crypto isakmp sa command shows IKE phase 1 security associations. The state MM_ACTIVE indicates that IKE phase 1 is complete and active. The output shows two active SAs with the local router (10.1.1.1) and two remote peers (10.1.1.2 and 10.1.1.3).

991
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface facing the Internet. Legitimate traffic from a customer network is being dropped. The traffic has a source IP that belongs to the customer's prefix, which is reachable via a different interface on the router. Which is the most likely explanation?

A.The 'ip verify unicast source reachable-via any' command was used instead of 'rx'.
B.The router has a default route pointing out the same interface, causing uRPF to pass all traffic.
C.The customer traffic is arriving on an interface where the return path to the source is via a different interface, violating strict uRPF.
D.The 'ip urpf allow-default' command is missing, causing default routes to be ignored.
AnswerC

Strict uRPF requires symmetric routing; asymmetric routing causes drops.

Why this answer

Strict uRPF checks that the source IP of incoming packets has a route back out the same interface. If the best path to the source IP is via a different interface (asymmetric routing), the packet is dropped. This is a classic edge case with strict uRPF in asymmetric routing scenarios.

992
MCQmedium

A network engineer runs the following command to troubleshoot a Policy-Based Routing (PBR) issue: R1# show route-map PBR-MAP route-map PBR-MAP, permit, sequence 10 Match clauses: ip address (access-lists): 101 Set clauses: ip next-hop 10.1.1.2 ip next-hop verify-availability Policy routing matches: 100 packets, 12000 bytes What does this output indicate?

A.PBR is successfully forwarding traffic matching ACL 101 to next-hop 10.1.1.2.
B.The next-hop 10.1.1.2 is unreachable.
C.The route-map is not applied to any interface.
D.The ACL 101 is blocking all traffic.
AnswerA

The packet counter increments, showing successful policy routing.

Why this answer

The output shows that 100 packets have matched the route-map and have been policy-routed. This indicates PBR is functioning correctly.

993
Multi-Selecthard

Which TWO statements about EIGRP stub routing are true when troubleshooting a hub-and-spoke topology? (Choose TWO.)

Select 1 answer
A.A stub router advertises only connected and summary routes to its neighbors.
B.The stub feature is configured on the hub router to limit queries from spokes.
C.A stub router will send a query to its neighbors if it loses a route.
D.Stub routers do not advertise any connected routes unless specifically configured.
E.The hub router must have the stub command configured to accept stub advertisements.
AnswersA

This is the core definition of EIGRP stub routing: it filters out all other routes from advertisements.

Why this answer

EIGRP stub routers advertise only connected and summary routes to their neighbors, preventing them from being used as transit. The stub feature must be configured on the spoke router; the hub router does not need stub configuration. Options C and D are false because stub routers do not query for lost routes (they reply with 'Stub'), and they still advertise connected routes by default.

994
MCQhard

A network engineer configures an EEM applet to monitor IPsec tunnel failures using the event syslog pattern 'IPSEC-3-IPSEC'. The applet is designed to clear the IPsec security associations. The IPsec tunnel fails due to a transform-set mismatch, but the EEM applet does not trigger. Which is the most likely explanation?

A.Transform-set mismatch generates an IPSEC syslog with severity 4, not severity 3.
B.The EEM applet must use 'event isakmp' to capture IPsec events.
C.The IPsec tunnel failure is not logged because the router drops the packet silently.
D.The transform-set mismatch causes a routing loop that suppresses syslog generation.
AnswerA

Correct. The syslog for transform-set mismatch is severity 4, so the pattern 'IPSEC-3-IPSEC' does not match.

Why this answer

When an IPsec tunnel fails due to a transform-set mismatch, the IKE phase 2 negotiation fails, and the syslog message generated is typically 'IPSEC-4-IPSEC' (severity 4) or 'ISAKMP-4-ISAKMP' (severity 4) depending on the IOS version. The pattern 'IPSEC-3-IPSEC' is for severity 3 errors, which are used for more critical events like SA lifetime expiration or hardware failures. The transform-set mismatch is a negotiation failure, not a critical error, so the syslog severity is lower (4), and the EEM applet does not match.

995
Multi-Selecthard

Which THREE symptoms indicate that an IPv4 access control list may be misconfigured or not applied correctly? (Choose THREE.)

Select 3 answers
A.Traffic that should be permitted is being blocked.
B.The interface is flapping up and down.
C.High CPU utilization on the router due to ACL processing.
D.ACL hit counts are not incrementing for expected traffic.
E.Routing protocol neighbors are dropping.
AnswersA, C, D

This indicates the ACL may have an incorrect deny statement or order.

Why this answer

Option A is correct because a primary symptom of a misconfigured or incorrectly applied ACL is that it blocks traffic that should be permitted. This typically occurs when the ACL's sequence of permit and deny statements does not match the intended policy, or when the ACL is applied in the wrong direction (inbound vs. outbound) on an interface. The router processes ACL entries sequentially, so a deny statement placed before a permit statement for the same traffic will cause legitimate packets to be dropped.

Exam trap

Cisco often tests the distinction between direct symptoms of ACL misconfiguration (blocking permitted traffic, no hit counts, high CPU) and indirect or unrelated issues (interface flapping, neighbor drops) that candidates might incorrectly associate with ACLs due to a superficial understanding of ACL behavior.

996
Multi-Selectmedium

Which TWO configuration steps are required to enable MPLS L3VPN on a new PE router? (Choose TWO.)

Select 2 answers
A.Configure VRF with route distinguisher and route target.
B.Associate the VRF with the customer-facing interface using 'ip vrf forwarding <name>'.
C.Enable OSPF on all core-facing interfaces.
D.Enable CEF globally.
E.Configure an MPLS TE tunnel between PEs.
AnswersA, B

VRF definition with RD/RT is essential for VPN route separation.

Why this answer

To enable MPLS L3VPN, you must configure VRF definitions with RD and RT, and then associate the VRF with customer-facing interfaces. Enabling LDP on the core-facing interfaces is also required for label distribution. Configuring OSPF on the core is an underlay step, not specific to VPN.

Enabling CEF is a prerequisite for MPLS but is often already enabled. Configuring MP-BGP on the PE is necessary but the question asks for steps on the PE; MP-BGP configuration is a separate step but not listed as an option here; the two correct options are the most direct VRF and interface steps.

997
MCQhard

A network engineer runs the following command on Router R1: R1# show ip nhrp nhs NHS: 172.16.0.1 Tunnel0 status: registered NHS: 172.16.0.2 Tunnel0 status: not registered Based on this output, what is the problem?

A.Router R1 is not registered with the second NHS, indicating a registration failure.
B.Both NHS are registered successfully.
C.The tunnel interface is down.
D.The NHS addresses are swapped.
AnswerA

Status 'not registered' for second NHS indicates a problem.

Why this answer

The show ip nhrp nhs command displays the NHRP server (NHS) registrations. The output shows that R1 is registered with NHS 172.16.0.1 but not registered with NHS 172.16.0.2. This indicates a problem with the registration to the second NHS, possibly due to authentication mismatch, reachability issues, or configuration error.

998
MCQhard

A network engineer is troubleshooting MPLS TE where a tunnel is configured with explicit path but the tunnel remains down. The show mpls traffic-eng tunnels command shows 'Path computation failed' and the show mpls traffic-eng topology command shows that the explicit path includes a router that is not in the TED. What is the most likely cause?

A.The router in the explicit path does not have MPLS TE enabled.
B.The explicit path is configured with a loose next-hop.
C.The tunnel destination is not reachable via the IGP.
D.The mpls traffic-eng tunnels command is missing on the headend.
AnswerA

Correct because for a router to appear in the TED, MPLS TE must be enabled globally and on its interfaces; otherwise, the headend cannot include it in the path.

Why this answer

The explicit path includes a router that is not in the TED, meaning the headend cannot find that router in the traffic engineering database. This is because MPLS TE is not enabled on that router or its interfaces, so its link attributes are not advertised.

999
MCQeasy

A network engineer runs the following command on Router R1: R1# show snmp mib MIB: IF-MIB MIB: SNMPv2-MIB MIB: IP-MIB MIB: CISCO-CONFIG-MAN-MIB MIB: ENTITY-MIB Based on this output, which statement is correct?

A.The router supports monitoring of configuration changes via SNMP.
B.The router does not support the IF-MIB.
C.The router only supports Cisco proprietary MIBs.
D.The ENTITY-MIB is used for entity authentication.
AnswerA

CISCO-CONFIG-MAN-MIB provides objects to monitor configuration changes.

Why this answer

The output lists the MIBs supported by the router. The presence of CISCO-CONFIG-MAN-MIB indicates support for configuration management, such as monitoring configuration changes via SNMP. The other MIBs are standard for interface, SNMP, IP, and entity information.

1000
MCQhard

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- --- 192.0.2.13 10.0.0.13 --- --- --- 192.0.2.14 10.0.0.14 --- --- --- 192.0.2.15 10.0.0.15 --- --- --- 192.0.2.16 10.0.0.16 --- --- --- 192.0.2.17 10.0.0.17 --- --- --- 192.0.2.18 10.0.0.18 --- --- --- 192.0.2.19 10.0.0.19 --- --- --- 192.0.2.20 10.0.0.20 --- --- R1# show ip nat statistics Total active translations: 11 (0 static, 11 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 200 Misses: 0 CEF Translated packets: 200, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 11 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 11 Based on this output, what is the problem?

A.The NAT pool is exhausted; no addresses are available for new translations.
B.PAT is not configured, causing address exhaustion.
C.The inside and outside interfaces are misconfigured.
D.Static NAT is conflicting with dynamic NAT.
AnswerA

All 11 pool addresses are in use, and the pool has no more addresses. New translations will fail.

Why this answer

The output shows 11 dynamic translations using all 11 addresses in the pool (192.0.2.10–192.0.2.20 inclusive = 11 addresses). The pool is fully utilized. If a new inside host attempts to communicate, it will fail because no addresses are available.

This is a problem because the pool is exhausted.

1001
MCQmedium

Which of the following statements about BFD echo mode is true?

A.Echo mode increases the load on the remote router because it must process echo packets.
B.Echo mode is disabled by default and must be explicitly enabled.
C.Echo mode uses the same timer values as the BFD control packets.
D.Echo mode allows the local router to detect failures without requiring the remote router to send BFD control packets.
AnswerD

Correct. In echo mode, the local router sends echo packets that are looped back; if they stop returning, a failure is detected, reducing the need for control packets from the remote.

Why this answer

BFD echo mode is an optional mode where the local router sends echo packets to the remote router, which loops them back. This reduces the processing load on the remote router because it does not need to generate BFD control packets. Echo mode is enabled by default on Cisco IOS-XE.

1002
MCQhard

An engineer configures Flexible NetFlow on a router to monitor both IPv4 and IPv6 traffic. The flow record is defined with 'match ipv4 source address' and 'match ipv6 source address'. After applying the monitor to an interface, 'show flow monitor name MONITOR cache' shows only IPv4 flows. What is the most likely cause?

A.IPv6 traffic is not present on the interface.
B.The flow record cannot combine IPv4 and IPv6 match fields; separate monitors are needed.
C.The interface does not have IPv6 enabled.
D.The flow exporter is not configured to send IPv6 flows.
AnswerB

Flexible NetFlow requires separate flow records and monitors for each address family. Mixing IPv4 and IPv6 in one record is invalid.

Why this answer

A single flow record cannot mix IPv4 and IPv6 match fields; they are separate address families. The engineer must create two separate flow monitors—one for IPv4 and one for IPv6—and apply both to the interface.

1003
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.1.1.3 is up Run as demand circuit DoNotAge LSA allowed. Transit area 1, via interface GigabitEthernet0/0, Cost of using 10 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 Adjacency State FULL Based on this output, what can be concluded?

A.The virtual link is using area 0 as the transit area.
B.The virtual link is functioning correctly and the adjacency is full.
C.Router R1 is not receiving hello packets on the virtual link.
D.The virtual link has a cost of 1.
AnswerB

The state is FULL and the link is up, indicating proper operation.

Why this answer

The virtual link to router 10.1.1.3 is up and in FULL state. It is running as a demand circuit, which suppresses hello packets when the link is stable. The transit area is area 1.

1004
MCQmedium

What is the default administrative distance for routes redistributed into BGP from an IGP?

A.20
B.110
C.170
D.200
AnswerA

eBGP routes have a default administrative distance of 20, which applies to redistributed routes into BGP.

Why this answer

Routes redistributed into BGP from an IGP are considered external BGP (eBGP) routes and have a default administrative distance of 20.

1005
MCQhard

An engineer configures IPsec site-to-site VPN with a route map that defines interesting traffic using an extended access list. The VPN tunnel is established, but traffic from the local LAN to the remote LAN is not encrypted. The engineer verifies that the access list matches the traffic correctly. Which is the most likely explanation?

A.The route map must be applied to the crypto map using the 'match ip address' command, but route maps are not supported for crypto maps.
B.The crypto map is applied to the wrong interface; it should be applied to the LAN interface.
C.The IPsec transform set is missing the ESP protocol.
D.The route map uses a prefix-list instead of an access list.
AnswerA

Crypto maps only support access lists for interesting traffic; route maps are not valid.

Why this answer

In IPsec, the crypto map applies to the interface, and the access list defines interesting traffic. However, if the route map is applied to the crypto map, it is not used for interesting traffic; route maps are not supported for defining interesting traffic in crypto maps. The correct method is to use an access list directly in the crypto map.

The edge case is that the engineer mistakenly used a route map instead of an access list.

1006
MCQhard

A DMVPN network uses EIGRP as the routing protocol. After redistributing a static route into EIGRP on the hub, spoke-to-spoke tunnels fail to form. Hub configuration: router eigrp 100 redistribute static metric 10000 100 255 1 1500 ! ip route 10.0.0.0 255.0.0.0 Null0 Spoke1# show dmvpn Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHRP Peers:2, # Ent Peer NBMA Addr Peer Tunnel Addr State UpDn Tm Attrb 1 192.168.1.1 10.1.1.1 UP 00:01:00 D 2 192.168.1.2 10.1.1.2 UP 00:00:30 D What is the root cause?

A.The static Null0 route is redistributed, causing spokes to send traffic to the hub instead of directly to other spokes.
B.The EIGRP metric is too low, causing the route to be preferred over NHRP.
C.The DMVPN tunnel is misconfigured with mismatched authentication.
D.The redistribute static command is missing the route-map to set the next-hop.
AnswerA

The Null0 route blackholes traffic, preventing spoke-to-spoke communication.

Why this answer

The static route to Null0 for 10.0.0.0/8 is redistributed into EIGRP, causing all spokes to learn a summary route pointing to Null0 on the hub. This blackholes traffic destined to other spokes, preventing dynamic spoke-to-spoke tunnel establishment. The fix is to use a more specific static route or filter the Null0 route from redistribution.

1007
MCQhard

An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, OSPF neighbors go down. The CoPP policy has a class that matches OSPF traffic with a rate-limit of 100 pps. Which is the most likely explanation?

A.The OSPF traffic is being dropped because the rate-limit is too low for the hello interval.
B.The CoPP policy is applied to the wrong interface.
C.The OSPF traffic is matched by the default class and dropped.
D.The CoPP policy uses 'police' instead of 'rate-limit'.
AnswerA

Correct. Low pps rate can drop OSPF hellos, causing neighbor loss.

Why this answer

CoPP policies can affect control plane traffic. If the rate-limit is too low (e.g., 100 pps) and OSPF hello packets are sent at a higher rate (especially with fast hello), or if the policy drops packets due to burst, the OSPF neighbor may time out. Additionally, the default class may drop traffic not explicitly matched.

1008
MCQmedium

A network engineer runs the following command on Router R1: R1# show bfd neighbors detail IPv4 Sessions NeighborAddr LD/RD Int State Holdown(mult) Intf 10.1.1.2 1/3 Gi0/0 Up 3000(3) Gi0/0 Session state is UP and not using echo function. OurAddr: 10.1.1.1 Handle: 1 Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3 Received MinRxInt: 1000000, Received Multiplier: 3 Holddown (hits): 3000(0) Rx Count: 100, Tx Count: 100 Based on this output, what is the BFD session's negotiated transmit interval?

A.The negotiated transmit interval is 1000 ms.
B.The negotiated transmit interval is 500 ms.
C.The negotiated transmit interval is 3000 ms.
D.The negotiated transmit interval is 100 ms.
AnswerA

It is the maximum of local MinTxInt and received MinRxInt, both 1000000 microseconds = 1000 ms.

Why this answer

The negotiated transmit interval is the maximum of the local MinTxInt and the received MinRxInt. Local MinTxInt is 1000000 microseconds, received MinRxInt is 1000000 microseconds. The maximum is 1000000 microseconds, which is 1000 ms.

The BFD session will transmit control packets every 1000 ms.

1009
Multi-Selecteasy

Which TWO commands are used to configure an IP SLA ICMP echo operation on a Cisco IOS device? (Choose TWO.)

Select 2 answers
A.ip sla 1
B.icmp-echo 192.168.1.1 source-ip 10.0.0.1
C.ip sla schedule 1 life forever start-time now
D.track 1 ip sla 1 reachability
E.ip sla monitor 1
AnswersA, B

This command enters IP SLA configuration mode for operation number 1.

Why this answer

To configure an IP SLA ICMP echo operation, you start with 'ip sla <operation-number>' to enter IP SLA configuration mode, then use 'icmp-echo <destination> [source-ip <src>]' to define the probe. The 'frequency' command sets how often the probe is sent. The 'ip sla schedule' is used to start the operation, not to configure it.

The 'track' command is used separately to monitor the operation. The 'ip sla monitor' is legacy.

1010
MCQmedium

Examine the following configuration on R3: !--- R3 configuration access-list 10 permit 192.168.0.0 0.0.255.255 access-list 10 deny any ! route-map OSPF-REDIST permit 10 match ip address 10 set metric-type type-1 ! router ospf 1 redistribute eigrp 100 subnets route-map OSPF-REDIST ! What is the effect of this configuration?

A.All EIGRP routes are redistributed into OSPF as type-1 external routes.
B.Only EIGRP routes in the 192.168.0.0/16 range are redistributed into OSPF as type-1 external routes.
C.EIGRP routes in 192.168.0.0/16 are redistributed as type-2 by default; the set metric-type is ignored.
D.The configuration is invalid because the route-map uses an ACL that ends with deny any; a prefix-list must be used instead.
AnswerB

Correct. The ACL permits 192.168.0.0/16; the route-map sets metric-type type-1 for matching routes.

Why this answer

The ACL 10 permits only routes with source IP in the 192.168.0.0/16 range. The route-map OSPF-REDIST matches this ACL and sets the metric type to type-1. Only EIGRP routes that match the ACL (i.e., have a network starting with 192.168.x.x) are redistributed into OSPF as type-1 external routes.

Routes not matching the ACL are denied because the route-map has only one permit sequence and the ACL ends with deny any.

1011
MCQeasy

A network engineer runs the following command on Router R1: R1# show policy-map control-plane Control Plane Service-policy input: CoPP-IN Class-map: CoPP-OSPF (match-all) 1000 packets, 60000 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: access-group 140 police: cir 64000 bps, bc 12000 bytes, be 12000 bytes conformed 1000 packets, 60000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop Based on this output, which statement is correct?

A.OSPF packets are being dropped due to exceeding the police rate.
B.OSPF traffic is being transmitted without any drops.
C.The police rate is set to 32000 bps.
D.The class-default is matching OSPF traffic.
AnswerB

All packets are conforming and being transmitted.

Why this answer

The CoPP-OSPF class is matching OSPF traffic and all packets are conforming to the police rate, so no drops are occurring. This indicates that OSPF traffic is being properly rate-limited without any packet loss.

1012
MCQmedium

Given this configuration on Router R5: route-map OSPF-to-EIGRP permit 10 match ip address prefix-list EIGRP-ONLY set metric 10000 100 255 1 1500 ! router eigrp 100 redistribute ospf 1 route-map OSPF-to-EIGRP What is the purpose of the route-map in this configuration?

A.The route-map sets the metric for all redistributed OSPF routes, but does not filter any routes.
B.The route-map filters OSPF routes based on the prefix-list and sets the metric for matching routes.
C.The route-map is applied to inbound EIGRP updates, not to redistribution.
D.The route-map will deny all routes because there is no 'permit' statement for the prefix-list.
AnswerB

The match ip address prefix-list filters, and the set metric assigns the metric.

Why this answer

The route-map is used to filter which OSPF routes are redistributed into EIGRP (via the prefix-list) and to set the metric for those routes. Only routes matching the prefix-list will be redistributed.

1013
MCQeasy

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 5 Misses: 0 CEF Translated packets: 5, CEF Punted packets: 0 Expired translations: 0 Based on this output, which statement is correct?

A.Static NAT is configured for host 10.0.0.10 to 192.0.2.10.
B.Dynamic NAT is configured with overload.
C.The NAT pool is exhausted.
D.PAT is translating multiple hosts to the same global address.
AnswerA

The translation shows a static mapping (no protocol, and statistics confirm static).

Why this answer

The output shows a single static NAT translation. The statistics confirm 1 static translation and 0 dynamic. This is a simple static NAT mapping.

1014
MCQmedium

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show ip nhrp detail Output: 10.1.1.1/32 via 10.0.0.2, Tunnel0 created 00:05:00, expire 01:55:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.2 10.2.2.2/32 via 10.0.0.3, Tunnel0 created 00:04:00, expire 01:56:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.3 What does this output indicate?

A.The router has two NHRP mappings for dynamic spoke-to-spoke tunnels via Tunnel0.
B.The router is using static NHRP mappings.
C.The router is experiencing NHRP authentication failures.
D.The router has no NHRP entries.
AnswerA

The entries show dynamic type with NBMA addresses, indicating DMVPN dynamic tunnels.

Why this answer

The output shows NHRP cache entries with mappings between tunnel IP and NBMA addresses. This is typical for DMVPN spoke-to-spoke communication.

1015
MCQmedium

A network engineer runs the following command to troubleshoot an IPsec Site-to-Site VPN issue: R1# show ip route 192.168.2.0 Routing entry for 192.168.2.0/24 Known via "eigrp 100", distance 90, metric 2684416, type internal Redistributing via eigrp 100 Last update from 10.0.0.2 on Tunnel0, 00:00:23 ago Routing Descriptor Blocks: * 10.0.0.2, from 10.0.0.2, via Tunnel0 Route metric is 2684416, traffic share count is 1 Total delay is 20000 microseconds, minimum bandwidth is 100000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 What does this output indicate?

A.The route to the remote LAN is not present, indicating a routing issue.
B.The IPsec tunnel is up and EIGRP is exchanging routes over the tunnel.
C.The route is using a static route, not a dynamic routing protocol.
D.The tunnel interface is down, causing the route to be unreachable.
AnswerB

The route is learned via EIGRP on Tunnel0, meaning the tunnel is operational and routing is working.

Why this answer

The output shows a route to 192.168.2.0/24 learned via EIGRP (distance 90) with the next hop 10.0.0.2 reachable through Tunnel0. The last update was 23 seconds ago, confirming the tunnel is up and EIGRP is actively exchanging routing information over the IPsec tunnel. This indicates the IPsec Site-to-Site VPN is functioning and dynamic routing is working correctly.

Exam trap

Cisco often tests the misconception that a route learned via a tunnel interface implies the tunnel is down or that dynamic routing is not functioning, but the presence of a recent update and valid next hop confirms the tunnel is operational.

How to eliminate wrong answers

Option A is wrong because the route is present in the routing table, as shown by the 'Routing entry for 192.168.2.0/24' line, so there is no missing route. Option C is wrong because the route is learned via EIGRP (dynamic routing protocol), not a static route, as indicated by 'Known via "eigrp 100"'. Option D is wrong because the tunnel interface is up and operational; the route is reachable via Tunnel0 with a recent update, and the next hop is valid.

1016
MCQhard

An engineer configures uRPF (Unicast Reverse Path Forwarding) in strict mode on a router interface facing the Internet. After configuration, legitimate traffic from customers is being dropped. The engineer verifies that the routing table has a route back to the source IP address. Which is the most likely explanation?

A.Asymmetric routing causes the return path to use a different interface
B.The uRPF allow-default option is not configured
C.The source IP address is not in the routing table
D.uRPF strict mode requires CEF to be disabled
AnswerA

Correct. Strict uRPF drops packets if the best return route does not exit the same interface.

Why this answer

Strict uRPF checks that the source IP address of incoming packets has a route back through the same interface. If asymmetric routing is present (i.e., traffic comes in one interface but the return route points out a different interface), strict uRPF will drop the packets. This is a common edge case because engineers often assume that having a route to the source is sufficient, but strict mode requires the reverse path to be via the same interface.

1017
MCQhard

An engineer configures NAT overload (PAT) on a router to translate internal addresses to a single public IP. Users can browse the web, but some applications that use non-standard ports fail. Which is the most likely explanation?

A.The application uses protocols that do not have port numbers, such as GRE, and PAT cannot handle them.
B.The NAT pool is exhausted.
C.The inside interface is not configured correctly.
D.The outside interface has a different MTU.
AnswerA

Correct. PAT requires port numbers; non-TCP/UDP protocols fail.

Why this answer

PAT uses port numbers to differentiate translations. Some applications use protocols that do not have port numbers (e.g., GRE, IPsec ESP) or use ports that conflict with NAT's own port allocation. Additionally, if the application uses embedded IP addresses or ports (e.g., FTP, SIP), PAT may not translate them correctly without ALG support.

1018
MCQeasy

When redistributing routes into OSPF, which OSPF metric value is assigned by default if none is specified?

A.1
B.10
C.20
D.100
AnswerC

The default OSPF metric for redistributed routes is 20, as per Cisco IOS default behavior.

Why this answer

Cisco IOS assigns a default metric of 20 to redistributed routes into OSPF, except for BGP routes which default to 1.

1019
MCQhard

An EIGRP network with multiple routers is experiencing frequent stuck-in-active (SIA) events for prefix 10.10.10.0/24. The network topology includes a slow WAN link between R1 and R2. R1's show ip eigrp topology 10.10.10.0/24 shows the route in active state with a query outstanding to R2. R2's show ip eigrp topology shows the same prefix in passive state. The EIGRP timers are default. What is the root cause?

A.The active timer on R1 is too short for the slow WAN link; it should be increased to accommodate query propagation delays.
B.R2 has a query outstanding to a neighbor over a slow link, preventing it from replying to R1 within the active timer.
C.The EIGRP hello timer mismatch between R1 and R2 is causing neighbor flapping.
D.The prefix 10.10.10.0/24 is being summarized, causing the query to be sent for the summary instead.
AnswerB

R2 cannot reply until it receives all replies to its own queries. If a downstream neighbor is slow or unresponsive, R2's reply to R1 is delayed, causing SIA.

Why this answer

The correct answer is B because R2 has the prefix in passive state, meaning it has not yet received a reply from one of its own neighbors over a slow link. Since R2 cannot reply to R1 until it gets that reply, R1's active timer expires, causing a stuck-in-active (SIA) event. This is a classic scenario where the query propagation delay exceeds the default active timer (3 minutes) due to a slow WAN link downstream from R2.

Exam trap

Cisco often tests the misconception that the SIA is caused by the directly connected slow link (between R1 and R2), when in fact the root cause is a slow link further downstream on R2, preventing R2 from replying in time.

How to eliminate wrong answers

Option A is wrong because the active timer on R1 is not the issue; R1's active timer is default (3 minutes), and the problem is that R2 is waiting for a reply from its own neighbor over a slow link, not that R1's timer is too short. Option C is wrong because EIGRP hello timer mismatch does not cause SIA events; it would cause neighbor flapping or adjacency loss, which is not indicated here since R1 and R2 remain neighbors (R1 has a query outstanding to R2). Option D is wrong because summarization would cause queries to be sent for the summary route, not the specific prefix, and the question states the prefix is 10.10.10.0/24, with no evidence of summarization; SIA events are not typically caused by summarization alone.

1020
MCQhard

A large enterprise network is experiencing intermittent loss of connectivity to a subnet 10.10.10.0/24 from remote sites. Router R1 has the following relevant configuration: interface GigabitEthernet0/0 ip address 10.1.1.1 255.255.255.252 ip ospf 1 area 0 interface GigabitEthernet0/1 ip address 10.2.2.1 255.255.255.252 ip ospf 1 area 1 router ospf 1 area 1 range 10.10.0.0 255.255.248.0 Router R2 shows: show ip route 10.10.10.0 Routing entry for 10.10.8.0/21 Known via "ospf 1", distance 110, metric 20, type inter-area Last update from 10.1.1.2 on GigabitEthernet0/0, 00:05:32 ago What is the root cause?

A.The summary route 10.10.8.0/21 does not include 10.10.10.0/24; adjust the area range to 10.10.0.0/20.
B.The metric of 20 indicates a redistribution issue; check redistributed routes.
C.The OSPF network type on GigabitEthernet0/0 is causing adjacency issues; change to point-to-point.
D.The area 1 range command is misconfigured with the wrong area; it should be area 0.
AnswerA

The range 10.10.8.0/21 covers 10.10.8.0 to 10.10.15.255, missing 10.10.10.0/24. A /20 range would include it.

Why this answer

The route summarization on R1 for area 1 (10.10.0.0/21) includes 10.10.10.0/24, but the summary range is 10.10.8.0/21, which does not cover 10.10.10.0/24. This causes the specific route to be suppressed and not advertised, leading to loss of connectivity. The correct fix is to adjust the summary range to include the subnet.

1021
MCQhard

An engineer is troubleshooting an MPLS L3VPN where CE1 (10.1.1.0/24) cannot reach CE2 (10.2.2.0/24). The PE routers have MP-BGP peering and the VRF is configured with route-target import 100:100. On PE1, the show ip bgp vpnv4 vrf CUSTOMER command shows the route for 10.2.2.0/24 with a next-hop of 192.168.1.2 (the PE2 loopback), but the show ip route vrf CUSTOMER command does not have this route. The show mpls forwarding-table on PE1 does not show a label for 192.168.1.2. What is the most likely cause?

A.The VRF route-target import is missing on PE2.
B.LDP is not enabled on the core-facing interfaces of PE1 or the P routers.
C.The MP-BGP session is not using the loopback interface.
D.The VRF on PE1 has the wrong route-target export.
AnswerB

Correct: Without LDP, there is no label for the BGP next-hop, preventing route installation.

Why this answer

The VPNv4 route is received but not installed in the VRF routing table because the recursive lookup fails: the next-hop (PE2 loopback) is not reachable via LDP. Without an LDP label for the BGP next-hop, the route cannot be installed.

1022
Multi-Selecthard

Which THREE statements about the NetFlow flow cache and export timing are correct? (Choose THREE.)

Select 3 answers
A.A flow is exported when it has been idle for the inactive timeout period, which defaults to 15 seconds.
B.The default active flow timeout is 30 minutes, after which a long-lived flow is exported even if it is still active.
C.Flows are only exported when the flow cache becomes 100% full.
D.The 'ip flow-cache timeout active' command can be used to change the active timeout value.
E.The maximum number of flow cache entries is fixed at 64,000 and cannot be changed.
AnswersA, B, D

Correct. The inactive timeout triggers export when no packets match the flow for the configured period; default is 15 seconds.

Why this answer

The NetFlow flow cache stores active flows. Flows are exported when they become inactive (no new packets for a timeout period) or when they are long-lived (active timeout). The default active timeout is 30 minutes, and the default inactive timeout is 15 seconds.

When the cache is full, the router may force-export the oldest flows to make room. The cache size is configurable but has a hardware-dependent maximum. Flow export does not wait for the cache to be full before exporting.

1023
Drag & Drophard

Drag and drop the steps to troubleshoot Route Maps and Route Filtering adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by verifying BGP neighbor state with show ip bgp summary. Next, examine the route-map configuration for syntax errors using show route-map. Then, check if the route-map is applied correctly to the neighbor with show running-config.

After that, use debug ip bgp updates to see if prefixes are being filtered. Finally, adjust the route-map sequence or match criteria to resolve the issue.

1024
MCQmedium

A network engineer runs the following command to troubleshoot a Route Summarization issue: R1# debug ip routing IP: route table change: 10.0.0.0/16 via 10.1.1.2, Serial0/0/0, distance 90, metric 128576 IP: route table change: 10.0.1.0/24 via 10.1.1.2, Serial0/0/0, distance 90, metric 128576 IP: route table change: 10.0.2.0/24 via 10.1.1.2, Serial0/0/0, distance 90, metric 128576 What does this output indicate?

A.Both the summary route 10.0.0.0/16 and more specific /24 routes are being installed, which could indicate that summarization is not properly filtering the specific routes.
B.Only the summary route is being installed, and the /24 routes are being ignored.
C.The summary route is being replaced by the more specific routes.
D.The routes are being learned via different routing protocols.
AnswerA

The presence of both summary and specific routes suggests that the summary is not suppressing the specifics.

Why this answer

The debug output shows that multiple routes (a /16 and two /24s) are being installed into the routing table via the same next hop. This indicates that both the summary route and more specific routes are present, which may be a sign of inconsistent summarization or a leak of more specific routes.

1025
Multi-Selecteasy

Which TWO configuration steps are required to implement Policy-Based Routing (PBR) on a Cisco router? (Choose TWO.)

Select 2 answers
A.Create a route-map with match and set commands.
B.Apply the route-map to an interface using the 'ip policy route-map' command.
C.Configure an access-list to match the traffic.
D.Enable CEF globally.
E.Use the 'ip local policy route-map' command.
AnswersA, B

The route-map defines the policy: what traffic to match and what action to take.

Why this answer

To implement PBR, you must create a route-map with match and set commands, then apply it to an interface using 'ip policy route-map'. Configuring an ACL is optional if match criteria use other methods. Enabling CEF is not required for PBR.

The 'ip route' command is for static routing, not PBR. 'ip local policy route-map' is only for locally generated packets, not a general requirement.

1026
MCQeasy

Which EEM action type is used to modify the configuration of the device?

A.action syslog
B.action cli
C.action snmp-trap
D.action mail
AnswerB

The 'action cli' command executes IOS commands, enabling configuration modifications.

Why this answer

The 'action cli' command allows executing Cisco IOS commands, including configuration changes.

1027
Multi-Selecthard

Which THREE statements about BFD multihop sessions are true? (Choose THREE.)

Select 3 answers
A.Multihop BFD is used when the neighbors are not directly connected.
B.Multihop BFD uses UDP destination port 4784.
C.Multihop BFD requires configuration of the source and destination IP addresses.
D.Multihop BFD requires both routers to be in the same subnet.
E.Multihop BFD can only be used with BGP.
AnswersA, B, C

Multihop BFD supports sessions between routers separated by multiple Layer 3 hops.

Why this answer

BFD multihop sessions are used when the two routers are not directly connected, requiring multiple hops. They use a different destination UDP port (4784) compared to single-hop sessions (3784). Additionally, multihop sessions require explicit configuration of the BFD source and destination IP addresses.

The other statements are false because multihop sessions do not require the same subnet, and they can operate over any routed path.

1028
MCQmedium

A network engineer runs the following command to verify MPLS forwarding: R1# show mpls forwarding-table 192.168.1.0 255.255.255.0 detail Output: Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 101 201 192.168.1.0/24 0 Gi0/0 10.0.0.2 MAC/Encaps: 14/18, MTU: 1500, Label Stack {201} No output feature configured What does this output indicate?

A.Packets with label 101 will be swapped to label 201 and forwarded to 10.0.0.2
B.Packets with label 101 will be popped and forwarded as IP packets
C.The prefix 192.168.1.0/24 is directly connected
D.The label stack has two labels
AnswerA

The forwarding table shows label swap operation: incoming label 101 swapped to outgoing label 201.

Why this answer

The output shows the MPLS forwarding table entry for prefix 192.168.1.0/24. The local label is 101, outgoing label is 201, next hop is 10.0.0.2 via GigabitEthernet0/0. The label stack contains only label 201.

1029
MCQmedium

In a standard IPv4 ACL, what is the default wildcard mask if none is explicitly configured?

A.0.0.0.0 (host match)
B.255.255.255.255 (any match)
C.The mask is mandatory; configuration is rejected without it.
D.The mask is derived from the source address class.
AnswerA

When no wildcard mask is given, the router assumes a host match.

Why this answer

In a standard IPv4 ACL, if no wildcard mask is explicitly configured, the default wildcard mask is 0.0.0.0, which means the ACL matches only the exact source IP address (a host match). This is because the access-list command treats the source address as a host address when no mask is provided, effectively applying a host wildcard mask.

Exam trap

Cisco often tests the misconception that a missing wildcard mask defaults to 'any' (255.255.255.255) or that the mask is mandatory, when in fact the default is a host match (0.0.0.0).

How to eliminate wrong answers

Option B is wrong because 255.255.255.255 (any match) is not the default; it would match all source addresses, which is not the behavior when no mask is given. Option C is wrong because the mask is not mandatory; Cisco IOS accepts the command without a wildcard mask and defaults to 0.0.0.0. Option D is wrong because the mask is not derived from the source address class; ACLs do not use classful behavior, and the default is always 0.0.0.0 regardless of the address class.

1030
MCQmedium

An engineer is troubleshooting a route redistribution issue between OSPF and EIGRP. R1 runs both protocols and redistributes OSPF into EIGRP. The engineer notices that OSPF routes redistributed into EIGRP have an AD of 170, but some routes from OSPF are not being redistributed. What is the most likely cause?

A.The OSPF routes have a higher metric than the EIGRP routes.
B.The OSPF routes are not in the routing table because they are overridden by a static route with AD 1.
C.The redistribute ospf 1 metric 10000 command is missing.
D.The OSPF routes are external type 2, which are not redistributed by default.
AnswerB

If a static route with AD 1 exists for the same prefix, the OSPF route will not be installed, and redistribution will not include it.

Why this answer

Redistribution into EIGRP requires matching routes; by default, only routes in the routing table are redistributed. If OSPF routes are not in the routing table because they are overridden by another protocol with lower AD, they will not be redistributed.

1031
MCQeasy

Which OSPF packet type is used to send link-state advertisements (LSAs) and is acknowledged by the receiver?

A.Hello (type 1)
B.Database Description (type 2)
C.Link State Request (type 3)
D.Link State Update (type 4)
AnswerD

Correct. Link State Update packets carry LSAs and are acknowledged by the receiver.

Why this answer

OSPF packet type 4 is the Link State Update packet, used to flood LSAs. It is acknowledged by the receiver via a Link State Acknowledgment packet (type 5).

1032
MCQhard

An engineer configures a DMVPN Phase 2 network. Spoke-to-spoke tunnels are established, but traffic between spokes is not using the direct tunnel. What is the most likely explanation?

A.The spoke routers have a default route via the hub, so they send traffic to the hub instead of initiating NHRP resolution for a direct tunnel.
B.The hub has 'no ip nhrp redirect' configured, which disables spoke-to-spoke tunnel setup.
C.The spokes have 'ip nhrp shortcut' enabled, which forces all traffic through the hub.
D.The tunnel mode is set to 'tunnel mode gre multipoint' on the spokes, which is incorrect.
AnswerA

Phase 2 requires that spokes have a specific route to the remote subnet to trigger NHRP; a default route prevents this.

Why this answer

In DMVPN Phase 2, spoke-to-spoke tunnels require that the spoke routers have a route to the destination network via the tunnel interface with a next hop that triggers NHRP resolution. If the spoke has a default route pointing to the hub, it will not attempt to resolve the spoke-to-spoke tunnel.

1033
MCQhard

A router configured as a DHCPv6 relay agent is not forwarding DHCPv6 requests from clients to the server. The relay interface has 'ipv6 dhcp relay destination' configured. Clients are on a different VLAN. Which is the most likely explanation?

A.The relay destination is configured on the client-facing interface; it should be on the server-facing interface.
B.The DHCPv6 server is not reachable via the relay agent's routing table.
C.The relay agent must have 'ipv6 dhcp server' configured to act as a server.
D.The clients are using DHCPv4, not DHCPv6.
AnswerA

Correct: The 'ipv6 dhcp relay destination' command must be applied to the interface that receives client requests (client-facing), not the server-facing interface.

Why this answer

DHCPv6 relay requires that the relay agent has a route to the DHCP server. If the relay interface is not in the same VRF as the server, or if the server is reachable via a different interface, the relay may fail. A common edge case is that the relay destination is configured on the wrong interface (e.g., the client-facing interface instead of the server-facing interface).

1034
MCQeasy

A network engineer runs the following command on Router R6: R6# show ip route 10.0.0.0 Routing entry for 10.0.0.0/8 Known via "eigrp 100", distance 90, metric 28160 Redistributing via eigrp 100 Last update from 192.168.1.1 on GigabitEthernet0/0, 00:00:10 ago Routing Descriptor Blocks: * 192.168.1.1, from 192.168.1.1, 00:00:10 ago, via GigabitEthernet0/0 Route metric is 28160, traffic share count is 1 Additionally, an OSPF route for the same prefix is learned with distance 110. Which route will be installed in the routing table?

A.The OSPF route will be installed because it has a lower metric.
B.The EIGRP route will be installed because it has a lower administrative distance.
C.Both routes will be installed for load balancing.
D.Neither route will be installed due to a conflict.
AnswerB

EIGRP's distance of 90 is lower than OSPF's 110, so the EIGRP route is preferred.

Why this answer

EIGRP internal routes have a default administrative distance of 90, which is lower than OSPF's default distance of 110. Therefore, the EIGRP route will be preferred and installed in the routing table.

1035
MCQeasy

A network engineer runs the following command on Router R1: R1# show snmp engineID Local SNMP engineID: 800000090300001122334455 Local SNMP engineBoots: 5 Based on this output, which statement is correct?

A.The SNMP engine has rebooted 5 times.
B.The engine ID is 800000090300001122334455, which is the default for all Cisco devices.
C.The engineBoots value is used for SNMPv2c community authentication.
D.The engine ID must be the same on all devices in the network.
AnswerA

The engineBoots value of 5 indicates the engine has been restarted 5 times.

Why this answer

The output shows the local SNMP engine ID and the number of times the engine has rebooted (engineBoots). The engine ID is used to uniquely identify the SNMP agent. The engineBoots counter is used for SNMPv3 message freshness and security.

1036
MCQmedium

A network engineer runs the following command to troubleshoot a SPAN issue: R1# show monitor session 1 detail Session 1 --------- Type : Local Session Source Ports : Both : Gi0/0 Destination Ports : Gi0/1 Encapsulation : Native Ingress : Disabled What does this output indicate?

A.The session is correctly configured to send traffic from Gi0/0 to Gi0/1.
B.The session is misconfigured because the destination port should have ingress enabled.
C.The session is misconfigured because the source port must be a VLAN.
D.The session is misconfigured because encapsulation must be set to 'replicate'.
AnswerA

The output confirms a local SPAN session with source port Gi0/0 and destination port Gi0/1.

Why this answer

The output shows a local SPAN session with source port Gi0/0 (both directions) and destination port Gi0/1. The destination port is configured with native encapsulation and no ingress traffic is allowed.

1037
MCQmedium

A network engineer runs the following command on Router R1: R1# show mpls ldp neighbor Peer LDP Ident: 10.0.0.2:0; Local LDP Ident 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.52868 State: Oper; Msgs sent/rcvd: 123/120; Downstream Up time: 02:15:30 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 192.168.1.2 Addresses bound to peer LDP Ident: 10.0.0.2 192.168.1.2 Based on this output, which statement is correct?

A.The LDP session is down because the state is 'Oper'.
B.The LDP session is established and operational.
C.The LDP neighbor is using upstream label distribution.
D.The LDP session is using TCP port 179.
AnswerB

'State: Oper' indicates the session is operational.

Why this answer

The output shows a single LDP neighbor with state 'Oper' (operational), indicating the LDP session is up. The 'Downstream' mode is default. The peer LDP Ident is 10.0.0.2:0, and the local LDP Ident is 10.0.0.1:0.

The addresses bound include the peer's router-id and the interface IP. No problems are indicated.

1038
MCQhard

R1 and R2 have an IPsec VPN tunnel between their physical interfaces. They are running OSPF over the tunnel interface. R1's show ip ospf neighbor shows R2 as FULL, but R1's show ip route ospf does not include any routes from R2. R2's show ip route ospf shows routes from R1. What is the root cause?

A.The OSPF cost on R1's tunnel interface is set to 65535, preventing route installation.
B.OSPF network type mismatch: R1 uses broadcast, R2 uses point-to-point.
C.R1 has a distribute-list in filtering OSPF routes.
D.The IPsec tunnel is only encrypting unicast traffic, not OSPF multicast.
AnswerA

OSPF does not install routes with cost 65535 or higher (max metric). R1 receives LSAs but ignores them due to high cost.

Why this answer

When the OSPF cost on R1's tunnel interface is set to 65535, OSPF considers the route unreachable because the maximum OSPF cost for route installation is 65534 (per RFC 2328). Routes with cost 65535 are not installed in the routing table, even though the neighbor state is FULL. This explains why R1 sees R2 as FULL but has no OSPF routes, while R2 (with a normal cost) installs routes from R1.

Exam trap

Cisco often tests the nuance that OSPF neighbor state FULL does not guarantee route installation; the trap here is that candidates assume a FULL adjacency means routes are automatically exchanged and installed, ignoring the OSPF cost limit of 65535.

How to eliminate wrong answers

Option B is wrong because an OSPF network type mismatch (broadcast vs. point-to-point) would prevent the neighbor relationship from reaching FULL, or cause adjacency issues, but here the neighbor is FULL, so this cannot be the root cause. Option C is wrong because a distribute-list filtering OSPF routes would affect inbound or outbound route advertisement, but R2 still receives routes from R1, indicating filtering is not symmetric or not present; moreover, a distribute-list would not cause a FULL neighbor state with zero routes on one side only. Option D is wrong because IPsec tunnels encrypt all IP traffic traversing the tunnel, including OSPF multicast packets (224.0.0.5/224.0.0.6), as the tunnel interface encapsulates the entire IP packet; if OSPF multicast were blocked, the neighbor relationship would not form at all, let alone reach FULL.

1039
MCQhard

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Users report that some websites load slowly or partially. Router R1 shows: show ip nat statistics: Total active translations: 65535 (0 static, 65535 dynamic; 65535 extended). The NAT pool is exhausted. What is the root cause?

A.Reduce the NAT timeout values using ip nat translation timeout and ip nat translation tcp-timeout.
B.Increase the access-list 100 to include more internal hosts.
C.Change the NAT to use a pool of public IPs instead of overload.
D.Clear the NAT table with clear ip nat translation * periodically.
AnswerA

Shorter timeouts free up entries faster, preventing exhaustion.

Why this answer

The NAT translation table is full (65535 entries, the maximum for PAT), meaning no new translations can be created. This can cause partial loading as some connections fail. The root cause is likely that NAT timeouts are too long (default 24 hours for TCP) or there is a DoS attack generating many connections.

The correct fix is to reduce timeouts or increase the number of available ports by using multiple public IPs.

1040
MCQhard

Which loop prevention mechanism is used by default when redistributing between two OSPF processes?

A.Split horizon
B.Route tagging with default tag 0
C.Poison reverse
D.Hold-down timers
AnswerB

Route tagging allows an OSPF process to identify and filter routes it originated, preventing loops; the default tag is 0.

Why this answer

When redistributing between OSPF processes, Cisco IOS uses route tagging (tag field in the OSPF external LSA) to prevent loops, but the default tag value is 0 unless explicitly set.

1041
Multi-Selectmedium

Which THREE symptoms indicate a problem with SNMP trap delivery from a Cisco router? (Choose THREE.)

Select 3 answers
A.The NMS does not receive traps, but other SNMP operations (gets) work.
B.The 'show snmp' command shows increasing 'SNMP queue overflow' counters.
C.Syslog messages show '%SNMP-3-AUTHFAIL' for the trap receiver.
D.The router CPU utilization is consistently above 90%.
E.The NMS can ping the router successfully.
AnswersA, B, C

Indicates a specific issue with trap generation or delivery, not general SNMP connectivity.

Why this answer

Symptoms of SNMP trap delivery issues include: the 'show snmp' command showing incrementing 'Input queue drops' or 'SNMP queue overflow', traps not appearing at the NMS, and syslog messages indicating SNMP authentication failures. A high CPU load is not specific to SNMP traps, and a successful ping does not guarantee trap delivery.

1042
MCQhard

A network engineer runs the following command to verify OSPF SPF calculations: R1# show ip ospf statistics OSPF Router with ID (1.1.1.1) (Process ID 1) Area 0: SPF algorithm executed 12 times SPF calculation time (in msec): Total: 12, Average: 1.0 Minimum: 0, Maximum: 2 Last SPF due to: LSA change Number of LSA changes: 5 Number of LSA deletions: 2 Number of LSA additions: 3 Number of LSA updates: 0 Area 1: SPF algorithm executed 3 times SPF calculation time (in msec): Total: 3, Average: 1.0 Minimum: 0, Maximum: 1 Last SPF due to: LSA change Number of LSA changes: 2 Number of LSA deletions: 0 Number of LSA additions: 2 Number of LSA updates: 0 What does this output indicate?

A.The router has not performed any SPF calculations.
B.Area 0 has experienced more network changes than Area 1, as indicated by higher SPF runs and LSA changes.
C.The SPF calculation time is too high, indicating a performance issue.
D.The last SPF was triggered by a timer expiry.
AnswerB

Area 0 has 12 SPF runs and 5 LSA changes, while Area 1 has 3 SPF runs and 2 LSA changes.

Why this answer

The output shows OSPF SPF statistics for multiple areas, including number of SPF runs and LSA changes.

1043
MCQmedium

Which EIGRP packet type is used to confirm receipt of an update during reliable transport in a VRF-Lite configuration?

A.Hello
B.Update
C.ACK
D.Query
AnswerC

ACK packets are used to acknowledge receipt of reliable EIGRP packets.

Why this answer

EIGRP uses ACK packets, which are hello packets with no data, to acknowledge reliable packets (updates, queries, replies).

1044
Multi-Selectmedium

Which TWO symptoms indicate that syslog messages are not being sent to the remote syslog server? (Choose TWO.)

Select 2 answers
A.The 'show logging' command shows messages in the local buffer.
B.The syslog server receives messages from other devices but not from this router.
C.The 'show log' command returns no output.
D.The 'show logging' output does not list the syslog server IP address under 'Logging to'.
E.Debug output appears on the console but not on the syslog server.
AnswersB, D

This indicates a specific issue with this router's syslog configuration or connectivity.

Why this answer

If syslog messages are not reaching the server, the 'show logging' output will not show the server address as active, and the server will not receive any messages. The 'show logging' command may still show messages in the local buffer. The 'show log' command does not exist.

Debug output on the router does not confirm remote delivery.

1045
MCQhard

A network engineer runs the following command to troubleshoot an EIGRP issue: R1# show ip eigrp topology all-links IP-EIGRP Topology Table for AS 100 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status, s - sia Status P 10.1.1.0/24, 1 successors, FD is 131072 via 10.1.2.2 (131072/130816), GigabitEthernet0/0 via 10.1.3.3 (131328/131072), GigabitEthernet0/1 P 10.2.2.0/24, 1 successors, FD is 131072 via 10.1.2.2 (131072/130816), GigabitEthernet0/0 A 10.3.3.0/24, 0 successors, FD is Infinity via 10.1.2.2 (4294967295/4294967295), GigabitEthernet0/0 via 10.1.3.3 (4294967295/4294967295), GigabitEthernet0/1 What does this output indicate?

A.The route 10.3.3.0/24 is stuck-in-active because replies have not been received from all neighbors.
B.The route 10.3.3.0/24 is passive and has two feasible successors.
C.The route 10.3.3.0/24 is learned via both neighbors with equal metrics.
D.The route 10.3.3.0/24 is installed in the routing table via both neighbors.
AnswerA

The Active state with FD Infinity and no successors indicates EIGRP is waiting for replies, which can lead to a stuck-in-active condition if not resolved.

Why this answer

The route 10.3.3.0/24 is in Active state with no successors and FD set to Infinity, meaning EIGRP is actively querying neighbors for this route and has not yet received a reply. The metric of 4294967295 indicates an unreachable route.

1046
MCQmedium

A network engineer runs the following command to troubleshoot a Route Redistribution issue: R1# debug ip routing And sees the following output: *Mar 1 00:12:34.567: RT: add 192.168.10.0/24 via 10.1.1.2, ospf metric [110/20] *Mar 1 00:12:34.568: RT: add 192.168.10.0/24 via 10.2.2.2, eigrp metric [90/156160] *Mar 1 00:12:34.569: RT: better route for 192.168.10.0/24 via 10.1.1.2, ospf metric [110/20] *Mar 1 00:12:34.570: RT: add 192.168.10.0/24 to rib via 10.1.1.2, ospf metric [110/20] What does this output indicate?

A.OSPF route is preferred over EIGRP because OSPF has a lower metric.
B.EIGRP route is preferred because it has a lower administrative distance.
C.OSPF route is being installed in the routing table because the EIGRP route may have been withdrawn or not learned.
D.Both routes are installed in the routing table for load balancing.
AnswerC

The debug shows OSPF route being added to RIB. The EIGRP route is considered but not installed, likely because it was withdrawn or not valid. The router compares and selects the OSPF route.

Why this answer

The debug ip routing output shows the routing table process comparing routes from different sources. OSPF has administrative distance 110 and EIGRP has 90, so EIGRP is preferred by default. However, the output shows OSPF being chosen, indicating that the EIGRP route might have been removed or the OSPF route is being redistributed with a lower distance or the EIGRP route is not installed due to other reasons.

1047
MCQhard

A network engineer runs the following command to troubleshoot a Route Redistribution issue: R1# show ip eigrp topology 192.168.10.0/24 And sees the following output: IP-EIGRP (AS 100): Topology entry for 192.168.10.0/24 State: Passive, Originating, 1 successors, FD is 128256 Routing Descriptor Blocks: 0.0.0.0 (Null0), from 0.0.0.0, Send flag 0x0 Composite metric is (128256/0), Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 5000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 0 What does this output indicate?

A.The route 192.168.10.0/24 is learned from an EIGRP neighbor.
B.The route is a summary route configured on this router.
C.The route is redistributed into EIGRP from another protocol, such as OSPF or BGP.
D.The route is a connected interface that is advertised in EIGRP.
AnswerC

The route is in Passive state, originating, with next hop 0.0.0.0, indicating it is locally injected into EIGRP, typically via redistribution.

Why this answer

The show ip eigrp topology command shows a route that is in Passive state and marked as Originating, with the next hop as 0.0.0.0 (Null0). This indicates that the route is a summary route or a redistributed route that is being originated by this router. The metric 128256 and hop count 0 suggest it is a directly connected or redistributed route.

1048
MCQhard

An engineer configures an EIGRP named mode with an offset-list applied to the delay metric on a serial interface. The offset-list increases the delay by 1000 microseconds. However, the feasible distance (FD) updates correctly, but the advertised distance (AD) does not change. What is the most likely explanation?

A.The offset-list only modifies the FD on the local router, not the AD received from the neighbor.
B.The offset-list is applied to the wrong interface; it should be applied to the neighbor's interface.
C.The named mode EIGRP does not support offset-lists; only classic mode does.
D.The offset-list is configured with the wrong direction; it should be inbound.
AnswerA

Offset-list adjusts the delay locally for the FD, but the AD is the neighbor's reported metric and is not altered by the local offset-list.

Why this answer

The offset-list in EIGRP modifies the composite metric (feasible distance) on the local router by adding delay to the interface where it is applied. However, the advertised distance (AD) is the metric that the neighbor reports for a route; it is received in EIGRP update packets and is not altered by the local router's offset-list. Therefore, only the FD changes, while the AD remains unchanged because it is a value learned from the neighbor.

Exam trap

Cisco often tests the distinction between advertised distance and feasible distance, and the trap here is that candidates assume an offset-list applied to an interface will affect both the local metric and the metric reported to neighbors, when in fact it only affects the local FD calculation.

How to eliminate wrong answers

Option B is wrong because the offset-list is applied to the local router's interface to influence the local metric calculation; applying it to the neighbor's interface would not change the AD received from that neighbor. Option C is wrong because named mode EIGRP fully supports offset-lists; they are configured under the address-family section using the 'offset-list' command. Option D is wrong because the offset-list direction (inbound or outbound) controls which routes are affected, not whether the AD or FD is modified; even with inbound direction, the offset-list still only modifies the local FD, not the AD received from the neighbor.

1049
MCQeasy

A network engineer runs the following command to troubleshoot an Administrative Distance issue: R1# show ip route 10.0.0.0 255.0.0.0 Routing entry for 10.0.0.0/8 Known via "static", distance 1, metric 0 Redistributing via eigrp 100 Last update from 10.1.1.2 on GigabitEthernet0/0, 00:00:05 ago Routing Descriptor Blocks: * 10.1.1.2, from 10.1.1.2, 00:00:05 ago, via GigabitEthernet0/0 Route metric is 0, traffic share count is 1 What does this output indicate?

A.The route is a static route with administrative distance 1, which is the default for static routes pointing to an interface.
B.The route is an EIGRP route with administrative distance 90.
C.The route is being redistributed from EIGRP into static.
D.The route has an administrative distance of 170 because it is external.
AnswerA

Static routes have a default AD of 1.

Why this answer

The output shows a static route with administrative distance 1, which is the default for static routes. This route is being redistributed into EIGRP.

1050
MCQeasy

A network engineer runs the following command to verify Flexible NetFlow record configuration: R1# show flow record FLOW-RECORD-1 flow record FLOW-RECORD-1 match ipv4 source address match ipv4 destination address match ip protocol collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last What does this output indicate?

A.The record collects only packet counts, not byte counts.
B.The record matches on source and destination IP addresses and protocol, and collects byte/packet counters and timestamps.
C.The record does not include any timestamp information.
D.The record matches on TCP flags.
AnswerB

The output clearly shows match statements for ipv4 source address, destination address, and protocol, and collect statements for bytes, packets, and timestamps.

Why this answer

The output shows the definition of a Flexible NetFlow record. It matches on source IP, destination IP, and protocol, and collects byte and packet counters along with timestamps for the first and last packet of the flow.

Page 13

Page 14 of 29

Page 15