Cisco CCNP ENARSI 300-410 (300-410) — Questions 12011275

2152 questions total · 29pages · All types, answers revealed

Page 16

Page 17 of 29

Page 18
1201
MCQeasy

Which IP SLA operation type uses ICMP Echo Request/Reply packets to measure round-trip time?

A.UDP Jitter
B.ICMP Echo
C.TCP Connect
D.HTTP
AnswerB

Correct. ICMP Echo is the IP SLA operation that uses ICMP Echo Request/Reply.

Why this answer

The IP SLA ICMP Echo operation (type 1) uses ICMP Echo Request and Echo Reply messages to measure network latency and availability.

1202
MCQhard

An engineer configures BFD for EIGRP and also applies an offset-list to increase the metric of a route. The BFD session is up, but the route with the offset-list is not being installed in the routing table. The engineer verifies that the offset-list is correctly configured. What is the most likely explanation?

A.The offset-list increased the feasible distance beyond the advertised distance, making the route no longer feasible.
B.The offset-list is applied to the wrong interface, so it does not affect the route.
C.The BFD session is flapping, causing EIGRP to remove the route.
D.The offset-list is using a metric that exceeds the maximum hop count for EIGRP.
AnswerA

Correct. Offset-lists increase the FD, and if the FD exceeds the AD, the route becomes infeasible and is removed from the topology table.

Why this answer

EIGRP offset-lists can increase the metric of a route, but they affect the feasible distance (FD), not the advertised distance (AD). If the offset-list increases the FD such that the route is no longer feasible (i.e., the FD exceeds the AD of the successor), the route may be removed from the topology table. BFD does not interact with offset-lists.

1203
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip sla summary IPSLAs Latest Operation Summary Codes: * active, ^ inactive, ~ pending ID Type Destination Stats Return Code Last 1 icmp-echo 192.168.1.1 RTT=50ms OK 1s ago 2 icmp-echo 192.168.1.2 RTT=2000ms Over threshold 2s ago 3 icmp-echo 192.168.1.3 RTT=100ms OK 3s ago Based on this output, which statement is correct?

A.IP SLA operation 2 has failed because the destination is unreachable.
B.IP SLA operation 2 is experiencing high latency, exceeding the configured threshold.
C.IP SLA operation 1 is not active because it shows 'OK'.
D.IP SLA operation 3 has a pending status.
AnswerB

The return code 'Over threshold' directly indicates that the RTT exceeded the threshold, implying high latency.

Why this answer

The 'Return Code' column shows 'Over threshold' for ID 2, meaning the RTT exceeded the configured threshold. The other operations are OK. This output does not indicate failure or timeout unless the return code says so.

1204
MCQhard

A network engineer runs the following command on switch SW4: SW4# show monitor session 6 Session 6 --------- Type : Local Session Source Ports : Both : Gi0/8, Gi0/9 Destination Ports : Gi0/10 Encapsulation : Native Ingress : Enabled Based on this output, which statement is correct?

A.The SPAN session is configured correctly and will forward traffic received on Gi0/10 into the network.
B.The SPAN session is misconfigured because source ports cannot be monitored in both directions.
C.The SPAN session is using RSPAN because the destination port has ingress enabled.
D.The SPAN session is disabled because the destination port has ingress enabled.
AnswerA

Ingress enabled on the destination port allows traffic received on that port to be forwarded, which is atypical and can cause issues.

Why this answer

This is a local SPAN session with source ports Gi0/8 and Gi0/9, and destination port Gi0/10. The destination port has ingress enabled, which means traffic received on Gi0/10 will be processed and forwarded by the switch. This is unusual because SPAN destination ports typically have ingress disabled to prevent loops and forwarding of mirrored traffic.

This configuration can cause network issues.

1205
MCQhard

A network engineer runs the following command on Router R1: R1# show ip route ospf Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks O 172.16.0.0/24 [110/100] via 172.16.0.2, 00:00:15, Tunnel0 O 172.16.0.0/24 [110/100] via 172.16.0.3, 00:00:10, Tunnel0 Based on this output, what is the problem?

A.OSPF is learning the same subnet from multiple spokes, indicating a misconfiguration.
B.The OSPF cost is 100, which is high.
C.The routes are learned via EIGRP.
D.The tunnel interface is down.
AnswerA

Duplicate routes for the same network via different next hops is problematic.

Why this answer

The output shows OSPF routes for the same network 172.16.0.0/24 via two different next hops (172.16.0.2 and 172.16.0.3). This indicates that OSPF is seeing the same subnet from multiple spokes, which is incorrect because the tunnel network should be unique per spoke. This suggests a misconfiguration where the tunnel IP addresses are overlapping or OSPF is not properly filtering.

1206
MCQeasy

A network engineer is troubleshooting a router that is not generating any syslog messages at all, even for critical events like interface flaps. The 'show logging' output shows 'Syslog logging: disabled'. What is the most likely cause?

A.The 'logging on' command is not configured.
B.The logging buffer is full and needs to be cleared.
C.The router has run out of memory to generate syslog messages.
D.The 'logging host' command is missing, so no destination is configured.
AnswerA

Correct because 'logging on' globally enables syslog; without it, no messages are produced.

Why this answer

The 'show logging' output clearly states that syslog logging is disabled. The most common cause is that the global 'logging on' command is missing from the configuration. Without this command, no syslog messages are generated or sent to any destination.

1207
MCQmedium

What is the default logging severity level for messages sent to the console in Cisco IOS-XE?

A.Level 0 (emergencies)
B.Level 7 (debugging)
C.Level 5 (notifications)
D.Level 4 (warnings)
AnswerB

The default console logging severity is level 7, meaning all messages from emergencies through debugging are displayed.

Why this answer

By default, Cisco IOS-XE logs messages with severity level 7 (debugging) and higher to the console.

1208
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 eigrp neighbors IPv6-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 FE80::A8BB:CCFF:FE00:2 Tunnel0 13 00:23:45 10 200 0 12 1 FE80::A8BB:CCFF:FE00:3 Tunnel1 12 00:22:10 15 200 0 15 Based on this output, which statement is correct?

A.EIGRP is not configured for IPv6.
B.The neighbors are using global unicast addresses.
C.EIGRP for IPv6 adjacencies are established over the tunnels.
D.The tunnels are using GRE encapsulation.
AnswerC

Neighbors are present with uptime and hold time.

Why this answer

The output shows two IPv6 EIGRP neighbors with link-local addresses (FE80::/10) on interfaces Tunnel0 and Tunnel1, and the adjacency is established and exchanging routes (Seq Num increasing). This confirms that EIGRP for IPv6 adjacencies are formed over these tunnel interfaces, making option C correct.

Exam trap

Cisco often tests the misconception that EIGRP for IPv6 uses global unicast addresses for neighbor adjacencies, but the output clearly shows link-local addresses, and candidates may incorrectly assume the tunnels must be GRE without evidence from the command output.

How to eliminate wrong answers

Option A is wrong because the command 'show ipv6 eigrp neighbors' successfully displays neighbor entries, which proves EIGRP for IPv6 is configured and operational on the process 100. Option B is wrong because the neighbor addresses shown are link-local addresses (FE80::/10), not global unicast addresses; EIGRP for IPv6 always uses link-local addresses for neighbor adjacencies. Option D is wrong because the output does not provide any information about the encapsulation type (GRE, IPsec, or other); the tunnels could be using any IPv6 tunneling technique, and GRE is not confirmed by this output.

1209
MCQmedium

Refer to the following partial configuration: logging console informational logging monitor debugging logging trap errors logging buffered 4096 Which statement is true about the logging levels?

A.The console receives messages of severity 0 through 6.
B.The monitor receives messages of severity 0 through 6.
C.The syslog server receives messages of severity 0 through 7.
D.The buffer stores messages of severity 0 through 6.
AnswerA

Console level 'informational' includes severities 0-6 (emergency through informational).

Why this answer

Logging levels: emergencies (0), alerts (1), critical (2), errors (3), warnings (4), notifications (5), informational (6), debugging (7). The trap level 'errors' means only messages severity 0-3 are sent to syslog servers. Console 'informational' means 0-6.

Monitor 'debugging' means 0-7. Buffer defaults to debugging if not specified, but here it is set to 4096 bytes without a level, so it defaults to debugging.

1210
MCQhard

An engineer is troubleshooting an EIGRP issue where a router is not forming an adjacency with a neighbor over a Frame Relay point-to-point subinterface. The physical interface is up/up, and the subinterface is configured with an IP address. The engineer checks the EIGRP configuration and sees that the network statement includes the subnet of the subinterface. What is the most likely cause of the adjacency failure?

A.The subinterface is not configured with the 'frame-relay interface-dlci' command.
B.The subinterface is configured as multipoint instead of point-to-point.
C.The EIGRP hello timer is set to 0 on the subinterface.
D.The IP address on the subinterface is not in the same subnet as the neighbor.
AnswerB

Correct because multipoint subinterfaces require additional configuration (like 'frame-relay map' for multicast) to support EIGRP, while point-to-point subinterfaces work with multicast by default.

Why this answer

On Frame Relay point-to-point subinterfaces, the default interface type is non-broadcast, and EIGRP by default uses multicast hellos. If the interface is not configured as a point-to-point type, or if the multicast capability is not enabled, EIGRP will not send hellos, and adjacency will not form.

1211
MCQmedium

Router R4 has the following configuration: ``` interface GigabitEthernet0/5 ip address 10.4.4.4 255.255.255.0 ip policy route-map PBR-DEFAULT ! route-map PBR-DEFAULT permit 10 set ip default next-hop 192.168.3.1 ``` What is the effect of this configuration?

A.All packets received on G0/5 are forwarded to 192.168.3.1 if they do not have a route in the routing table.
B.All packets received on G0/5 are forwarded to 192.168.3.1 regardless of the routing table.
C.The route-map is missing a match statement, so it does nothing.
D.The configuration is invalid because 'set ip default next-hop' requires an ACL.
AnswerA

Default next-hop applies only when the routing table has no route for the destination.

Why this answer

The 'set ip default next-hop' command is used for packets that do not match any explicit route in the routing table. It does not affect packets that have a matching route.

1212
MCQmedium

A network engineer runs the following command on router R4: R4# show monitor session 9 Session 9 --------- Type : ERSPAN Source Session Status : Admin Disabled Source Ports : Both : Gi0/2 Destination IP : 192.168.2.20 Origin IP : 10.0.0.3 ERSPAN ID : 200 Based on this output, which statement is correct?

A.The ERSPAN session is configured but not currently active because it is administratively disabled.
B.The ERSPAN session is actively mirroring traffic from Gi0/2 to 192.168.2.20.
C.The ERSPAN session is using RSPAN because the status is disabled.
D.The ERSPAN session is misconfigured because the origin IP is missing.
AnswerA

The status 'Admin Disabled' indicates the session is not active.

Why this answer

This is an ERSPAN source session that is administratively disabled. The configuration is present but not active. To enable it, the engineer must use the 'no shutdown' command under the session configuration.

1213
MCQmedium

What is the default timer value for the EEM environment variable 'timer watchdog'?

A.30 seconds
B.60 seconds
C.120 seconds
D.180 seconds
AnswerB

The default watchdog timer is 60 seconds, configurable via 'event timer watchdog'.

Why this answer

The default watchdog timer is 60 seconds; it monitors the EEM policy execution and resets if exceeded.

1214
MCQmedium

A network engineer runs the following command to troubleshoot an IPsec Site-to-Site VPN issue: R1# debug crypto isakmp *Mar 1 00:01:23.456: ISAKMP (0:0): received packet from 192.168.1.2 dport 500 sport 500 Global (N) NEW SA *Mar 1 00:01:23.457: ISAKMP: Created a peer struct for 192.168.1.2, peer port 500 *Mar 1 00:01:23.457: ISAKMP: New peer created peer = 0x12345678 peer_handle = 0x80000001 *Mar 1 00:01:23.457: ISAKMP: Locking peer struct 0x12345678, refcount 1 for crypto_isakmp_process_block *Mar 1 00:01:23.457: ISAKMP (0:0): SA request profile is (default) *Mar 1 00:01:23.457: ISAKMP: local port 500, remote port 500 *Mar 1 00:01:23.458: ISAKMP (0:0): found peer pre-shared-key matching 192.168.1.2 *Mar 1 00:01:23.458: ISAKMP (0:0): constructed NAT-T vendor ID *Mar 1 00:01:23.458: ISAKMP (0:0): sending packet to 192.168.1.2 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 00:01:23.458: ISAKMP (0:0): received packet from 192.168.1.2 dport 500 sport 500 Global (I) MM_NO_STATE *Mar 1 00:01:23.459: ISAKMP (0:0): processing SA payload. message ID = 0 *Mar 1 00:01:23.459: ISAKMP (0:0): Checking ISAKMP transform 1 against priority 1 policy *Mar 1 00:01:23.459: ISAKMP: encryption DES-CBC *Mar 1 00:01:23.459: ISAKMP: hash SHA *Mar 1 00:01:23.459: ISAKMP: default group 2 *Mar 1 00:01:23.459: ISAKMP: auth pre-share *Mar 1 00:01:23.459: ISAKMP (0:0): atts are not acceptable. Next transforms are not acceptable *Mar 1 00:01:23.460: ISAKMP (0:0): no offers accepted! What does this output indicate?

A.The ISAKMP SA is established successfully using pre-shared key authentication.
B.The ISAKMP transform set proposal is rejected due to a mismatch in encryption, hash, or DH group between peers.
C.The router is receiving the packet from an incorrect source IP address.
D.The router is unable to find a pre-shared key for the peer.
AnswerB

The output clearly states 'atts are not acceptable' and 'no offers accepted', which means the proposed transform does not match the local policy.

Why this answer

The debug output shows that the router received an ISAKMP proposal from the peer (192.168.1.2) and checked it against its own configured policy. The line 'atts are not acceptable' followed by 'no offers accepted' indicates that the transform set attributes (encryption DES-CBC, hash SHA, DH group 2) did not match any of the router's ISAKMP policies. This is a classic proposal mismatch, preventing the ISAKMP SA from being established.

Exam trap

Cisco often tests the distinction between a pre-shared key mismatch (which would show 'no pre-shared key found') and a transform set mismatch (which shows 'atts are not acceptable'), leading candidates to incorrectly blame the PSK when the actual issue is the encryption/hash/DH group.

How to eliminate wrong answers

Option A is wrong because the debug clearly shows 'no offers accepted', meaning the ISAKMP SA was not established; successful establishment would show 'ISAKMP (0:0): SA has been created' or similar. Option C is wrong because the router correctly identifies the source IP as 192.168.1.2 and processes the packet; there is no indication of an incorrect source IP. Option D is wrong because the debug explicitly states 'found peer pre-shared-key matching 192.168.1.2', so the pre-shared key is present and matched.

1215
MCQhard

R1 and R2 are EIGRP neighbors with BFD enabled. R1#show ip eigrp neighbors shows R2 in state 'Init' for BFD. R1#show bfd neighbors shows the session as 'Up'. R2#show bfd neighbors shows the session as 'Up'. R1 has 'eigrp stub' configured. R2 does not. What is the root cause?

A.The EIGRP stub configuration on R1 prevents full adjacency, but BFD is unaffected.
B.BFD requires 'eigrp stub' to be removed.
C.The BFD interval on R1 is too low for EIGRP.
D.EIGRP must be configured with 'no eigrp stub' for BFD to work.
AnswerA

EIGRP stub does not affect BFD; the BFD session is up, but EIGRP adjacency is in Init due to stub behavior.

Why this answer

EIGRP stub routers can form BFD sessions but the EIGRP adjacency may remain in Init state if the stub router is not configured correctly. However, BFD session is up, so the issue is with EIGRP itself. The stub router may be blocking queries, but that does not affect BFD.

The real issue is that R1 has 'eigrp stub' but is missing the 'receive-only' keyword, causing it to not advertise routes, but BFD is fine. The BFD session is up, so the problem is EIGRP, not BFD.

1216
MCQhard

Two OSPF domains are redistributed into each other on router R1. R1 has: router ospf 1 redistribute ospf 2 subnets router ospf 2 redistribute ospf 1 subnets Router R2 (in OSPF 1) shows: R2# show ip route ospf O E2 10.1.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 O E2 10.2.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 R2# traceroute 10.1.1.1 source 10.2.1.2 Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.2.1.1 4 msec 4 msec 4 msec 2 10.1.1.1 8 msec 8 msec 8 msec R2# traceroute 10.2.1.1 source 10.1.1.2 Type escape sequence to abort. Tracing the route to 10.2.1.1 1 10.1.1.1 4 msec 4 msec 4 msec 2 10.2.1.1 8 msec 8 msec 8 msec Traffic between the two domains is taking suboptimal paths. What is the root cause?

A.The redistribution is mutual without any route filtering, causing routing loops.
B.The 'subnets' keyword is missing from one of the redistribute commands.
C.OSPF administrative distance is set incorrectly, preferring external routes.
D.R1 has a routing table entry for 10.1.1.0/24 pointing to R2.
AnswerA

Routes from OSPF 1 are redistributed into OSPF 2 and then back into OSPF 1, creating a loop.

Why this answer

Mutual redistribution without route filtering creates a routing loop. Routes from OSPF 1 are redistributed into OSPF 2, and then back into OSPF 1, causing suboptimal paths. The traceroute shows traffic going through R1 twice.

The fix is to use route tagging and filtering to prevent re-redistribution.

1217
MCQmedium

A network engineer runs the following command on Router R1: R1# show flow exporter EXPORTER-1 Flow Exporter EXPORTER-1: Description: Exports to collector Export protocol: NetFlow Version 9 Transport Configuration: Destination IP address: 192.168.1.100 Source IP address: 10.0.0.1 Transport Protocol: UDP Destination Port: 2055 Source Port: 0 Collector Configuration: VRFs: Default Options Configuration: Sampler: Not configured Export Statistics: Number of Flows exported: 0 Number of Packets exported: 0 Number of Source IP address unreachable: 0 Number of Packets dropped: 0 Based on this output, what is the most likely reason that no flows are being exported?

A.The destination port is incorrect; NetFlow version 9 requires port 9996.
B.The flow exporter is not referenced in any flow monitor applied to an interface.
C.The source IP address is not reachable from the destination.
D.The sampler is not configured, causing all packets to be dropped.
AnswerB

The exporter statistics show no flows exported, but no errors, meaning the exporter is idle. This typically occurs when no flow monitor using this exporter is applied to an interface.

Why this answer

The output shows 0 flows exported, but no errors. This often indicates that the flow monitor is not applied to an interface or the exporter is not referenced in a flow monitor. The exporter itself is configured correctly with a valid destination.

1218
MCQhard

A VRF-aware network has two VRFs: VRF A and VRF B. Router R1 is configured with VRF A and VRF B, and route leaking is configured between them using route-replicate. Routes from VRF A are appearing in VRF B, but traffic from VRF B to destinations in VRF A is failing. R1's configuration: ip route vrf A 10.10.10.0 255.255.255.0 192.168.1.1, and route-replicate from VRF A to VRF B. Show ip route vrf B shows the route 10.10.10.0/24 with next-hop 192.168.1.1. However, ping from a device in VRF B to 10.10.10.1 fails. What is the root cause?

A.The next-hop 192.168.1.1 is not reachable in VRF B because it belongs to VRF A; route leaking does not update the next-hop, causing recursive routing failure.
B.The route-replicate command requires a route-map to change the next-hop.
C.The VRF B has a default route that is conflicting with the leaked route.
D.The interface connected to 192.168.1.1 is not in VRF B, so the packet is dropped by CEF due to VRF mismatch.
AnswerA, D

The route is installed but the next-hop is not in VRF B, so the packet cannot be forwarded.

Why this answer

When route-replicate copies a route from VRF A to VRF B, it does not change the next-hop address. The next-hop 192.168.1.1 remains in VRF A's routing table and is not reachable within VRF B. As a result, when VRF B tries to forward traffic to 10.10.10.0/24, the recursive lookup for 192.168.1.1 fails because that next-hop is not present in VRF B's routing table, causing the ping to fail.

Exam trap

Cisco often tests the misconception that route leaking automatically adjusts the next-hop, when in fact the next-hop remains unchanged and must be reachable in the destination VRF for traffic to succeed.

How to eliminate wrong answers

Option B is wrong because route-replicate does not require a route-map to change the next-hop; a route-map can optionally be used to modify attributes, but it is not mandatory for basic route leaking. Option C is wrong because a conflicting default route in VRF B would not specifically cause failure for the leaked 10.10.10.0/24 route; the issue is the unreachable next-hop, not a routing conflict. Option D is wrong because the packet is not dropped by CEF due to VRF mismatch; CEF forwards based on the routing table of the ingress VRF, and the problem is that the next-hop is not reachable in VRF B, not that the interface is missing from VRF B.

1219
MCQmedium

A network engineer runs the following command to troubleshoot an IP SLA issue: R1# show ip sla statistics 10 detail Round Trip Time (RTT) for Index 10 Latest RTT: 12 ms Latest RTT (milliseconds): 12 Latest RTT (microseconds): 12000 Last operation start time: 12:34:56.789 UTC Mon Mar 1 2021 Last operation return code: OK Number of successes: 100 Number of failures: 0 Operation time to live: Forever Last operation response time: 12 ms Latest operation start time: 12:34:56.789 UTC Mon Mar 1 2021 Latest operation return code: OK Over thresholds occurred: FALSE Threshold (milliseconds): 5000 RTT Values: RTTAvg: 12 RTTMin: 10 RTTMax: 15 RTTNum: 100 RTTStdDev: 1 What does this output indicate?

A.The IP SLA operation has high jitter because the RTT standard deviation is 1 ms.
B.The IP SLA operation is experiencing packet loss because the number of failures is 0.
C.The IP SLA operation shows stable performance with low jitter and no threshold violations.
D.The IP SLA operation has exceeded the threshold because the RTTMax is 15 ms.
AnswerC

The low standard deviation and 'Over thresholds occurred: FALSE' confirm stability.

Why this answer

This detailed output shows RTT statistics including average, minimum, maximum, and standard deviation. The low standard deviation (1 ms) and no thresholds exceeded indicate stable performance.

1220
MCQhard

A network engineer runs the following command on Router R1: R1# show event manager policy registered No. Type Time Created Name 1 applet 00:01:23 UTC Mar 1 2025 BGP_Neighbor_Down R1# show bgp neighbors 192.168.1.2 BGP neighbor is 192.168.1.2, remote AS 65002, external link BGP version 4, remote router ID 10.0.0.2 BGP state = Idle Last read 00:00:05, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable Based on this output, what is the most likely conclusion?

A.The BGP neighbor is up and running.
B.The BGP neighbor is down, and the EEM policy may have been triggered.
C.The EEM policy is not registered.
D.The BGP session is established.
AnswerB

The Idle state indicates the session is down, which would likely trigger the BGP_Neighbor_Down event.

Why this answer

The EEM policy BGP_Neighbor_Down is registered, and the BGP neighbor is in Idle state, indicating the session is down. The correct answer is that the BGP neighbor is down, and the EEM policy may have been triggered.

1221
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface. After the configuration, legitimate traffic from a customer network is being dropped. The engineer confirms that the route for the customer subnet exists in the routing table and points to the correct interface. What is the most likely explanation?

A.Asymmetric routing is in use, and the return route for the source IP points to a different interface.
B.The 'allow-default' option is not enabled, so default routes are not considered.
C.The 'ip verify unicast source reachable-via any' command was used instead of 'rx'
D.The customer subnet is a summary route, and the more specific route is missing.
AnswerA

Strict uRPF requires that the best route to the source IP address points back to the same interface on which the packet was received. If asymmetric routing is present, the return path may be via a different interface, causing strict uRPF to drop the packet.

Why this answer

Strict uRPF checks that the source IP address of an incoming packet has a route in the routing table that points back to the same interface. If the customer network uses asymmetric routing (i.e., traffic comes in one interface but the return route points out a different interface), strict uRPF will drop the traffic. The edge case is that even if the route exists, if it does not point to the incoming interface, the packet is dropped.

1222
MCQmedium

Which OSPF network type defaults to a hello interval of 30 seconds and a dead interval of 120 seconds on Cisco IOS?

A.Broadcast
B.Point-to-point
C.Non-Broadcast (NBMA)
D.Point-to-multipoint
AnswerC

Correct. NBMA network type defaults to hello interval 30 seconds and dead interval 120 seconds.

Why this answer

The Non-Broadcast Multi-Access (NBMA) network type uses a default hello interval of 30 seconds and a dead interval of 120 seconds, as per Cisco implementation.

1223
MCQeasy

A network engineer runs the following command to troubleshoot an EIGRP issue: R1# show ip eigrp traffic IP-EIGRP Traffic Statistics for process 100 Hellos sent/received: 500/495 Updates sent/received: 10/8 Queries sent/received: 2/1 Replies sent/received: 1/2 Acks sent/received: 8/10 Input queue high water mark: 2, Input queue depth: 0 Total packets sent: 521, received: 516 What does this output indicate?

A.The network is experiencing a high number of queries, indicating instability.
B.The EIGRP process is functioning normally with no signs of congestion or issues.
C.There is a problem with packet loss because more hellos were sent than received.
D.The router is not receiving acknowledgments for its updates.
AnswerB

The traffic statistics are balanced and the input queue is empty, indicating normal operation.

Why this answer

The output shows EIGRP traffic statistics. The number of queries and replies is low, indicating a stable network. The input queue depth is 0, meaning no packets are queued.

This is normal operation.

1224
Multi-Selectmedium

Which THREE symptoms indicate that IPv6 First Hop Security features are misconfigured or not functioning correctly? (Choose THREE.)

Select 3 answers
A.IPv6 hosts on a segment are unable to obtain a global unicast address via SLAAC, even though a legitimate router is present.
B.A newly connected switch causes existing hosts to lose IPv6 connectivity to the default gateway.
C.Hosts on a VLAN receive Router Advertisements but do not update their default gateway.
D.IPv6 pings between two hosts on the same VLAN succeed, but pings to the router fail.
E.The switch logs show frequent 'IPv6 address collision' messages.
AnswersA, B, C

This could be due to RA Guard blocking the router's Router Advertisements, preventing SLAAC.

Why this answer

These three symptoms are direct indicators of FHS issues: devices failing to obtain addresses suggests DHCPv6 Guard blocking, connectivity loss after a new switch suggests ND Inspection or Source Guard issues, and RA Guard misconfiguration can cause hosts to ignore RAs. The other options are not specific to FHS or are normal behavior.

1225
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip eigrp interfaces detail Gi0/0 EIGRP-IPv4 Interfaces for AS(100) Interface: GigabitEthernet0/0 Peers: 1 Xmit Queue Un/Reliable: 0/0 Mean SRTT: 12 Pacing Time Un/Reliable: 0/10 Multicast Flow Timer: 50 Pending Routes: 0 Hello interval: 5 Hold time: 15 Split horizon: Enabled Next multicast: 0.0.0.0 Next broadcast: 0.0.0.0 Based on this output, what is the problem?

A.Split horizon is enabled, which is a normal and expected configuration.
B.Split horizon is disabled, which could cause routing loops.
C.The hold time of 15 seconds is too short and may cause instability.
D.The interface has no peers, indicating a problem.
AnswerA

Split horizon is enabled by default on EIGRP interfaces and helps prevent routing loops.

Why this answer

The detail output shows split horizon is enabled on the interface. Split horizon is a loop prevention mechanism that prevents routes from being advertised out the interface they were learned on. This is normal and expected.

There is no problem.

1226
Multi-Selectmedium

Which THREE symptoms indicate a potential issue with NHRP registration in a DMVPN network? (Choose THREE.)

Select 3 answers
A.The spoke router does not receive an NHRP Registration Reply from the hub.
B.The hub router's NHRP cache does not contain an entry for the spoke.
C.The spoke router's tunnel interface shows 'UP/UP' but NHRP registration status is 'NOT REGISTERED'.
D.The spoke router's tunnel interface shows 'UP/DOWN'.
E.The spoke router's routing table shows routes learned from the hub.
AnswersA, B, C

This indicates that the registration request failed, possibly due to authentication mismatch or reachability issues.

Why this answer

Common symptoms of NHRP registration problems include the spoke not receiving a registration reply from the hub, the spoke not appearing in the hub's NHRP cache, and the spoke's tunnel interface showing a status of 'UP/UP' but the NHRP registration being 'NOT REGISTERED'. The other options are not direct symptoms of NHRP registration issues.

1227
Drag & Dropmedium

Drag and drop the steps to verify and validate IPv6 traffic filtering and uRPF operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Validation begins with checking the uRPF configuration on the interface, then verifying the interface status, inspecting uRPF statistics, testing connectivity with ping, and finally confirming the routing table for expected routes.

1228
MCQmedium

A network engineer runs the following command on Router PE7: PE7# show bgp vpnv4 unicast vrf CUSTOMER_E labels Network Next Hop In Label/Out Label 10.10.10.0/24 10.0.0.8 18/22 10.20.20.0/24 10.0.0.9 19/23 Based on this output, which statement is correct?

A.The router is correctly assigning labels for VPNv4 routes.
B.The router is not receiving labels from its BGP peers.
C.The VRF CUSTOMER_E has no routes.
D.The label allocation is failing.
AnswerA

Both entries have valid incoming and outgoing labels.

Why this answer

The show bgp vpnv4 unicast vrf labels command displays the label bindings for VPNv4 routes in a VRF. Each entry shows the incoming label (assigned locally) and outgoing label (assigned by the next hop). The output shows correct label assignments for two prefixes.

1229
MCQmedium

A network engineer is troubleshooting OSPFv2 route redistribution. R1 is an ASBR redistributing static routes into OSPF. R2, an internal router, receives the redistributed routes but they appear as O E2 routes. However, R1 also has a directly connected network 10.1.1.0/24 that is not being advertised as an OSPF route. 'show ip ospf database external' on R2 shows the redistributed static routes but not the connected network. What is the most likely cause?

A.The connected network is not included in the redistribution because the engineer used 'redistribute static' without the 'subnets' keyword.
B.The connected network is not being advertised because it is not part of the OSPF process; the engineer must configure 'network 10.1.1.0 0.0.0.255 area 0' under router ospf.
C.The ASBR is missing the 'redistribute connected' command under the OSPF process.
D.The connected network is a loopback interface, and OSPF does not advertise loopback networks by default.
AnswerC

Without 'redistribute connected', the directly connected network is not advertised into OSPF, even if the interface is enabled for OSPF (which it may not be).

Why this answer

By default, OSPF does not redistribute connected routes unless explicitly configured. The ASBR must use the 'redistribute connected' command under the OSPF process to advertise directly connected networks. The static routes are being redistributed because they are matched by the 'redistribute static' command, but the connected network is not part of the static route set unless it is also a static route.

The engineer likely forgot to add 'redistribute connected' or use the 'subnets' keyword.

1230
Multi-Selecthard

Which THREE symptoms indicate that a route-map applied to a redistribution configuration is not working as intended? (Choose THREE.)

Select 3 answers
A.Routes that should be filtered are still present in the routing table of the receiving router.
B.Routes that are redistributed have an incorrect metric or metric type.
C.After modifying the route-map, the redistributed routes do not change until the route-map is reapplied or the routing process is cleared.
D.Routes have the correct next-hop but an incorrect administrative distance.
E.Routes appear in the routing table with the correct attributes as defined in the route-map.
AnswersA, B, C

This indicates the route-map is not denying the intended routes.

Why this answer

Common symptoms of misconfigured route-maps include missing routes in the routing table, routes with wrong metrics, and no change after modifying the route-map (due to route-map caching or not reapplying). Routes with correct next hops but wrong administrative distance usually indicate a different issue. Routes appearing in the routing table with correct attributes suggest the route-map is working.

1231
MCQmedium

Examine the following partial configuration on a PE router: interface GigabitEthernet0/1 ip vrf forwarding CUSTOMER-A ip address 10.1.1.1 255.255.255.252 ! router bgp 65000 neighbor 192.168.1.1 remote-as 65000 neighbor 192.168.1.1 update-source Loopback0 ! address-family ipv4 vrf CUSTOMER-A neighbor 10.1.1.2 remote-as 65001 neighbor 10.1.1.2 activate exit-address-family What is the effect of this configuration?

A.The eBGP session between PE and CE will be established successfully.
B.The BGP session will fail because the neighbor must be configured under the global BGP process.
C.The BGP session will fail because the neighbor remote-as must match the AS of the PE router.
D.The BGP session will fail because the update-source is not specified for the VRF neighbor.
AnswerA

The VRF is defined, the interface is in the VRF, and the BGP neighbor is correctly configured under the VRF address-family. The neighbor IP is on the same subnet, so the eBGP session should come up.

Why this answer

The configuration correctly assigns the interface to a VRF, then in BGP the neighbor under the VRF address-family is activated. However, the neighbor is directly connected on a /30 link, so a remote-as of 65001 is valid for an eBGP session. The configuration is correct and will establish an eBGP session with the CE router.

1232
MCQmedium

Which statement correctly describes the behavior of the 'default-information originate' command in OSPF?

A.It always injects a default route into OSPF regardless of the routing table.
B.It injects a default route as a Type 3 LSA.
C.It injects a default route as a Type 5 LSA only if a default route exists in the routing table.
D.It injects a default route as a Type 7 LSA in all OSPF areas.
AnswerC

By default, OSPF requires an existing default route to originate a Type 5 LSA for 0.0.0.0/0.

Why this answer

The 'default-information originate' command in OSPF generates a default route (0.0.0.0/0) as a Type 5 LSA, but only if a default route exists in the routing table, unless the 'always' keyword is used.

1233
Multi-Selecthard

Which TWO statements about the behavior of IPv4 ACLs with the 'established' keyword are true? (Choose TWO.)

Select 1 answer
A.The 'established' keyword matches TCP packets that have the ACK or RST bit set.
B.The 'established' keyword can be applied to extended ACLs for UDP traffic to permit return packets.
C.The 'established' keyword checks the state of the session in the router's state table.
D.The 'established' keyword can be used in both standard and extended ACLs.
E.The 'established' keyword will match a TCP SYN packet sent from a client to initiate a connection.
AnswersA

Correct. The keyword checks for ACK or RST bits, which indicate packets belonging to an existing TCP session.

Why this answer

Option A is correct because the 'established' keyword in an extended IPv4 ACL matches TCP packets that have the ACK or RST bit set. This allows return traffic from an established session to pass through the ACL while blocking initial connection attempts, as a SYN packet alone would not have these bits set.

Exam trap

Cisco often tests the misconception that the 'established' keyword performs stateful inspection or works with UDP, when in reality it is a simple stateless TCP flag check limited to extended ACLs.

1234
MCQmedium

In a CoPP policy, what is the effect of the 'violate-action' parameter in the police command?

A.It specifies the action for packets that exceed the conform rate but are within the excess burst.
B.It specifies the action for packets that exceed both the conform rate and the excess burst.
C.It specifies the action for packets that are below the conform rate.
D.It is only used in two-rate policers and is ignored in single-rate policers.
AnswerB

Correct. The violate-action applies to packets that exceed the excess burst (i.e., violate the token bucket).

Why this answer

The violate-action is used in the three-color policer (single-rate or two-rate) to specify the action for packets that exceed the excess burst. If not configured, the exceed-action is used for violate traffic.

1235
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip sla statistics 2 Round Trip Time (RTT) for Index 2 Latest RTT: No connection Latest RTT (milliseconds): No connection Latest RTT (microseconds): No connection Number of successes: 0 Number of failures: 100 Operation time to live: Forever Output: No connection Based on this output, which statement is correct?

A.The IP SLA operation is working correctly but the RTT is too high to measure.
B.The target device is not responding to ICMP echo requests, or there is a routing problem.
C.The IP SLA operation has been manually disabled.
D.The IP SLA responder is misconfigured on the source router.
AnswerB

'No connection' indicates that the probe failed to reach the target, likely due to unreachability or lack of response.

Why this answer

The output shows 'No connection' for RTT and 'Output: No connection'. This indicates that the IP SLA operation cannot reach the target. The 100 failures confirm this.

This is a clear sign of a connectivity issue.

1236
MCQhard

Management traffic is being dropped. Router R1 has: access-list 100 deny ip any any log, applied to VTY lines. Remote access via SSH fails, but console works. What is the root cause?

A.The ACL should permit SSH before the deny statement.
B.The VTY lines require transport input ssh, but the ACL is irrelevant.
C.The ACL is applied to the wrong interface.
D.The log keyword causes performance issues, not drops.
AnswerA

Without a permit statement for SSH, the deny blocks all traffic.

Why this answer

The ACL `access-list 100 deny ip any any log` applied to VTY lines denies all IP traffic, including SSH, before any permit statement can match. Since SSH traffic is denied, remote access fails. The correct fix is to add a `permit tcp any any eq 22` statement before the deny to allow SSH management traffic.

Exam trap

The trap here is that candidates often think the ACL is applied to an interface (Option C) or that the `log` keyword causes the problem, when in fact the issue is the order of ACL entries—specifically, the missing permit for SSH before the global deny.

How to eliminate wrong answers

Option B is wrong because the VTY lines do require `transport input ssh` for SSH access, but the ACL is directly relevant—it is the cause of the drops, and without a permit for SSH, even with correct transport settings, traffic is denied. Option C is wrong because the ACL is correctly applied to VTY lines (using `access-class`), not to an interface; applying it to an interface would affect transit traffic, not management traffic. Option D is wrong because the `log` keyword does not cause drops; it only generates log messages for matched packets, and the drops are due to the `deny` action itself.

1237
MCQmedium

A network engineer runs the following command on Router R1: R1# show bfd neighbors detail IPv4 Sessions NeighborAddr LD/RD Int State Holdown(mult) Intf 10.1.1.2 1/3 Gi0/0 Up 3000(3) Gi0/0 Session state is UP and using echo function. OurAddr: 10.1.1.1 Handle: 1 Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3 Received MinRxInt: 1000000, Received Multiplier: 3 Holddown (hits): 3000(0) Rx Count: 150, Tx Count: 150 Echo function: Active Based on this output, which statement is correct?

A.The BFD session is using echo mode, which reduces the load on the control plane because echo packets are processed in hardware.
B.The BFD session is using echo mode, but the holddown timer is incorrect because echo mode should halve the timer.
C.The BFD session is up, but the echo function is not working because Rx and Tx counts are equal.
D.The BFD session is up and using echo function, but the neighbor must also have echo mode enabled for it to work.
AnswerA

Echo mode offloads detection to the data plane, reducing control plane processing.

Why this answer

The output shows that the BFD session is up and using echo function. The echo function allows faster failure detection by sending echo packets that are looped back by the neighbor. The holddown timer is 3000 ms, which is consistent with MinRxInt * Multiplier = 3000 ms.

The Rx and Tx counts are equal, indicating bidirectional communication.

1238
MCQmedium

Router R4 has the following configuration: !--- R4 configuration route-map SETTAG permit 10 match tag 100 set tag 200 ! route-map SETTAG permit 20 ! router bgp 65100 neighbor 10.0.0.1 route-map SETTAG in ! What is the effect of this configuration?

A.All routes from neighbor 10.0.0.1 are permitted; routes with tag 100 have their tag changed to 200.
B.Routes with tag 100 are denied; all other routes are permitted.
C.Only routes with tag 100 are permitted; all other routes are denied.
D.The route-map is misconfigured because sequence 20 has no match statement; it should have a match any statement.
AnswerA

Correct. Sequence 10 changes the tag for routes with tag 100; sequence 20 permits all others.

Why this answer

The route-map SETTAG has two permit sequences. Sequence 10 matches routes with tag 100 and sets the tag to 200. Sequence 20 is a catch-all permit with no match or set statements.

Routes from neighbor 10.0.0.1 that have tag 100 will have their tag changed to 200; all other routes are permitted unchanged. No routes are filtered.

1239
MCQeasy

A network engineer runs the following command on Router R1: R1# show route-map TEST route-map TEST, permit, sequence 10 Match clauses: ip address (access-lists): 10 Set clauses: metric 50 route-map TEST, deny, sequence 20 Match clauses: ip address (access-lists): 20 Set clauses: Based on this output, what is the effect of this route-map when applied to a redistribution command?

A.All routes are redistributed with metric 50.
B.Routes matching ACL 10 are redistributed with metric 50; routes matching ACL 20 are denied; all other routes are also denied.
C.Routes matching ACL 20 are redistributed with default metric.
D.The route-map has no effect because set clauses are missing in sequence 20.
AnswerB

This matches the route-map logic.

Why this answer

The route-map has two sequences: sequence 10 permits routes matching ACL 10 and sets metric to 50; sequence 20 denies routes matching ACL 20. Routes not matching any sequence are implicitly denied. The correct answer is that routes matching ACL 10 are redistributed with metric 50, those matching ACL 20 are not redistributed, and all others are also not redistributed.

1240
Multi-Selectmedium

Which TWO configuration steps are required to enable EIGRP authentication between two directly connected routers? (Choose TWO.)

Select 2 answers
A.Configure a key chain with a key string on both routers.
B.Apply the authentication mode and key chain under the EIGRP router process.
C.Use the 'ip authentication mode eigrp <as> md5' command on the connecting interfaces.
D.Set the same autonomous system number in the key chain configuration.
E.Ensure the key chain name is different on each router to prevent conflicts.
AnswersA, C

The key chain defines the authentication key; it must be created globally with at least one key and a key string.

Why this answer

EIGRP authentication requires a key chain with a key string and the authentication mode set to md5 (or hmac-sha-256) on the interface. The key chain must be defined globally, and then the interface configuration references it. The other options are incorrect because authentication is per-interface, not per-process, and the key chain name must match on both sides.

1241
MCQhard

What is the default number of packets sent per IP SLA UDP Jitter operation?

A.1
B.10
C.20
D.100
AnswerB

Correct. The default is 10 packets per operation.

Why this answer

The default number of packets per UDP Jitter operation is 10. This is the number of UDP packets sent in each probe interval to measure jitter and packet loss.

1242
MCQmedium

A network engineer runs the following command on Router R1: R1# show crypto ipsec sa peer 10.1.1.2 interface: Tunnel0 Crypto map tag: VPN-MAP, local addr 10.1.1.1 protected vrf: (none) local ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) current_peer 10.1.1.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 100, #pkts encrypt: 100, #pkts digest: 100 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #send errors 0, #recv errors 0 Based on this output, what is the problem?

A.The tunnel is working correctly; all packets are being encrypted and decrypted.
B.The remote peer is not sending traffic back; check routing on the remote router.
C.The local crypto ACL is misconfigured; it is not matching traffic.
D.The IPsec SA is not established; the tunnel is down.
AnswerB

Outbound packets are being sent but none received; the remote side may not have a route back or the crypto ACL is misconfigured.

Why this answer

The outbound packet count (encaps) is 100, but inbound (decaps) is 0. This suggests that traffic is being sent through the tunnel but no responses are being received, possibly due to a routing issue on the remote side or a firewall blocking return traffic.

1243
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on the outside interface of a router that terminates an IPsec site-to-site VPN. After the configuration, the VPN tunnel establishes, but traffic from the remote site is not forwarded correctly. The engineer verifies that the IPsec tunnel is up and that the routing table has the correct routes. What is the most likely explanation?

A.The IPsec tunnel uses transport mode, which does not encapsulate the original source IP, causing uRPF to see the remote router's physical IP as the source.
B.The return route for the remote site's physical IP points to the tunnel interface, but the packet arrives on the physical interface, so uRPF drops it because the source IP is not reachable via the incoming interface.
C.The uRPF configuration includes the 'allow-default' option, which allows packets with a default route, but the remote site's IP is not in the default route.
D.The IPsec transform set uses ESP with authentication, which changes the source IP of the packet.
AnswerB

Strict uRPF requires that the source IP of the incoming packet has a route back through the same interface. If the route points to the tunnel, the check fails, and the packet is dropped.

Why this answer

In strict mode, uRPF checks that the source IP address of an incoming packet is reachable via the exact interface on which the packet arrived. For IPsec site-to-site VPN traffic, the encapsulated (original) packet arrives on the physical outside interface, but the routing table's return route for the remote site's physical IP (the tunnel endpoint) points to the tunnel interface (e.g., a virtual tunnel interface or crypto map). Because the source IP is not reachable via the physical incoming interface, uRPF drops the packet, even though the IPsec tunnel is up and the routes are correct.

Exam trap

Cisco often tests the subtle interaction between uRPF strict mode and IPsec VPNs, where candidates mistakenly think the tunnel mode or encryption causes the issue, rather than the interface-specific reverse path check.

How to eliminate wrong answers

Option A is wrong because transport mode does not change the source IP of the original packet; it only encapsulates the IP payload, and uRPF checks the original source IP, not the outer IP header. Option C is wrong because the 'allow-default' option permits packets whose source IP matches a default route, but the remote site's IP is typically a specific address, not a default route, and the core issue is interface mismatch, not default route coverage. Option D is wrong because ESP with authentication (ESP auth) does not alter the source IP address of the packet; it only adds an authentication trailer to the ESP payload, leaving the IP header unchanged.

1244
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 10.1.1.1 advertised-routes BGP table version is 10, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.0.0/8 0.0.0.0 0 32768 i *> 10.1.0.0/16 0.0.0.0 0 32768 i *> 10.1.1.0/24 0.0.0.0 0 32768 i *> 10.1.2.0/24 0.0.0.0 0 32768 i Based on this output, what is a problem with the BGP advertisements?

A.The router is not advertising any routes.
B.The router is advertising overlapping prefixes, including both summary and specific routes.
C.The router is only advertising the summary route.
D.The router is using incorrect next-hop.
AnswerB

The presence of 10.0.0.0/8 and more specific prefixes like 10.1.1.0/24 indicates overlapping advertisements, which is inefficient.

Why this answer

The router is advertising both a summary route (10.0.0.0/8) and more specific routes (10.1.0.0/16, 10.1.1.0/24, etc.), which defeats the purpose of summarization and can cause routing loops or suboptimal routing.

1245
MCQmedium

A network engineer is troubleshooting MPLS LDP where the LDP session between two directly connected routers is not forming. The engineer runs show mpls ldp discovery and sees that LDP hellos are being sent and received on the link. However, show mpls ldp neighbor shows no neighbors. What is the most likely cause?

A.The LDP router-id is not reachable via the IGP.
B.The mpls label protocol ldp command is missing globally.
C.The interface is configured with mpls ldp igp sync.
D.The LDP session is using a non-default transport address.
AnswerA

Correct because LDP uses TCP to establish the session, and the router-id must be reachable; if the IGP does not have a route to the peer's LDP router-id, the TCP connection fails.

Why this answer

LDP hellos are exchanged, but the session does not form, indicating a problem with the transport connection. The most common cause is that the routers cannot establish a TCP connection to the LDP transport address, often due to a missing route to the LDP router-id or an ACL blocking TCP port 646.

1246
MCQmedium

A network engineer runs the following command to troubleshoot a Flexible NetFlow issue: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 25 High Watermark: 50 Flows added: 1234 Flows aged: 1209 - Active timeout ( 1800 secs): 100 - Inactive timeout ( 15 secs): 1100 - Event aged: 9 - Watermark aged: 0 - Emergency aged: 0 What does the output indicate?

A.The cache is experiencing watermark aging, indicating memory pressure.
B.Most flows are being aged due to the active timeout, suggesting long-lived flows.
C.The majority of flows are being aged due to the inactive timeout, indicating many short-lived flows.
D.Emergency aging is occurring, which means the cache is full.
AnswerC

1100 out of 1209 aged flows are due to inactive timeout, which is typical for short-lived traffic like DNS or web requests.

Why this answer

The output shows the current state of the Flexible NetFlow cache. The high number of flows aged due to inactive timeout (1100 out of 1209) indicates that most flows are short-lived. The cache is not full (25 out of 1000 entries used), and no watermark or emergency aging has occurred.

This is normal for traffic with many brief connections.

1247
MCQeasy

What is the default OSPF hello interval on a point-to-point serial interface?

A.10 seconds
B.30 seconds
C.40 seconds
D.20 seconds
AnswerA

Correct. Point-to-point and broadcast networks use a 10-second hello interval.

Why this answer

OSPF hello interval defaults are based on the network type. For point-to-point and broadcast networks, the default hello interval is 10 seconds. For NBMA and point-to-multipoint, it is 30 seconds.

1248
MCQmedium

A network engineer is troubleshooting a router that is experiencing intermittent packet loss. The engineer checks the logs and sees that an EEM applet is being triggered frequently. The applet is configured to run a script that modifies the routing table. The engineer suspects the applet is causing the packet loss. What should the engineer do to verify the root cause?

A.Check the EEM applet's script for errors.
B.Use the 'show event manager statistics' command to see how often the applet is triggered.
C.Temporarily disable the EEM applet and monitor the packet loss.
D.Increase the logging level to debug to see more details.
AnswerC

Correct because disabling the applet and observing if packet loss stops confirms the applet as the cause.

Why this answer

To verify if the EEM applet is causing the packet loss, the engineer should temporarily disable the applet and monitor the network for any improvement in packet loss.

1249
Drag & Drophard

Drag and drop the steps to troubleshoot VRF-Lite adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by checking if the VRF is defined correctly with show vrf. Then verify interface assignment to the correct VRF. Next, confirm that the IP address on the interface is in the VRF context.

After that, test basic connectivity with ping using the VRF keyword. Finally, examine routing protocol adjacency status within the VRF.

1250
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip nhrp traffic NHRP Traffic Statistics Sent: 100 requests, 50 replies Received: 50 requests, 100 replies Based on this output, what is the problem?

A.There is a mismatch between sent requests and received replies, indicating packet loss.
B.The router is receiving more replies than requests.
C.The NHRP process is functioning normally.
D.The router is configured as a hub.
AnswerA

100 requests sent vs 50 replies received shows loss.

Why this answer

The output shows NHRP traffic statistics. The router sent 100 requests but received only 50 replies, indicating that half of the requests are not being answered. This could be due to network issues, misconfiguration, or packet loss.

1251
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 nd raguard policy Interface Policy Role State Gi0/0/0 RA_GUARD router ACTIVE Gi0/0/1 RA_GUARD host ACTIVE Gi0/0/2 (default) host ACTIVE Based on this output, which statement is correct?

A.Interface Gi0/0/0 is allowed to send Router Advertisements.
B.Interface Gi0/0/1 is allowed to send Router Advertisements.
C.Interface Gi0/0/2 is allowed to send Router Advertisements.
D.All interfaces are blocked from sending Router Advertisements.
AnswerA

Role 'router' under RA guard permits sending RAs.

Why this answer

The output shows that Gi0/0/0 is configured with role 'router' under the RA_GUARD policy, meaning it is trusted to send Router Advertisements. Gi0/0/1 and Gi0/0/2 have role 'host', meaning they are not allowed to send RAs. The default policy on Gi0/0/2 still blocks RAs from that interface.

1252
MCQeasy

A network engineer runs the following command to troubleshoot an IPsec Site-to-Site VPN issue: R1# show crypto isakmp sa detail IPv4 Crypto ISAKMP SA C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap. 1001 192.168.1.1 192.168.2.2 ACTIVE des sha pre 2 23:59:21 1002 192.168.1.1 192.168.2.2 ACTIVE 3des sha pre 2 23:58:15 IPv6 Crypto ISAKMP SA What does this output indicate?

A.The IPsec VPN is functioning correctly with two redundant ISAKMP SAs.
B.There are two active ISAKMP SAs between the peers, which suggests a configuration error such as multiple ISAKMP policies or aggressive mode issues.
C.The ISAKMP SA is using DES encryption, which is weak and should be upgraded.
D.The ISAKMP SA lifetime is about 24 hours, which is the default.
AnswerB

Having two SAs is abnormal; it often results from misconfigured policies or aggressive mode causing duplicate SAs.

Why this answer

The output shows two active ISAKMP SAs between the same peers (192.168.1.1 and 192.168.2.2) with different encryption algorithms (DES and 3DES). Under normal operation, only one ISAKMP SA should exist per peer pair. Having multiple SAs indicates a configuration error, such as multiple ISAKMP policies that both match, or aggressive mode causing duplicate SAs.

This is not a sign of redundancy; ISAKMP SAs are not redundant by design.

Exam trap

Cisco often tests the misconception that multiple active ISAKMP SAs between the same peers are normal or provide redundancy, when in fact they indicate a configuration error that can break the VPN tunnel.

How to eliminate wrong answers

Option A is wrong because ISAKMP SAs are not designed for redundancy; having two active SAs between the same peers indicates a misconfiguration, not a functional redundancy feature. Option C is wrong because while DES is indeed weak, the output shows both DES and 3DES SAs, and the question asks what the output indicates—the core issue is the duplicate SAs, not the encryption strength. Option D is wrong because the lifetimes shown (23:59:21 and 23:58:15) are close to 24 hours, which is the default for ISAKMP, but this is not the key finding; the presence of two SAs is the abnormal condition.

1253
MCQmedium

A network engineer runs the following command on Router R1: R1# show bgp summary BGP router identifier 10.1.1.1, local AS number 65001 BGP table version is 15, main routing table version 15 2 network entries using 288 bytes of memory 2 path entries using 160 bytes of memory 2/1 BGP path/bestpath attribute entries using 288 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 736 total bytes of memory BGP activity 4/2 prefixes, 4/2 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.12.2 4 65002 1023 1047 15 0 0 00:12:34 0 192.168.1.2 4 65003 0 0 0 0 0 never Active Based on this output, what is the problem with the BGP session to 192.168.1.2?

A.The neighbor 192.168.1.2 is not reachable.
B.The neighbor 192.168.1.2 is in Idle state due to a misconfigured AS number.
C.The BGP session to 192.168.1.2 has never been established and is in Active state, likely due to a lack of TCP connectivity.
D.The BGP session to 192.168.1.2 is established but not exchanging prefixes.
AnswerC

Active state with 'never' uptime indicates the session has never come up, and R1 is actively trying to initiate the TCP connection.

Why this answer

The neighbor 192.168.1.2 is in Active state, meaning R1 is trying to establish a TCP connection but is not receiving a response. This could be due to reachability issues, incorrect AS number, or ACL blocking. The session has never been up (Up/Down: never).

1254
MCQmedium

Which OSPF LSA type is used to advertise external routes and is flooded throughout the entire OSPF domain?

A.Type 1 (Router LSA)
B.Type 3 (Summary LSA)
C.Type 4 (ASBR Summary LSA)
D.Type 5 (AS-external LSA)
AnswerD

Correct. Type 5 LSAs are flooded throughout the entire OSPF domain (except stub areas) and advertise external routes.

Why this answer

Type 5 (AS-external LSA) is correct because it is originated by an ASBR to advertise external routes redistributed into OSPF from another routing domain. These LSAs are flooded throughout the entire OSPF domain, including all areas, and their flooding scope is AS-wide, as defined in RFC 2328.

Exam trap

Cisco often tests the distinction between Type 3 and Type 5 LSAs, where candidates mistakenly think Type 3 LSAs carry external routes because they are also 'summary' LSAs, but Type 3 LSAs only carry inter-area routes, not external routes.

How to eliminate wrong answers

Option A is wrong because Type 1 (Router LSA) describes the state and cost of a router's interfaces within a single area and is flooded only within that area, not the entire OSPF domain. Option B is wrong because Type 3 (Summary LSA) is generated by an ABR to advertise inter-area routes and is flooded only within a single area, not the entire domain. Option C is wrong because Type 4 (ASBR Summary LSA) is also generated by an ABR to advertise the location of an ASBR to other areas, but its flooding scope is limited to a single area, not the entire OSPF domain.

1255
MCQhard

A service provider is using 6rd (IPv6 Rapid Deployment) tunnels to provide IPv6 to customers. Customer router R1 has the following relevant configuration: interface Tunnel0 ipv6 address 2001:DB8:1::1/64 tunnel source 192.0.2.1 tunnel mode ipv6ip 6rd ipv6 6rd prefix 2001:DB8::/32 6rd-br 198.51.100.1. Router R2 (BR) shows: R2# show ipv6 route 2001:DB8:1::/64 % Route not found. What is the root cause?

A.The 6rd prefix on R1 should match the BR's configured 6rd prefix, and the BR must have a route for the customer's delegated prefix.
B.The tunnel mode should be ipv6ip 6rd on both ends, but the BR is missing the 6rd configuration.
C.The customer's IPv4 address is not reachable from the BR.
D.The 6rd prefix length should be /64 instead of /32.
AnswerA

The BR must have a route for the customer's IPv6 prefix, which is derived from the 6rd prefix and the customer's IPv4 address.

Why this answer

The 6rd (IPv6 Rapid Deployment) tunnel requires both the customer router (R1) and the border relay (BR, R2) to agree on the same 6rd prefix. R1 is configured with prefix 2001:DB8::/32, but the BR has no route for the delegated prefix 2001:DB8:1::/64, which is derived from R1's IPv4 address (192.0.2.1) and the 6rd prefix. Without this route in the BR's IPv6 routing table, the BR cannot forward traffic to the customer's 6rd tunnel, causing the 'Route not found' error.

Exam trap

Cisco often tests the misconception that 6rd requires matching tunnel configurations on both ends, when in reality the BR only needs a route for the delegated prefix and does not run a 6rd tunnel interface itself.

How to eliminate wrong answers

Option B is wrong because the tunnel mode 'ipv6ip 6rd' is correctly configured on R1, and the BR does not need the same tunnel interface or 6rd configuration; it only needs a route for the delegated prefix and the ability to decapsulate 6rd packets. Option C is wrong because the issue is not IPv4 reachability between R1 (192.0.2.1) and the BR (198.51.100.1); the BR can reach R1's IPv4 address, but it lacks the specific IPv6 route for the delegated prefix. Option D is wrong because the 6rd prefix length is /32, which is correct for aggregating customer prefixes; the delegated prefix length (e.g., /64) is derived from the IPv4 address and is separate from the 6rd prefix length.

1256
MCQmedium

A network engineer is troubleshooting a BGP session that is dropping intermittently. The routers are connected via a Layer 2 switch. BFD is configured for the BGP session. The engineer notices that the BFD session goes down briefly, causing the BGP session to reset. The BFD timers are set to 100 ms interval with a multiplier of 3. The switch is not configured for BFD. What is the most likely cause?

A.The BFD timers are too aggressive for the switch's processing capabilities, causing BFD packets to be dropped during high traffic.
B.The BGP session is not configured with the 'bfd' command under the neighbor statement.
C.The switch is running Spanning Tree Protocol (STP) and causing delays.
D.One router has 'bfd slow-timers' configured, causing a mismatch.
AnswerA

Aggressive BFD timers (100 ms) can overwhelm a switch that is not optimized for fast packet forwarding, leading to intermittent BFD failures.

Why this answer

BFD sessions can be affected by congestion or processing delays in the Layer 2 switch, especially with aggressive timers. The switch not supporting BFD does not inherently cause issues, but high CPU or buffer drops can cause BFD packets to be dropped.

1257
Multi-Selecthard

Which TWO configuration steps are required to change the administrative distance for routes learned from a specific neighbor in EIGRP? (Choose TWO.)

Select 2 answers
A.Configure a prefix list to match the routes from the neighbor.
B.Use the distance eigrp command in router configuration mode.
C.Use the distance command with the neighbor IP address and prefix list.
D.Configure an access list to permit the routes from the neighbor.
E.Use the redistribute command to change the administrative distance.
AnswersA, C

The prefix list is used to identify which routes to match for the distance override.

Why this answer

To change the AD for routes from a specific EIGRP neighbor, you must first configure a prefix list to match the routes, then apply it using the distance command in EIGRP router configuration mode. The distance command can specify a different AD for routes matching a prefix list from a specific neighbor.

1258
MCQmedium

A network engineer runs the following command to troubleshoot DHCPv6 relay on router R1: R1# debug ipv6 dhcp relay Output: IPv6 DHCP relay: Received SOLICIT message from FE80::1 on GigabitEthernet0/0 IPv6 DHCP relay: Forwarding SOLICIT to server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Received ADVERTISE message from server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Forwarding ADVERTISE to client FE80::1 via GigabitEthernet0/0 IPv6 DHCP relay: Received REQUEST message from FE80::1 on GigabitEthernet0/0 IPv6 DHCP relay: Forwarding REQUEST to server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Received REPLY message from server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Forwarding REPLY to client FE80::1 via GigabitEthernet0/0 What does this output indicate?

A.The DHCPv6 relay agent is not functioning because messages are not being forwarded.
B.The DHCPv6 relay agent is successfully forwarding messages between the client and server.
C.The DHCPv6 server is unreachable because no REPLY is received.
D.The DHCPv6 client is using a global unicast address as its link-local address.
AnswerB

The relay receives client messages, forwards them to the server, and forwards server responses back to the client.

Why this answer

The debug output shows a DHCPv6 relay agent successfully forwarding messages between a client and a server. The relay receives SOLICIT and REQUEST from the client on GigabitEthernet0/0 and forwards them to the server at 2001:DB8:2::1 via GigabitEthernet0/1, then forwards the ADVERTISE and REPLY back.

1259
Drag & Drophard

Drag and drop the troubleshooting steps for DMVPN adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Troubleshooting DMVPN connectivity starts with verifying physical and IP reachability to the hub. Next, check NHRP registration status on the spoke. Then verify mGRE tunnel interface parameters and IPsec phase 1 (IKE) status.

Finally, examine NHRP resolution between spokes to isolate the failure point.

1260
MCQhard

What is the default value of the 'hold-down' timer in IPv6 FHS's ND Snooping feature on Cisco IOS-XE?

A.5 seconds
B.10 seconds
C.15 seconds
D.20 seconds
AnswerB

Correct. The default hold-down timer is 10 seconds.

Why this answer

The hold-down timer in ND Snooping is used to suppress further ND messages after a DAD attempt. The default value is 10 seconds on Cisco IOS-XE, as per the implementation guide.

1261
MCQhard

An engineer configures a BGP route reflector with a route map that sets a higher local preference on routes received from a client. The route map is applied to the neighbor statement for the client. Unexpectedly, the route reflector does not reflect the modified local preference to other clients. Which is the most likely explanation?

A.The route map is applied outbound, not inbound, so the local preference is set after the route is reflected.
B.Route reflectors do not modify local preference; only the route reflector itself can set local preference.
C.The route map must be applied to the route reflector's cluster list, not the neighbor.
D.The local preference is overridden by the next-hop-self command.
AnswerA

Outbound route maps affect routes sent to the neighbor, not routes received; reflection happens before outbound processing.

Why this answer

When a route map is applied to a BGP neighbor inbound, it modifies the route before it is installed in the BGP table. However, route reflectors reflect routes based on the best path selection, and if the local preference is set, it should be reflected. The issue is that the route map is applied outbound instead of inbound, or the route map does not explicitly set the local preference before the route is processed.

The most common edge case is that the route map is applied outbound, which does not affect the route before reflection.

1262
MCQhard

An engineer configures mutual redistribution between OSPF and EIGRP on a router. After a few minutes, the router's CPU spikes and routes start flapping. Which is the most likely explanation?

A.The redistribution is creating a routing loop because there is no route tagging or filtering to prevent re-redistribution.
B.The seed metric is not configured, so the routes are not redistributed.
C.The administrative distance is set too low, causing the router to prefer the wrong route.
D.The OSPF process ID is the same on both routers.
AnswerA

Correct. Without tagging, routes can loop between protocols.

Why this answer

Mutual redistribution without route tagging can cause a routing loop where a route redistributed from OSPF into EIGRP is then redistributed back into OSPF with a different metric, causing the router to prefer the redistributed route and create a loop. This leads to route flapping and CPU spikes as the router continuously updates.

1263
MCQhard

An engineer configures IPsec site-to-site VPN between two routers. The tunnel is established, but no traffic is encrypted. The engineer checks the crypto map and access-list and confirms they match the interesting traffic. What is the most likely explanation?

A.The crypto map is applied to the wrong interface, and traffic is not being matched.
B.The 'transform-set' is configured with ESP-NULL, which provides no encryption.
C.The 'crypto isakmp key' is mismatched between the two routers.
D.The 'crypto map' is not applied globally, so it does not affect traffic.
AnswerA

If the crypto map is applied to a different interface than the one carrying the interesting traffic, the traffic will not be encrypted even if the tunnel is up. The tunnel establishment only requires the crypto map to be present on the interface, but encryption only occurs for traffic matching the access-list on that specific interface.

Why this answer

A common edge case is that the crypto map is applied to the wrong interface or the access-list is not correctly referencing the traffic. However, if the tunnel is established, the issue may be that the crypto map is applied to a subinterface but the traffic is flowing through the main interface, or the 'crypto map' command is missing the 'local-address' option for multiple crypto maps. Another possibility is that the 'set peer' command is missing or the peer address is incorrect.

1264
MCQmedium

A network engineer runs the following command to troubleshoot an EIGRP issue: R1# show ip eigrp neighbors detail IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.2.2 Gi0/0 13 00:12:34 12 200 0 145 Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 5 Topology-ids from peer - 0 Stub Peer Advertising (CONNECTED STATIC) Routes Suppressing queries What does this output indicate?

A.The neighbor is a stub router that only advertises connected and static routes, and it does not participate in query propagation.
B.The neighbor is a normal EIGRP peer that forwards all routes and queries.
C.The neighbor is not forming an adjacency due to a version mismatch.
D.The neighbor is using a different autonomous system number.
AnswerA

The output shows 'Stub Peer Advertising (CONNECTED STATIC) Routes' and 'Suppressing queries', confirming stub behavior.

Why this answer

The neighbor 10.1.2.2 is a stub router advertising only connected and static routes. The neighbor is suppressing queries, meaning it will not forward queries from R1 to other routers, which can affect route convergence.

1265
MCQhard

An engineer configures MPLS on a router with OSPF as the IGP. The OSPF neighbor is stuck in EXSTART state. The engineer verifies that both routers have matching MTU values on the connecting interfaces. What is the most likely cause of this issue?

A.The OSPF network type is mismatched between the two routers.
B.The OSPF hello and dead intervals are mismatched.
C.The router ID is duplicated on one of the routers.
D.The interface is configured with 'ip ospf mtu-ignore' on one side only.
AnswerA

A mismatch in OSPF network type (e.g., broadcast vs point-to-point) can cause the neighbor to remain in EXSTART because the DD packet exchange process differs between network types, even if MTU is consistent.

Why this answer

In OSPF, a neighbor stuck in EXSTART is often due to MTU mismatch, but if MTU is confirmed matching, the issue may be a mismatch in OSPF network type (e.g., one side broadcast, the other point-to-point). This causes different behavior in the Database Description (DD) packet exchange, leading to the stuck state even with matching MTU.

1266
MCQhard

An engineer configures EIGRP named mode on two routers in the same AS. One router uses classic mode configuration. The routers fail to form an adjacency. Which is the most likely explanation?

A.Named mode and classic mode are incompatible and cannot form an adjacency under any circumstances.
B.The K values must match exactly, but named mode defaults to different K values than classic mode.
C.Named mode requires authentication, while classic mode does not.
D.The routers must be in the same autonomous system number, but named mode uses a different AS number format.
AnswerA

EIGRP named mode and classic mode use different packet structures and metric computation; they are not interoperable for adjacency formation.

Why this answer

EIGRP named mode and classic mode use different packet formats and K-value handling. Named mode defaults to 'k1 1 k2 0 k3 1 k4 0 k5 0' with wide metrics, while classic mode uses the same K values but metric computation differs. The adjacency fails because the routers cannot agree on the metric computation method, even if K values match.

1267
MCQhard

Router R8 is configured with SNMP and IP SLA. The IP SLA operation sends SNMP traps to the NMS when a threshold is crossed. The configuration includes: ip sla 1, icmp-echo 192.168.1.1, threshold 100, timeout 1000, frequency 10, ip sla schedule 1 life forever start-time now, snmp-server enable traps ip sla. However, the NMS receives no traps when the threshold is crossed. The IP SLA operation shows 'Over threshold' in show ip sla statistics. What is the root cause?

A.The IP SLA operation is missing the 'ip sla reaction-configuration' command to trigger SNMP traps when the threshold is exceeded.
B.The NMS is not configured to receive IP SLA traps.
C.The SNMP community string is incorrect for trap sending.
D.The IP SLA operation is not scheduled correctly.
AnswerA

IP SLA traps require a reaction configuration that specifies the threshold and action (e.g., 'ip sla reaction-configuration 1 react timeout threshold 100 action trapOnly'). Without it, no traps are sent.

Why this answer

IP SLA traps require the 'snmp-server enable traps ip sla' command, but also the IP SLA operation must be configured to send traps via the 'ip sla reaction-configuration' command. Without a reaction configuration, no traps are generated even if the threshold is crossed. The correct answer is: 'The IP SLA operation is missing the 'ip sla reaction-configuration' command to trigger SNMP traps when the threshold is exceeded.'

1268
MCQmedium

Consider the following partial configuration on router R4: interface GigabitEthernet0/0 ip address 192.168.2.1 255.255.255.0 ipv6 address 2001:db8:1::1/64 ipv6 ospf 1 area 0 ! interface GigabitEthernet0/1 ip address 10.0.0.1 255.255.255.0 ipv6 address 2001:db8:2::1/64 ipv6 ospf 1 area 0 ! ipv6 router ospf 1 router-id 4.4.4.4 What is the effect of this configuration?

A.OSPFv3 will not form adjacencies because the router-id must be an IPv6 address.
B.OSPFv3 will only form adjacency on GigabitEthernet0/0 because the router-id is not configured under the interface.
C.OSPFv3 will form adjacencies on both interfaces as intended because the router-id is correctly set and OSPFv3 is enabled on each interface.
D.OSPFv3 will not form any adjacency because the network type is not specified.
AnswerC

The configuration is correct: router-id is set, interfaces are enabled for OSPFv3 in area 0. OSPFv3 will operate normally.

Why this answer

The configuration enables OSPFv3 on both interfaces using the ipv6 ospf command. However, OSPFv3 requires a router-id to be set; here it is set to 4.4.4.4. Without a router-id, OSPFv3 will not start.

The configuration is valid and OSPFv3 will form adjacencies on both interfaces.

1269
MCQmedium

An engineer is troubleshooting why the NMS is not receiving SNMP traps for interface up/down events on router R4. The configuration includes 'snmp-server enable traps snmp linkdown linkup' and 'snmp-server host 10.1.1.200 version 2c public'. The NMS can receive other traps from R4. What is the most likely cause?

A.The engineer combined 'linkdown' and 'linkup' in a single command; they must be configured as separate 'snmp-server enable traps' commands.
B.The NMS is configured to filter out link up/down traps, so they are not displayed.
C.The router needs the 'snmp-server trap-source' command to specify the loopback interface for traps.
D.The 'snmp-server host' command must include the 'udp-port' option to specify port 162.
AnswerA

Correct because the IOS syntax requires separate commands for each trap type; combining them is invalid.

Why this answer

The command 'snmp-server enable traps snmp linkdown linkup' is incorrect; the correct syntax is 'snmp-server enable traps snmp linkdown' and 'snmp-server enable traps snmp linkup' as separate commands. The combined keyword is not recognized, so those traps are not enabled.

1270
Multi-Selecthard

Which THREE commands can be used to verify VRF-Lite configuration and operation on a Cisco IOS-XE router? (Choose THREE.)

Select 3 answers
A.show vrf
B.show ip route vrf BLUE
C.show ip interface vrf BLUE
D.show vrf interfaces
E.show vrf detail
AnswersA, B, C

Correct. This command lists all VRFs, their route distinguishers (RD), and interfaces.

Why this answer

Common verification commands for VRF-Lite include: 'show vrf' to list VRFs and their RD/RT, 'show ip route vrf <name>' to display the VRF-specific routing table, and 'show ip interface vrf <name>' to show interfaces assigned to a VRF. Option A is correct. Option B is correct.

Option C is correct. Option D is incorrect because 'show ip vrf interfaces' is the correct command, not 'show vrf interfaces'. Option E is incorrect because 'show vrf detail' is not a valid command; the correct command is 'show vrf' or 'show vrf <name>'.

1271
Multi-Selecthard

Which THREE symptoms indicate a BGP route dampening issue that is causing routes to be suppressed? (Choose THREE.)

Select 3 answers
A.The BGP neighbor state flaps between Established and Idle.
B.The show ip bgp command displays the route with a 'd' status code.
C.The route is present in the BGP table but missing from the IP routing table.
D.The show ip bgp dampened-paths command shows the suppressed routes.
E.The show ip prefix-list command indicates that routes are being filtered.
AnswersB, C, D

The 'd' status code indicates the route is dampened.

Why this answer

Route dampening suppresses routes that flap frequently. Symptoms include routes showing as 'dampened' in the BGP table, routes being absent from the routing table despite being in the BGP table, and the show ip bgp dampened-paths command listing those routes. Option A is incorrect because dampening does not affect the neighbor state.

Option E is incorrect because the prefix-list is not directly related to dampening.

1272
MCQeasy

A network engineer runs the following command to troubleshoot a Route Redistribution issue: R1# show ip route summary And sees the following output: Route Source Networks Subnets Replicates Overhead Memory (bytes) connected 2 0 0 0 512 static 1 0 0 0 256 ospf 1 5 0 0 0 1280 eigrp 100 3 0 0 0 768 bgp 65000 2 0 0 0 512 internal 1 0 0 0 256 Total 14 0 0 0 3584 What does this output indicate?

A.The router has 14 routes total, with OSPF contributing the most routes.
B.The router is not redistributing any routes because the counts are low.
C.BGP is the only protocol with external routes.
D.EIGRP has 3 routes, all of which are redistributed from OSPF.
AnswerA

The output shows OSPF has 5 routes, which is the highest count. This indicates OSPF is learning many routes, possibly via redistribution.

Why this answer

The show ip route summary output provides a count of routes from each source. It shows that OSPF has 5 routes, EIGRP has 3, BGP has 2, and static has 1. This can help identify if redistribution is working by comparing expected routes.

1273
Multi-Selecthard

Which TWO statements about the 'logging rate-limit' command and its effects are correct? (Choose TWO.)

Select 2 answers
A.The command 'logging rate-limit 200 all' limits all syslog messages to 200 messages per second.
B.By default, Cisco IOS applies a rate limit of 100 messages per second to all logging destinations.
C.The 'logging rate-limit' command can be applied on a per-interface basis using interface configuration mode.
D.The 'logging rate-limit' command only affects messages sent to the console port.
E.The 'show logging rate-limit' command displays the current rate-limit configuration.
AnswersA, C

Correct. The 'all' keyword applies the rate limit to every syslog message, regardless of severity.

Why this answer

The 'logging rate-limit' command limits the number of syslog messages per second to prevent CPU overload. It can be applied globally or per interface. The 'all' option applies the limit to all messages, while 'except' allows certain severities to bypass the limit.

The default rate is not unlimited; it depends on the IOS version but typically no rate limit is applied by default. The command does not affect console logging rate by default; it primarily affects logging to buffer and remote servers. The 'show logging' command displays the current rate-limit configuration.

1274
MCQhard

An engineer configures EIGRP named mode on two routers in an MPLS L3VPN. The routers are directly connected and can ping each other. The engineer notices that the EIGRP adjacency forms but then the neighbor relationship goes down and the routers become stuck-in-active (SIA) for certain routes. The engineer checks the logs and sees no errors. What is the most likely explanation?

A.The 'metric weights' (k-values) are mismatched between the two routers, causing query propagation to fail.
B.The 'auto-summary' command is enabled on one router, causing route summarization to break the adjacency.
C.The 'passive-interface' command is applied to the interface, preventing the adjacency from forming.
D.The 'bandwidth' setting on the interface is set to a very low value, causing the EIGRP metric to be too high for the route to be installed.
AnswerA

Correct. EIGRP requires matching k-values between neighbors. If they differ, the adjacency may form but queries can be dropped, leading to SIA.

Why this answer

In EIGRP named mode, the default hello interval and hold time are different from classic mode. Named mode uses a default hello interval of 5 seconds and hold time of 15 seconds, while classic mode uses 5 and 15 as well, but the key difference is that named mode uses a different metric calculation (wide metrics) by default. However, the most common edge case causing SIA in named mode is that the 'metric weights' or 'k-values' must match between neighbors.

If one router is using named mode with default k-values (1,0,1,0,0) and the other is using classic mode with different k-values (e.g., 1,0,1,0,0), the adjacency will form but queries may not be processed correctly, leading to SIA. Additionally, named mode requires the 'address-family' configuration to be consistent. A more specific edge case is that named mode uses a different 'graceful-restart' mechanism by default, which can cause issues if not supported on both sides.

1275
Drag & Dropmedium

Drag and drop the steps to configure OSPF inter-area summarization on an ABR into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, enter OSPF configuration mode for the process. Then, configure the area where the routes originate. Next, apply the range command to summarize prefixes into that area.

After that, verify the summary route is present in the routing table. Finally, check that the summary is advertised to neighboring areas.

Page 16

Page 17 of 29

Page 18