Cisco CCNP ENARSI 300-410 (300-410) — Questions 13511425

2152 questions total · 29pages · All types, answers revealed

Page 18

Page 19 of 29

Page 20
1351
Drag & Dropmedium

Drag and drop the steps for verifying and validating MPLS operations operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Begin by checking the forwarding table, then review label bindings, verify LDP peer status, confirm interface-level MPLS operation, and finally validate the LSP path.

1352
MCQhard

An OSPF network has multiple areas and uses Flexible NetFlow to monitor inter-area traffic. After applying a flow monitor to the ABR's interface, OSPF neighbor relationships fail to form. Router R1 (ABR) shows: show ip ospf neighbor | include (FULL|DOWN) Neighbor 10.0.0.2, interface GigabitEthernet0/0, state DOWN. show flow monitor FLOW-MONITOR statistics | include (Packets|Errors) Packets exported: 1000, Errors: 0. What is the root cause?

A.The flow monitor is using a sampler that samples only 1 out of 100 packets, causing OSPF hello packets to be missed.
B.The flow monitor is configured with a flow record that includes the 'ipv4 ttl' field, causing the router to decrement the TTL of OSPF packets, making them invalid.
C.The flow exporter is configured to use the OSPF router ID as the source, causing a conflict.
D.The OSPF network type is misconfigured on the interface, but the flow monitor is not related.
AnswerA

OSPF hellos are sent every 10 seconds; if they are sampled out, the neighbor will not receive them, and the neighbor state will go down.

Why this answer

OSPF neighbor relationships can fail if the interface is configured with a flow monitor that uses a sampler or if the flow record includes fields that cause the router to process OSPF packets incorrectly. In this case, the flow monitor is exporting packets successfully, but the OSPF neighbor is down. The most likely cause is that the flow monitor is configured with a flow record that includes the 'ipv4 ttl' field, and the router is using that to modify the TTL of OSPF packets, causing them to be dropped.

However, the correct answer is that the flow monitor is applied in the output direction and is using a flow record that includes the 'ipv4 dscp' field, but the OSPF packets have a specific DSCP value that is being changed by the flow monitor, causing the neighbor to reject them. Actually, the most plausible root cause is that the flow monitor is configured with a match statement that matches on OSPF packets (protocol 89) and applies an action to drop them, but Flexible NetFlow does not drop packets. The correct answer is that the flow monitor is using a sampler that samples only 1 out of 100 packets, causing OSPF hello packets to be missed, leading to neighbor down.

1353
Multi-Selecthard

Which TWO statements about DHCPv6 stateless autoconfiguration (SLAAC) are true? (Choose TWO.)

Select 2 answers
A.SLAAC requires the 'A' flag to be set in Router Advertisements.
B.When using SLAAC, DHCPv6 can still be used to provide DNS server information.
C.The 'M' flag in Router Advertisements must be set for SLAAC to operate.
D.The command 'ipv6 nd other-config-flag' sets the 'M' flag in Router Advertisements.
E.SLAAC can only be used on Ethernet interfaces.
AnswersA, B

Correct. The 'A' (autonomous) flag in the RA prefix information option indicates that hosts can use SLAAC to generate addresses from that prefix.

Why this answer

SLAAC allows hosts to generate their own IPv6 addresses using the prefix from Router Advertisements (RAs) and a modified EUI-64 or privacy extension. DHCPv6 can be used in stateless mode to provide additional information like DNS servers, but not addresses. The 'O' flag in RAs indicates that hosts should use DHCPv6 for other configuration parameters, while the 'M' flag indicates managed (stateful) DHCPv6.

The 'A' flag indicates that SLAAC is available. The 'ipv6 nd other-config-flag' command sets the 'O' flag, not the 'M' flag.

1354
MCQeasy

Which EIGRP packet type is used to acknowledge receipt of a reliable packet?

A.Hello
B.Update
C.Reply
D.Ack
AnswerD

Correct. The Ack packet is an empty packet used to confirm receipt of reliable packets.

Why this answer

D is correct because the EIGRP Ack (Acknowledgement) packet is a special packet used exclusively to confirm the reliable delivery of EIGRP packets such as Update, Query, and Reply. Ack packets are sent as unicast to the source router and contain no data, serving only as a delivery confirmation. This mechanism ensures that EIGRP's Reliable Transport Protocol (RTP) can guarantee ordered and guaranteed delivery of critical routing information.

Exam trap

Cisco often tests the distinction between packet types that are sent reliably versus unreliably, and the trap here is that candidates confuse the Reply packet (which is a response to a Query) with an acknowledgment, when in fact Reply packets are data-carrying reliable packets that themselves require an Ack.

How to eliminate wrong answers

Option A is wrong because Hello packets are used for neighbor discovery and maintenance, not for acknowledging reliable packets; they are sent unreliably (multicast) and do not confirm receipt of any specific packet. Option B is wrong because Update packets carry routing information and are themselves sent reliably, requiring an Ack in response; they do not serve as acknowledgments. Option C is wrong because Reply packets are sent in response to Query packets during route computation and are also sent reliably, requiring their own acknowledgment; they do not function as generic acknowledgments.

1355
MCQhard

A network engineer configures an inbound IPv4 ACL on a router's interface to filter BGP updates from an eBGP neighbor. The ACL permits only specific prefixes. After applying the ACL, the BGP session remains established, but the router does not install any routes from that neighbor. What is the most likely explanation?

A.The ACL is blocking TCP port 179 packets, but keepalives are permitted due to a separate permit statement.
B.The ACL is applied outbound instead of inbound, filtering the router's own updates.
C.The BGP neighbor has a distribute-list that is filtering routes.
D.The ACL is using the wrong protocol number; BGP uses UDP port 179.
AnswerA

If the ACL permits keepalives (e.g., by allowing established connections) but denies the initial update packets, the session stays up but updates are filtered.

Why this answer

The ACL is applied inbound on the router's interface to filter BGP updates from the eBGP neighbor. If the ACL permits only specific prefixes but does not explicitly permit TCP port 179 (BGP's transport protocol), the TCP packets carrying BGP updates and keepalives may be blocked. However, the BGP session remains established because keepalives are permitted by a separate permit statement (or because the session was established before the ACL was applied and the TCP connection is not reset).

The router does not install routes because the ACL drops the BGP update messages (which contain the NLRI) while allowing keepalives to maintain the session.

Exam trap

Cisco often tests the distinction between filtering the BGP session (TCP port 179) and filtering the routing updates (NLRI) within the session; the trap here is that candidates assume an ACL that permits specific prefixes will automatically allow the BGP session to function, but the ACL must also permit the TCP transport for BGP to exchange updates.

How to eliminate wrong answers

Option B is wrong because if the ACL were applied outbound instead of inbound, it would filter the router's own outgoing updates, not the incoming updates from the neighbor; the router would still receive and process the neighbor's updates, so routes would be installed. Option C is wrong because a distribute-list on the neighbor would filter routes before they are sent to the router, but the question states the ACL is applied on the router's interface; the neighbor's distribute-list would not cause the router to fail to install routes after receiving them. Option D is wrong because BGP uses TCP port 179, not UDP; an ACL filtering by protocol number would need to match TCP (protocol 6), not UDP (protocol 17).

1356
MCQhard

An engineer configures IPsec between two PE routers in an MPLS L3VPN using a site-to-site VPN. The engineer configures a transform-set with ESP encryption (AES-256) and ESP authentication (SHA-256). The engineer also configures an ACL to define interesting traffic. The VPN tunnel comes up, but no traffic is encrypted. The engineer verifies that the ACL is correct and that the crypto map is applied to the interface. What is the most likely explanation?

A.The ACL for interesting traffic is not mirrored on the remote router; it only permits traffic in one direction.
B.The transform-set uses AES-256, which is not supported on the remote router.
C.The 'crypto map' is applied to the wrong interface, such as the loopback instead of the physical interface.
D.The 'ipsec-over-tcp' command is missing, causing the IPsec packets to be dropped.
AnswerA

Correct. IPsec requires the ACL to be mirrored on both sides; otherwise, the traffic is not considered interesting for encryption.

Why this answer

A common edge case with IPsec is that the ACL for interesting traffic must be mirrored on both sides. If the ACL on one side permits traffic from source to destination, the other side must permit traffic from destination to source. If the ACLs are not mirrored, the tunnel may come up (due to IKE) but no traffic will be encrypted because the router does not consider the traffic as interesting.

Another edge case is that the crypto map is applied to the wrong interface or that the ACL is using the wrong protocol (e.g., TCP instead of IP). However, the most likely explanation here is that the ACL is not correctly matching the traffic in both directions.

1357
MCQmedium

A network engineer runs the following command on Router R1: R1# show policy-map control-plane Control Plane Service-policy input: CoPP-IN Class-map: CoPP-EIGRP (match-all) 200 packets, 12000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: access-group 150 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 200 packets, 12000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop R1# show ip eigrp neighbors EIGRP-IPv4 neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:10:00 1 200 0 5 Based on this output, which statement is correct?

A.EIGRP packets are being dropped, causing neighbor flapping.
B.EIGRP traffic is being rate-limited but no packets are dropped.
C.The police rate is set to 8000 bps.
D.The EIGRP neighbor is not established.
AnswerB

All packets are conforming and transmitted.

Why this answer

The CoPP-EIGRP class is matching EIGRP traffic and all packets are conforming. The EIGRP neighbor is established and stable, indicating that the CoPP policy is not negatively impacting EIGRP.

1358
MCQmedium

Examine this CoPP configuration: ip access-list extended COPP-ACL permit tcp any any eq 22 permit tcp any any eq 23 permit icmp any any echo ! class-map match-all COPP-CLASS match access-group name COPP-ACL ! policy-map COPP-POLICY class COPP-CLASS police 10000 1500 1500 conform-action transmit exceed-action drop violate-action drop class class-default police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY What is the effect of the police command in class COPP-CLASS?

A.Traffic is limited to 10000 bps with a burst of 1500 bytes; excess traffic is dropped.
B.Traffic is limited to 10000 bps with a burst of 3000 bytes; excess traffic is dropped.
C.The police command is invalid because it uses three parameters after the rate.
D.Traffic is limited to 10000 bps, but the burst values are ignored because they are not configured in bytes.
AnswerA

Correct. The police command specifies conform rate 10000 bps, normal burst 1500, excess burst 1500. Exceed and violate actions are both drop.

Why this answer

The police command uses a conform rate of 10000 bps, a normal burst of 1500 bytes, and an excess burst of 1500 bytes. Traffic exceeding the burst is dropped (exceed-action drop and violate-action drop).

1359
MCQmedium

What is the default action for a CoPP policy-map class that does not have an explicit 'police' command?

A.Drop all packets in that class
B.Transmit all packets in that class
C.Log all packets in that class
D.Apply the default aggregate policer
AnswerB

The default action for a class without a police statement is to permit and transmit all matching traffic.

Why this answer

If a class in a CoPP policy-map has no 'police' action, the default behavior is to transmit all packets matching that class without any policing.

1360
MCQmedium

A network engineer is troubleshooting a connectivity issue between two branches connected via a WAN link. Router R1 (10.1.0.0/16) is summarizing its directly connected subnets (10.1.1.0/24, 10.1.2.0/24, 10.1.3.0/24) as a single 10.1.0.0/16 route to Router R2 via EIGRP. Users at R2 report that they cannot reach the 10.1.4.0/24 subnet, which was recently added to R1. What is the most likely cause of the problem?

A.The summary route 10.1.0.0/16 was configured manually, and the new subnet 10.1.4.0/24 is not within the summary range because the mask is too specific.
B.The new subnet 10.1.4.0/24 was not advertised because the summary address command suppresses more specific routes, but the summary itself is not being generated due to a missing network statement under the EIGRP process.
C.The WAN link is down, causing R2 to lose the summary route.
D.The engineer forgot to configure the summary address on the interface facing R2 for the new subnet.
AnswerB

Correct. In EIGRP, a manually configured summary address suppresses the advertisement of more specific routes and generates the summary only if the component routes exist. If the new subnet is not in the EIGRP network, the summary may not be generated or the specific route is missing.

Why this answer

The summary route 10.1.0.0/16 includes the new subnet 10.1.4.0/24, but the issue indicates that the summary is not being updated or is too broad, causing a mismatch. The most likely cause is that the summary address was configured manually and does not automatically include new subnets unless the summary range is adjusted.

1361
MCQhard

A large enterprise network is experiencing intermittent loss of reachability to a loopback interface on Router R2 from Router R1. R1 has the following relevant configuration: router eigrp 100, network 10.0.0.0 0.255.255.255, summary-address 10.0.0.0 255.255.252.0 5. R2 shows: 'show ip eigrp topology all-links' includes 10.0.0.0/22 as a summary route via Null0, but the specific /32 loopback 10.0.1.1 is not in the topology table. What is the root cause?

A.The summary-address command uses an administrative distance of 5, which is lower than the default EIGRP internal distance of 90, causing the summary to override the specific /32 route.
B.The network statement on R1 does not include the loopback interface of R2, preventing the route from being advertised.
C.The summary-address command is misconfigured; the mask should be 255.255.255.252 instead of 255.255.252.0.
D.R2 is not configured with EIGRP, so it cannot receive the route from R1.
AnswerA

The summary route with distance 5 is installed in the routing table, and EIGRP does not install the more specific route because the summary is already present with a better distance.

Why this answer

The summary-address command on R1 creates a local summary route to Null0, but the administrative distance of 5 (default for EIGRP summary) causes the summary to be preferred over more specific routes learned from neighbors. The specific /32 is suppressed because the summary is installed in the routing table with a better distance, blocking the more specific route from being installed. The fix is to adjust the summary distance or not summarize.

1362
MCQmedium

A network engineer runs the following command to verify MPLS L3VPN operation: R1# show ip route vrf CUSTOMER-A summary Output: Route Source Networks Subnets Overhead Memory (bytes) connected 2 0 48 288 static 1 0 24 144 ospf 100 5 2 168 1008 bgp 65000 10 3 312 1872 External: 10, Internal: 0, Local: 0 Total 18 5 552 3312 What does this output indicate?

A.The VRF has 23 total routes
B.The VRF has 10 BGP routes
C.The VRF is using OSPF as the only IGP
D.The VRF has no external BGP routes
AnswerA

18 networks + 5 subnets = 23 total routes.

Why this answer

The show ip route vrf summary command provides a summary of routes in the VRF. It shows the number of networks and subnets from each routing source, along with overhead and memory usage. For BGP, it also breaks down external vs internal routes.

This output indicates the VRF has 18 networks and 5 subnets total, with BGP as the primary source.

1363
MCQhard

A network engineer is troubleshooting PBR on a Cisco router where traffic from subnet 172.16.0.0/16 should be forwarded to next-hop 10.10.10.2. The route map 'PBR-172' is configured with 'match ip address 140' and 'set ip next-hop 10.10.10.2'. The engineer applies the route map to interface GigabitEthernet0/0. The engineer notices that PBR works for traffic from 172.16.1.0/24 but not for traffic from 172.16.2.0/24. The engineer checks the ACL 140 and confirms it includes the entire 172.16.0.0/16 subnet. What is the most likely cause?

A.The route map has a sequence that matches 172.16.1.0/24 with a permit, and a later sequence that denies 172.16.2.0/24.
B.The ACL 140 has a deny statement for 172.16.2.0/24 before the permit statement.
C.The next-hop 10.10.10.2 is not reachable from the 172.16.2.0/24 subnet.
D.The 'ip policy route-map' command is applied to a subinterface that only receives traffic from 172.16.1.0/24.
AnswerA, B

Correct because route maps are processed in sequence order; a later deny statement can override an earlier permit.

Why this answer

If PBR works for one subnet but not another within the same ACL, it could be due to the route map having multiple sequence statements with different match conditions, or the ACL having specific permit statements that are ordered incorrectly. However, a common cause is that the route map has a sequence with a more specific match that matches 172.16.1.0/24 and a subsequent sequence that denies 172.16.2.0/24. The engineer should check the route map sequence numbers and the ACL order.

1364
MCQmedium

Given the following configuration: ``` interface GigabitEthernet0/2 ip access-group FILTER_SSH in ! ip access-list extended FILTER_SSH permit tcp any host 192.168.1.10 eq 22 permit udp any host 192.168.1.10 eq 22 ``` What is the issue with this ACL?

A.The ACL permits UDP port 22, which is not used by SSH; this could allow unwanted UDP traffic.
B.The ACL is missing a deny statement at the end to block other traffic.
C.The ACL should use the 'established' keyword to allow return traffic.
D.The ACL should be applied outbound instead of inbound.
AnswerA

Correct. SSH uses TCP, so the UDP permit is unnecessary and potentially risky.

Why this answer

The ACL permits both TCP and UDP traffic to destination port 22. SSH uses only TCP port 22; UDP port 22 is not used by SSH. The second permit statement allows any UDP traffic to port 22, which could be unwanted (e.g., UDP-based attacks or non-SSH services).

This is the issue.

Exam trap

Cisco often tests the misconception that SSH uses both TCP and UDP, or that permitting UDP port 22 is harmless, when in fact only TCP port 22 is valid for SSH.

How to eliminate wrong answers

Option B is wrong because an ACL implicitly denies all traffic at the end; a deny statement is not required unless you need explicit logging or a specific deny action. Option C is wrong because the 'established' keyword is used for TCP stateful filtering to allow return traffic, but this ACL is filtering inbound traffic to a specific host; return traffic would be handled by outbound ACLs or stateful inspection, and the issue here is the UDP permit. Option D is wrong because applying the ACL outbound would filter traffic leaving the interface, but the intent is to filter inbound SSH traffic to the host; inbound application is correct for this purpose.

1365
Multi-Selectmedium

Which TWO commands are used to troubleshoot Control Plane Policing (CoPP) and identify which traffic is being dropped? (Choose TWO.)

Select 2 answers
A.show policy-map control-plane
B.debug policy-map control-plane
C.show control-plane host open-ports
D.show ip cache flow
E.show access-lists
AnswersA, C

This command displays packet counters for each class in the CoPP policy, including dropped (violate) packets.

Why this answer

The 'show policy-map control-plane' command provides per-class packet counters (conform/exceed/violate) to see drops. The 'show control-plane host open-ports' command helps map open ports to CoPP class maps, aiding in identifying misclassification. 'debug policy-map control-plane' is not a valid command; 'debug policy-map' is used but not specific to control plane. 'show ip cache flow' shows NetFlow data, not CoPP drops. 'show access-lists' shows ACL hit counts but not CoPP-specific drop statistics.

1366
MCQmedium

A network engineer is troubleshooting connectivity from a host inside a corporate network to a public web server. The host has IP 10.1.1.10/24, and the router's outside interface is 203.0.113.1/24. The engineer configured a dynamic NAT pool (203.0.113.10-203.0.113.20) and an access list permitting 10.1.1.0/24. However, traffic from the host fails. A 'show ip nat translations' reveals no translations. What is the most likely cause?

A.The NAT pool is exhausted.
B.The 'ip nat inside' and 'ip nat outside' commands are misapplied on the interfaces.
C.The access list used in the NAT configuration does not match the source IP of the host.
D.The host's default gateway is not the router's inside interface.
AnswerC

Correct because dynamic NAT requires the ACL to match the source; if the ACL is misconfigured (e.g., denies the subnet), no translations are created.

Why this answer

If the access list does not match the source IP of the traffic, NAT will not create translations. The engineer must verify that the ACL permits the correct source subnet.

1367
MCQhard

Router R1 is configured as an ERSPAN source to monitor traffic on interface Serial0/0/0. The destination is a collector at 172.16.1.100. R1's configuration: monitor session 1 type erspan-source source interface Serial0/0/0 both destination erspan-id 1 ip address 172.16.1.100 origin ip address 10.0.0.1. The collector is reachable via a default route. The network also uses CoPP (Control Plane Policing) with a policy that polices all incoming traffic to the control plane. The collector receives no packets. What is the most likely issue?

A.The ERSPAN destination IP is not in the routing table, so packets are dropped.
B.CoPP is policing the locally generated ERSPAN packets, causing them to be dropped.
C.The ERSPAN session is not configured with 'no shutdown'.
D.The source interface Serial0/0/0 is down, so no traffic is mirrored.
AnswerB

ERSPAN packets are locally generated and may be subject to CoPP if the policy applies to control plane input.

Why this answer

ERSPAN encapsulated packets are sent to the destination IP using the routing table. When the router sends these packets, they are generated by the router itself (locally originated). CoPP typically applies to traffic destined to the control plane, not to transit traffic.

However, ERSPAN packets are locally generated and may be subject to CoPP if the policy is applied to the control plane input. Specifically, if the CoPP policy classifies all IP traffic to the control plane, the ERSPAN packets might be policed and dropped. But more subtly, the ERSPAN process may use the control plane to generate the packets, and if the CoPP rate-limits the control plane, the packets might be dropped.

The correct root cause is that CoPP is rate-limiting the ERSPAN traffic because the router treats the mirrored packets as control plane traffic.

1368
MCQmedium

A router is configured to send syslog messages to two servers: 10.1.1.100 and 10.1.1.200. The engineer notices that only server 10.1.1.100 is receiving messages. The configuration shows 'logging host 10.1.1.100' and 'logging host 10.1.1.200'. Both servers are reachable via ping. What is the most likely cause?

A.The syslog service on 10.1.1.200 is not running or is blocked by a firewall.
B.The router can only send to one syslog server at a time.
C.The 'logging host 10.1.1.200' command is missing the 'transport udp' keyword.
D.The second server is configured with a different severity level using 'logging trap' under the host.
AnswerA

Correct because if the server is not listening or traffic is blocked, messages will not be received even though the router sends them.

Why this answer

Cisco IOS allows multiple logging hosts, but each must be configured with a separate 'logging host' command. If the second server is not receiving messages, it may be because the 'logging trap' level for that specific host is set to a higher severity (e.g., 'logging host 10.1.1.200 trap errors') that filters out most messages, or the server is not listening. However, a common mistake is that the second host is configured with a different port or protocol that is not supported.

But the most typical cause is that the second server's syslog service is not running or is firewalled.

1369
MCQmedium

Examine the following partial configuration on a Cisco IOS-XE router: interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group MY_ACL in ! access-list 100 permit tcp any host 192.168.1.1 eq 22 access-list 100 deny ip any any ! line vty 0 4 transport input ssh login local ! username admin privilege 15 secret cisco What is the effect of this configuration?

A.Only SSH connections to the router are permitted; all other IP traffic is denied inbound on this interface.
B.The ACL permits SSH and HTTP traffic to the router; all other traffic is denied.
C.The ACL is applied outbound, so it filters traffic leaving the interface; SSH is permitted outbound.
D.The ACL has no effect because it is missing a 'permit ip any any' statement.
AnswerA

The ACL permits TCP port 22 (SSH) and denies all other IP traffic, applied inbound. This restricts management access to SSH only.

Why this answer

The ACL 100 is applied inbound on GigabitEthernet0/1 via the 'ip access-group MY_ACL in' command. It explicitly permits TCP traffic to host 192.168.1.1 on port 22 (SSH) and then denies all other IP traffic. Since the router's own IP address is 192.168.1.1, this allows only SSH management access from any source, while blocking all other inbound traffic to the router or through the interface.

Exam trap

Cisco often tests the distinction between inbound and outbound ACL application, and candidates may mistakenly think the 'in' keyword means 'into the router' for management traffic only, or they may overlook that the ACL is applied to the interface and filters all IP traffic, not just management plane traffic.

How to eliminate wrong answers

Option B is wrong because the ACL only permits TCP port 22 (SSH); it does not include any permit statement for HTTP (port 80 or 443), so HTTP traffic is denied. Option C is wrong because the ACL is applied with the 'in' keyword, making it an inbound ACL that filters traffic entering the interface, not outbound traffic. Option D is wrong because an ACL does not require a 'permit ip any any' statement to have effect; the implicit deny at the end of the ACL already denies all traffic not explicitly permitted, and the explicit 'deny ip any any' is redundant but does not negate the ACL's functionality.

1370
MCQhard

An engineer configures ERSPAN on Router R1 to monitor traffic from VLAN 30 to a collector at 192.168.1.100. The router has multiple VRFs: VRF A and VRF B. The source interface Gi0/0/0 is in VRF A. The collector is in VRF B. R1's configuration: monitor session 1 type erspan-source source interface Gi0/0/0 both destination erspan-id 2 ip address 192.168.1.100 origin ip address 10.0.0.1. The collector is reachable via a route in VRF B. The router has a route-leaking configuration between VRFs. The collector receives no traffic. What is the root cause?

A.The ERSPAN session must be configured with the 'vrf' keyword under the destination to use VRF B.
B.The source interface is in VRF A, but the ERSPAN source IP must be in the same VRF as the destination.
C.The route-leaking configuration is incorrect, preventing reachability between VRFs.
D.The ERSPAN session ID 2 conflicts with a VRF ID.
AnswerA

Without the VRF keyword, ERSPAN uses the global routing table, which lacks a route to the collector in VRF B.

Why this answer

ERSPAN uses the global routing table by default to route the encapsulated packets to the destination IP. If the source interface is in a VRF, the mirrored traffic is still sent using the global routing table unless the ERSPAN session is configured with a VRF. The destination IP 192.168.1.100 is in VRF B, but the global routing table may not have a route to it.

The route-leaking between VRFs does not affect the ERSPAN process because the encapsulated packet is sourced from the global routing table. The fix is to configure the ERSPAN session with the 'vrf' keyword under the destination to specify the VRF. Alternatively, the source IP must be in the same VRF as the destination.

The correct root cause is that the ERSPAN session does not specify the VRF, so it uses the global table, which has no route to the collector.

1371
Drag & Dropmedium

Drag and drop the steps to establish an eBGP session between two IOS routers into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with configuring the BGP router ID, then the local AS and neighbor remote AS, followed by specifying the neighbor update source, enabling the neighbor, and finally verifying the session.

1372
MCQhard

An engineer configures IP SLA to track a route to a server in a VRF. Router R1 has: ip sla 6 icmp-echo 10.10.10.10 source-ip 192.168.1.1 frequency 10 ip sla schedule 6 life forever start-time now track 6 ip sla 6 reachability ip route vrf BLUE 0.0.0.0 0.0.0.0 192.168.1.2 track 6 But the route is never installed in the VRF routing table. Show output: show ip route vrf BLUE | include 0.0.0.0 % No default route found What is the root cause?

A.The IP SLA is not configured with the vrf BLUE option, so the probe is sent in the global table and cannot reach the server in the VRF.
B.The source IP 192.168.1.1 is not in the VRF BLUE routing table.
C.The track 6 is not supported for VRF routes.
D.The IP SLA schedule must be configured with the vrf keyword.
AnswerA

The IP SLA must be configured with 'vrf BLUE' to send probes within the VRF; otherwise, the track will not work correctly.

Why this answer

The IP SLA probe is not VRF-aware. By default, IP SLA operates in the global routing table. To track a route in a VRF, the IP SLA must be configured with the vrf keyword.

The correct answer is that the IP SLA is not associated with the VRF, so the probe fails or is sent in the wrong context.

1373
Multi-Selectmedium

Which TWO commands can be used to verify the effect of a route-map applied to a BGP neighbor? (Choose TWO.)

Select 2 answers
A.show ip bgp neighbors x.x.x.x advertised-routes
B.show ip bgp neighbors x.x.x.x routes
C.show route-map
D.show ip bgp
E.show ip bgp neighbors x.x.x.x
AnswersA, B

This command shows the routes that are actually advertised to the neighbor after any outbound route-map filtering.

Why this answer

The commands 'show ip bgp neighbors x.x.x.x advertised-routes' and 'show ip bgp neighbors x.x.x.x routes' directly show the routes being sent or received after route-map filtering. 'show route-map' only displays the route-map definition, not its effect on a specific neighbor. 'show ip bgp' displays the BGP table without neighbor-specific filtering context. 'show ip bgp neighbors' alone does not show the filtered routes.

1374
MCQmedium

Examine this partial configuration: ``` interface GigabitEthernet0/0 ip vrf forwarding CUSTOMER_F ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet0/1 ip vrf forwarding CUSTOMER_G ip address 10.10.20.1 255.255.255.0 ``` What is required to enable communication between VRF CUSTOMER_F and VRF CUSTOMER_G?

A.No additional configuration is needed; VRFs can communicate by default.
B.Configure a route-map and import/export route-targets between the VRFs.
C.Add static routes with the 'vrf' keyword to point to the other VRF's next hop.
D.Use the 'ip route vrf' command to create a global route that points to the VRF interface.
AnswerC

This is correct. Static routes can be used to leak routes between VRFs.

Why this answer

By default, VRFs are isolated. To enable communication between them, route leaking must be configured, typically using static routes with the 'vrf' keyword or using route-replicate commands.

1375
MCQmedium

Consider the following configuration on a router running BGP and OSPF: ``` router bgp 65000 distance bgp 20 200 200 ``` What is the effect of this command?

A.It sets the administrative distance for eBGP routes to 20, iBGP routes to 200, and local BGP routes to 200.
B.It sets the administrative distance for all BGP routes to 20.
C.It sets the administrative distance for eBGP routes to 200 and iBGP routes to 20.
D.It sets the administrative distance for BGP routes to 20 for routes learned from AS 65000.
AnswerA

Syntax: `distance bgp <external> <internal> <local>`.

Why this answer

The `distance bgp` command sets AD for BGP routes: external (eBGP) to 20, internal (iBGP) to 200, and local to 200.

1376
Multi-Selectmedium

Which TWO commands would a network engineer use to verify the operation of Policy-Based Routing (PBR) on a Cisco IOS router? (Choose TWO.)

Select 2 answers
A.show route-map
B.show ip policy
C.show ip route
D.debug ip policy
E.show access-lists
AnswersA, B

Displays all configured route-maps, including match and set conditions used for PBR.

Why this answer

The 'show route-map' command displays the configured route-map statements and their match/set conditions. The 'show ip policy' command lists interfaces with PBR applied and the associated route-map. 'show ip route' does not show PBR policy details. 'debug ip policy' is a debug command, not a verification show command. 'show access-lists' only shows ACLs, not PBR-specific information.

1377
MCQhard

A network engineer configures CoPP on a router to limit PIM-SM control plane traffic. The policy includes a class-map matching PIM packets and polices them to 10000 bps. After the policy is applied, the engineer notices that multicast traffic is not being forwarded correctly, and PIM neighbors are not forming. The router is a PIM-SM rendezvous point (RP). What is the most likely issue?

A.The CoPP policy is dropping PIM register messages because the police rate is too low for the burst of register traffic.
B.The CoPP class-map is not matching PIM packets because it uses the wrong protocol number.
C.The PIM hello interval is set too high, causing the router to miss hello packets from neighbors.
D.The CoPP policy is applied to the wrong control plane, such as the IPv6 control plane.
AnswerA

PIM register messages can be large and bursty, and a police rate of 10000 bps may not be sufficient, causing drops and preventing RP functionality.

Why this answer

PIM-SM uses periodic hello messages and register messages that can be large. If the police rate is too low, PIM packets are dropped, preventing neighbor formation and RP discovery. Additionally, the RP might need to process register messages, which can be bursty.

1378
MCQhard

An engineer configures uRPF strict mode on an interface. After configuration, legitimate traffic from a directly connected network is dropped. The network is connected via a single link, and there is no asymmetric routing. Which is the most likely explanation?

A.The router has a default route pointing to a different interface, causing the source IP to fail the reachability check.
B.The directly connected network is not in the routing table because the interface is down.
C.The uRPF command is missing the 'allow-default' option, which is required for directly connected networks.
D.The router has a static route for the source network with a different next-hop, causing the interface check to fail.
AnswerA

uRPF strict mode requires that the best route to the source IP points back out the same interface. If a default route points elsewhere, the check fails, and packets are dropped.

Why this answer

In strict uRPF mode, the router checks that the source IP address of an incoming packet is reachable via the same interface on which the packet arrived. If the router has a default route pointing out a different interface, the source IP of a directly connected network may not have a specific route back through the receiving interface, causing the reachability check to fail and legitimate traffic to be dropped.

Exam trap

Cisco often tests the misconception that uRPF strict mode only checks for a route existence, when in fact it also requires the incoming interface to match the route's outgoing interface, and a default route can interfere with this check.

How to eliminate wrong answers

Option B is wrong because if the interface were down, the directly connected network would not appear in the routing table, but the question states the network is directly connected via a single link, implying the interface is operational. Option C is wrong because the 'allow-default' option is used in loose mode uRPF to permit the use of a default route for the reachability check; strict mode does not support this option, and directly connected networks do not require it. Option D is wrong because a static route with a different next-hop would cause an interface check failure only if the next-hop points out a different interface than the one receiving the traffic, but the question specifies no asymmetric routing and a single link, making this scenario unlikely.

1379
Multi-Selecthard

Which TWO statements correctly describe the behavior of BGP conditional route injection? (Choose TWO.)

Select 2 answers
A.The injected route is automatically redistributed into connected and static routes.
B.The condition for injection is defined by an exist-map, which must match a less specific prefix in the BGP table.
C.The inject-map specifies the more specific prefix to be injected along with optional attributes.
D.The 'show ip bgp neighbors' command displays the number of injected prefixes per neighbor.
E.The injected prefix must be learned from the neighbor specified in the inject-map.
AnswersB, C

Correct. The exist-map specifies the condition prefix that must be present for injection to occur.

Why this answer

BGP conditional route injection allows a router to inject a more specific prefix into BGP when a condition (the existence of a less specific prefix) is met. The injected route is sourced from a route-map that defines the inject-map, and the condition is checked via an exist-map. The injected route is not automatically redistributed into other protocols unless explicitly configured.

The 'show ip bgp neighbors' command does not display injection statistics; instead, 'show ip bgp injected-paths' is used. The injected prefix must be in the BGP table of the injecting router, but not necessarily learned from the neighbor specified in the inject-map.

1380
MCQmedium

A network engineer runs the following command to debug MPLS LDP label advertisements: R1# debug mpls ldp labels Output: *Mar 1 00:01:23.456: LDP: Sent label mapping for 192.168.1.0/24, label 101 *Mar 1 00:01:23.789: LDP: Received label mapping for 192.168.2.0/24, label 201 *Mar 1 00:01:24.012: LDP: Sent label mapping for 10.0.0.0/8, label 102 *Mar 1 00:01:24.345: LDP: Received label mapping for 10.0.0.0/8, label 202 What does this output indicate?

A.LDP label bindings are being exchanged between R1 and its LDP neighbor
B.R1 is only receiving label mappings, not sending any
C.The LDP session is down
D.R1 is using implicit null label for 10.0.0.0/8
AnswerA

The output shows both sent and received label mappings, indicating successful exchange.

Why this answer

The debug output shows label mappings being exchanged between LDP peers. R1 is sending its own label bindings (e.g., label 101 for 192.168.1.0/24) and receiving label bindings from its neighbor (e.g., label 201 for 192.168.2.0/24).

1381
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip eigrp traffic EIGRP-IPv4 Traffic Statistics for AS(100) Hellos sent/received: 5000/4995 Updates sent/received: 150/148 Queries sent/received: 10/8 Replies sent/received: 8/10 Acks sent/received: 300/298 Input queue high water mark: 10 Input queue drops: 0 SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello process ID: 123 PDM process ID: 124 Socket queue: 0/2000/10/0 (current/max/highest/drops) Input queue: 0/2000/10/0 (current/max/highest/drops) Based on this output, which statement is correct?

A.The EIGRP process is operating normally with no signs of issues.
B.There is a problem because more queries were sent than replies received.
C.The input queue drops of 0 indicate that the router is not processing EIGRP packets.
D.The SIA-Queries count of 0 indicates that the network has experienced stuck-in-active events.
AnswerA

No input drops, no SIA events, and balanced packet counts indicate a healthy EIGRP process.

Why this answer

The EIGRP traffic statistics show a balanced number of sent and received packets. There are no input queue drops, no SIA-Queries or SIA-Replies, indicating a healthy EIGRP process. The ratio of queries to replies is nearly balanced (10 sent vs 8 received, 8 sent vs 10 received), which is normal.

1382
Multi-Selecthard

Which THREE symptoms indicate that an Embedded Event Manager (EEM) applet configured to send a syslog message upon interface down has failed to execute? (Choose THREE.)

Select 3 answers
A.No custom syslog message appears on the console or in the log buffer when the interface goes down.
B.The 'show event manager history events' output does not include an entry for the interface down event.
C.The 'show event manager policy active' output shows the applet with a non-zero 'fail count' field.
D.The interface goes down and the router generates a default syslog message like '%LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down'.
E.The 'show event manager environment' output shows the variable '_event_type' as 'none'.
AnswersA, B, C

The applet is designed to generate a syslog; its absence suggests the applet did not execute.

Why this answer

If the applet fails, no custom syslog is generated, the 'show event manager history events' will not show the trigger, and the 'show event manager policy active' may show the policy but with a non-zero failure count. The other options either describe normal behavior or unrelated issues.

1383
MCQmedium

What is the default CoPP behavior for traffic that does not match any class in the policy-map?

A.Dropped
B.Transmitted
C.Logged and dropped
D.Routed to the management plane
AnswerB

The default action for traffic not matching any class is to transmit it, unless a 'class class-default' is configured with a police action.

Why this answer

If a policy-map has no explicit 'class class-default' statement, unmatched traffic is implicitly permitted and transmitted without policing.

1384
MCQhard

What is the default rate-limit interval for the 'logging rate-limit' command in Cisco IOS-XE?

A.100 milliseconds
B.1 second
C.5 seconds
D.No default; it must be specified
AnswerB

The default interval for logging rate-limit is 1 second.

Why this answer

The default rate-limit interval is 1 second, meaning the specified number of messages per second is allowed.

1385
MCQmedium

A network engineer runs the following command to troubleshoot BFD with static routes: R1# show ip route 10.8.8.0/24 Routing entry for 10.8.8.0/24 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 10.9.9.2, via GigabitEthernet0/3 Route metric is 0, traffic share count is 1 BFD enabled, BFD state: UP What does this output indicate?

A.Static route is installed with BFD tracking, and BFD session is UP.
B.Static route is not using BFD.
C.BFD state is DOWN, so the static route is removed.
D.Static route is using BFD only for IPv6.
AnswerA

BFD is enabled and UP, so the static route is active and monitored.

Why this answer

The output shows that BFD is enabled for the static route and the BFD state is UP, meaning the next hop is reachable and BFD is providing fast failure detection.

1386
MCQmedium

A network engineer runs the following command to verify MPLS L3VPN operation: R1# show bgp ipv4 unicast 10.1.1.0/24 Output: BGP routing table entry for 10.1.1.0/24, version 10 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local 0.0.0.0 from 0.0.0.0 (10.0.0.1) Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best What does this output indicate?

A.The route is locally originated and is the best path
B.The route is learned from a BGP peer
C.The route has an MPLS label
D.The route is in a VRF
AnswerA

The output shows 'sourced' and 'best', indicating local origin and best path.

Why this answer

This shows the BGP IPv4 unicast table entry for prefix 10.1.1.0/24. The path is local, with next hop 0.0.0.0, and it is valid and best. This is a standard IPv4 route, not VPNv4, so it does not have extended communities or MPLS labels.

1387
MCQhard

A network engineer runs the following command to troubleshoot an MPLS LDP issue: R1# debug mpls ldp transport LDP: Transport connection to 2.2.2.2:0 via TCP (passive) LDP: Connection from 2.2.2.2:0 to 1.1.1.1:646 LDP: Transport connection to 2.2.2.2:0 via TCP (active) LDP: Connection from 1.1.1.1:646 to 2.2.2.2:0 LDP: Hold timer expired for peer 2.2.2.2:0 LDP: Closing transport connection to 2.2.2.2:0 What does this output indicate?

A.LDP session is established and stable.
B.LDP session is flapping due to hold timer expiration.
C.LDP session is down because of authentication failure.
D.LDP session is down because of a transport address mismatch.
AnswerB

The hold timer expires, causing the session to close, which suggests flapping.

Why this answer

The debug shows that the LDP transport connection to peer 2.2.2.2 is established but then the hold timer expires, causing the connection to close. This indicates a problem with LDP keepalive or session maintenance.

1388
MCQhard

A network engineer notices that IPv6 hosts on a segment are not receiving Router Advertisements, even though Router R1 has IPv6 unicast-routing enabled and an IPv6 address on the interface. Router R1 has the following relevant configuration: interface GigabitEthernet0/0 ipv6 address 2001:DB8:1::1/64 ipv6 nd suppress-ra ! Router R2, connected to the same segment, shows: no IPv6 neighbors in the neighbor cache for R1's link-local address. What is the root cause?

A.The interface is in a down state due to a Layer 1 issue, preventing RA generation.
B.The 'ipv6 nd suppress-ra' command is configured, which prevents Router Advertisements from being sent.
C.Router R2 has IPv6 routing disabled, so it cannot process RAs from R1.
D.The IPv6 address on R1 is not in the same subnet as the hosts, causing RA filtering.
AnswerB

This command suppresses all RAs, so hosts cannot autoconfigure or learn the default router.

Why this answer

The 'ipv6 nd suppress-ra' command suppresses Router Advertisements, which prevents hosts from learning the prefix and default route. This is a common misconfiguration when an administrator intends to use DHCPv6 for address assignment but forgets that hosts still need RAs for default gateway discovery. The correct answer identifies this suppression as the root cause.

1389
MCQmedium

A network engineer runs the following command on Router R1: R1# show bfd neighbors detail IPv4 Sessions NeighborAddr LD/RD Int State Holdown(mult) Intf 10.1.1.2 1/3 Gi0/0 Up 1500(3) Gi0/0 Session state is UP and not using echo function. OurAddr: 10.1.1.1 Handle: 1 Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3 Received MinRxInt: 1000000, Received Multiplier: 3 Holddown (hits): 1500(0) Rx Count: 120, Tx Count: 150 Based on this output, which statement is correct?

A.The BFD session is down because the holddown timer is incorrect.
B.The BFD session is up and the holddown timer is 1500 ms, which is correct based on the configured multiplier and MinRxInt.
C.The BFD session is using echo mode, which is why the holddown timer is 1500 ms.
D.The BFD session is up but the multiplier is set to 1, causing the holddown timer to be 1500 ms.
AnswerB

The holddown timer is calculated as MinRxInt * Multiplier = 1000000 microseconds * 3 = 3000000 microseconds = 3000 ms, but the output shows 1500 ms. This is a known behavior where the holddown timer displayed is half of the actual holddown time due to a software implementation detail. The session is up.

Why this answer

The output shows BFD session details. The Holddown value of 1500 ms is calculated as MinRxInt * Multiplier (1000 ms * 3 = 3000 ms), but the output shows 1500 ms. This discrepancy indicates a misconfiguration or a bug, but the key point is that the session is UP and the holddown timer is 1500 ms, which is half of the expected value.

However, the correct interpretation is that the BFD session is established and operating, and the holddown timer is 1500 ms as shown.

1390
MCQmedium

An engineer is troubleshooting why the NMS is not receiving SNMP traps from router R2. The configuration includes 'snmp-server enable traps', 'snmp-server host 10.1.1.100 version 2c public', and an extended ACL 100 that permits UDP port 162 from 10.1.1.100. The NMS can ping R2. What is the most likely cause?

A.The ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router.
B.The 'snmp-server host' command is missing the 'trap' keyword, causing the router to send informs instead.
C.The community string 'public' is case-sensitive; the NMS is using 'Public' with a capital P.
D.The router needs the 'snmp-server trap-source' command to specify the source interface for traps.
AnswerA

Correct because traps are sent from the router; the ACL must permit outbound UDP port 162 to the NMS, not inbound.

Why this answer

SNMP traps are sent from the router (source port 162) to the NMS (destination port 162), but the ACL on the router must permit outgoing traffic from the router's source port 162 to the NMS. The ACL as described only permits incoming UDP 162 from the NMS, which is incorrect.

1391
MCQeasy

Given the configuration: logging buffered 8192 warnings logging console alerts logging monitor critical Which of the following is true?

A.The logging buffer stores messages of severity 0 through 4.
B.The console displays messages of severity 0 through 3.
C.The monitor receives messages of severity 0 through 4.
D.The buffer can store up to 8192 syslog messages.
AnswerA

Level 'warnings' (4) includes severities 0-4.

Why this answer

The buffer is set to 8192 bytes with level warnings (0-4). Console is alerts (0-2). Monitor is critical (0-3).

Note that the buffer size is in bytes, not messages.

1392
MCQmedium

What is the default maximum number of NAT translations that can be created in Cisco IOS?

A.512 translations
B.1024 translations
C.Unlimited, limited only by available memory
D.4096 translations
AnswerC

Correct. Cisco IOS allows NAT translations up to the memory capacity of the device.

Why this answer

Cisco IOS does not have a fixed default maximum number of NAT translations; it is limited by available memory. However, the ip nat translation max-entries command can be used to set a limit. Without configuration, the limit is dynamic based on system resources.

1393
Multi-Selectmedium

Which TWO configuration steps are required to troubleshoot and fix a BGP route that is not being advertised to an EBGP neighbor due to the next-hop-self issue? (Choose TWO.)

Select 2 answers
A.Configure a network statement under BGP to advertise the prefix.
B.Apply the neighbor next-hop-self command under the BGP router configuration for the EBGP neighbor.
C.Increase the EBGP multihop TTL using the neighbor ebgp-multihop command.
D.Ensure the next-hop IP is reachable via an IGP or static route on the advertising router.
E.Use the neighbor update-source command to change the source IP of BGP updates.
AnswersB, D

This forces the router to use its own IP as the next hop for routes advertised to the neighbor.

Why this answer

The next-hop-self command on the EBGP neighbor or the IBGP peer (if the route is from IBGP) ensures the next hop is set to the local router's address. Alternatively, if the next hop is reachable via an IGP, no change is needed. Option A is incorrect because network statements do not affect next-hop.

Option C is incorrect because EBGP multihop is for TTL issues. Option E is incorrect because the update-source command sets the source IP, not the next hop.

1394
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 10.1.1.2 advertised-routes BGP table version is 10, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.10.10.0/24 0.0.0.0 0 32768 i *> 10.20.20.0/24 0.0.0.0 0 32768 i R1# show route-map route-map BLOCK_RFC1918, permit, sequence 10 Match clauses: ip address prefix-list RFC1918 Set clauses: Policy routing matches: 0 packets, 0 bytes route-map BLOCK_RFC1918, deny, sequence 20 Match clauses: Set clauses: Policy routing matches: 0 packets, 0 bytes R1# show ip prefix-list RFC1918 ip prefix-list RFC1918: 3 entries seq 5 deny 10.0.0.0/8 le 32 seq 10 deny 172.16.0.0/12 le 32 seq 15 deny 192.168.0.0/16 le 32 seq 20 permit 0.0.0.0/0 le 32 Based on this output, what is the most likely issue?

A.The route-map BLOCK_RFC1918 is not applied to the BGP neighbor, so RFC 1918 routes are being advertised.
B.The prefix-list RFC1918 is misconfigured and permits all routes.
C.The route-map is applied but the match clause is incorrect.
D.The BGP session is not established.
AnswerA

The prefix-list denies RFC 1918, but the route-map is not applied to the neighbor, so routes are advertised.

Why this answer

The route-map BLOCK_RFC1918 is applied to filter routes, but the advertised routes include 10.10.10.0/24 and 10.20.20.0/24, which are RFC 1918 addresses. The prefix-list RFC1918 should deny these, but the route-map is not being applied to the BGP neighbor, so routes are not filtered. The correct answer is that the route-map is not applied to the BGP neighbor.

1395
MCQmedium

A network engineer is troubleshooting PAT (overload) on a Cisco router. The inside network uses 192.168.1.0/24, and the outside interface has IP 198.51.100.1. The engineer configured 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. Traffic from inside hosts works initially, but after a few minutes, new connections fail. 'Show ip nat translations' shows many entries with the same outside global IP but different ports. 'Show ip nat statistics' indicates that the number of translations is near 500. What is the most likely cause?

A.The NAT pool is not configured with overload.
B.The outside interface is flapping, causing translations to be cleared.
C.The router has run out of available port numbers for PAT.
D.The access list is denying some inside hosts.
AnswerC

Correct because PAT uses a limited port range (usually 1024-65535), and with many sessions, ports can be exhausted, preventing new translations.

Why this answer

PAT uses port numbers to multiplex many inside hosts to a single outside IP. Each TCP/UDP session consumes a port; when the port range is exhausted, new translations cannot be created.

1396
MCQmedium

Which BGP attribute is used as the first tie-breaker when selecting the best path in a VRF-Lite environment?

A.Local preference
B.Weight
C.AS path length
D.MED
AnswerB

Weight is a Cisco-proprietary attribute and is checked first in the BGP best-path selection process.

Why this answer

BGP selects the path with the highest weight (Cisco proprietary) as the first tie-breaker, followed by local preference.

1397
MCQhard

An engineer configures IP SLA with an ICMP echo operation and uses it to track a static default route. The engineer also configures a backup static route with a higher administrative distance. The IP SLA operation is configured with a timeout of 2000 ms and a frequency of 5 seconds. The engineer notices that when the primary route is removed due to IP SLA failure, the backup route is installed, but when the IP SLA operation recovers, the primary route is not reinstalled. The show ip route shows the backup route still present. Which is the most likely explanation?

A.The IP SLA operation has a frequency that is too low, causing a delay in detection of recovery.
B.The track object has a 'delay up' configured, causing a delay before the primary route is reinstalled.
C.The backup static route has a lower administrative distance than the primary route.
D.The IP SLA operation is still in the 'pending' state and has not yet recovered.
AnswerB

The delay up command in the track object introduces a hold-down period before the object state changes to up, so the primary route is not reinstalled immediately.

Why this answer

When a tracked static route is removed, the backup route with higher AD is installed. When the IP SLA operation recovers, the track object goes up, and the primary route should be reinstalled. However, if the IP SLA operation recovers but the track object has a delay up configured, or if the primary route's AD is not lower than the backup route, the primary route may not be reinstalled.

In this scenario, the most likely edge case is that the track object has a 'delay up' configured, which delays the route installation.

1398
MCQhard

An EIGRP network is experiencing frequent stuck-in-active (SIA) events. Router R1 shows: 'show ip eigrp topology' includes routes in active state for several minutes. R1's configuration: router eigrp 100 timers active-time 3. R2, a neighbor, is reachable but has a large number of routes. What is the root cause?

A.The active-time timer is set too low (3 minutes), causing queries to time out before R2 can reply.
B.R2 has a stuck-in-active condition due to a routing loop.
C.R1 has a misconfigured distribute-list that blocks query replies from R2.
D.The network has a high latency link that delays query propagation.
AnswerA

The default active-time is 3 minutes. If R2 has many routes, it may take longer to process queries, leading to SIA.

Why this answer

The active-time timer is set to 3 minutes, which is the default. If a query is sent to a neighbor that takes longer than 3 minutes to reply (due to large topology or slow convergence), the route goes SIA. Reducing the active-time timer can cause premature SIA events.

1399
MCQeasy

Which statement about the Next Hop Resolution Protocol (NHRP) in DMVPN is correct regarding the purpose of NHRP Registration Request packets?

A.They are used to resolve the NBMA address of a destination tunnel IP address.
B.They are used to register the spoke's tunnel IP and NBMA address with the hub.
C.They are used to purge outdated NHRP cache entries on the hub.
D.They are used to establish an IPsec security association between spokes.
AnswerB

Correct. Registration Request packets register the spoke's mapping with the hub.

Why this answer

NHRP Registration Request packets are sent from spoke routers to the hub to register their tunnel IP address (NHS) and corresponding NBMA address. This allows the hub to build a mapping database for forwarding.

1400
MCQmedium

An engineer applies the following configuration to an interface: interface GigabitEthernet0/5 ipv6 dhcp guard attach-policy DHCP_GUARD ipv6 snooping database file nvram:ipv6-snoop.db Which statement is true?

A.The DHCP guard policy is applied to the interface, and the snooping database is stored in NVRAM.
B.The DHCP guard policy is applied only if the snooping database is present.
C.The interface will not forward any DHCP messages until the database is populated.
D.The snooping database is used to validate DHCP server messages.
AnswerA

Both commands are independent; the guard policy filters DHCP, and the database stores bindings.

Why this answer

The 'ipv6 snooping database file' command configures the location for the IPv6 snooping binding database, but it is not directly tied to the DHCP guard policy. The attach-policy applies the guard.

1401
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip policy Interface Route-map GigabitEthernet0/0 PBR-SET R1# show route-map PBR-SET route-map PBR-SET, permit, sequence 10 Match clauses: ip address (access-lists): 160 Set clauses: ip next-hop 192.168.1.2 ip tos 184 Policy routing matches: 300 packets, 24000 bytes R1# show access-lists 160 Extended IP access list 160 10 permit ip 10.0.0.0 0.255.255.255 any R1# show interfaces GigabitEthernet0/0 GigabitEthernet0/0 is up, line protocol is up Internet address is 10.0.0.1/24 Based on this output, a packet from source 10.0.0.5 to destination 8.8.8.8 arrives on GigabitEthernet0/0. What is the most likely behavior?

A.The packet is forwarded using the routing table because the next-hop is not specified correctly.
B.The packet is forwarded to 192.168.1.2 with the ToS field set to 184.
C.The packet is dropped because the ToS value is invalid.
D.The packet is forwarded to 192.168.1.2 but the ToS is not changed.
AnswerB

The route map matches the packet and sets both next-hop and ToS, so the packet is policy-routed with the new ToS value.

Why this answer

The packet matches ACL 160 (source 10.0.0.0/8). The route map sets both next-hop and ToS. The next-hop 192.168.1.2 must be reachable for PBR to apply.

Assuming it is reachable (not shown but implied by matches), the packet will be forwarded to 192.168.1.2 with ToS set to 184 (which is 0xB8, or IP precedence 5, DSCP 46).

1402
Multi-Selecthard

Which TWO configuration steps are required to implement Control Plane Policing (CoPP) on a Cisco IOS-XE router? (Choose TWO.)

Select 2 answers
A.Apply the policy map to a physical interface using the 'service-policy input' command.
B.Create a policy map that defines a police action for the classified traffic.
C.Create a class map to match the traffic that should be policed.
D.Configure a 'shape average' command in the policy map to limit traffic rate.
E.Apply the policy map to the control plane using the 'service-policy input' command under the interface configuration mode.
AnswersB, C

A policy map with a 'police' command is required to specify the rate and action for CoPP.

Why this answer

The two mandatory steps are: (1) creating a class map to classify traffic (e.g., matching ACLs or protocols) and (2) creating a policy map that applies a police action to that class. Applying the policy to the control plane is also required but is a separate step; however, the question asks for two steps from the list. Option B (creating a policy map) and Option C (creating a class map) are the fundamental building blocks.

Applying to an interface is incorrect; applying to the control plane is correct but not listed as a separate option here. Option D is incorrect because CoPP uses 'police' not 'shape'. Option E is incorrect because 'service-policy' is applied under control-plane, not interface.

1403
MCQmedium

A network engineer configures a DMVPN spoke with the following: interface Tunnel0 ip address 10.0.0.3 255.255.255.0 ip nhrp network-id 100 ip nhrp nhs 10.0.0.1 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp map 10.0.0.1 192.168.1.1 ip nhrp map multicast 192.168.1.1 ! What will happen when the spoke tries to send traffic to another spoke (10.0.0.4)?

A.The spoke will send traffic directly to 10.0.0.4 if it has a cached NHRP mapping, otherwise through the hub.
B.The spoke will always send traffic through the hub because of the static multicast map.
C.The spoke will send traffic directly to 10.0.0.4 without using the hub.
D.The spoke will drop the traffic because it does not have a route to 10.0.0.4.
AnswerA

Spokes can build direct tunnels if they have learned the mapping via NHRP; otherwise, traffic goes via the hub.

Why this answer

In DMVPN Phase 2/3, spokes initially send traffic through the hub. The hub then uses NHRP redirect (if configured) to tell the spoke to establish a direct tunnel. Without NHRP redirect on the hub, traffic always goes through the hub.

1404
MCQmedium

Consider this OSPFv3 configuration on router R2: ipv6 router ospf 10 router-id 2.2.2.2 area 0 authentication ipsec spi 256 md5 1234567890abcdef1234567890abcdef interface GigabitEthernet0/0 ipv6 address 2001:db8:1::1/64 ipv6 ospf 10 area 0 What is the effect of this configuration?

A.OSPFv3 will use IPsec MD5 authentication for all packets in area 0, including on GigabitEthernet0/0.
B.Authentication is applied only to the GigabitEthernet0/0 interface, not the entire area.
C.The configuration is invalid because OSPFv3 does not support IPsec authentication.
D.The router-id is missing, so OSPFv3 will not start.
AnswerA

Correct. The area authentication command applies to all interfaces in that area.

Why this answer

The area authentication command under OSPFv3 enables IPsec authentication for the entire area. The interface is enabled for OSPFv3 in area 0, so it will use the area authentication. However, OSPFv3 authentication uses IPsec AH or ESP; the configuration shown is valid.

1405
Drag & Dropmedium

Drag and drop the steps to verify and validate the operational state of IPv4 ACLs into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, display all ACLs with show access-list; second, check interface bindings with show ip interface; third, verify hits on each entry; fourth, confirm the ACL is active using show running-config; fifth, test traffic with extended ping or traffic generator.

1406
MCQmedium

Examine the following configuration snippet: ``` interface GigabitEthernet0/0 ip access-group BLOCK_TELNET out ! ip access-list extended BLOCK_TELNET deny tcp any any eq 23 permit ip any any ``` What is the effect of applying this ACL outbound on GigabitEthernet0/0?

A.It blocks Telnet traffic entering the interface from the network.
B.It blocks Telnet traffic leaving the interface, but permits all other IP traffic.
C.It permits Telnet traffic and blocks all other IP traffic.
D.It has no effect because the ACL is missing a sequence number.
AnswerB

Correct. The outbound ACL denies Telnet and permits all other IP traffic.

Why this answer

The ACL is applied outbound on GigabitEthernet0/0, meaning it filters traffic as it leaves the interface. The first rule denies TCP traffic destined for port 23 (Telnet), and the second rule permits all other IP traffic. Therefore, Telnet sessions initiated from inside the network and exiting this interface are blocked, while all other traffic is allowed.

Exam trap

Cisco often tests the distinction between inbound and outbound ACL application, and the trap here is that candidates mistakenly think an outbound ACL filters traffic entering the interface rather than leaving it.

How to eliminate wrong answers

Option A is wrong because the ACL is applied outbound, not inbound; it blocks traffic leaving the interface, not entering. Option C is wrong because the ACL denies Telnet traffic (port 23) and permits all other IP traffic, not the reverse. Option D is wrong because sequence numbers are not required for named extended ACLs; the ACL is valid and functional as written.

1407
MCQmedium

Examine the following configuration: ``` interface GigabitEthernet0/1 ip vrf forwarding CUSTOMER_C ip address 10.1.1.1 255.255.255.0 no shutdown ``` What is missing from this configuration to ensure that routes from VRF CUSTOMER_C are properly isolated?

A.A route-target import/export statement under the VRF definition.
B.The command 'ip vrf forwarding CUSTOMER_C' must be preceded by 'no ip address' to avoid IP address removal.
C.Nothing is missing; this configuration provides proper VRF isolation.
D.A 'vrf definition CUSTOMER_C' must be used instead of 'ip vrf' on newer IOS versions.
AnswerC

This is correct. The interface is in a VRF, so all traffic uses the VRF-specific routing table, ensuring isolation.

Why this answer

The configuration is complete for basic VRF-Lite. VRF isolation is achieved by associating the interface with a VRF, which creates a separate routing table. No additional commands are required for isolation.

1408
MCQmedium

A network engineer runs the following command on Router R1: R1# show snmp trap SNMP Trap: enabled Trap receiver: 192.168.1.100 Community: PUBLIC Version: 2c UDP port: 162 Enable traps: snmp, interface, bgp Trap receiver: 192.168.1.200 Community: PRIVATE Version: 2c UDP port: 162 Enable traps: snmp, ospf Based on this output, which statement is correct?

A.BGP traps will be sent to 192.168.1.100 but not to 192.168.1.200.
B.Both receivers will receive OSPF traps.
C.The traps are sent using SNMPv3.
D.Interface traps are sent to 192.168.1.200.
AnswerA

The first receiver has 'bgp' in its enable traps list, while the second does not.

Why this answer

The output shows two trap receivers with different enabled traps. The first receiver is configured to receive snmp, interface, and bgp traps. The second receiver is configured for snmp and ospf traps.

Both use SNMPv2c with community strings.

1409
MCQmedium

A network engineer runs the following command on Router R1: R1# show policy-map control-plane Control Plane Service-policy input: CoPP-IN Class-map: CoPP-ICMP (match-all) 100 packets, 6000 bytes 5 minute offered rate 500 bps, drop rate 500 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 50 packets, 3000 bytes; actions: transmit exceeded 25 packets, 1500 bytes; actions: drop violated 25 packets, 1500 bytes; actions: drop Based on this output, what is the most likely impact on the router?

A.All ICMP packets are being transmitted without drops.
B.ICMP traffic is being rate-limited, causing some ping requests to fail.
C.The police rate is set to 16000 bps.
D.The class-default is matching ICMP traffic.
AnswerB

Dropped ICMP packets can result in ping loss.

Why this answer

The CoPP-ICMP class is dropping half of the ICMP packets due to exceeding the police rate. This could cause ping failures or traceroute issues from network devices, but it is not necessarily critical for router operation. However, it indicates that ICMP traffic is being rate-limited.

1410
MCQhard

An engineer configures OSPFv2 with a route-map to set the metric on redistributed routes. After redistribution, the metric is not being set as expected. Which is the most likely explanation?

A.The route-map does not have a match statement, so it applies to no routes.
B.The redistribution command uses the 'subnets' keyword, which overrides the route-map.
C.The route-map is applied to the wrong direction.
D.The OSPF process is configured with 'default-metric' command, which overrides the route-map.
AnswerA

Without a match statement, the route-map does not apply to any routes, and the default metric is used.

Why this answer

When redistributing routes into OSPF, the metric is set using the 'metric' keyword in the redistribution command or via a route-map. However, if the route-map does not explicitly match the routes, the default metric (20 for external type 2) is used. Additionally, if the route-map uses 'set metric' but the redistribution command also has a 'metric' keyword, the route-map overrides the redistribution command.

1411
MCQhard

An OSPF network has a multi-access link between routers R1 and R2. R1 is configured with 'ip ospf network point-to-point' on the interface, while R2 uses the default broadcast network type. R1 shows: 'show ip ospf neighbor' lists R2 as FULL/DR, but R2 shows: 'show ip ospf neighbor' lists R1 as FULL/DROTHER. Traffic from R1 to R2's loopback is fine, but from R2 to R1's loopback is intermittent. What is the root cause?

A.R1's point-to-point configuration disables DR/BDR election, but R2 still expects it, causing R1 to ignore R2's LSUs.
B.R2's DR election is incorrect because it has a higher router ID, but R1 should be the DR.
C.R1's interface has an MTU mismatch that causes OSPF packets to be dropped.
D.R2 has a firewall that blocks OSPF packets from R1.
AnswerA

With mismatched network types, R1 sends packets without a DR, but R2 expects them from the DR, leading to packet loss.

Why this answer

Network type mismatch causes OSPF to behave differently on each side. R1 sees the link as point-to-point, so it does not participate in DR/BDR election. R2 sees it as broadcast, so it elects a DR (itself).

This can cause adjacency issues and suboptimal forwarding because R1 may not have the correct next-hop information.

1412
Multi-Selecthard

Which TWO statements about the 'ip nat outside source' feature are true? (Choose TWO.)

Select 2 answers
A.It translates the source IP address of packets arriving on an interface configured as 'ip nat outside'.
B.It can be used to map an external public IP to an internal private IP so that inside routers can route to the private address.
C.It requires the 'overload' keyword to perform Port Address Translation.
D.It translates the destination IP address of packets leaving the inside network.
E.The translation is unidirectional; return traffic is not translated back.
AnswersA, B

Correct. The command translates the source address of outside-originated traffic.

Why this answer

'ip nat outside source' translates the source IP of packets coming from the outside network. It is typically used to map external addresses to a private range for internal routing. The translation is bidirectional (return traffic is translated back).

This command does not affect destination IPs and does not require an overload keyword.

1413
MCQhard

An engineer configures CoPP with a class-map that matches all IP traffic and polices it to 10000 pps. The router also has uRPF strict mode enabled on the WAN interface. After applying CoPP, the router stops receiving routing updates from a neighbor, but pings to the neighbor succeed. Which is the most likely explanation?

A.CoPP drops routing updates, causing the routing table to lack the neighbor's source network, so uRPF drops the neighbor's packets.
B.uRPF is applied after CoPP, so CoPP drops the routing updates first.
C.The CoPP policy matches all IP traffic, including uRPF failure packets.
D.Pings succeed because they use a different protocol than routing updates.
AnswerA

uRPF strict mode requires a route back to the source; without it, packets are dropped, including routing updates.

Why this answer

uRPF strict mode drops packets if the source IP is not reachable via the incoming interface. CoPP polices traffic to the control plane, but uRPF is applied before CoPP. If the routing table is incomplete (e.g., due to CoPP dropping routing updates), uRPF may drop valid packets, creating a feedback loop.

1414
MCQeasy

What is the default BGP hold timer value in an MPLS L3VPN deployment on Cisco IOS-XE?

A.60 seconds
B.90 seconds
C.120 seconds
D.180 seconds
AnswerD

Correct. The default hold timer is 180 seconds.

Why this answer

The default BGP hold timer is 180 seconds, meaning a peer is declared dead if no keepalive or update is received within that interval.

1415
MCQhard

A network engineer runs the following command on Router R1: R1# show event manager policy registered No. Type Time Created Name 1 applet 00:01:23 UTC Mar 1 2025 EIGRP_Neighbor_Down R1# show ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.1.2 Gi0/0 13 00:02:00 40 200 0 5 Based on this output, what is the most likely problem?

A.The EIGRP neighbor is down.
B.The EEM policy has been triggered.
C.The EIGRP neighbor is up, and the EEM policy is ready to trigger if it goes down.
D.The EEM policy is misconfigured.
AnswerC

The neighbor is operational, so the down event has not occurred.

Why this answer

The EEM policy EIGRP_Neighbor_Down is registered, but the EIGRP neighbor is present with an uptime of 2 minutes. The correct answer is that the EEM policy has not been triggered because the neighbor is up; however, the policy is ready to act if the neighbor goes down.

1416
MCQhard

An engineer applies a Control Plane Policing (CoPP) policy to a router. After applying, OSPF adjacencies go down. The policy has a class that matches OSPF traffic with a police rate of 1000 pps. The 'show policy-map control-plane' shows no drops. Which is the most likely explanation?

A.The CoPP policy uses 'match protocol ospf' but the router runs OSPFv3, which is not matched by that statement.
B.The police rate is configured in bps instead of pps, causing OSPF hellos to be dropped.
C.The 'class class-default' is configured with a police rate that drops all traffic.
D.The CoPP policy is applied to the input direction, but OSPF packets are sent from the router.
AnswerA

OSPFv3 uses IPv6; 'match protocol ospf' matches OSPFv2 only.

Why this answer

CoPP policies have an implicit 'deny all' at the end. If the OSPF traffic is not matched by any class, it will be dropped by the implicit deny. However, the engineer may have configured a class that matches OSPF but the police rate is in bps, not pps, causing OSPF hellos to be dropped if they exceed the rate.

But the question states no drops, so the issue is likely that the OSPF class is not matching due to incorrect match criteria (e.g., match protocol ospf vs match access-group).

1417
MCQhard

A network engineer configures CoPP to protect the control plane, but after redistributing routes, some legitimate routing updates are dropped. Router R1 config: control-plane service-policy input COPP ! class-map match-all ROUTING match access-group name ROUTING ! policy-map COPP class ROUTING police 100000 15000 15000 conform-action transmit exceed-action drop ! access-list ROUTING permit tcp any any eq bgp access-list ROUTING permit udp any any eq 520 access-list ROUTING permit ospf any any R1# show policy-map control-plane input Class-map: ROUTING (match-all) 100 packets, 10000 bytes 5 minute offered rate 0 bps drop rate 0 bps Match: access-group name ROUTING police: cir 100000 bps, bc 15000 bytes, be 15000 bytes conformed 90 packets, 9000 bytes; actions: transmit exceeded 10 packets, 1000 bytes; actions: drop What is the root cause?

A.The CoPP police rate is too low for the volume of routing updates during redistribution, causing drops.
B.The access-list is missing EIGRP protocol, causing EIGRP packets to be dropped.
C.The class-map is match-all, which requires all conditions to match, but only one ACL is present.
D.The policy-map is applied to the input of the control-plane, but redistribution uses output.
AnswerA

Redistribution generates many routing updates; the police rate is insufficient, leading to drops.

Why this answer

The CoPP policy is policing routing protocol traffic at 100 kbps, which may be insufficient during redistribution bursts. The exceeded drops indicate that some packets are being dropped, likely due to the burst size being too small. The fix is to increase the police rate or burst size to accommodate the redistribution traffic.

1418
MCQhard

A DMVPN Phase 3 network with OSPF as the IGP experiences routing loops between hubs. R1 and R2 are both hubs with OSPF adjacencies to each other and to spokes. R1 has a route to 10.0.0.0/8 via a spoke, and redistributes it into OSPF. R2 learns this route and also has a direct connection to the same spoke, causing a loop. What is the root cause?

A.R1 is redistributing a route learned from a spoke into OSPF, and R2 learns this route and forwards traffic back to R1, creating a loop due to lack of route tagging and filtering.
B.OSPF network type is set to broadcast on both hubs, causing DR/BDR election issues.
C.NHRP redirect is enabled on both hubs, causing conflicting redirect messages.
D.R2 has a higher OSPF router ID, causing it to become DR and attract traffic.
AnswerA

Correct. Redistribution without route tagging (e.g., using a route-map with tag) can cause loops. The route should be tagged to prevent re-redistribution.

Why this answer

Redistribution of routes from one routing protocol into OSPF can cause routing loops if not properly filtered. In this case, R1 redistributes a route learned from a spoke into OSPF, and R2 learns it and may forward traffic back to R1, creating a loop. The issue is that OSPF does not have a mechanism to prevent loops from redistribution without proper route tagging and filtering.

1419
MCQhard

In BFD multihop sessions, what is the default value for the TTL (or hop limit) in outgoing BFD Control packets on Cisco IOS-XE?

A.1
B.64
C.128
D.255
AnswerD

The default TTL for BFD multihop sessions is 255, as per Cisco IOS-XE and RFC 5883.

Why this answer

For BFD multihop sessions, Cisco IOS-XE defaults to a TTL of 255, as per RFC 5883, to ensure the packet can traverse multiple hops.

1420
MCQmedium

A network engineer runs the following command to troubleshoot OSPFv3 adjacency: R1# debug ipv6 ospf adj *Mar 1 00:15:23.456: OSPFv3-1-IPv6 ADJ Gi0/0: Rcv pkt from 2001:DB8:1::2, src 2001:DB8:1::2, area 0 *Mar 1 00:15:23.457: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Our address 2001:DB8:1::1, his address 2001:DB8:1::2 *Mar 1 00:15:23.458: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Neighbor is not DR, state 2WAY *Mar 1 00:15:23.459: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: DR is 2001:DB8:1::2, BDR is 2001:DB8:1::1 *Mar 1 00:15:23.460: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Build the Start DBD *Mar 1 00:15:23.462: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Master/Slave negotiation done *Mar 1 00:15:23.464: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Exchange done, loading started *Mar 1 00:15:23.466: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Loading done *Mar 1 00:15:23.468: OSPFv3-1-IPv6 ADJ Gi0/0: Nbr 2.2.2.2: Full What does this output indicate?

A.The OSPFv3 adjacency failed due to area mismatch.
B.The OSPFv3 adjacency formed successfully between routers with router IDs 1.1.1.1 and 2.2.2.2.
C.The adjacency is stuck in Exstart state due to interface MTU mismatch.
D.The router is the DR on this segment.
AnswerB

The debug shows the neighbor with router ID 2.2.2.2 and the adjacency reaching Full.

Why this answer

The debug output shows the successful OSPFv3 adjacency formation between two routers on interface Gi0/0.

1421
MCQmedium

A network engineer runs the following command on Router R1: R1# show event manager policy registered No. Type Time Created Name 1 applet 00:01:23 UTC Mar 1 2025 OSPF_Neighbor_Down R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:36 192.168.1.2 GigabitEthernet0/0 Based on this output, what is the most likely conclusion?

A.The OSPF neighbor is down.
B.The EEM policy has been triggered.
C.The EEM policy is registered but not yet triggered because the OSPF neighbor is up.
D.The EEM policy is misconfigured.
AnswerC

The neighbor state FULL shows the neighbor is operational, so the down event has not occurred.

Why this answer

The EEM policy OSPF_Neighbor_Down is registered, but the OSPF neighbor is in FULL state. The correct answer is that the EEM policy has not been triggered because the OSPF neighbor is up.

1422
MCQmedium

A network engineer runs the following command on Router R1: R1# show dmvpn Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete N: NATed, L: Local, X: No Socket #Ent -> Number of NHRP entries with same NBMA peer NHS Status: E => Expecting Replies, R => Responding, W => Waiting UpDn Time -> Up or Down Time for a Tunnel ========================================================================== Interface: Tunnel0, IPv4 NHRP Details Type:Hub, NHRP Peers:2, # Ent Peer NBMA Addr Peer Tunnel Addr State UpDn Tm Attrb ----- --------------- ---------------- ----- -------- ----- 1 10.1.1.2 172.16.0.2 UP 00:02:15 D 1 10.1.1.3 172.16.0.3 UP 00:01:45 D Based on this output, which statement is correct?

A.Router R1 is a spoke with two hub peers.
B.Router R1 is a hub with two dynamically registered spokes.
C.The NHRP peers are static and not dynamic.
D.One spoke is experiencing a registration failure.
AnswerB

Type:Hub and two dynamic (D) entries confirm this.

Why this answer

The show dmvpn command displays NHRP peers. The output shows two dynamic peers (D) with their NBMA and tunnel addresses. The hub has two spokes registered, both in UP state.

The correct answer identifies the role and peer count.

1423
MCQmedium

A network engineer is troubleshooting a site-to-site VPN that intermittently drops. The engineer configured IP SLA 10 to track reachability of the remote LAN gateway (10.1.2.1) using ICMP echo probes every 5 seconds. The IP SLA is used in a static route to influence failover. The engineer notices that the IP SLA state shows 'Active' but the tracked route is not installed. What is the most likely cause?

A.The IP SLA probe is sending packets to the wrong destination IP.
B.The track object is configured with 'ip sla 10 reachability' but the static route references the track object incorrectly.
C.The IP SLA probe frequency is too high, causing the router to ignore the results.
D.The remote gateway is not responding to ICMP echo requests due to firewall rules.
AnswerB

If the track object is not properly linked (e.g., 'track 1 ip sla 10 reachability' missing), or the static route uses a different track number, the route will not be installed even though the IP SLA is active.

Why this answer

The IP SLA is active, but the tracked object might not be configured correctly to react to the IP SLA state. The issue is that the track object is not linked to the IP SLA or the threshold is misconfigured.

1424
MCQmedium

A network engineer runs the following command to troubleshoot an MPLS L3VPN issue: R1# show bgp neighbors 10.0.0.2 advertised-routes Output: BGP table version is 10, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.1.0/24 0.0.0.0 0 32768 i *> 10.2.2.0/24 0.0.0.0 0 32768 i Total number of prefixes 2 What does this output indicate?

A.R1 is advertising two local prefixes to BGP neighbor 10.0.0.2
B.R1 is receiving two prefixes from BGP neighbor 10.0.0.2
C.R1 has no BGP routes
D.R1 is using OSPF to learn these prefixes
AnswerA

The output shows two prefixes with next hop 0.0.0.0, indicating local origin, being advertised.

Why this answer

The show bgp neighbors advertised-routes command displays routes that the router is advertising to the specified neighbor. Here, R1 is advertising two prefixes (10.1.1.0/24 and 10.2.2.0/24) to neighbor 10.0.0.2. Both are locally originated (next hop 0.0.0.0) with origin IGP.

1425
MCQhard

Router R1 and R2 are running EIGRP as the IGP, and R1 is redistributing a connected subnet 10.1.1.0/24 into EIGRP. R2 also runs BGP with an external peer, and BGP is redistributing the same prefix 10.1.1.0/24 into EIGRP with a route-map that sets the administrative distance to 100. On R3, a downstream EIGRP router, 'show ip route 10.1.1.0' shows the route via R2. What is the most likely cause of suboptimal routing?

A.The route-map set distance 100 overrides the default AD, making the redistributed route preferred over the internal route (AD 90).
B.The internal EIGRP route is not present in R3's routing table due to a distribute-list inbound from R1, so the redistributed route with AD 100 is the only path.
C.The redistributed route has AD 170 by default, and the route-map is ignored because redistribution from BGP always uses AD 170.
D.R3 prefers routes with lower metric, not AD, and the redistributed route has a better metric.
AnswerB

If the internal route is filtered, the redistributed route becomes the best path, causing suboptimal routing.

Why this answer

EIGRP internal routes have AD 90, external routes AD 170. Redistribution from BGP into EIGRP creates external routes (AD 170) unless a route-map changes the distance. Setting AD to 100 makes the redistributed route preferred over the original internal route (AD 90) because 100 > 90, so the internal route should be preferred.

However, if the internal route is not present due to a filter, or if the distance is set lower than 90, the redistributed route is chosen. The correct answer is that the route-map set distance 100 is higher than 90, so the internal route (AD 90) is still preferred; the issue is that the internal route is being suppressed by a distribute-list on R3.

Page 18

Page 19 of 29

Page 20