Cisco CCNP ENARSI 300-410 (300-410) — Questions 18011875

2152 questions total · 29pages · All types, answers revealed

Page 24

Page 25 of 29

Page 26
1801
MCQmedium

An engineer is troubleshooting an MPLS L3VPN where CE1 (10.1.1.0/24) cannot reach CE2 (10.2.2.0/24). The PE routers are using OSPF with the CEs. On PE1, the show ip bgp vpnv4 vrf CUSTOMER command shows the route for 10.2.2.0/24 with a next-hop of 192.168.1.2, and the show ip route vrf CUSTOMER command shows the route. However, traffic from CE1 to CE2 fails. The show ip cef vrf CUSTOMER 10.2.2.0 command on PE1 shows the next-hop as 192.168.1.2 and the output interface as GigabitEthernet0/0. The show ip route 192.168.1.2 command on PE1 shows the route with a next-hop of 10.0.0.2 and output interface GigabitEthernet0/0. The show mpls forwarding-table 192.168.1.2 detail command on PE1 shows a label with outgoing interface GigabitEthernet0/0. What is the most likely cause?

A.The VRF route-target import on PE1 is misconfigured.
B.The CE1 router does not have a default route or specific route to 10.2.2.0/24.
C.The OSPF process on PE1 is not redistributing BGP routes into OSPF.
D.The MP-BGP session is not using the loopback interface.
AnswerB

Correct: If CE1 does not have a route to the remote prefix, it will drop traffic or send it to a default gateway that may not exist.

Why this answer

All forwarding components appear correct: the route is in the VRF, CEF has a valid next-hop and interface, and MPLS has a label. The issue is likely on the CE side, such as a missing route on CE1 or a firewall blocking traffic. The engineer should check CE1's routing table.

1802
MCQmedium

Review this configuration: route-map RMAP permit 10 match ipv6 address prefix-list PREFIX set interface null0 ! ipv6 prefix-list PREFIX seq 5 permit 2001:db8:5::/48 ! interface GigabitEthernet0/6 ipv6 verify unicast source reachable-via any allow-default What is the purpose of the 'allow-default' keyword?

A.It allows uRPF to use the default route as a valid path for source reachability.
B.It allows the router to accept packets with source addresses from the default prefix.
C.It disables uRPF for packets matching the default route.
D.It is used to allow multicast traffic through uRPF.
AnswerA

Normally, loose uRPF ignores default routes; 'allow-default' includes them.

Why this answer

The 'allow-default' keyword permits packets whose source address is reachable via a default route. Without it, loose uRPF would drop packets with sources matching only a default route.

1803
MCQhard

A network engineer runs the following command on Router R8: R8# show ip route 10.2.2.0 Routing entry for 10.2.2.0/24 Known via "eigrp 100", distance 90, metric 28160 Redistributing via eigrp 100 Last update from 192.168.2.1 on GigabitEthernet0/0, 00:00:05 ago Routing Descriptor Blocks: * 192.168.2.1, from 192.168.2.1, 00:00:05 ago, via GigabitEthernet0/0 Route metric is 28160, traffic share count is 1 R8 also has a static route to 10.2.2.0/24 with next-hop 192.168.3.1 configured with distance 95. Which route will be used?

A.The static route will be used because it is manually configured.
B.The EIGRP route will be used because it has a lower administrative distance.
C.Both routes will be used for load balancing.
D.Neither route will be used due to a routing loop.
AnswerB

EIGRP's distance of 90 is lower than the static route's 95, so EIGRP is preferred.

Why this answer

The EIGRP route has a distance of 90, which is lower than the static route's distance of 95. Therefore, the EIGRP route will be preferred and installed in the routing table.

1804
Drag & Dropmedium

Drag and drop the steps to verify and validate Policy-Based Routing (PBR) operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, check if PBR is enabled on the interface. Then view the route map statistics and hit counts. Examine the set actions and next-hop status.

Use 'show ip policy' to confirm policy map. Finally, use 'show route-map' to validate sequence and matches.

1805
Multi-Selectmedium

Which TWO configuration steps are required to implement manual route summarization in OSPF on an ABR? (Choose TWO.)

Select 2 answers
A.Configure the 'area area-id range network mask' command under router OSPF configuration.
B.Ensure the summary address is a supernet of the networks being summarized.
C.Use the 'summary-address network mask' command under router OSPF configuration.
D.Apply the 'ip summary-address ospf' command under the interface connecting to the backbone.
E.Configure a 'network' statement that matches the summary address.
AnswersA, B

This command creates a summary route for networks in the specified area, which is the correct method for ABR summarization.

Why this answer

In OSPF, manual summarization on an ABR is done using the 'area range' command under router configuration mode, which summarizes routes from one area into another. The summary address must be within the range of networks in the area. The 'summary-address' command is used for external routes on ASBRs, not for inter-area summarization. 'network' commands define interfaces, not summarization. 'default-information originate' is for default routes.

1806
MCQhard

Router R1 is configured with VRF-A and VRF-B. Route leaking is configured between them using route-targets. However, routes from VRF-A are appearing in VRF-B with incorrect next-hop addresses, causing traffic to be black-holed. R1 configuration: ip vrf VRF-A, rd 100:1, route-target both 100:1. ip vrf VRF-B, rd 200:2, route-target both 200:2. Additionally, a route-map is applied to the VRF-A export: route-map LEAK, set global. The route-map does not modify the next-hop. What is the root cause?

A.The route-map uses 'set global', which is intended for leaking to the global table, not between VRFs, causing incorrect next-hop.
B.The route-targets must be the same for both VRFs for route leaking.
C.The VRF names must be the same for route leaking.
D.The route-map should be applied to the VRF-B import instead.
AnswerA

Correct: 'set global' is for global table; for VRF-to-VRF, the route-map should not include that command.

Why this answer

When leaking routes between VRFs, the next-hop is typically the local router's interface IP in the source VRF. If the route-map does not set the next-hop to a reachable address in the destination VRF, the route may be installed with an unreachable next-hop. In this case, the route-map sets 'set global', which is used for leaking to the global table, not between VRFs.

For VRF-to-VRF leaking, the route-map should not use 'set global' but rather rely on the default behavior. The 'set global' command causes the route to be leaked to the global table instead of VRF-B, or it may cause the next-hop to be set incorrectly. The root cause is that the route-map is misconfigured for VRF-to-VRF leaking.

1807
MCQmedium

Examine this configuration: ``` router ospf 1 distance ospf intra-area 150 inter-area 160 external 170 ``` What is the effect of this command?

A.It sets the administrative distance for all OSPF routes to 150.
B.It sets the administrative distance for intra-area OSPF routes to 150, inter-area to 160, and external to 170.
C.It sets the administrative distance for OSPF routes to 150, but only for routes learned from area 1.
D.It sets the administrative distance for OSPF external routes to 170 and leaves intra-area and inter-area at default.
AnswerB

This is the correct syntax and effect.

Why this answer

This command sets different administrative distances for different OSPF route types: intra-area to 150, inter-area to 160, external to 170.

1808
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 10.1.12.2 BGP neighbor is 10.1.12.2, remote AS 65002, external link BGP version 4, remote router ID 10.2.2.2 BGP state = Idle Last read 00:00:00, last write 00:00:00, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable (disabled) Neighbor capabilities: Route refresh: advertised and received(new) Four-octets ASN Capability: advertised and received Address family IPv4 Unicast: advertised and received Enhanced Refresh Capability: advertised Multisession Capability: State is never active Message statistics: InQ depth is 0 OutQ depth is 0 Based on this output, what is the most likely cause of the BGP session being in Idle state?

A.The neighbor 10.1.12.2 is not reachable via IP routing.
B.The BGP neighbor is administratively shut down (neighbor shutdown).
C.The remote AS number is misconfigured.
D.The BGP update timer is too long.
AnswerB

Idle state with 'never active' often indicates the neighbor is shut down or the BGP process is not configured correctly. A shutdown command would keep the session in Idle.

Why this answer

Idle state typically indicates that BGP is not attempting to connect, often due to a configuration issue such as a missing neighbor statement, incorrect AS number, or a shutdown. The 'State is never active' suggests the session has never transitioned to Active, pointing to a configuration problem.

1809
MCQmedium

Review the following configuration: ipv6 access-list FILTER permit tcp 2001:db8:1::/48 any eq 80 permit tcp 2001:db8:1::/48 any eq 443 deny ipv6 any any interface GigabitEthernet0/3 ipv6 traffic-filter FILTER out What is the effect of this configuration?

A.Only HTTP and HTTPS traffic from 2001:db8:1::/48 is permitted outbound; all other traffic is denied.
B.All traffic from 2001:db8:1::/48 is permitted because the ACL does not specify destination prefix.
C.The ACL is misconfigured because 'out' should be 'in' for source-based filtering.
D.The ACL permits all traffic because the deny statement is implicit.
AnswerA

The permit statements match source prefix and destination ports; the implicit deny blocks everything else.

Why this answer

Option A is correct because the IPv6 ACL named FILTER explicitly permits TCP traffic from source prefix 2001:db8:1::/48 to any destination on ports 80 (HTTP) and 443 (HTTPS), and then denies all other IPv6 traffic. Applied as an outbound traffic filter on GigabitEthernet0/3, this configuration restricts outbound traffic to only HTTP and HTTPS sessions originating from the specified prefix.

Exam trap

Cisco often tests the misconception that an ACL without a destination prefix permits all traffic from the source, but in reality, the permit statement still requires the specified protocol and ports to match, and the explicit deny blocks everything else.

How to eliminate wrong answers

Option B is wrong because the ACL does not permit all traffic from 2001:db8:1::/48; it only permits TCP traffic to ports 80 and 443, and the explicit deny ipv6 any any blocks all other traffic. Option C is wrong because applying the ACL outbound is valid for filtering traffic leaving the interface; the direction 'out' is appropriate when the source prefix is the local network, and there is no requirement to use 'in' for source-based filtering. Option D is wrong because the ACL includes an explicit deny ipv6 any any statement, so the implicit deny at the end of the ACL is redundant but does not permit all traffic; the explicit deny still blocks everything not matched by the permit statements.

1810
MCQmedium

A network engineer is troubleshooting an IPsec site-to-site VPN that uses a GRE tunnel over IPsec. The GRE tunnel is up/up, but the routing protocol (EIGRP) running over the GRE tunnel is not forming an adjacency. The engineer checks the tunnel configuration and sees that the tunnel source and destination are correct. What is the most likely cause?

A.The crypto map access list does not match GRE protocol (47) traffic.
B.The EIGRP hello timer is set too high.
C.The tunnel interface is not configured with an IP address.
D.The IPsec transform set does not include ESP encryption.
AnswerA

Correct because GRE uses protocol 47; if the crypto map's access list only matches IP traffic between the LAN subnets, the GRE packets themselves are not encrypted and are dropped, causing the GRE tunnel to appear up but the routing protocol to fail.

Why this answer

For a GRE over IPsec tunnel, the GRE tunnel must be protected by the crypto map. If the crypto map is applied to the physical interface but the GRE tunnel traffic is not matched by the crypto map's access list, the GRE packets will be sent unencrypted and the remote router will drop them, preventing the routing protocol from forming an adjacency.

1811
MCQmedium

A network engineer runs the following command to troubleshoot an IPsec Site-to-Site VPN issue: R1# show crypto ipsec sa detail interface: Tunnel0 Crypto map tag: CMAP, local addr 192.168.1.1 protected vrf: (none) local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0) current_peer 192.168.2.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 192.168.1.1, remote crypto endpt.: 192.168.2.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0/0 current outbound spi: 0x0(0) PFS (Y/N): N, DH group: none inbound esp sas: spi: 0x0(0) transform: esp-3des esp-sha-hmac , in use settings ={Tunnel, } conn id: 0, flow_id: 0, sibling_flags 80000000, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (0/0) IV size: 8 bytes replay detection support: N outbound esp sas: spi: 0x0(0) transform: esp-3des esp-sha-hmac , in use settings ={Tunnel, } conn id: 0, flow_id: 0, sibling_flags 80000000, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (0/0) IV size: 8 bytes replay detection support: N What does this output indicate?

A.The IPsec SA is fully established and encrypting traffic.
B.The IPsec SA is in a pending state; the SPI is 0, meaning the SA negotiation is incomplete or the SA has been deleted.
C.The IPsec SA is using PFS, which is causing the SA to be rekeyed frequently.
D.The crypto map is not applied to the interface, so the SA is not used.
AnswerB

SPI of 0 and zero lifetime indicate the SA is not active; it may have been cleared or never completed.

Why this answer

The output shows SPI values of 0x0 for both inbound and outbound ESP SAs, with zero packet encapsulation and encryption counts. This indicates that the IPsec Security Association (SA) negotiation is incomplete or the SA has been deleted, as a valid SA would have a non-zero SPI and active packet counters. The 'current_peer' and crypto map are present, but the SA is not operational.

Exam trap

Cisco often tests the misconception that a crypto map present in the output means the SA is active, but the SPI of 0x0 and zero packet counters are the definitive indicators of an incomplete or deleted SA.

How to eliminate wrong answers

Option A is wrong because the SPI of 0x0 and zero packet counters clearly show the IPsec SA is not established or encrypting traffic; a fully established SA would have non-zero SPIs and increasing packet counts. Option C is wrong because the output explicitly shows 'PFS (Y/N): N, DH group: none', indicating PFS is not enabled, so it cannot be causing frequent rekeying. Option D is wrong because the crypto map tag 'CMAP' is listed under interface Tunnel0, confirming the crypto map is applied to the interface, but the SA is not active.

1812
MCQmedium

Consider the following partial configuration on a Cisco IOS-XE switch: monitor session 1 source interface GigabitEthernet1/0/1 both monitor session 1 destination interface GigabitEthernet1/0/2 What is the effect of this configuration?

A.It copies all traffic received and transmitted on GigabitEthernet1/0/1 to GigabitEthernet1/0/2.
B.It copies only ingress traffic from GigabitEthernet1/0/1 to GigabitEthernet1/0/2.
C.It copies only egress traffic from GigabitEthernet1/0/1 to GigabitEthernet1/0/2.
D.It copies traffic from GigabitEthernet1/0/2 to GigabitEthernet1/0/1.
AnswerA

The 'both' keyword specifies both ingress and egress traffic.

Why this answer

This configures a local SPAN session that copies traffic from GigabitEthernet1/0/1 (both ingress and egress) to GigabitEthernet1/0/2 for monitoring.

1813
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface connected to a network with asymmetric routing. Users report intermittent connectivity issues. Which is the most likely explanation?

A.Asymmetric routing causes packets to arrive on an interface that is not the best return path, so uRPF drops them.
B.The uRPF configuration is missing the 'allow-default' option.
C.The routing table does not have a route for the source IP.
D.The interface has multiple IP addresses.
AnswerA

Correct. Strict mode requires symmetric routing.

Why this answer

Strict mode uRPF checks that the source IP of incoming packets has a route back through the same interface. With asymmetric routing, packets may arrive on an interface that is not the best return path, causing uRPF to drop them. Loose mode would allow asymmetric routing but still check for a route.

1814
MCQmedium

A network engineer runs the following command to troubleshoot an MPLS L3VPN issue: R1# show mpls ldp neighbor detail Output: Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.17905 State: Oper, Msg sent: 123, Msg rcvd: 456 Up time: 1w2d LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.12.0.2 Addresses bound to peer LDP Ident: 10.0.0.2 10.12.0.2 Peer hold time: 15 sec What does this output indicate?

A.The LDP session is up and stable
B.The LDP session is using UDP
C.The LDP session is down
D.The LDP peer is using a different LDP ID
AnswerA

State is Oper, up time is 1w2d, indicating a stable session.

Why this answer

The output shows LDP neighbor details. The peer is 10.0.0.2, the session is operational (State: Oper) and has been up for 1 week and 2 days. The discovery source is GigabitEthernet0/0 with source IP 10.12.0.2.

The peer's addresses include 10.0.0.2 (loopback) and 10.12.0.2 (interface).

1815
MCQhard

Two OSPF routers R1 and R2 are connected via a GigabitEthernet link in area 0. R1 has interface GigabitEthernet0/0 ip ospf network point-to-point, while R2 has the default OSPF network type broadcast. R1's show ip ospf neighbor shows R2 in FULL state, but R2's show ip ospf neighbor shows R1 in FULL state. However, routes from R1 are not appearing in R2's routing table. Show ip ospf database on R2 shows the router LSA from R1 but not the network LSA. What is the root cause?

A.The OSPF network type mismatch causes R1 to not generate a network LSA, and R2 cannot install routes that rely on that LSA.
B.The OSPF adjacency is stuck in EXSTART state due to MTU mismatch.
C.R2 has a firewall blocking Type 2 LSAs.
D.R1's router LSA has an incorrect metric, causing R2 to ignore it.
AnswerA

R1's point-to-point network type does not elect a DR or generate Type 2 LSAs, so R2 lacks the necessary topology information for transit.

Why this answer

When R1 has the OSPF network type set to point-to-point on the GigabitEthernet link, it does not elect a DR/BDR and therefore does not generate a Type 2 (Network) LSA. R2, with the default broadcast network type, expects a Network LSA to build complete routing information for the segment. Although the adjacency reaches FULL and R2 receives R1's Type 1 (Router) LSA, the missing Network LSA prevents R2 from installing routes that depend on that LSA, such as those for networks advertised by R1 that are not directly connected to the link.

Exam trap

Cisco often tests the misconception that a FULL adjacency guarantees full route exchange, but the trap here is that OSPF network type mismatch can break route installation even when neighbor state is FULL and Router LSAs are exchanged.

How to eliminate wrong answers

Option B is wrong because the adjacency is already in FULL state, not EXSTART, so an MTU mismatch is not the issue. Option C is wrong because a firewall blocking Type 2 LSAs would not affect the adjacency state or the presence of the Router LSA in the database; the problem is a missing Network LSA due to network type mismatch, not a filter. Option D is wrong because the Router LSA from R1 is present in R2's database, and there is no indication of an incorrect metric; OSPF does not ignore LSAs based solely on metric values.

1816
MCQhard

An engineer configures PBR on a router to route traffic from VLAN 10 to next-hop 192.168.1.2 using a route-map. The route-map is applied inbound on the VLAN interface. The engineer also configures 'ip policy route-map' on the same interface. However, traffic from VLAN 10 is not being policy-routed; instead, it is forwarded normally. The router is running IOS-XE. What is the most likely cause?

A.The VLAN interface is a Layer 2 switch virtual interface (SVI) and does not support PBR without additional hardware configuration.
B.The route-map is missing a 'match ip address' clause.
C.The next-hop 192.168.1.2 is not reachable via any route.
D.The 'ip policy route-map' command is applied outbound instead of inbound.
AnswerA

PBR on SVIs in IOS-XE may require specific platform support or configuration; otherwise, it is ignored.

Why this answer

On IOS-XE, PBR is not supported on switched virtual interfaces (SVIs) by default; it requires the 'platform hardware throughput mode' or specific hardware support. Alternatively, the interface may be a Layer 2 switch port, not a routed interface. PBR only works on routed interfaces.

1817
MCQhard

A service provider network is experiencing MPLS label distribution failures between R1 and R2. R1 has: event manager applet LDP-MONITOR event syslog pattern "%LDP-4-ERROR" action 1.0 cli command "enable" action 2.0 cli command "clear mpls ldp neighbor *" action 3.0 syslog msg "Cleared LDP neighbors". Router R2 shows: LDP session is down, and logs show repeated LDP errors. What is the root cause?

A.The EEM applet clears all LDP neighbors upon any LDP error, preventing the session from stabilizing.
B.The LDP router-id is misconfigured on R1.
C.The syslog pattern matches only severity 4, but LDP errors are severity 3.
D.The MPLS label range is exhausted on R1.
AnswerA

Clearing all LDP neighbors disrupts all LDP sessions, causing repeated errors.

Why this answer

The EEM applet triggers on any LDP error and clears all LDP neighbors. This removes the LDP session, causing more errors when the session tries to re-establish, leading to a cycle of failures. The correct fix is to clear only the affected neighbor or address the underlying LDP issue.

1818
MCQeasy

What is the default BGP keepalive interval and hold time for eBGP peers in Cisco IOS?

A.Keepalive 30 seconds, hold time 90 seconds
B.Keepalive 60 seconds, hold time 180 seconds
C.Keepalive 10 seconds, hold time 30 seconds
D.Keepalive 120 seconds, hold time 360 seconds
AnswerB

This is the standard default for BGP in Cisco IOS.

Why this answer

The default keepalive interval is 60 seconds, and the hold time is 180 seconds (three times the keepalive).

1819
MCQhard

A network engineer is troubleshooting an MPLS L3VPN where CE1 (10.1.1.0/24) cannot reach CE2 (10.2.2.0/24). The PE routers are using eBGP with the CEs. On PE1, the show ip bgp vpnv4 vrf CUSTOMER command shows the route for 10.2.2.0/24 with a next-hop of 192.168.1.2, and the show ip route vrf CUSTOMER command shows the route. However, traffic from CE1 to CE2 fails. The show ip bgp vpnv4 vrf CUSTOMER 10.2.2.0/24 command on PE1 shows the route is received and best, but the show ip bgp vpnv4 vrf CUSTOMER 10.2.2.0/24 neighbors 192.168.1.2 advertised-routes command on PE2 shows the route is not advertised. What is the most likely cause?

A.The VRF on PE2 does not have the CE2 route in its routing table.
B.The MP-BGP session between PE1 and PE2 is down.
C.The route-target export on PE2 is misconfigured.
D.The VRF on PE1 has the wrong route-target import.
AnswerA

Correct: If the route is not in the VRF routing table on PE2, it cannot be advertised via BGP.

Why this answer

The route is not being advertised from PE2 to PE1. This could be due to a missing network statement or redistribute command under the BGP VRF address family on PE2, or the route is not in the VRF routing table on PE2. The engineer should check PE2's VRF routing table for the CE2 route.

1820
MCQeasy

A network engineer runs the following command to troubleshoot a Route Redistribution issue: R1# debug ip ospf adj And sees the following output: *Mar 1 00:20:11.456: OSPF: Rcv pkt from 10.1.1.2, Serial0/0/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1 *Mar 1 00:20:11.457: OSPF: Rcv pkt from 10.1.1.2, Serial0/0/0 : Mismatch Authentication type. Input packet specified type 0, we use type 1 What does this output indicate?

A.OSPF adjacency is forming successfully with authentication.
B.OSPF authentication is misconfigured; the neighbor is not using authentication while this router is.
C.OSPF is redistributing routes correctly but authentication is failing.
D.The OSPF process is using MD5 authentication and the neighbor is using plaintext.
AnswerB

The router expects authentication type 1, but the neighbor sends type 0, indicating a configuration mismatch.

Why this answer

The debug ip ospf adj output shows authentication type mismatch. The router expects type 1 (plaintext authentication) but the received packet has type 0 (no authentication). This prevents the OSPF adjacency from forming, which would affect route redistribution if OSPF is not learning routes.

1821
MCQmedium

In VRF-Lite, which routing protocols can be used within a VRF?

A.Only static routing is supported in VRF-Lite.
B.OSPF, EIGRP, RIP, and BGP can all be configured per VRF.
C.Only OSPF and EIGRP are supported in VRF-Lite.
D.BGP cannot be used within a VRF in VRF-Lite.
AnswerB

This is correct. These protocols have VRF-aware capabilities.

Why this answer

Most routing protocols (RIP, EIGRP, OSPF, BGP) support VRF-aware configurations. The protocol must be configured with the 'vrf' keyword to operate within a specific VRF.

1822
MCQhard

EIGRP stuck-in-active (SIA) is occurring due to route summarization. Router R1 is the hub in a hub-and-spoke topology with R2 and R3 as spokes. R1's configuration: interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip summary-address eigrp 100 10.0.0.0 255.255.252.0 ! router eigrp 100 network 10.0.0.0 ! R2 and R3 are connected via Frame Relay. R2 shows: R2# show ip eigrp topology 10.0.1.0/24 P 10.0.1.0/24, 1 successors, FD is 30720 via 10.0.0.1 (30720/28160), GigabitEthernet0/0 R3 has a similar entry. However, when R1's summary is active, R2 and R3 go into active state for the summary. What is the root cause?

A.The summary route causes EIGRP queries to loop between spokes when one loses connectivity, leading to SIA.
B.The Frame Relay network is not supporting multicast, so EIGRP hello packets are lost.
C.The summary route metric is too high, causing EIGRP to not install it.
D.EIGRP is not enabled on the spoke interfaces.
AnswerA

Spokes query each other for the summary, and if neither has a route, they query the hub again, causing a loop.

Why this answer

The summary route 10.0.0.0/22 is advertised by R1 to both spokes. If one spoke loses connectivity to R1, it queries the other spoke for the summary. The spoke may not have a route to the summary, causing it to query R1 again, leading to a query loop and SIA.

The summary should be configured with a leak-map to allow specific routes, or the query scope should be limited.

1823
MCQhard

An engineer configures Control Plane Policing (CoPP) on a router that terminates multiple IPsec site-to-site VPN tunnels. After applying the CoPP policy, some IPsec tunnels fail to establish, while others work fine. The engineer verifies that the CoPP policy permits IKE (UDP 500) and ESP (protocol 50) traffic. What is the most likely cause of the failure?

A.The CoPP policy uses the 'class class-default' with a police action that drops traffic exceeding a low rate, and IKE/ESP packets are being classified into class-default because the ACL does not match them correctly.
B.The CoPP policy is applied to the wrong interface; it should be applied to the tunnel interface.
C.The IPsec tunnels use IKEv2, which uses UDP port 4500, and the CoPP policy only permits UDP 500.
D.The CoPP policy rate-limits traffic in bps, but IKE/ESP traffic is bursty, causing drops during the initial exchange.
AnswerA

If the ACL for the IKE/ESP class is misconfigured (e.g., wrong port or protocol), the packets fall into class-default, which may have a police or drop action, causing tunnel establishment to fail.

Why this answer

The most likely cause is that the CoPP ACL does not correctly match IKE (UDP 500) and ESP (protocol 50) packets, causing them to fall into the 'class-default' class. If the 'class-default' has a police action that drops traffic exceeding a low rate, these critical control-plane packets are dropped, preventing IPsec tunnel establishment. This explains why some tunnels work (those that happen to generate less traffic or are not rate-limited) while others fail.

Exam trap

Cisco often tests the concept that CoPP misclassification into class-default with a restrictive police action is a common cause of partial IPsec tunnel failures, leading candidates to overlook ACL matching errors and instead focus on interface application or protocol versions.

How to eliminate wrong answers

Option B is wrong because CoPP is applied to the control plane, not to interfaces; applying it to a tunnel interface would be incorrect and would not affect control-plane policing. Option C is wrong because IKEv2 can use UDP 500 for initial exchange and only switches to UDP 4500 if NAT traversal is detected; the question states the policy permits UDP 500, so this would not cause failure for all tunnels. Option D is wrong because CoPP rate-limits in packets per second (pps) by default, not bps, and while bursty traffic can cause drops, the core issue is misclassification into class-default, not the rate-limiting unit.

1824
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp vpnv4 vrf RED neighbors 10.1.1.2 advertised-routes BGP table version is 5, local router ID is 192.168.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 192.168.1.0/24 0.0.0.0 0 32768 i *> 192.168.2.0/24 0.0.0.0 0 32768 i Total number of prefixes 2 Based on this output, what is the problem?

A.The routes are advertised with next hop 0.0.0.0, which will cause the neighbor to drop them.
B.The routes are being advertised correctly.
C.The BGP table version is 5, indicating a problem.
D.The routes have weight 0, which is incorrect.
AnswerB

The output shows two routes being advertised with valid attributes.

Why this answer

The output shows the routes advertised to BGP neighbor 10.1.1.2 for VRF RED. It advertises two networks: 192.168.1.0/24 and 192.168.2.0/24, both with next hop 0.0.0.0 (meaning self). This is normal.

However, the next hop 0.0.0.0 might be problematic if the neighbor expects a valid next hop. But in BGP, 0.0.0.0 is used for locally originated routes. The problem could be that the routes are not being advertised with the correct next hop, but for VRF-Lite, this is typical.

Actually, no problem is evident. The correct answer might be that the routes are being advertised correctly.

1825
MCQhard

A network engineer is troubleshooting NAT for a web server that is reachable from the internet via a static NAT mapping 203.0.113.20 to 10.0.0.20. The server responds to HTTP requests, but the engineer cannot SSH to the server from the internet. 'Show ip nat translations' shows the static entry. The router's ACL on the outside interface permits TCP port 22 to 203.0.113.20. What is the most likely cause?

A.The server's default gateway is not the router's inside interface.
B.The router's NAT is not translating the return traffic for SSH because the server sends packets with a different source IP.
C.The SSH service is not running on the server.
D.The router's ACL is blocking SSH traffic despite the permit statement.
AnswerB

Correct because if the server has multiple IPs or a different source IP for SSH responses (e.g., from a loopback), the router may not translate that source IP back to 203.0.113.20, breaking the session.

Why this answer

Static NAT translates the destination IP, but if the server's response uses a different source IP (e.g., due to multiple interfaces or routing), the return traffic may not be translated back. However, a common issue is that the server's firewall or local ACL blocks SSH, or the router's NAT is not translating the return traffic correctly.

1826
MCQhard

An engineer configures Flexible NetFlow with a flow record that includes 'match ipv4 protocol' and 'collect counter packets'. The flow monitor is applied to an interface. 'show flow monitor name MONITOR cache' shows flows, but the packet counts are much lower than expected based on interface counters. What is the most likely cause?

A.The flow monitor is applied only in the ingress direction, missing egress traffic.
B.The flow record does not include 'match ipv4 source address', causing flows to be aggregated incorrectly.
C.The router is using sampled NetFlow with a default sampling rate of 1:1000.
D.The flow exporter is rate-limiting the export, causing cache entries to be dropped before counting.
AnswerA

If the monitor is applied only ingress, egress packets are not counted. Applying it in both directions or using a sampler with appropriate rate can match interface counters.

Why this answer

Flexible NetFlow uses sampled NetFlow by default unless 'sampler' is explicitly configured. However, the default sampling rate is 1 (no sampling). The issue might be that the monitor is applied only in one direction (ingress or egress) while traffic is bidirectional, so only half the traffic is captured.

1827
MCQmedium

Which configuration is missing to properly implement IPv6 First Hop Security on an access switch port that should only allow traffic from a single host with a static IPv6 address 2001:db8:1::10?

A.The interface needs 'ipv6 verify source' and a static binding entry 'ipv6 source binding 2001:db8:1::10 interface GigabitEthernet0/6'.
B.The interface needs 'ipv6 nd raguard' to block RAs.
C.The interface needs 'ipv6 dhcp guard' to block DHCP messages.
D.The interface needs 'ipv6 nd inspection' to validate ND messages.
AnswerA

IPv6 Source Guard with a static binding ensures only that source address is allowed.

Why this answer

To restrict traffic to a single host, you need IPv6 Source Guard with a static binding or a PACL. The missing piece is often the static binding or the source guard configuration.

1828
Drag & Drophard

Drag and drop the steps to troubleshoot BGP adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, check interface IP connectivity with ping; then verify BGP neighbor reachability and TCP port 179; next inspect BGP configuration for AS number mismatches; then examine BGP timers and update-source; finally use debug ip bgp to see session state transitions.

1829
MCQeasy

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:10000 10.0.0.10:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10001 10.0.0.11:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10002 10.0.0.12:10000 203.0.113.5:53 203.0.113.5:53 R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 150 Misses: 0 CEF Translated packets: 150, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload refcount 3 Based on this output, which statement is correct?

A.PAT is working correctly; multiple inside hosts share the same global address with unique ports.
B.The NAT pool is exhausted because all addresses are used.
C.Static NAT is configured for DNS traffic.
D.The inside and outside interfaces are swapped.
AnswerA

The translations show different source ports for each inside host, and the mapping uses interface overload. Hits indicate successful translation.

Why this answer

The output shows three PAT translations using the interface address (192.0.2.10) with unique source ports (10000, 10001, 10002). This is correct PAT operation. The statistics show hits and no misses, indicating proper function.

1830
MCQmedium

What is the default administrative distance for OSPF routes in a VRF when OSPF is used as the PE-CE routing protocol in MPLS L3VPN?

A.90
B.110
C.115
D.120
AnswerB

Correct. OSPF administrative distance is 110 by default.

Why this answer

OSPF routes have a default administrative distance of 110, which applies both in the global table and within a VRF.

1831
MCQeasy

A network engineer runs the following command to troubleshoot a Policy-Based Routing (PBR) issue: R1# show ip policy Interface Route-map FastEthernet0/0 PBR-MAP What does this output indicate?

A.PBR is enabled on FastEthernet0/0 with route-map PBR-MAP.
B.The route-map PBR-MAP is not configured.
C.PBR is applied globally and on the interface.
D.The route-map is applied to all interfaces.
AnswerA

The command shows the interface and associated route-map.

Why this answer

The output shows that PBR is applied on FastEthernet0/0 using route-map PBR-MAP. This confirms the interface-level configuration.

1832
Multi-Selecthard

Which TWO statements correctly describe the use of SNMP inform requests compared to traps? (Choose TWO.)

Select 3 answers
A.Informs require the NMS to send an acknowledgment back to the router.
B.Traps are more reliable than informs because they use UDP with a higher priority.
C.The default retransmission timeout for informs is 30 seconds.
D.Informs and traps are mutually exclusive; a router can only send one type to a given NMS.
E.Both informs and traps are enabled using the 'snmp-server enable traps' command.
AnswersA, C, E

Informs are confirmed notifications; the NMS must respond with an acknowledgment, or the router retransmits.

Why this answer

Informs are confirmed notifications; the NMS sends an acknowledgment, and the router retransmits if no ack is received. Traps are unconfirmed. Informs consume more resources (memory, CPU) due to retransmission handling.

Both can be enabled with 'snmp-server enable traps' and directed with 'snmp-server host' using the 'informs' keyword. The default retransmission timeout for informs is 30 seconds. Informs are more reliable than traps.

1833
MCQmedium

A network engineer runs the following command to troubleshoot an EEM issue: R1# show event manager policy configuration TRACK-INTERFACE Applet TRACK-INTERFACE event syslog pattern "OSPF-5-ADJCHG" action 1.0 cli command "show ip route" action 2.0 cli command "show ip ospf neighbor" action 3.0 syslog msg "OSPF adjacency change detected" What does this output indicate?

A.The applet 'TRACK-INTERFACE' is configured to trigger on syslog message 'OSPF-5-ADJCHG' and execute three actions in order: show ip route, show ip ospf neighbor, and send a syslog message.
B.The applet 'TRACK-INTERFACE' is currently executing and has run the first two actions.
C.The applet 'TRACK-INTERFACE' has a syntax error because the actions are not numbered correctly.
D.The applet 'TRACK-INTERFACE' will only execute the first action because the others are commented out.
AnswerA

Correct. The output shows the event and three actions with step numbers indicating order.

Why this answer

The output shows the configuration of a specific EEM applet. It displays the event trigger and the actions in order. Each action has a step number (e.g., 1.0) that determines the order of execution.

This is useful for verifying the applet configuration.

1834
Drag & Dropmedium

Drag and drop the steps to troubleshoot EIGRP neighbor adjacency formation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order ensures that you first verify the physical and data link layer, then check IP connectivity, confirm EIGRP is enabled on the correct interfaces, verify the autonomous system number matches, and finally check for any passive interface configuration that might block adjacency.

1835
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface 2001:DB8:1::1 0 aaaa.bbbb.cccc REACH Gi0/0/0 2001:DB8:1::2 10 aaaa.bbbb.cccd STALE Gi0/0/0 2001:DB8:1::3 - aaaa.bbbb.ccce DELAY Gi0/0/1 FE80::1 0 aaaa.bbbb.cccf REACH Gi0/0/0 Based on this output, which statement is correct?

A.All neighbors are in a stable state.
B.The neighbor 2001:DB8:1::3 is in DELAY state, meaning a Neighbor Solicitation will be sent soon.
C.The neighbor 2001:DB8:1::2 is unreachable.
D.The link-local address FE80::1 is not valid.
AnswerB

DELAY state means a NS is pending after a delay timer.

Why this answer

The neighbor table shows IPv6 neighbors with different states. The entry for 2001:DB8:1::3 has no age (indicated by '-') and is in DELAY state, which means it is waiting for a Neighbor Solicitation to be sent. This could indicate a potential issue with neighbor reachability or a spoofing attempt if the MAC address is unexpected.

1836
MCQhard

In MPLS L3VPN, what is the default behavior of BGP auto-summary on Cisco IOS-XE?

A.Auto-summary is enabled by default for all BGP sessions.
B.Auto-summary is disabled by default.
C.Auto-summary is enabled only for iBGP sessions.
D.Auto-summary is disabled for eBGP but enabled for iBGP.
AnswerB

Correct. Auto-summary is off by default, preventing classful summarization.

Why this answer

BGP auto-summary is disabled by default on Cisco IOS-XE. When enabled, it would summarize subnets to their classful boundary, but this is not default.

1837
Multi-Selecthard

Which TWO statements correctly describe the behavior of IP SLA with the 'threshold' and 'timeout' configuration? (Choose TWO.)

Select 2 answers
A.The 'threshold' value must be less than the 'timeout' value for the reaction to trigger correctly.
B.The 'timeout' value must be less than the 'frequency' value to prevent overlapping probes.
C.The default timeout for an IP SLA ICMP echo operation is 10000 milliseconds.
D.The 'threshold' value is used to set the maximum number of retries before the operation is considered failed.
E.If the 'timeout' is set to 3000 ms and the 'frequency' is set to 5 seconds, the probe will never overlap.
AnswersA, B

Correct. The threshold is the value that triggers a reaction event; it must be lower than the timeout to allow the reaction to occur before the operation times out.

Why this answer

The 'threshold' command sets the rising threshold for reaction triggering, while 'timeout' specifies how long the probe waits for a response before marking the operation as a failure. The timeout must be less than the frequency interval; otherwise, the probe may overlap. The default timeout is 5000 ms, not 10000 ms.

1838
MCQmedium

A network engineer is troubleshooting an EIGRP adjacency issue between two directly connected routers, R1 and R2. Both routers are configured with the same autonomous system number, but the adjacency fails to come up. The engineer checks the interfaces and verifies that they are up/up. On R1, the output of 'show ip eigrp neighbors' shows nothing. What is the most likely cause of this problem?

A.The interfaces are configured with IP addresses from different subnets.
B.The EIGRP process is shut down on one of the routers.
C.The passive-interface default command is configured under the EIGRP process.
D.The EIGRP router ID is the same on both routers.
AnswerA

Correct because EIGRP will not form an adjacency if the interfaces are not in the same subnet, as the hello packets will be dropped.

Why this answer

EIGRP requires that the primary IP addresses of the interfaces on the same link belong to the same subnet. If the subnet masks do not match, the routers will not form an adjacency because they will consider the other router to be on a different network.

1839
MCQhard

A DMVPN Phase 2 network is configured with EIGRP as the routing protocol over the tunnel interface. Spoke routers have `no ip split-horizon eigrp 100` configured on the tunnel interface. Unexpectedly, spoke-to-spoke tunnels are established, but EIGRP routes learned from one spoke are not installed in the routing table of another spoke, even though NHRP resolution works. Which is the most likely explanation?

A.The hub router has `ip next-hop-self eigrp 100` enabled by default, which sets the next-hop to the hub, preventing direct spoke-to-spoke routes.
B.The spoke routers need `ip split-horizon eigrp 100` enabled to advertise routes to other spokes.
C.EIGRP does not support DMVPN Phase 2; OSPF must be used for spoke-to-spoke routing.
D.The NHRP authentication is mismatched, so EIGRP packets are dropped.
AnswerA

Default EIGRP next-hop self on the hub causes spokes to see the hub as next-hop, not the originating spoke.

Why this answer

In DMVPN Phase 2, spoke-to-spoke tunnels require that EIGRP next-hop self behavior is disabled or that the next-hop is changed. By default, EIGRP advertises routes with the next-hop set to the advertising router's tunnel IP. When a spoke learns a route from another spoke via the hub, the next-hop is the hub's tunnel IP, not the originating spoke.

The spoke must have `no ip next-hop-self eigrp 100` on the hub's tunnel interface to preserve the original next-hop, allowing direct spoke-to-spoke communication.

1840
Multi-Selectmedium

Which THREE statements about administrative distance are true when comparing OSPF and EIGRP? (Choose THREE.)

Select 3 answers
A.By default, EIGRP internal routes are preferred over OSPF routes.
B.By default, OSPF routes are preferred over EIGRP external routes.
C.The administrative distance for OSPF can be changed using the distance ospf command.
D.EIGRP internal routes have a default administrative distance of 170.
E.OSPF external routes have a default administrative distance of 110.
AnswersA, B, C

EIGRP internal AD is 90, OSPF is 110, so EIGRP is preferred.

Why this answer

OSPF has a default AD of 110, EIGRP internal routes have 90, and EIGRP external routes have 170. Therefore, EIGRP internal routes are preferred over OSPF, but OSPF is preferred over EIGRP external routes. Administrative distance can be manually changed for either protocol.

1841
Multi-Selecthard

An engineer needs to troubleshoot a NetFlow deployment where flow data is not being exported to the collector. Which TWO commands can be used to verify the operational status of NetFlow on a Cisco IOS-XE device? (Choose TWO.)

Select 2 answers
A.show ip flow export
B.show ip cache flow
C.show ip flow interface
D.debug ip flow export
E.show flow exporter
AnswersA, C

Correct. This command displays export statistics, including the number of flows sent, failed exports, and the export destination.

Why this answer

The 'show ip flow export' command displays the export statistics, including the number of flows exported and any export failures. The 'show ip flow interface' command shows which interfaces have NetFlow enabled and the direction of collection. The other options are incorrect: 'show ip cache flow' shows the active flow cache but not export status; 'debug ip flow export' is a debug command, not a show command; 'show flow exporter' is a Flexible NetFlow command but requires the specific exporter name.

1842
MCQhard

A dual-stack network uses BGP for IPv6 between AS 100 and AS 200. Router R1 (AS 100) has an inbound route-map that sets local preference to 200 for routes from R2 (AS 200). R1 also has an IPv6 ACL applied inbound that permits only BGP (TCP 179) and denies ICMPv6. R2 advertises a prefix 2001:db8:1::/48. R1's BGP table shows the prefix with local preference 200, but 'show ipv6 route' does not install it. R1 has uRPF strict mode on the interface facing R2. What is the root cause?

A.The ACL blocks ICMPv6, which is required for IPv6 neighbor discovery. Without ND, the next-hop address of the BGP route is unresolved, preventing route installation.
B.uRPF strict mode drops the BGP updates because the source address is not in the FIB.
C.The route-map sets local preference incorrectly, causing the route to be suppressed.
D.R1's BGP process has 'soft-reconfiguration inbound' enabled, causing the route to be hidden.
AnswerA

BGP uses TCP, but the next-hop must be reachable via ND. Blocking ICMPv6 prevents ND, so the route is not installed.

Why this answer

uRPF strict mode checks the source address of incoming packets. For BGP updates, the source is R2's IP. But the ACL denies ICMPv6, which is used for neighbor discovery (ND).

If ND fails, the next-hop address of the BGP route may be unreachable, causing the route to not be installed. Alternatively, uRPF may drop the BGP packets if the source is not reachable via that interface.

1843
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 interface tunnel 0 Tunnel0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:2::1, subnet is 2001:DB8:2::/64 Joined group address(es): FF02::1 FF02::2 ICMP redirects are enabled ICMP unreachables are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds IPv6 uRPF: loose mode (allow default route) Based on this output, what is the uRPF configuration on this interface?

A.uRPF is disabled
B.uRPF is enabled in strict mode
C.uRPF is enabled in loose mode
D.uRPF is enabled but only for IPv4
AnswerC

The output confirms loose mode uRPF.

Why this answer

The output explicitly shows 'IPv6 uRPF: loose mode (allow default route)', which confirms that unicast Reverse Path Forwarding (uRPF) is enabled in loose mode. In loose mode, the router checks that the source address of an incoming packet has a matching entry in the routing table, but it does not require the incoming interface to match the best return path. This is distinct from strict mode, which requires both a routing table entry and that the incoming interface is the same as the outgoing interface for the return route.

Exam trap

Cisco often tests the distinction between uRPF strict and loose modes by showing output that includes 'loose mode' or 'allow default route', and the trap here is that candidates may confuse 'loose mode' with 'disabled' or incorrectly assume that uRPF only applies to IPv4, ignoring the IPv6-specific output.

How to eliminate wrong answers

Option A is wrong because the output clearly states 'IPv6 uRPF: loose mode', which means uRPF is enabled, not disabled. Option B is wrong because the output specifies 'loose mode', not 'strict mode'; strict mode would require the incoming interface to match the best return path, which is not indicated here. Option D is wrong because the command 'show ipv6 interface tunnel 0' displays IPv6-specific information, and the output explicitly shows 'IPv6 uRPF: loose mode', confirming that uRPF is configured for IPv6, not only for IPv4.

1844
Multi-Selecthard

Which TWO statements about Flexible NetFlow flow records are true? (Choose TWO.)

Select 2 answers
A.A flow record defines which fields are matched (key fields) and which fields are collected (non-key fields).
B.Flexible NetFlow flow records can only match on Layer 3 and Layer 4 fields.
C.A flow record must contain at least one key field and cannot contain non-key fields.
D.Flow records can collect fields such as packet count, byte count, and first/last packet timestamps.
E.Flexible NetFlow flow records are only supported for IPv4 traffic.
AnswersA, D

Flow records specify key fields for flow identification and non-key fields for data collection.

Why this answer

Flexible NetFlow allows user-defined flow records that can match on Layer 2, 3, and 4 fields, such as MAC addresses, IP addresses, and TCP/UDP ports. Additionally, flow records can collect non-key fields like packet and byte counts, timestamps, and interface counters. Option B is false because Flexible NetFlow can also match on Layer 2 fields.

Option C is false because flow records can include both key and non-key fields. Option E is false because Flexible NetFlow records are not limited to IPv4; they can also support IPv6 and MPLS.

1845
MCQmedium

In DHCPv6, what is the purpose of the SOLICIT message?

A.To request a renewal of an existing lease
B.To confirm a previously allocated prefix
C.To discover available DHCPv6 servers
D.To release an IP address
AnswerC

SOLICIT is the initial discovery message in DHCPv6.

Why this answer

The SOLICIT message is sent by a DHCPv6 client to locate DHCPv6 servers, similar to DHCPDISCOVER in DHCPv4, as per RFC 8415.

1846
MCQhard

An engineer configures a BGP route reflector in a network. After configuration, some iBGP routes are being dropped, causing routing loops. Which is the most likely explanation?

A.The route reflector is configured with the same cluster ID as another route reflector in the same AS.
B.The next-hop-self command is not configured on the route reflector.
C.The BGP synchronization rule is enabled.
D.The route reflector is not a client of itself.
AnswerA

If two route reflectors share the same cluster ID, a route reflected by one may be dropped by the other because it sees its own cluster ID in the CLUSTER_LIST, preventing proper propagation and potentially causing loops.

Why this answer

BGP route reflectors use the ORIGINATOR_ID and CLUSTER_LIST attributes to prevent loops. If a route reflector receives a route with its own CLUSTER_LIST or ORIGINATOR_ID, it will drop the route. This can happen if there is a misconfiguration where the route reflector's cluster ID is not unique, or if a route reflector reflects a route back to the client that originated it, causing a loop.

1847
Multi-Selecthard

Which TWO statements about DHCPv4 option 82 are true? (Choose TWO.)

Select 2 answers
A.Option 82 is inserted by the DHCP client to identify itself to the server.
B.The relay agent must be configured with the 'ip dhcp relay information option' command to insert option 82.
C.The DHCP server can use option 82 to select an IP address from a specific pool based on the circuit ID.
D.Option 82 is only supported in DHCPv6.
E.The 'ip dhcp relay information trusted' command must be configured on the relay agent to insert option 82.
AnswersB, C

Correct. This command enables the relay agent to add option 82 to DHCP packets before forwarding them to the server.

Why this answer

DHCP option 82 (Relay Agent Information) is used by DHCP relay agents to insert information about the client's location (e.g., circuit ID, remote ID). It helps DHCP servers assign IP addresses based on the client's network location. The relay agent must be configured to add option 82.

The server can use this information to assign addresses from different pools. Option 82 is not used by the client; it is inserted by the relay agent. The 'ip dhcp relay information option' command enables option 82 insertion on the relay agent.

1848
Multi-Selectmedium

Which TWO configuration steps are required to enable MPLS on a Cisco IOS-XE router using LDP? (Choose TWO.)

Select 2 answers
A.Configure 'mpls ip' on the desired interfaces.
B.Configure 'mpls label protocol ldp' globally.
C.Configure a routing protocol (e.g., OSPF) to provide IGP reachability between LSRs.
D.Configure 'mpls forwarding-table' to allocate labels.
E.Configure 'mpls ldp router-id' to set the LDP router ID.
AnswersA, C

This command enables MPLS label switching and LDP on the interface.

Why this answer

To enable MPLS with LDP, you must configure 'mpls ip' on the interface and also enable a routing protocol (like OSPF or IS-IS) to provide reachability. The 'mpls label protocol ldp' command is optional as LDP is the default, and 'mpls ldp router-id' is optional. 'mpls forwarding-table' is not a configuration command.

1849
Multi-Selecthard

Which TWO statements about using prefix-lists in conjunction with route-maps for filtering IPv4 routes are true? (Choose TWO.)

Select 2 answers
A.A prefix-list entry with "ge 24" matches any prefix with a subnet mask greater than or equal to 24 bits.
B.A route-map with a match ip address prefix-list command will process the route only if the prefix-list permits the route.
C.A prefix-list can be used directly in a route-map without a match command.
D.The le operator in a prefix-list matches prefixes with a mask length less than the specified value.
E.A prefix-list can only be used with route-maps, not with distribute-lists.
AnswersA, B

Correct. The ge (greater or equal) operator matches prefixes with a mask length >= the specified value.

Why this answer

Prefix-lists can match on prefix length and subnet mask using ge and le operators. A prefix-list entry can be configured to permit or deny. When used in a route-map, the match ip address prefix-list command references the prefix-list.

If the prefix-list denies, the route-map clause is not matched, and the route falls to the next clause. The prefix-list can also be used directly in a distribute-list without a route-map.

1850
MCQmedium

A network engineer runs the following command to troubleshoot an EIGRP issue: R1# show ip eigrp topology 10.1.1.0/24 detail IP-EIGRP (AS 100): Topology entry for 10.1.1.0/24 State: Passive, Query origin flag: 1, 1 Successor(s), FD is 131072 Routing Descriptor Blocks: 10.1.2.2 (GigabitEthernet0/0), from 10.1.2.2, Send flag: 0x0 Composite metric: (131072/130816), Route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 Originating router: 10.1.2.2 External data: Not advertised Protocol: EIGRP Route tag: 0 Extended community: None What does this output indicate?

A.The route is an external EIGRP route redistributed from another protocol.
B.The route is learned from a single neighbor and is in a stable state.
C.The route has multiple successors and is load-balanced.
D.The route is in Active state, meaning a query is in progress.
AnswerB

The route has one successor and is Passive, indicating stability.

Why this answer

The output shows detailed information about the EIGRP topology entry for 10.1.1.0/24. The route is internal, with a single successor via 10.1.2.2. The FD is 131072, and the RD is 130816.

The route is in Passive state.

1851
Multi-Selecthard

Which THREE are valid syslog severity levels defined in RFC 5424? (Choose THREE.)

Select 3 answers
A.Emergency (0)
B.Fatal (1)
C.Warning (4)
D.Trace (8)
E.Informational (6)
AnswersA, C, E

Level 0 is the highest severity, indicating system is unusable.

Why this answer

RFC 5424 defines eight severity levels from 0 to 7. Levels 0 (Emergency), 1 (Alert), 2 (Critical), 3 (Error), 4 (Warning), 5 (Notice), 6 (Informational), and 7 (Debug). 'Fatal' is not a standard level; it is sometimes used informally. 'Trace' is not a standard level. 'Severe' is not a standard level.

1852
MCQmedium

What is the default export interval for NetFlow data when using the 'flow exporter' with UDP as the transport protocol?

A.Every 60 seconds
B.Every 30 seconds
C.Exports are triggered by flow aging or cache fullness, not a fixed interval.
D.Every 10 seconds
AnswerC

Correct. NetFlow exports are event-driven based on flow timeout or cache threshold.

Why this answer

The default export interval is based on flow cache timeout; there is no fixed interval—exports occur when flows age out or cache is full.

1853
MCQmedium

A network engineer runs the following command on Router R1: R1# show mpls l2transport vc 100 detail Local interface: Gi0/0/0 up, line protocol up Destination: 10.0.0.2, VC ID: 100, VC status: down Last error: No remote LDP session Based on this output, what is the most likely cause of the VC being down?

A.The local interface Gi0/0/0 is administratively down.
B.The remote router 10.0.0.2 is not reachable via IP.
C.The LDP session between the routers is not established.
D.The VC ID 100 is mismatched on the remote router.
AnswerC

The last error confirms 'No remote LDP session'.

Why this answer

The output explicitly states 'No remote LDP session' as the last error. This indicates that the LDP session between the two routers (10.0.0.1 and 10.0.0.2) is not established, which is required for the pseudowire to come up.

1854
MCQmedium

Which BFD packet type is used for initial session establishment and carries the discriminator values?

A.BFD Echo packets
B.BFD Control packets
C.BFD Poll packets
D.BFD Hello packets
AnswerB

Control packets are the primary BFD packets used for session establishment, maintenance, and teardown, and they carry discriminator fields.

Why this answer

BFD Control packets are used for session establishment, carrying local and remote discriminator values, and are sent periodically to maintain the session.

1855
MCQhard

An engineer redistributes OSPF routes into EIGRP. The OSPF routes have a metric of 20. After redistribution, the EIGRP topology table shows the routes but they are not installed in the routing table. The 'show ip eigrp topology' shows the route in active state. Which is the most likely explanation?

A.The 'default-metric' command was not configured, so the routes are redistributed with an infinite metric.
B.The EIGRP neighbor is stuck-in-active because a query was sent but no reply was received due to a unidirectional link.
C.The OSPF routes are external type 2, which are not redistributed by default.
D.The 'route-map' used for redistribution has a 'match ip address' that does not match the OSPF routes.
AnswerB

Active state indicates a query is outstanding, often due to a unidirectional link.

Why this answer

When redistributing into EIGRP, a seed metric must be specified. If not, the routes are redistributed with an infinite metric (e.g., 4294967295) and are not installed. However, the question says the route is in active state, which indicates a query is pending.

This is an edge case where the route is redistributed with a valid metric but the EIGRP process is stuck-in-active due to a unidirectional link or a neighbor not replying to queries.

1856
MCQhard

A network engineer runs the following command on Router R1: R1# show ip sla statistics 7 Round Trip Time (RTT) for Index 7 Latest RTT: 500 ms Latest RTT (milliseconds): 500 Latest RTT (microseconds): 500000 Number of successes: 30 Number of failures: 70 Operation time to live: Forever Output: Over threshold R1# show track 5 Track 5 IP SLA 7 reachability Reachability is Up 1 change, last change 00:20:00 Latest operation return code: Over threshold Latest RTT (milliseconds): 500 Tracked by: ip route 0.0.0.0 0.0.0.0 192.168.5.1 track 5 Based on this output, which statement is correct?

A.The track is down because the IP SLA return code is 'Over threshold'.
B.The IP SLA operation has a high failure rate, but the track remains up due to the configured threshold parameters.
C.The static route is removed because of the threshold violation.
D.The IP SLA operation is not responding because of a network issue.
AnswerB

The track is up, meaning the failure rate is within the acceptable range defined in the track configuration.

Why this answer

The track is up despite the 'Over threshold' return code. This can happen if the track is configured to use a different threshold for reachability (e.g., based on number of consecutive successes or a different percentage). The IP SLA has 30 successes and 70 failures, but the track still considers it up, likely because the threshold for down is higher (e.g., 100% failures).

1857
MCQhard

Which loop prevention mechanism does RIP use to avoid routing loops?

A.TTL expiration in IP header
B.Maximum hop count of 15
C.DUAL algorithm
D.LSA aging
AnswerB

Correct: RIP limits the hop count to 15; 16 means unreachable, preventing loops by discarding routes beyond the limit.

Why this answer

RIP uses multiple loop prevention mechanisms, including maximum hop count (15), split horizon, route poisoning, and hold-down timers. The maximum hop count of 15 (with 16 considered infinite) is a fundamental loop prevention method.

1858
MCQmedium

Examine the following DHCP configuration on router R1: ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool POOL1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 8.8.8.8 lease 0 2 30 ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.2.2 no shutdown What is the effect of this configuration?

A.Clients on the 192.168.1.0/24 subnet will receive IP addresses from the local DHCP pool, and the ip helper-address will forward DHCP requests to 192.168.2.2, causing duplicate offers.
B.The ip helper-address command will be ignored because the router is the DHCP server for that subnet.
C.The excluded-address range is misconfigured because it includes the router's own interface IP, which will prevent the router from functioning.
D.The DHCP pool will not assign addresses because the network statement does not match the interface subnet exactly.
AnswerA

The local DHCP server will respond to requests, but the helper address will also forward broadcasts to the remote server, leading to duplicate DHCP offers and potential address conflicts.

Why this answer

Option A is correct because the router R1 is configured as a DHCP server for the 192.168.1.0/24 subnet via the local pool POOL1, and the ip helper-address 192.168.2.2 on the same interface will forward broadcast DHCP requests from clients to the remote DHCP server at 192.168.2.2. This results in both the local pool and the remote server offering IP addresses, leading to duplicate offers on the subnet.

Exam trap

Cisco often tests the misconception that a router acting as a DHCP server on an interface will automatically suppress the ip helper-address relay function, but in reality, both processes operate independently, leading to duplicate offers.

How to eliminate wrong answers

Option B is wrong because the ip helper-address command is not ignored when the router is also a DHCP server; it still forwards DHCP broadcasts to the specified server, causing potential duplicate offers. Option C is wrong because the excluded-address range includes the router's own interface IP (192.168.1.1), but this is valid and does not prevent the router from functioning; it simply prevents the DHCP pool from assigning that address. Option D is wrong because the network statement 192.168.1.0 255.255.255.0 exactly matches the interface subnet 192.168.1.0/24, so the pool will assign addresses correctly.

1859
MCQmedium

A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue: R1# show ip access-lists CoPP-ACL Extended IP access list CoPP-ACL 10 permit tcp host 10.1.1.1 any eq bgp (100 matches) 20 permit udp any any eq 67 (50 matches) 30 permit icmp any any echo (200 matches) 40 deny ip any any (500 matches) What does this output indicate?

A.The ACL is blocking all BGP traffic from 10.1.1.1.
B.The ACL is permitting DHCP and ICMP echo traffic, but dropping all other traffic.
C.The ACL is applied to the control plane interface and is dropping all traffic.
D.The ACL has a misconfiguration because the deny statement should be at the top.
AnswerB

Lines 20 and 30 permit DHCP and ICMP echo, while line 40 denies everything else, which is typical for CoPP to protect the control plane.

Why this answer

The ACL shows traffic matching various protocols. The 'deny ip any any' at line 40 indicates that all unmatched traffic is being denied, which could be part of a CoPP policy to drop unwanted traffic to the control plane.

1860
MCQhard

An engineer configures mutual redistribution between OSPF and EIGRP. A route map is used to set the OSPF metric type to type-1 when redistributing EIGRP routes into OSPF. However, the redistributed routes appear as type-2 in the OSPF database. Which is the most likely explanation?

A.The route map sets the metric type but does not set the metric; OSPF requires both to be set for type-1 to work.
B.The redistribute command uses the subnets keyword, which overrides the route map.
C.The route map is applied to the OSPF process, not the redistribute command.
D.The EIGRP routes have a high administrative distance, causing OSPF to ignore the metric type.
AnswerA

OSPF may ignore the metric type if the metric is not explicitly set in the route map.

Why this answer

When redistributing into OSPF, the default metric type is type-2. If the route map sets the metric type but does not also set the metric, OSPF may ignore the metric type setting because the metric is not specified. In some IOS versions, the route map must set both the metric and metric type for the metric type to take effect.

1861
MCQhard

An ACL implicit deny is blocking management traffic due to route summarization. Router R1 has: access-list 100 permit ip 10.0.0.0 0.0.3.255 any ! interface GigabitEthernet0/0 ip access-group 100 in ! router eigrp 100 network 10.0.0.0 ! R1 also has: interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip summary-address eigrp 100 10.0.0.0 255.255.252.0 ! A management station at 10.0.1.100 cannot SSH to R1's loopback 0 (10.0.0.1). What is the root cause?

A.The summary route changes the return path for traffic to the management station, and the return interface has an ACL with implicit deny blocking the SSH reply.
B.The ACL does not permit SSH traffic (port 22).
C.The summary route is not installed, so traffic is dropped.
D.EIGRP is not advertising the loopback route.
AnswerA

The summary can cause asymmetric routing, and the return path ACL blocks the traffic.

Why this answer

The ACL permits traffic from 10.0.0.0/22 (10.0.0.0-10.0.3.255) to any, but the summary route is also 10.0.0.0/22. However, the ACL is applied inbound on GigabitEthernet0/0. The management station's traffic comes from 10.0.1.100, which is within the permitted range, so the ACL should allow it.

But the summary route may cause the return traffic to be sent via a different interface, and if that interface has an ACL with implicit deny, the SSH session fails. The root cause is that the summary route changes the path, and the return path has an ACL blocking traffic.

1862
MCQhard

What is the default behavior of Cisco IOS-XE regarding BFD echo mode when BFD is enabled on an interface?

A.Echo mode is disabled by default
B.Echo mode is enabled by default
C.Echo mode is only available for multihop sessions
D.Echo mode requires explicit configuration with the bfd echo command
AnswerB

Echo mode is enabled by default, allowing faster detection using echo packets.

Why this answer

By default, Cisco IOS-XE enables BFD echo mode, which uses echo packets to achieve faster failure detection without involving the remote router's control plane.

1863
MCQmedium

In a 6to4 tunnel, how is the tunnel destination address determined?

A.It is manually configured.
B.It is derived from the IPv6 destination address using the 2002::/16 prefix.
C.It is obtained via DNS.
D.It is the same as the tunnel source.
AnswerB

The IPv4 address is extracted from the 6to4 prefix.

Why this answer

In a 6to4 tunnel, the tunnel destination address is automatically derived from the IPv6 destination address by extracting the IPv4 address embedded in the 2002::/16 prefix. Specifically, the first 16 bits of the IPv6 destination are 2002, and the next 32 bits represent the IPv4 address of the remote 6to4 router. This allows the tunnel to be dynamically established without manual configuration of each destination.

Exam trap

Cisco often tests the distinction between automatic 6to4 tunnels and manually configured tunnels, where candidates mistakenly think all tunnels require manual destination configuration, but 6to4 uniquely derives it from the IPv6 address.

How to eliminate wrong answers

Option A is wrong because 6to4 is designed as an automatic tunneling mechanism; manually configuring the tunnel destination would defeat its purpose and is characteristic of manually configured tunnels (e.g., IPv6IP tunnels). Option C is wrong because DNS is not used to resolve the tunnel destination; the IPv4 address is directly embedded in the IPv6 prefix 2002::/16, not obtained via name resolution. Option D is wrong because the tunnel destination is not the same as the tunnel source; the source is the local IPv4 address, while the destination is derived from the remote IPv6 address's embedded IPv4 address.

1864
MCQmedium

An engineer is troubleshooting a DHCPv4 issue where a Cisco router acting as a DHCP client on interface Gi0/0 is not receiving an IP address from an ISP modem. The router has 'ip address dhcp' on the interface. The engineer sees that the interface is up/up, but no IP address is assigned. Debug shows that the router is sending DHCP DISCOVER messages but receives no OFFER. The ISP modem is known to work with other devices. What is the most likely cause?

A.The router needs the 'ip dhcp client broadcast-flag' command.
B.The router is sending the client identifier as the MAC address in a non-standard format; the modem expects the client identifier to be the MAC address only.
C.The router's interface is in a VRF, and the DHCP client needs VRF awareness.
D.The ISP modem requires DHCP Option 82 to be present.
AnswerB

Correct because Cisco routers by default send the client identifier as the MAC address with a type byte (0x01), while some modems expect only the MAC address; configuring 'ip dhcp client client-id' with the correct format resolves the issue.

Why this answer

The router is sending DHCP DISCOVER messages but receiving no OFFER, indicating the ISP modem is ignoring the requests. By default, Cisco routers send the client identifier in DHCP packets as a concatenation of the hardware type (1 for Ethernet) and the MAC address (e.g., '0100.1122.3344'). Many ISP modems expect the client identifier to be just the MAC address (without the hardware type prefix), or they may not use client identifier matching at all.

The 'ip dhcp client client-id' command can be used to override this behavior, making the router send only the MAC address as the client identifier, which resolves the incompatibility.

Exam trap

Cisco often tests the subtle default behavior of the DHCP client identifier format, where candidates assume the MAC address alone is sent, but the router prepends a hardware type byte, causing incompatibility with non-Cisco servers.

How to eliminate wrong answers

Option A is wrong because the 'ip dhcp client broadcast-flag' command forces the DHCP server to send replies as broadcasts, but the issue is that no OFFER is received at all, not that the reply is unicast and not processed. Option C is wrong because if the interface were in a VRF, the DHCP client would need VRF awareness (via 'ip vrf forwarding' under the interface), but the debug shows DISCOVER messages are being sent, and the interface is up/up, so VRF misconfiguration would typically prevent sending or receiving DHCP messages, not cause the modem to ignore valid DISCOVERs. Option D is wrong because DHCP Option 82 (Relay Agent Information) is typically inserted by a DHCP relay agent, not by a DHCP client; the ISP modem as a DHCP server does not require Option 82 from a directly connected client, and the absence of Option 82 would not cause the server to ignore DISCOVER messages.

1865
Multi-Selecthard

An engineer is troubleshooting an MPLS LDP session that fails to establish between two directly connected routers. Which TWO commands can be used to verify LDP operation? (Choose TWO.)

Select 2 answers
A.show mpls ldp neighbor
B.show mpls ldp discovery
C.show mpls ldp bindings
D.show mpls ldp session
E.show ip route
AnswersA, B

Correct. This command displays LDP neighbors and the session state (e.g., OPERATIONAL).

Why this answer

LDP session establishment can be verified using 'show mpls ldp neighbor' to see the state of the session and 'show mpls ldp discovery' to see if LDP hello packets are being exchanged. Option A is correct: 'show mpls ldp neighbor' shows the LDP session state (e.g., OPERATIONAL). Option B is correct: 'show mpls ldp discovery' shows LDP hello adjacency details.

Option C is false: 'show mpls ldp bindings' shows label bindings, not session state. Option D is false: there is no 'show mpls ldp session' command; the correct command is 'show mpls ldp neighbor'. Option E is false: 'show ip route' does not show LDP information.

1866
MCQhard

A switch is configured with RSPAN to monitor traffic from VLAN 50 to a remote switch via VLAN 200. The source switch has: monitor session 1 source vlan 50 rx monitor session 1 destination remote vlan 200. The remote switch has: monitor session 2 source remote vlan 200 monitor session 2 destination interface Gi0/2. The intermediate switches have VLAN 200 configured with 'remote-span'. The network uses VTP transparent mode. The analyzer connected to Gi0/2 sees intermittent traffic. The RSPAN VLAN 200 is also used as a native VLAN on some trunk ports. What is the likely cause of intermittent traffic?

A.The RSPAN VLAN 200 is also the native VLAN on some trunks, causing the mirrored frames to be sent untagged and possibly dropped.
B.VTP transparent mode prevents RSPAN from working correctly.
C.The source VLAN 50 is not allowed on the trunk ports.
D.The monitor session 2 is missing the 'no shutdown' command.
AnswerA

When the RSPAN VLAN is the native VLAN, frames are sent untagged, but the receiving switch expects tagged frames for the RSPAN VLAN.

Why this answer

RSPAN traffic is flooded across the RSPAN VLAN. If the RSPAN VLAN is used as the native VLAN on trunk ports, the switch may treat the RSPAN frames as untagged. However, RSPAN expects the frames to be tagged with the RSPAN VLAN ID.

When the native VLAN is the same as the RSPAN VLAN, the frames may be sent untagged on the trunk, but the receiving switch may interpret them as belonging to the native VLAN, causing them to be dropped or misdirected. This can lead to intermittent loss because the native VLAN handling may vary. The correct fix is to ensure the RSPAN VLAN is not the native VLAN on any trunk.

1867
MCQmedium

What is the default BGP update timer (advertisement interval) for eBGP peers in Cisco IOS-XE?

A.0 seconds
B.15 seconds
C.30 seconds
D.60 seconds
AnswerC

Correct. The default eBGP advertisement interval is 30 seconds.

Why this answer

The default eBGP advertisement interval is 30 seconds, meaning that after sending an update to an eBGP peer, the router waits at least 30 seconds before sending another update.

1868
MCQhard

A network engineer configures Control Plane Policing (CoPP) on a router with a policy-map that applies a rate-limit of 10000 pps to the class-default class. After applying the policy, the router's CPU utilization spikes and OSPF neighbors go down. What is the most likely explanation?

A.OSPF packets are matched by class-default and rate-limited, causing hello packets to be dropped.
B.The rate-limit is in bps, not pps, so it is too low.
C.The policy-map is applied to the wrong interface; it should be applied to the management interface.
D.The router has an ACL that blocks OSPF packets before CoPP processes them.
AnswerA

Without an explicit class for OSPF, it falls into class-default and is subject to the rate-limit, which can drop hellos.

Why this answer

Option A is correct because CoPP applies the policy-map to the control plane, and the class-default class matches all traffic not explicitly classified by other classes. By rate-limiting class-default to 10000 pps, OSPF hello packets (which are not explicitly matched in a higher-priority class) are subjected to the rate limit. If the rate limit is too low, OSPF hellos are dropped, causing neighbor adjacencies to fail and triggering CPU spikes due to route recalculation.

Exam trap

Cisco often tests the misconception that class-default is safe to rate-limit aggressively, but the trap here is that critical routing protocol packets (like OSPF hellos) are implicitly matched by class-default unless explicitly classified into a higher-priority class, causing them to be dropped and breaking adjacencies.

How to eliminate wrong answers

Option B is wrong because CoPP rate-limits in pps (packets per second) by default when using the 'police rate 10000 pps' command; specifying bps would require a different syntax (e.g., 'police 10000000'), and the question explicitly states '10000 pps', so the unit is correct. Option C is wrong because CoPP is applied globally to the control plane via 'service-policy input' under 'control-plane' configuration, not to a specific interface; applying it to the management interface would not affect OSPF control-plane traffic. Option D is wrong because CoPP processes packets after ACL-based filtering on interfaces; if an ACL blocked OSPF before CoPP, OSPF neighbors would never form, not just after applying the policy, and the CPU spike would not be directly caused by ACL drops.

1869
MCQmedium

A network engineer runs the following command on Router R1: R1# show bgp ipv4 unicast summary BGP router identifier 10.0.0.1, local AS number 65001 BGP table version is 10, main routing table version 10 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65002 123 120 10 0 0 02:15:30 5 10.0.0.3 4 65003 50 45 10 0 0 00:00:12 Idle (PfxRcd: 0) Based on this output, what is the problem with neighbor 10.0.0.3?

A.The neighbor 10.0.0.3 is operational and exchanging prefixes.
B.The BGP session to 10.0.0.3 is flapping.
C.The neighbor 10.0.0.3 has sent 5 prefixes.
D.The BGP table version is mismatched.
AnswerB

The state 'Idle' with a short uptime indicates the session is down and trying to re-establish.

Why this answer

The neighbor 10.0.0.3 shows 'Idle' state with no prefixes received (PfxRcd: 0). The 'Idle' state in BGP indicates that the session is not established, often due to a misconfiguration (e.g., wrong AS number, no route to neighbor, or BGP not activated). The brief uptime (00:00:12) suggests it keeps trying but fails.

1870
MCQhard

An engineer configures a DMVPN Phase 2 network. Spoke-to-spoke tunnels do not form, even though NHRP registration is successful. Which is the most likely explanation?

A.The spoke routers do not have a route to each other's tunnel IP via the hub, so the NHRP shortcut request fails.
B.The NHRP authentication key is mismatched between spokes.
C.The mGRE interface is configured with tunnel mode gre multipoint on the spokes.
D.The hub is not configured with 'ip nhrp redirect' and the spokes with 'ip nhrp shortcut'.
AnswerA

Phase 2 requires that the spoke's routing table points to the hub for the remote spoke's tunnel IP; otherwise, the shortcut cannot be established.

Why this answer

In DMVPN Phase 2, spoke-to-spoke tunnels require that the spoke routers have a route to each other's tunnel IP via the hub. Phase 2 uses NHRP redirect and shortcut, but the spoke must have a route pointing to the hub for the destination network. If the spoke's routing table does not have a route to the remote spoke's tunnel IP via the hub, the shortcut will not be triggered.

1871
MCQhard

An engineer configures IP SLA to track a route to a loopback address for BGP next-hop tracking. Router R1 has: ip sla 4 icmp-echo 192.168.100.1 source-ip 10.0.0.1 frequency 5 ip sla schedule 4 life forever start-time now track 4 ip sla 4 reachability router bgp 65001 neighbor 10.0.0.2 remote-as 65002 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.2 ebgp-multihop 2 neighbor 10.0.0.2 fall-over bfd But the BGP session to 10.0.0.2 is flapping every 5 seconds. What is the root cause?

A.The IP SLA probe is sending ICMP packets that are being rate-limited by the CoPP policy, causing the BFD session to drop.
B.The ebgp-multihop 2 is not sufficient for the BFD session to establish.
C.The update-source Loopback0 is not reachable from 10.0.0.2.
D.The IP SLA schedule is set to start now, but the frequency is too high, causing the router to crash.
AnswerA

CoPP might rate-limit ICMP packets, causing the BFD session to fail if BFD relies on the same path and the router's CPU is overwhelmed.

Why this answer

The IP SLA probe is sent to 192.168.100.1, but the BGP neighbor is 10.0.0.2. The track is not directly affecting the BGP session. However, the flapping is caused by the BFD session failing because the IP SLA might be interfering with the BFD packets, or more likely, the ebgp-multihop and BFD interaction.

The correct answer is that the BFD session is using the same path as the IP SLA, and the IP SLA probe is causing the BFD session to reset due to packet loss or delay.

1872
MCQmedium

A network engineer runs the following command to verify DHCPv4 server statistics on router R1: R1# show ip dhcp server statistics Output: Memory usage: 12345 Address pools: 2 Database agents: 0 Automatic bindings: 150 Manual bindings: 5 Expired bindings: 10 Malformed messages: 0 Message Received BOOTREQUEST 0 DHCPDISCOVER 200 DHCPREQUEST 180 DHCPDECLINE 2 DHCPRELEASE 5 DHCPINFORM 10 What does this output indicate?

A.The DHCP server has 150 active automatic bindings and 5 manual bindings.
B.The DHCP server has received 200 DHCPREQUEST messages.
C.The DHCP server has 10 malformed messages, indicating a configuration issue.
D.The DHCP server has 2 database agents configured.
AnswerA

The output shows 'Automatic bindings: 150' and 'Manual bindings: 5', indicating the number of active leases.

Why this answer

The show ip dhcp server statistics command provides counts of various DHCP messages and bindings. Here, 200 DISCOVERs were received but only 180 REQUESTs, indicating some clients did not proceed after the OFFER. There are 150 automatic bindings and 5 manual (static) bindings.

1873
Drag & Drophard

Drag and drop the steps to troubleshoot an IPsec site-to-site VPN adjacency failure into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by verifying basic IP connectivity between peers, then check that the crypto isakmp policy and IKE proposals match. Next, confirm tunnel interface configuration and ACLs, then inspect IKE and IPsec SA states. Finally, enable debugs to isolate the specific failure.

1874
MCQhard

A network engineer runs the following command to troubleshoot a Route Redistribution issue: R1# show bgp ipv4 unicast 192.168.10.0/24 And sees the following output: BGP routing table entry for 192.168.10.0/24, version 2 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local 0.0.0.0 from 0.0.0.0 (1.1.1.1) Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best rx pathid: 0, tx pathid: 0x0 What does this output indicate?

A.The route 192.168.10.0/24 is learned from an EBGP neighbor.
B.The route is injected into BGP via the network command, as shown by origin incomplete.
C.The route is redistributed into BGP from another protocol, as indicated by origin incomplete and weight 32768.
D.The route is a default route injected into BGP.
AnswerC

Origin incomplete and weight 32768 are typical for redistributed routes.

Why this answer

The show bgp ipv4 unicast output shows a route with next hop 0.0.0.0, origin incomplete, and weight 32768. This indicates the route is locally originated, likely via redistribution or network command. Origin incomplete (incomplete) suggests the route was redistributed from another protocol.

1875
MCQhard

A network engineer is troubleshooting a VRF-Lite deployment where two routers are connected via a trunk link. Each router has two VRFs (VRF_A and VRF_B). The engineer configures subinterfaces on the trunk link, assigning each subinterface to a different VRF. However, traffic between the two routers for VRF_A is not working. The 'show vrf' command shows the VRFs are active. What is the most likely issue?

A.The subinterface on Router1 is configured with 'encapsulation dot1q 10', but the subinterface on Router2 is configured with 'encapsulation dot1q 20'.
B.The 'ip vrf forwarding VRF_A' command is missing on the main interface.
C.The 'no ip routing' command is configured globally.
D.The 'mtu' command is set differently on the two subinterfaces.
AnswerA

Mismatched VLAN IDs prevent the Layer 2 frames from being correctly tagged and forwarded between the VRFs.

Why this answer

In VRF-Lite with trunk links, subinterfaces must be associated with the correct VRF and VLAN. A common mistake is not matching the VLAN IDs on the subinterfaces of both routers, or missing the 'encapsulation dot1q' command.

Page 24

Page 25 of 29

Page 26