Cisco CCNP ENARSI 300-410 (300-410) — Questions 21012152

2152 questions total · 29pages · All types, answers revealed

Page 28

Page 29 of 29

2101
MCQmedium

A network engineer runs the following command to troubleshoot a Route Summarization issue: R1# show mpls ldp bindings 10.0.0.0/16 tib entry: 10.0.0.0/16, rev 1 local binding: label: 16 remote binding: lsr: 2.2.2.2:0, label: 17 What does this output indicate?

A.The summary route 10.0.0.0/16 has both a local and remote label binding, indicating MPLS LDP is operational for this prefix.
B.The summary route is not label-switched because no local binding exists.
C.The remote binding indicates that the route is not being summarized.
D.The label bindings are for the more specific /24 routes, not the summary.
AnswerA

The presence of both local and remote bindings confirms LDP is working for the summary route.

Why this answer

This output shows MPLS LDP label bindings for the prefix 10.0.0.0/16. There is a local label (16) and a remote label (17) from LSR 2.2.2.2. This indicates that the summary route is label-switched, and LDP has successfully assigned labels for it.

2102
Multi-Selectmedium

A network engineer is troubleshooting IPv6 traffic filtering on a Cisco router. Which TWO statements about IPv6 ACLs are true? (Choose TWO.)

Select 2 answers
A.IPv6 ACLs are applied to interfaces using the ipv6 traffic-filter command.
B.IPv6 ACLs use wildcard masks similar to IPv4 ACLs.
C.The implicit deny at the end of an IPv6 ACL also blocks ICMPv6 neighbor discovery messages.
D.IPv6 ACLs automatically permit ICMPv6 neighbor discovery traffic by default.
E.IPv6 ACLs support the remark keyword for documentation.
AnswersA, C

Correct: The command is 'ipv6 traffic-filter' in interface configuration mode.

Why this answer

Option A is correct because the `ipv6 traffic-filter` command is the Cisco IOS command used to apply an IPv6 ACL to an interface for filtering inbound or outbound traffic. This is the direct IPv6 equivalent of the `ip access-group` command used for IPv4 ACLs, and it is the only valid method for applying IPv6 ACLs to filter traffic on a Cisco router interface.

Exam trap

The trap here is that candidates often assume IPv6 ACLs behave like IPv4 ACLs in supporting wildcard masks and remarks, or that they automatically permit essential control-plane traffic like ICMPv6 neighbor discovery, leading to incorrect selections of options B, D, or E.

2103
MCQmedium

Examine this IP SLA configuration on router R5: ip sla 50 icmp-echo 10.20.20.1 source-ip 192.168.10.1 frequency 10 ip sla schedule 50 life forever start-time now What is the effect of this configuration?

A.It will continuously monitor reachability to 10.20.20.1 from source 192.168.10.1.
B.It will stop after 10 successful replies.
C.It will measure jitter between the two IPs.
D.It will only work if 10.20.20.1 is directly connected.
AnswerA

This is the standard behavior of icmp-echo IP SLA.

Why this answer

The configuration creates an IP SLA operation that sends ICMP echo probes to 10.20.20.1 every 10 seconds, using source IP 192.168.10.1. It starts immediately and runs forever.

2104
MCQmedium

In EIGRP, which metric component is disabled by default and must be explicitly enabled using the 'metric weights' command?

A.Reliability and load
B.Bandwidth and delay
C.MTU
D.Hop count
AnswerA

K4 (reliability) and K5 (load) are set to 0 by default, disabling them.

Why this answer

In EIGRP, the composite metric is calculated by default using bandwidth and delay. Reliability and load are included in the metric formula but are disabled by default (their K-values are set to 0). To enable them, you must use the 'metric weights' command to adjust the K-values (e.g., K2 for load and K3 for reliability).

Exam trap

Cisco often tests the misconception that all five K-values are active by default, when in fact only bandwidth and delay are used, and reliability and load require explicit configuration.

How to eliminate wrong answers

Option B is wrong because bandwidth and delay are the default metric components enabled in EIGRP, not disabled. Option C is wrong because MTU is never a component of the EIGRP metric; it is only used for path selection in certain routing protocols like OSPF. Option D is wrong because hop count is not a metric component in EIGRP; it is used in RIP.

2105
MCQhard

An engineer configures a Cisco router with 'aaa authentication login default group radius local' and 'aaa authentication enable default group radius enable'. The engineer then attempts to enter enable mode and is prompted for a password. The RADIUS server is reachable, but the enable password is not accepted. What is the most likely cause?

A.The local enable password is not configured.
B.The RADIUS server is not configured to provide the enable password.
C.The 'aaa authentication enable default' command is missing the 'local' keyword.
D.The router's enable secret is set to a different password.
AnswerA

Correct because the enable authentication method list includes 'enable' as a fallback; if no local enable password is set, the fallback fails.

Why this answer

The 'aaa authentication enable default group radius enable' command tells the router to first contact the RADIUS server for enable authentication, and if that fails, fall back to the 'enable' method (which uses the local enable password). Since the RADIUS server is reachable, the router will attempt RADIUS authentication first. If the RADIUS server does not return a successful authentication (e.g., because it is not configured to provide the enable password), the router falls back to the 'enable' method, which requires a locally configured enable password.

If no local enable password is set (via 'enable password' or 'enable secret'), the fallback fails, and the user is denied access. Therefore, the most likely cause is that the local enable password is not configured.

Exam trap

Cisco often tests the distinction between the 'local' method (which uses the local username/password database) and the 'enable' method (which uses the enable password/secret), leading candidates to incorrectly assume that 'local' is needed as a fallback for enable authentication.

How to eliminate wrong answers

Option B is wrong because the RADIUS server being reachable does not guarantee it is configured to provide the enable password; however, the command explicitly includes 'group radius' as the primary method, so if the RADIUS server does not respond with success, the router falls back to the 'enable' method, not to local authentication. Option C is wrong because the 'enable' method in 'aaa authentication enable default' already implies using the local enable password (or enable secret), so adding 'local' is not valid syntax; the correct fallback method is 'enable', not 'local'. Option D is wrong because the 'enable secret' and 'enable password' are both local enable passwords; if either is set, the 'enable' method would use it, so the issue is that neither is configured, not that they are different.

2106
MCQmedium

A network engineer is troubleshooting an MPLS L3VPN where CE1 (192.168.1.0/24) cannot reach CE2 (192.168.2.0/24). The PE routers are running OSPF with the CEs. On PE1, the VRF configuration includes route-target import and export 100:100. The show ip vrf detail command on PE1 shows the VRF is active, but the CE1 loopback is not present in the VRF routing table. The show ip route vrf CUSTOMER command on PE1 shows only directly connected interfaces. What is the most likely cause?

A.The route-target import on PE1 is misconfigured.
B.The OSPF process on PE1 is not configured under the VRF.
C.The CE1 interface is not in the VRF.
D.The MP-BGP session between PE1 and PE2 is down.
AnswerB

Correct: OSPF must be configured with 'router ospf <pid> vrf CUSTOMER' to populate the VRF routing table.

Why this answer

The CE routes are not being learned via OSPF into the VRF because OSPF process is not associated with the VRF. Without the 'router ospf <pid> vrf <name>' command, OSPF runs in the global routing table and does not populate the VRF.

2107
MCQhard

An engineer configures iBGP between two routers in the same AS. The engineer notices that routes learned from one iBGP neighbor are not being advertised to another iBGP neighbor, even though the next-hop is reachable. The engineer verifies that the BGP session is established and that the routes are present in the BGP table. Which is the most likely explanation?

A.iBGP split-horizon rule prevents advertising iBGP-learned routes to other iBGP neighbors
B.The next-hop-self command is required for iBGP
C.The BGP synchronization rule is enabled
D.The routes are not valid because the next-hop is not reachable
AnswerA

Correct. iBGP does not advertise routes learned from one iBGP neighbor to another iBGP neighbor by default.

Why this answer

By default, iBGP routers do not advertise routes learned from one iBGP neighbor to another iBGP neighbor because of the split-horizon rule. This is a fundamental behavior to prevent routing loops, but it often catches engineers who expect iBGP to behave like eBGP. To overcome this, a route reflector or confederation must be used.

2108
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 dhcp binding Client: FE80::1 DUID: 0003000100AABBCCDDEE Username: unknown IA NA: IA ID 0x00010001, T1 302400, T2 483840 Address: 2001:DB8:1::100/128 Preferred lifetime 604800, valid lifetime 2592000 Expires at Sep 15 2024 12:00 PM (2592000 seconds) Based on this output, which statement is correct?

A.The client has been assigned an IPv6 address via DHCPv6.
B.The client is using SLAAC instead of DHCPv6.
C.The client's lease has expired.
D.The client is not authorized.
AnswerA

The binding shows an IA NA with an assigned address.

Why this answer

The output shows a DHCPv6 binding for a client with link-local address FE80::1, DUID, and an assigned IPv6 address 2001:DB8:1::100/128 with valid lifetime. This indicates that DHCPv6 is functioning and the client has a valid lease.

2109
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip sla statistics 1 Round Trip Time (RTT) for Index 1 Latest RTT: 200 ms Latest RTT (milliseconds): 200 Latest RTT (microseconds): 200000 Number of successes: 50 Number of failures: 10 Operation time to live: Forever Output: Over threshold Based on this output, which statement is correct?

A.The IP SLA operation has failed due to a timeout.
B.The latest RTT has exceeded the configured threshold value.
C.The IP SLA operation is not reachable and has been disabled.
D.The IP SLA responder is not configured on the target device.
AnswerB

'Output: Over threshold' directly means the measured RTT was above the threshold set in the IP SLA configuration.

Why this answer

The 'Output: Over threshold' line indicates that the latest RTT exceeded the configured threshold. The number of failures (10) suggests some probes failed, but the key clue is the threshold violation. This does not necessarily mean the operation is down; it means a threshold event occurred.

2110
MCQmedium

A network engineer runs the following command to verify NetFlow export destination: R1# show ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1) 192.168.1.100 (2055) Source IP 10.0.0.1 Origin AS 65000 Peer AS 65001 Mask for source 255.255.255.255 Mask for destination 255.255.255.255 Version 9 flow records 1234 flows exported in 567 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures What does this output indicate?

A.NetFlow export is failing due to adjacency issues.
B.NetFlow export is successful with 1234 flows exported and no errors.
C.NetFlow is using version 5 export.
D.The export destination is not configured.
AnswerB

All drop counters are zero, and 1234 flows have been successfully exported.

Why this answer

The output shows that NetFlow export is working correctly. It is exporting version 9 flows to destination 192.168.1.100 on port 2055, using source IP 10.0.0.1. There are no failures or drops, indicating successful export.

2111
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (0 static, 1 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 1 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 1 Based on this output, what is the problem?

A.The NAT translation exists but no traffic is being translated (0 hits, 0 misses), indicating a possible idle translation or no matching traffic.
B.The NAT pool is exhausted.
C.PAT is misconfigured.
D.The inside and outside interfaces are reversed.
AnswerA

The translation is present but no packets have been processed. This could be a stale entry or lack of traffic.

Why this answer

The output shows 1 dynamic translation but 0 hits and 0 misses. This indicates that a translation entry exists (perhaps from a previous session or manual creation), but no packets have been translated. The 0 hits and 0 misses suggest that no traffic is flowing through the NAT.

This could be due to the translation being stale or no traffic matching the ACL.

2112
MCQhard

A network engineer is troubleshooting IPv6 DMVPN phase 2 spoke-to-spoke tunnel failures. Spoke routers are able to communicate with the hub, but direct spoke-to-spoke traffic is not working. Router R1 (spoke) has the following relevant configuration: interface Tunnel0 ipv6 address 2001:DB8:1::1/64 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ipv6 nhrp network-id 1 ipv6 nhrp nhs 2001:DB8:1::2 ipv6 nhrp map multicast dynamic ! Router R2 (hub) shows: show ipv6 nhrp brief output indicates that both spokes are registered. What is the root cause?

A.The tunnel mode is multipoint, but the spokes need to be configured with 'tunnel mode gre ip' for direct communication.
B.The hub is missing the 'ipv6 nhrp redirect' command, and the spokes are missing 'ipv6 nhrp shortcut'.
C.The spokes have different NHRP network IDs, preventing registration.
D.The IPv6 addresses on the tunnel interfaces are in different subnets.
AnswerB

Without redirect and shortcut, spokes do not learn each other's NHRP mappings and send traffic through the hub.

Why this answer

In DMVPN phase 2, spoke-to-spoke tunnels require that NHRP redirect and shortcut are enabled. Without these, spokes send traffic through the hub. The correct answer identifies that the hub is not configured with 'ipv6 nhrp redirect' and spokes are not configured with 'ipv6 nhrp shortcut', preventing dynamic spoke-to-spoke tunnel establishment.

2113
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip eigrp topology all-links EIGRP-IPv4 Topology Table for AS(100)/ID(192.168.1.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.10.10.0/24, 1 successors, FD is 28160, Qos: 0 via 10.1.1.2 (28160/28160), GigabitEthernet0/0 via 10.2.2.2 (28672/28160), GigabitEthernet0/1 P 10.20.20.0/24, 1 successors, FD is 28160, Qos: 0 via 10.2.2.2 (28160/28160), GigabitEthernet0/1 via 10.3.3.2 (28672/28160), GigabitEthernet0/2 Based on this output, which statement is correct?

A.The network has redundant paths with feasible successors for both routes.
B.The route to 10.20.20.0/24 has no feasible successor.
C.The FD for 10.10.10.0/24 is 28672.
D.The route to 10.10.10.0/24 is in Active state.
AnswerA

Both routes have a feasible successor, providing backup paths.

Why this answer

The all-links output shows all known routes, including feasible successors. For 10.10.10.0/24, there is a successor via 10.1.1.2 and a feasible successor via 10.2.2.2 (since its reported distance of 28160 is less than the FD of 28160). For 10.20.20.0/24, there is a successor via 10.2.2.2 and a feasible successor via 10.3.3.2.

This indicates good redundancy.

2114
MCQhard

Router R1 is performing NAT for internal users to access the internet. The configuration includes: ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts cannot reach a specific external server at 203.0.113.50. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.50 203.0.113.50. Debug ip nat shows 'NAT: translation failed (no buffer)'. What is the root cause?

A.The NAT translation table is full; clear the table with clear ip nat translation *.
B.The access-list 100 is misconfigured and blocking the server's IP.
C.The interface GigabitEthernet0/1 is down.
D.The external server is unreachable due to routing issues.
AnswerA

Clearing the table frees up entries, but the root cause may be a need for more ports or timeout adjustments.

Why this answer

The 'no buffer' error indicates that the NAT translation table is full, typically due to an exhaustion of available ports for PAT. This can happen if many connections are initiated but not closed, or if the NAT pool is too small. The correct fix is to increase the number of available ports or clear stale entries.

2115
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip route 192.168.1.0 Routing entry for 192.168.1.0/24 Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 100 Redistributing via ospf 1 Last update from 10.1.1.2 on GigabitEthernet0/1, 00:00:05 ago Routing Descriptor Blocks: * 10.1.1.2, from 10.1.1.2, 00:00:05 ago, via GigabitEthernet0/1 Route metric is 20, traffic share count is 1 Based on this output, what is the problem?

A.The route is an external OSPF route with metric 20, which is the default for Type 2 external routes.
B.The route is being redistributed back into OSPF, which could cause a routing loop if not filtered.
C.The forward metric is 100, which is the metric to the ASBR.
D.The route is learned from neighbor 10.1.1.2, which is the next hop.
AnswerB

Redistributing a route learned from OSPF back into OSPF without filtering can cause loops.

Why this answer

The output shows a route learned via OSPF with type extern 2 and metric 20. The route is also 'Redistributing via ospf 1', meaning this router is redistributing this route back into OSPF. This could cause a routing loop if the route is redistributed back into the same OSPF process from which it was learned.

The problem is that the route is being redistributed without filtering, potentially causing loops.

2116
MCQmedium

Examine this IP SLA configuration on router R2: ip sla 20 udp-jitter 203.0.113.10 16384 source-ip 198.51.100.1 source-port 16384 frequency 30 ip sla schedule 20 life forever start-time now Which statement is true?

A.It measures one-way delay and jitter using UDP packets.
B.It measures only packet loss, not delay or jitter.
C.It uses TCP to measure round-trip time.
D.It sends ICMP echo requests to test connectivity.
AnswerA

UDP jitter operation measures delay, jitter, and packet loss.

Why this answer

The configuration measures UDP jitter by sending UDP packets to destination 203.0.113.10 on port 16384, sourced from 198.51.100.1 with source port 16384, every 30 seconds.

2117
MCQhard

What is the default CoPP aggregate policer rate for control plane traffic on a Cisco IOS-XE device?

A.32000 bps
B.75000 bps
C.No default rate; CoPP is disabled by default
D.128000 bps
AnswerC

CoPP is not enabled by default on Cisco IOS-XE; the administrator must configure a policy-map and apply it to the control plane.

Why this answer

Cisco IOS-XE does not have a default CoPP aggregate policer rate; CoPP is not enabled by default and must be manually configured with a policy-map and class-map.

2118
MCQmedium

A network engineer runs the following command on router R2: R2# show monitor session 4 Session 4 --------- Type : ERSPAN Source Session Status : Admin Enabled Source Ports : Both : Gi0/0 Destination IP : 192.168.1.10 Origin IP : 10.0.0.2 ERSPAN ID : 100 Based on this output, which statement is correct?

A.The ERSPAN session is mirroring traffic from Gi0/0 to IP address 192.168.1.10 using ERSPAN ID 100.
B.The ERSPAN session is mirroring traffic from IP 192.168.1.10 to Gi0/0.
C.The ERSPAN session is using RSPAN encapsulation.
D.The ERSPAN session is disabled because the status is 'Admin Enabled'.
AnswerA

The output clearly shows source port Gi0/0, destination IP 192.168.1.10, and ERSPAN ID 100.

Why this answer

This is an ERSPAN source session. It mirrors traffic from source port Gi0/0 and encapsulates it with an ERSPAN header, sending it to destination IP 192.168.1.10 with origin IP 10.0.0.2 and ERSPAN ID 100. The session is administratively enabled.

2119
MCQmedium

A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue: R1# show policy-map control-plane input class class-default Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes, be 31250 bytes conformed 0 packets, 0 bytes; actions: transmit violated 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps, violated 0 bps What does this output indicate?

A.The CoPP policy is dropping all traffic due to a misconfigured CIR.
B.The CoPP policy is not matching any traffic, indicating a possible ACL or class-map misconfiguration.
C.The CoPP policy is working correctly and policing traffic at 1 Mbps.
D.The CoPP policy is only applied to the output direction.
AnswerB

The class-default matches all traffic, but zero packets have been seen, suggesting the policy may not be applied correctly or the interface is idle.

Why this answer

The command shows the CoPP policy applied to the control plane input for the default class. The output indicates that no traffic has matched this class, meaning all control plane traffic is being policed at a rate of 1 Mbps, with conforming traffic transmitted and violating traffic dropped.

2120
MCQhard

An enterprise uses EIGRP for IPv6 with route redistribution from a static route. R1 has a static route 2001:db8:0::/32 via Null0 redistributed into EIGRP. R2 receives this route and has a more specific route 2001:db8:1::/32 via a different interface. R2 has an IPv6 ACL applied inbound on the interface facing R1 that permits only EIGRP and denies all other traffic. R2's uRPF is configured in loose mode. Traffic from R2 to 2001:db8:2::1 fails. R2 shows 'show ipv6 route' has both routes, but 'show ipv6 cef' shows the summary route for 2001:db8:2::1 pointing to R1. What is the root cause?

A.The summary route 2001:db8:0::/32 on R1 points to Null0, causing traffic to be dropped at R1.
B.The ACL on R2 blocks the return traffic from R1, causing asymmetric routing.
C.uRPF loose mode drops the packet because the source address is not in the FIB.
D.EIGRP redistribution of the static route creates a routing loop between R1 and R2.
AnswerA

R2 forwards traffic to R1 based on the summary route, but R1's static route to Null0 drops it. The ACL is irrelevant to this failure.

Why this answer

The ACL on R2 blocks the data traffic from R2 to the destination because the traffic is sent out the interface facing R1 (due to the summary route), but the ACL is inbound on that interface. However, uRPF loose mode only checks if a route exists in the FIB, not the interface. The issue is that the ACL is blocking the outbound traffic? Actually, the ACL is inbound, so it filters incoming traffic.

The traffic from R2 to the destination is outbound, so the ACL does not affect it. The real issue is that the summary route points to R1, but the destination is not reachable via R1 because R1's Null0 route drops it. The ACL is a red herring; the root cause is the summary route causing blackholing.

2121
MCQmedium

A network engineer configures a Flexible NetFlow monitor to capture traffic on a router's WAN interface. The flow record includes 'match ipv4 source address', 'match ipv4 destination address', and 'collect counter bytes'. After applying the monitor, 'show flow monitor name MONITOR cache' shows flows, but the collector receives no data. 'show flow exporter name EXPORTER statistics' shows 'Export packets sent: 0'. What is the most likely cause?

A.The flow exporter is configured with the wrong destination IP address.
B.The flow monitor is not associated with any flow exporter.
C.The flow exporter is missing the 'source' interface command.
D.The flow cache is full, preventing new exports.
AnswerB

The monitor must be linked to an exporter using the 'exporter' command under the flow monitor configuration. Without it, no export occurs.

Why this answer

A flow exporter must be associated with the flow monitor. If the monitor does not reference the exporter, no data is exported even if flows are cached.

2122
MCQeasy

A network engineer runs the following command on Router R1: R1# show bgp neighbors 10.1.12.2 received-routes BGP table version is 15, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.2.2.0/24 10.1.12.2 0 0 65002 i Total number of prefixes 1 Based on this output, what can be inferred about the BGP session?

A.The BGP session is not established.
B.The BGP session is established and the neighbor is advertising one prefix.
C.The BGP session is in Active state.
D.The BGP session is in Idle state.
AnswerB

The presence of a received route indicates the session is up and the neighbor is sending prefixes.

Why this answer

The output shows that R1 has received one prefix (10.2.2.0/24) from neighbor 10.1.12.2. The prefix is valid and best. This indicates the BGP session is established and exchanging routes.

2123
MCQhard

CoPP rate-limit is impacting legitimate traffic due to route summarization. Router R1 has: access-list 100 permit ip 10.0.0.0 0.0.3.255 any ! class-map match-all COPP-CLASS match access-group 100 ! policy-map COPP-POLICY class COPP-CLASS police 10000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY ! router eigrp 100 network 10.0.0.0 ! interface GigabitEthernet0/0 ip summary-address eigrp 100 10.0.0.0 255.255.252.0 ! R2 (10.0.1.1) sends EIGRP packets to R1, but they are being dropped. What is the root cause?

A.The CoPP policy matches EIGRP traffic from the summarized range and polices it, causing EIGRP packets to be dropped.
B.The summary route causes EIGRP to send packets to the control plane at a high rate, exceeding the policer.
C.EIGRP is not enabled on the interface, so packets are dropped.
D.The control-plane policy is applied in the wrong direction.
AnswerA

EIGRP packets are within the ACL range and are rate-limited.

Why this answer

The CoPP policy matches traffic from 10.0.0.0/22 and polices it to 10 kbps. EIGRP packets from R2 (10.0.1.1) are within this range and are subject to policing. If the EIGRP traffic rate exceeds 10 kbps, packets are dropped, causing neighbor flapping.

The summary route itself does not cause the drop, but the CoPP policy inadvertently includes EIGRP traffic. The fix is to create a separate class for EIGRP or adjust the ACL.

2124
MCQmedium

Router R6 has the following configuration: ``` interface GigabitEthernet0/7 ip address 10.6.6.6 255.255.255.0 ip policy route-map PBR-MISS ! route-map PBR-MISS permit 10 match ip address 104 set ip next-hop 192.168.4.1 ! access-list 104 permit ip 10.6.6.0 0.0.0.255 192.168.0.0 0.0.255.255 ``` What is missing in this configuration?

A.The interface is missing the 'ip policy route-map PBR-MISS' command.
B.The route-map is missing a 'set interface' command.
C.The ACL is missing a 'deny any any' statement.
D.The route-map sequence number must be 1.
AnswerA

Without the 'ip policy route-map' command on the interface, PBR is not applied, and the route-map is not used.

Why this answer

The configuration is syntactically correct and will policy-route traffic from 10.6.6.0/24 to destinations in 192.168.0.0/16. However, there is no explicit 'ip policy route-map' on the correct interface? Actually it is present. The question might be tricky: nothing is missing? But typical missing items are 'ip policy route-map' on the interface, which is present.

Another possibility: the route-map sequence number is missing? No. Perhaps the ACL is missing a deny? But it's fine. Actually, the configuration is complete.

But the question asks 'what is missing?' so we need to identify a common error: the route-map is applied inbound, but the ACL matches source 10.6.6.0/24, which is the network of the interface. That is correct. However, often PBR requires 'set ip next-hop' to be reachable, but that's not a config issue.

Let's create a scenario where the route-map name is misspelled? No. I think a common mistake is forgetting to enable PBR globally? Actually, PBR does not require global enable. Another: the route-map must have a permit statement.

It does. I'll make the missing item: the route-map does not have a 'set' command that specifies an interface or next-hop that is directly connected? But it does. Let's change: the route-map has 'set ip next-hop 192.168.4.1' but that next-hop might not be reachable? That is operational, not config.

Let's instead have a configuration where the route-map is applied but the ACL is missing a required entry? No. I'll create a configuration where the 'ip policy route-map' is applied to the wrong interface or direction? But the question says 'what is missing?' - maybe the 'ip policy route-map' command is missing from the interface? But it's there. Let me re-read: the config shows interface with ip policy route-map.

So it's there. I'll adjust: maybe the route-map is missing a sequence number? It has 10. I think the best approach is to have a configuration that is almost correct but missing the 'ip policy route-map' command on the interface.

But the stem shows it. Let me change the stem to omit it. Yes, I'll remove the 'ip policy route-map' line from the interface config, so the question is: what is missing? Then the answer is that the interface needs the 'ip policy route-map' command.

That is a typical configuration review. Let's do that.

2125
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 interface gigabitethernet 0/0 | include uRPF IPv6 uRPF: strict mode Based on this output, which statement is true?

A.uRPF is disabled
B.uRPF is enabled in strict mode
C.uRPF is enabled in loose mode
D.uRPF is enabled but only for multicast
AnswerB

The output confirms strict mode uRPF.

Why this answer

The command output explicitly shows 'IPv6 uRPF: strict mode', which confirms that unicast Reverse Path Forwarding (uRPF) is enabled and operating in strict mode. In strict mode, the router verifies that the source address of an incoming packet matches a route in the FIB and that the incoming interface is the same as the outgoing interface for that route. This prevents spoofed traffic from entering the network.

Exam trap

Cisco often tests the distinction between strict and loose uRPF modes, and the trap here is that candidates might confuse the 'strict mode' output with 'loose mode' or assume uRPF is disabled when the output line is present.

How to eliminate wrong answers

Option A is wrong because the output clearly states 'strict mode', which indicates uRPF is enabled, not disabled. Option C is wrong because the output specifies 'strict mode', not 'loose mode'; loose mode only checks that a route exists for the source address, regardless of the incoming interface. Option D is wrong because uRPF applies to unicast traffic, not multicast; multicast uses Reverse Path Forwarding (RPF) as part of protocols like PIM, but uRPF is specifically for unicast source address verification.

2126
MCQeasy

In IPsec site-to-site VPN, what is the default IPsec SA lifetime in Cisco IOS?

A.86400 seconds and 256000 kilobytes
B.3600 seconds and 4608000 kilobytes
C.28800 seconds and 1000000 kilobytes
D.1800 seconds and 256000 kilobytes
AnswerB

This is the standard Cisco default for IPsec SA lifetime.

Why this answer

Option B is correct because the default IPsec Security Association (SA) lifetime in Cisco IOS for site-to-site VPNs is 3600 seconds (1 hour) and 4,608,000 kilobytes (4.5 GB). These values are defined in the IPsec transform set configuration and control when the SA expires, triggering a rekey via IKEv1 or IKEv2 to maintain secure communication.

Exam trap

Cisco often tests the distinction between the default IKE SA lifetime (86400 seconds) and the default IPsec SA lifetime (3600 seconds), causing candidates to confuse the two and select option A.

How to eliminate wrong answers

Option A is wrong because 86400 seconds (24 hours) is the default IKE (ISAKMP) SA lifetime, not the IPsec SA lifetime; the 256,000 kilobyte value is also incorrect for the default IPsec SA lifetime. Option C is wrong because 28800 seconds (8 hours) and 1,000,000 kilobytes are not default values; these might be seen in custom configurations or other vendors. Option D is wrong because 1800 seconds (30 minutes) is too short for the default IPsec SA lifetime, and 256,000 kilobytes is not the default traffic-based lifetime.

2127
Multi-Selecthard

Which THREE statements about IPv6 unicast RPF (uRPF) are true? (Choose THREE.)

Select 3 answers
A.IPv6 uRPF uses the Forwarding Information Base (FIB) to verify source address reachability.
B.IPv6 uRPF can be configured in strict mode or loose mode.
C.IPv6 uRPF is configured on a per-interface basis.
D.IPv6 uRPF checks the destination address of incoming packets.
E.IPv6 uRPF is used to filter multicast traffic.
AnswersA, B, C

Correct: uRPF checks the FIB to see if the source address is reachable via the incoming interface.

Why this answer

uRPF uses the FIB (CEF) for lookups, it can operate in strict or loose mode, and it is applied per interface. The other options are false: uRPF does not inspect the destination address (only source), and it is not used for multicast traffic.

2128
MCQmedium

A network engineer runs the following command to troubleshoot an OSPF adjacency issue: R1# debug ip ospf adj *Mar 1 00:12:34.567: OSPF-1 ADJ RtrA: Interface GigabitEthernet0/0 going Up *Mar 1 00:12:34.568: OSPF-1 ADJ RtrA: 2 Way Communication to 10.1.1.2 on GigabitEthernet0/0, state 2WAY *Mar 1 00:12:34.570: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Our router ID 1.1.1.1, his router ID 2.2.2.2 *Mar 1 00:12:34.571: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Neighbor is not DR, state 2WAY *Mar 1 00:12:34.572: OSPF-1 ADJ RtrA: NBR 10.1.1.2: DR is 10.1.1.2, BDR is 10.1.1.1 *Mar 1 00:12:34.573: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Build the Start DBD *Mar 1 00:12:34.574: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Master/Slave negotiation done *Mar 1 00:12:34.576: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Exchange done, loading started *Mar 1 00:12:34.578: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Loading done *Mar 1 00:12:34.580: OSPF-1 ADJ RtrA: NBR 10.1.1.2: Full What does this output indicate?

A.The adjacency failed due to a mismatch in the DR election.
B.The adjacency formed successfully, and the neighbor is in Full state.
C.The adjacency is stuck in Exstart state due to MTU mismatch.
D.The neighbor is not the DR, so the adjacency will not form.
AnswerB

The sequence of messages shows all OSPF adjacency steps completing, ending with 'Full'.

Why this answer

The debug output shows the complete OSPF adjacency formation process from Down to Full state, indicating a successful adjacency.

2129
MCQmedium

A network engineer notices that the syslog server at 10.1.1.100 is not receiving any log messages from a Cisco router running IOS-XE 16.9. The engineer has configured 'logging host 10.1.1.100' and 'logging trap debugging'. The router can ping the syslog server successfully. What is the most likely cause of the missing syslog messages?

A.The 'logging on' command is not configured globally.
B.The syslog server is using UDP port 514, but the router is sending over TCP.
C.The 'logging source-interface' is set to a loopback that is not advertised in the routing table.
D.The 'logging buffered' command is overriding the remote logging configuration.
AnswerA

Correct because 'logging on' must be enabled to allow any syslog messages to be sent to a remote server. Without it, all syslog output is suppressed.

Why this answer

The 'logging trap debugging' command sets the severity level to 7 (debugging), but the default logging source interface is the lowest-numbered IP address on the router. If that interface is not reachable from the syslog server, messages may be dropped. However, the more common issue is that the 'logging on' command is missing, which globally disables syslog output.

Without 'logging on', no messages are sent to any syslog server regardless of other configurations.

2130
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip ospf interface GigabitEthernet0/0 GigabitEthernet0/0 is up, line protocol is up Internet Address 192.168.12.1/24, Area 0 Process ID 1, Router ID 10.1.1.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 10.1.1.2, Interface address 192.168.12.2 Backup Designated router (ID) 10.1.1.1, Interface address 192.168.12.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.1.1.2 (Designated Router) Suppress hello for 0 neighbor(s) Based on this output, which statement is correct?

A.Router R1 is the Designated Router on this segment.
B.Router R1 has a priority of 0, preventing it from becoming DR.
C.The dead timer is set to 40 seconds and is functioning correctly.
D.Router R1 is not receiving hello packets from the DR.
AnswerC

The dead interval is 40 seconds, and the hello timer is 10 seconds, which is standard. The adjacency is up, so timers are working.

Why this answer

The interface is in state BDR, meaning Router R1 is the backup designated router. The DR is 10.1.1.2. The output shows one neighbor, which is the DR, and the adjacency is full.

2131
MCQmedium

Given the following configuration on a router: ``` router ospf 1 distance 150 ``` What is the effect of this configuration?

A.It sets the administrative distance for OSPF routes to 150, but only for intra-area routes.
B.It sets the administrative distance for OSPF routes to 150, overriding the default of 110.
C.It sets the administrative distance for OSPF external routes to 150.
D.It sets the administrative distance for OSPF routes to 150, but only for routes learned from a specific neighbor.
AnswerB

The default AD for OSPF is 110; this command changes it to 150.

Why this answer

This command sets the administrative distance for all OSPF routes to 150, overriding the default of 110.

2132
MCQeasy

A network engineer runs the following command to troubleshoot an IP SLA issue: R1# show ip sla monitor statistics 10 Round Trip Time (RTT) for Index 10 Latest RTT: 12 ms Latest RTT (milliseconds): 12 Latest RTT (microseconds): 12000 Last operation start time: 12:34:56.789 UTC Mon Mar 1 2021 Last operation return code: OK Number of successes: 100 Number of failures: 0 Operation time to live: Forever What does this output indicate?

A.The IP SLA monitor operation has failed because the return code is 'OK'.
B.The IP SLA monitor operation is functioning correctly with no failures.
C.The IP SLA monitor operation is not configured for index 10.
D.The IP SLA monitor operation has a timeout of 12 ms.
AnswerB

Zero failures and 'OK' return code confirm success.

Why this answer

This output is from the older 'ip sla monitor' command, which is equivalent to 'ip sla'. It shows the same statistics: 100 successes, 0 failures, and a return code of OK, indicating the probe is working.

2133
MCQhard

A large enterprise network is experiencing intermittent reachability to a critical server (10.10.10.10). Router R1 has the following relevant configuration: ip sla 1 icmp-echo 10.10.10.10 source-ip 192.168.1.1 frequency 10 ip sla schedule 1 life forever start-time now track 1 ip sla 1 reachability delay down 5 up 5 ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 1 Router R2 (the next-hop) shows: show ip route | include 10.10.10.10 S 10.10.10.0/24 [1/0] via 10.0.0.1 What is the root cause?

A.The IP SLA probe uses a source IP that is not reachable from the server, causing the probe to fail and the tracked route to be removed unnecessarily.
B.The frequency of the IP SLA is too high, causing the router to overload and drop the tracked route.
C.The delay down 5 up 5 is too short, causing flapping of the tracked route.
D.The server 10.10.10.10 is not responding to ICMP echo requests due to a firewall.
AnswerA

The source IP 192.168.1.1 may not be in the routing table of the server or intermediate routers, so echo replies never return, causing the track to go down.

Why this answer

The IP SLA probes are sourced from 192.168.1.1, but the server 10.10.10.10 is in a different subnet. The return path from the server might not reach 192.168.1.1 due to route summarization or asymmetric routing. However, the key issue is that the tracked default route is removed when the probe fails, but the probe failure could be due to the server's response not being routed back correctly, not because the next-hop is unreachable.

The correct answer is that the source IP of the probe is not routable from the server's perspective, causing false negatives.

2134
MCQhard

A network engineer runs the following command to troubleshoot an ERSPAN issue: R1# show ip interface brief | include Gi0/0 GigabitEthernet0/0 10.1.1.1 YES NVRAM up up R1# show monitor session 7 detail Session 7 --------- Type : ERSPAN Source Session Source Ports : Both : Gi0/1 Destination IP : 10.1.1.2 ERSPAN ID : 300 What does this output indicate?

A.The ERSPAN session is correctly configured and the destination IP is reachable.
B.The ERSPAN session is misconfigured because the source port must have an IP address.
C.The ERSPAN session is misconfigured because the destination IP must be on the same subnet as the source.
D.The ERSPAN session is misconfigured because the ERSPAN ID must be unique across all sessions.
AnswerA

The interface is up and the destination IP is likely reachable.

Why this answer

The output shows that interface Gi0/0 has IP address 10.1.1.1 and is up/up, and ERSPAN session 7 has destination IP 10.1.1.2. This indicates that the ERSPAN source session is configured to send traffic to 10.1.1.2, which is reachable via Gi0/0.

2135
MCQmedium

Which LSA type is used by OSPF to advertise prefixes from other routing protocols (redistribution) and has a default metric of 20?

A.Type 1 LSA (Router LSA)
B.Type 3 LSA (Summary LSA)
C.Type 4 LSA (ASBR Summary LSA)
D.Type 5 LSA (AS-external LSA)
AnswerD

Correct. Type 5 LSAs carry external routes with a default metric of 20.

Why this answer

Type 5 AS-external LSAs are used to advertise external routes redistributed into OSPF. The default metric for these LSAs is 20, as defined by Cisco IOS.

2136
MCQmedium

A network engineer configures a DMVPN spoke with OSPF as the routing protocol: interface Tunnel0 ip address 10.0.0.2 255.255.255.0 ip nhrp network-id 100 ip nhrp nhs 10.0.0.1 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp map 10.0.0.1 192.168.1.1 ip nhrp map multicast 192.168.1.1 ! router ospf 1 network 10.0.0.0 0.0.0.255 area 0 ! What is a common issue with OSPF in this DMVPN Phase 2 configuration?

A.OSPF will elect a DR/BDR on the hub, which can cause suboptimal routing and adjacency issues.
B.OSPF will not form adjacencies because of NHRP authentication.
C.OSPF will use point-to-point network type by default.
D.OSPF will automatically adjust to the DMVPN environment.
AnswerA

By default, OSPF over a multipoint interface uses broadcast network type, leading to DR/BDR elections that may not work well with DMVPN.

Why this answer

OSPF over DMVPN Phase 2 requires the hub to be configured as an OSPF point-to-multipoint network type to avoid issues with DR/BDR elections and to allow spoke-to-spoke adjacencies.

2137
MCQmedium

A network engineer runs the following command to troubleshoot DMVPN NHRP: R1# debug nhrp NHRP: Registration request sent to 10.0.0.1 via GigabitEthernet0/0 NHRP: Registration reply received from 10.0.0.1 Holding time: 3600 sec Flags: 0x0000 NHRP: Cache added 10.1.1.1/32 via 10.0.0.1, non-caching What does this output indicate?

A.NHRP registration to the hub is successful.
B.NHRP registration failed because no reply was received.
C.NHRP registration is pending due to authentication failure.
D.NHRP registration is rejected by the hub.
AnswerA

Registration request sent and reply received, with a cache entry added.

Why this answer

The debug shows that the router sent an NHRP registration request to the hub (10.0.0.1) and received a reply, indicating successful registration. A cache entry is added for the spoke's tunnel IP.

2138
MCQhard

A network engineer runs the following command on Router R1: R1# show ip sla statistics 4 Round Trip Time (RTT) for Index 4 Latest RTT: 300 ms Latest RTT (milliseconds): 300 Latest RTT (microseconds): 300000 Number of successes: 45 Number of failures: 55 Operation time to live: Forever Output: Over threshold R1# show track 2 Track 2 IP SLA 4 reachability Reachability is Down 5 changes, last change 00:00:05 Latest operation return code: Over threshold Latest RTT (milliseconds): 300 Tracked by: ip route 0.0.0.0 0.0.0.0 192.168.2.1 track 2 Based on this output, which statement is correct?

A.The IP SLA operation is failing because the target is unreachable.
B.The tracked static route is active because the IP SLA has successes.
C.The IP SLA threshold has been exceeded, causing the track to go down and the static route to be removed.
D.The IP SLA operation has a 55% failure rate, but the track is still up.
AnswerC

The track is down due to 'Over threshold', which means the static route is no longer installed.

Why this answer

The track shows 'Down' because the IP SLA return code is 'Over threshold'. This means the threshold was exceeded, and the track has brought down the static route. The failures (55) are high, but the key is that the track is down due to the threshold violation.

2139
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip vrf detail RED VRF RED (VRF Id = 1); default RD <not set> Interfaces: GigabitEthernet0/2 Loopback1 Address family IPV4 (Table ID = 1): No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map VRF label distribution protocol: not configured Address family IPV6 (Table ID = 0x1E000001): No Export VPN route-target communities No Import VPN route-target communities No import route-map No export route-map VRF label distribution protocol: not configured Based on this output, which statement is correct?

A.The VRF RED has a Route Distinguisher configured.
B.The VRF RED includes two interfaces: GigabitEthernet0/2 and Loopback1.
C.The VRF RED has an export route-map configured.
D.The VRF RED is configured for MPLS label distribution.
AnswerB

The output lists these two interfaces under VRF RED.

Why this answer

The 'show ip vrf detail RED' command shows detailed VRF information. It lists interfaces GigabitEthernet0/2 and Loopback1. The RD is not set, which is common for VRF-Lite (no MPLS).

There are no route-target communities, which is expected for VRF-Lite.

2140
MCQhard

In OSPF, what is the default behavior for auto-summary on Cisco IOS-XE?

A.Auto-summary is enabled by default
B.Auto-summary is disabled by default
C.Auto-summary is only enabled for external routes
D.Auto-summary is enabled only for inter-area routes
AnswerB

Correct. Auto-summary is disabled by default for OSPF in Cisco IOS-XE.

Why this answer

Cisco IOS-XE has auto-summary disabled by default for OSPF, meaning that redistributed routes are not summarized to their classful boundaries unless explicitly configured.

2141
MCQhard

How does BFD prevent loops in a network where multiple BFD sessions might exist between the same pair of routers?

A.By using TTL values to limit packet propagation
B.By requiring authentication in all BFD packets
C.By matching the Your Discriminator field against the local discriminator
D.By using sequence numbers in BFD Control packets
AnswerC

The Your Discriminator field must match the receiver's local discriminator for the packet to be accepted, preventing loops from misrouted packets.

Why this answer

BFD uses a mandatory Your Discriminator field in Control packets; a router will only accept a BFD Control packet if the Your Discriminator matches its own local discriminator, preventing misdirected packets from creating loops.

2142
MCQhard

An engineer is troubleshooting a network where R1 and R2 are running EIGRP, and R2 redistributes a static route for 192.168.1.0/24 into EIGRP. R1 also learns the same prefix via OSPF from R3 with an AD of 110. The engineer observes that R1 prefers the EIGRP external route (AD 170) over the OSPF route. What configuration change would cause this behavior?

A.The OSPF route is a type 5 LSA, which has a higher AD than type 3 LSAs.
B.The engineer applied the distance eigrp 90 100 command under EIGRP, lowering the AD for external routes to 100.
C.The OSPF route has a metric of 20, while the EIGRP route has a metric of 2560.
D.The static route was redistributed with a route-map that sets the EIGRP metric to 1.
AnswerB

This sets the AD for EIGRP internal routes to 90 and external to 100, making the external route (AD 100) preferred over OSPF (AD 110).

Why this answer

By default, EIGRP external routes have an AD of 170, and OSPF has AD 110, so OSPF should be preferred. If the EIGRP external route is preferred, the AD must have been lowered, likely via the distance command under EIGRP.

2143
MCQmedium

Consider the following EEM applet configuration: !--- event manager applet CHECK_OSPF event syslog pattern "OSPF-5-ADJCHG" action 1.0 cli command "enable" action 2.0 cli command "show ip ospf neighbor" action 3.0 mail server "smtp.example.com" to "admin@example.com" from "router@example.com" subject "OSPF Adjacency Change" body "An OSPF adjacency change has been detected." !--- What is the effect of this configuration?

A.The applet will send an email to the administrator whenever an OSPF adjacency change occurs.
B.The applet will only execute the CLI commands and will not send an email because the mail server is not configured globally.
C.The applet will fail because the 'event syslog pattern' must be configured with a regular expression.
D.The applet will send the email only after the CLI commands complete, but the output of those commands is not included in the email.
AnswerA

Correct. The applet triggers on the OSPF adjacency change syslog message and sends an email with the specified details.

Why this answer

The EEM applet triggers on a syslog message matching the pattern "OSPF-5-ADJCHG". When triggered, it sends an email notification to the administrator. The 'cli command' actions are executed but their output is not used; the email is sent regardless.

The applet does not require any additional configuration to send the email, provided the mail server is reachable.

2144
MCQmedium

A network engineer runs the following command to troubleshoot redistribution with route-maps: R1# show ip route summary IP routing table name: Default-IP-Routing-Table(0) IP routing table maximum-paths: 32 Route Source Networks Subnets Replicates Overhead Memory (bytes) connected 0 3 0 0 480 static 0 0 0 0 0 ospf 1 2 5 0 0 1280 eigrp 100 1 2 0 0 640 bgp 65000 0 0 0 0 0 internal 2 Total 3 10 0 0 2400 What does this output indicate?

A.BGP is not receiving any routes, possibly due to filtering.
B.EIGRP is redistributing routes into OSPF.
C.OSPF has more routes than EIGRP.
D.The router has a total of 13 routes.
AnswerA, C

BGP shows 0 networks and subnets, indicating no routes are being learned via BGP. This could be due to filtering or other issues.

Why this answer

The output shows a summary of the IP routing table, listing the number of networks and subnets from each routing source. It indicates that OSPF and EIGRP are contributing routes, while BGP has no routes.

2145
MCQmedium

A network engineer runs the following command to troubleshoot an RSPAN issue: R1# show monitor session 4 detail Session 4 --------- Type : Remote Destination Session Source RSPAN VLAN : 100 Destination Ports : Gi0/2 Encapsulation : Native Ingress : Disabled What does this output indicate?

A.The session is correctly configured as an RSPAN destination session.
B.The session is misconfigured because the source must be a port, not a VLAN.
C.The session is misconfigured because the destination port must have ingress enabled.
D.The session is misconfigured because the RSPAN VLAN must be the same as the source VLAN.
AnswerA

The output confirms an RSPAN destination session with a source RSPAN VLAN and destination port.

Why this answer

The output shows an RSPAN destination session with source RSPAN VLAN 100 and destination port Gi0/2. This is the destination side of an RSPAN configuration.

2146
MCQhard

A network engineer runs the following command to troubleshoot an EEM issue: R1# debug event manager action cli EEM Action CLI debugging is on R1# Mar 1 00:10:15.123: %HA_EM-6-ACTION: applet TRACK-INTERFACE: action cli command: 'show ip int brief' executed Mar 1 00:10:15.456: %HA_EM-6-ACTION: applet TRACK-INTERFACE: action cli output: 'Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 192.168.1.1 YES NVRAM up up GigabitEthernet0/1 10.0.0.1 YES NVRAM up up Loopback0 1.1.1.1 YES NVRAM up up' What does this output indicate?

A.The EEM applet 'TRACK-INTERFACE' executed the command 'show ip int brief' and the output was displayed.
B.The EEM applet 'TRACK-INTERFACE' failed to execute the command 'show ip int brief'.
C.The debug output shows the EEM applet configuration for 'TRACK-INTERFACE'.
D.The command 'show ip int brief' was executed manually by the engineer.
AnswerA

Correct. The debug output shows the applet executing the command and the resulting output.

Why this answer

The debug output shows the execution of CLI actions within an EEM applet. It displays the applet name, the CLI command being executed, and the output of that command. This is useful for verifying that CLI actions are working correctly and seeing the exact output returned.

2147
MCQmedium

What is the default DHCPv4 renewal time (T1) as a percentage of the lease time?

A.25%
B.50%
C.75%
D.87.5%
AnswerB

T1 is 50% of the lease time per RFC 2131.

Why this answer

RFC 2131 specifies that T1 defaults to 50% of the lease time, at which the client attempts to renew the lease.

2148
MCQeasy

In MPLS L3VPN, what is the purpose of the Route Distinguisher (RD)?

A.To make IPv4 prefixes unique across different VRFs in the MPLS network.
B.To control which VRFs import routes from other PEs.
C.To specify the VPN label that is used for forwarding.
D.To identify the VRF on the local PE router.
AnswerA

The RD creates a globally unique VPNv4 prefix by combining with the IPv4 address, preventing route ambiguity.

Why this answer

The RD is an 8-byte value prepended to an IPv4 prefix to create a unique VPNv4 prefix. This allows overlapping IPv4 addresses from different VRFs to be carried in the same BGP table without conflict.

2149
MCQhard

An engineer is troubleshooting a router that is not sending syslog messages to the remote server at 192.168.1.10. The configuration includes 'logging host 192.168.1.10' and 'logging trap 7'. The router can ping 192.168.1.10. The engineer runs 'show logging' and sees 'Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)'. What is the most likely cause?

A.The 'logging source-interface' is configured to an interface that is administratively down.
B.The 'logging on' command is missing from the configuration.
C.The syslog server is using TCP, but the router is configured for UDP.
D.The logging buffer is full, preventing new messages from being generated.
AnswerA

Correct because if the source interface is down, the router cannot use its IP address, and the syslog server may drop messages from an unexpected source IP or the packets may be routed incorrectly.

Why this answer

The 'show logging' output shows that syslog is enabled but no messages are being sent. A common reason is that the 'logging source-interface' is set to an interface that is down or not reachable, causing the router to use an incorrect source IP that the server may filter or that routing may not support. Alternatively, the server may be configured to accept messages only from specific source IPs.

2150
MCQeasy

In OSPF, what is the default hello interval on a point-to-point network type?

A.10 seconds
B.30 seconds
C.40 seconds
D.20 seconds
AnswerA

This is the standard default for point-to-point and broadcast networks.

Why this answer

The default hello interval for OSPF on point-to-point networks is 10 seconds, as per RFC 2328.

2151
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 192.168.1.10 0063.6973.636f.2e30. Mar 01 2020 12:00 AM Automatic 3030.3030.2e30.3030 312e.3130.3030.2e30 3030.312d.4574.682d 302f.31 192.168.1.11 0063.6973.636f.2e30. Mar 01 2020 12:00 AM Automatic 3030.3030.2e30.3030 312e.3130.3030.2e30 3030.312d.4574.682d 302f.31 Based on this output, which statement is correct?

A.The DHCP server is functioning correctly with two unique bindings.
B.The DHCP server has a duplicate client-id issue, likely caused by two clients using the same client identifier.
C.The DHCP server has run out of addresses in the pool.
D.The DHCP server is not assigning addresses because the lease time is set to 0.
AnswerB

The hex client-id is identical for both bindings, indicating a duplicate.

Why this answer

The output shows two DHCP bindings with identical client identifiers (the long hexadecimal string). This indicates that two clients are using the same client-ID, which violates RFC 2131 and causes the DHCP server to treat them as the same client, leading to duplicate address assignments or conflicts. Option B correctly identifies this duplicate client-id issue.

Exam trap

Cisco often tests the distinction between a duplicate client-ID and a normal DHCP binding, where candidates mistakenly assume two different IP addresses mean two unique clients, ignoring the identical client-ID field in the output.

How to eliminate wrong answers

Option A is wrong because the DHCP server is not functioning correctly; it has two bindings with the same client-ID, which indicates a misconfiguration or duplicate client identifier, not a healthy state. Option C is wrong because there is no evidence of address exhaustion; the pool still has addresses available (only two bindings are shown, and no 'out of addresses' message appears). Option D is wrong because the lease expiration is set to 'Mar 01 2020 12:00 AM', which is a valid date, not a lease time of 0; a lease time of 0 would show 'Infinite' or '0' explicitly, not a specific date.

2152
MCQmedium

In IPv6 First Hop Security, which feature is used to prevent duplicate address detection (DAD) attacks by snooping Neighbor Discovery (ND) messages?

A.RA Guard
B.DHCPv6 Guard
C.ND Snooping
D.Source Guard
AnswerC

Correct. ND Snooping monitors ND messages to prevent DAD attacks and other ND-based threats.

Why this answer

IPv6 First Hop Security includes ND Snooping, which inspects ND messages (NS, NA, RS, RA) to build a binding table and prevent attacks like DAD exhaustion. It is the primary mechanism for ND-based attack mitigation.

Page 28

Page 29 of 29