Cisco CCNP ENARSI 300-410 (300-410) — Questions 376450

2152 questions total · 29pages · All types, answers revealed

Page 5

Page 6 of 29

Page 7
376
MCQmedium

A network engineer configured the following: monitor session 3 type erspan-source source interface GigabitEthernet0/0/2 rx destination erspan-id 2 ip address 10.0.0.2 origin ip address 10.0.0.1 What traffic will be mirrored?

A.Only traffic received on GigabitEthernet0/0/2.
B.Only traffic transmitted on GigabitEthernet0/0/2.
C.Both received and transmitted traffic on GigabitEthernet0/0/2.
D.All traffic on the router, regardless of interface.
AnswerA

The 'rx' keyword specifies receive-only.

Why this answer

The 'rx' keyword indicates that only ingress (received) traffic on GigabitEthernet0/0/2 will be mirrored.

377
MCQhard

An OSPFv3 network has multiple areas. Area 0 includes R1 and R2. Area 1 includes R2 and R3. R2 is an ABR. R1 has an IPv6 ACL applied inbound on the interface to R2 that permits only OSPFv3 and denies all other traffic. R3 advertises a prefix 2001:db8:3::/48 into Area 1. R1's routing table shows the prefix but with a next-hop of R2. R1's uRPF is configured in strict mode on the interface to R2. Traffic from R1 to 2001:db8:3::1 is dropped. R1 shows 'show ipv6 cef 2001:db8:3::/48' points to R2's link-local address. What is the root cause?

A.The source address of the traffic from R1 is not in the FIB as reachable via the interface facing R2, causing uRPF strict mode to drop the packet.
B.The ACL on R1 blocks the return traffic from the destination, causing asymmetric routing.
C.R2's link-local address is not reachable due to OSPFv3 network type mismatch.
D.The prefix 2001:db8:3::/48 is not in the OSPFv3 database on R1 due to area filtering.
AnswerA

uRPF strict requires the source address to be reachable via the incoming interface. If the source is a directly connected subnet that is not in the FIB (e.g., due to filtering), the check fails.

Why this answer

uRPF strict mode checks that the source address of incoming packets is reachable via the same interface. For traffic sourced from R1's own subnet, the return route points to R2 via the same interface. However, if the source address is not in the FIB as reachable via that interface (e.g., because of a summary or default route), uRPF drops the packet.

In this case, the source address is likely a prefix that is not in the FIB or is reachable via a different interface.

378
MCQeasy

A network engineer runs the following command on Router R1: R1# show bgp ipv4 unicast 10.1.1.0/24 BGP routing table entry for 10.1.1.0/24, version 2 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local 10.1.1.1 from 0.0.0.0 (10.1.1.1) Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, best rx pathid: 0, tx pathid: 0x0 Based on this output, which statement is correct?

A.The route 10.1.1.0/24 was learned from an eBGP peer.
B.The route 10.1.1.0/24 is locally originated and is the best path.
C.The route 10.1.1.0/24 has a weight of 100.
D.The route 10.1.1.0/24 is not being advertised to any peer.
AnswerB

The output shows 'sourced' and 'best', meaning it is a local network that is the best path in the BGP table.

Why this answer

The output shows a locally originated network (10.1.1.0/24) with next hop 10.1.1.1 (the router itself). It is marked as valid, sourced, and best, meaning it is injected into BGP and will be advertised to peers.

379
MCQhard

A switch is configured with SPAN to monitor traffic on interface Gi0/0/0 to a local analyzer on interface Gi0/1. The configuration: monitor session 1 source interface Gi0/0/0 both monitor session 1 destination interface Gi0/1. The analyzer sees only half of the traffic (only incoming or outgoing). The switch also has an EtherChannel configured on Gi0/0/0 as part of a port-channel. The port-channel is up/up. What is the root cause?

A.The SPAN source is a physical interface that is part of an EtherChannel; SPAN should be configured on the port-channel interface instead.
B.The destination interface Gi0/1 is not in the same VLAN as the source.
C.The monitor session is missing the 'no shutdown' command.
D.The EtherChannel load-balancing algorithm causes some traffic to be missed.
AnswerA

SPAN on a physical member of an EtherChannel only monitors that link, not the entire bundle.

Why this answer

When a source interface is part of an EtherChannel, SPAN must be configured on the port-channel interface, not on the individual physical interface. If SPAN is configured on a physical interface that is part of a port-channel, the switch may only monitor traffic on that specific physical link, not the entire EtherChannel. This can result in only a portion of the traffic being mirrored.

The fix is to use the port-channel interface as the source.

380
MCQhard

An engineer configures ERSPAN on a Cisco router to monitor traffic from a VRF. The mirrored traffic reaches the collector, but the source IP address in the ERSPAN header is the router's loopback, not the expected interface IP. What is the most likely cause?

A.The ERSPAN session does not specify a source IP address, so the router uses the loopback as the best source for the destination.
B.The VRF has a default route pointing to the loopback, forcing all traffic to use that IP.
C.The ERSPAN session is configured with 'erspan-id' that overrides the source IP.
D.The collector expects the loopback IP for filtering, so the router automatically uses it.
AnswerA

Without an explicit source IP, the router uses the routing table to pick the source, often the loopback.

Why this answer

When configuring ERSPAN with a source interface in a VRF, the ERSPAN session uses the VRF's routing table to determine the source IP. If the 'ip address' of the source interface is not used, the router may use the loopback if it is the preferred source for the destination. The 'monitor session' command allows specifying the source IP explicitly; otherwise, the router selects based on routing.

381
Multi-Selectmedium

Which TWO statements about the Cisco IOS-XE SSH server configuration are true? (Choose TWO.)

Select 2 answers
A.The hostname and domain name must be configured before generating RSA keys.
B.SSH version 2 is the default and is automatically enabled when RSA keys are generated.
C.The command 'ip ssh version 1' is required to enable SSH.
D.The command 'transport input ssh' must be configured globally.
E.RSA key modulus size must be at least 2048 bits for SSH version 2.
AnswersA, B

RSA keys require a fully qualified domain name (FQDN) which uses both hostname and domain name.

Why this answer

SSH version 2 is the default and recommended version. The hostname and domain name are required to generate the RSA key pair for SSH. The 'ip ssh version' command is used to set the version, but version 2 is default.

The 'transport input ssh' command is applied to the VTY lines, not globally.

382
MCQmedium

Given the configuration: monitor session 2 source vlan 10-12 both monitor session 2 destination interface GigabitEthernet1/0/3 Which statement is true?

A.Traffic from all ports in VLANs 10, 11, and 12 is copied to GigabitEthernet1/0/3.
B.Only traffic from the access ports in VLAN 10 is copied.
C.The destination port must be in VLAN 10.
D.The destination port will become a SPAN destination and cannot be used for normal traffic.
AnswerA

VLAN SPAN monitors all ports in the specified VLANs.

Why this answer

This configures a VLAN-based SPAN session that monitors all traffic on VLANs 10, 11, and 12 and sends a copy to GigabitEthernet1/0/3.

383
MCQhard

A network uses ACLs to filter traffic. Router R1 has the following ACL applied to interface GigabitEthernet0/0 in the inbound direction: access-list 100 permit tcp any any eq 22. Router R2, connected to R1, cannot SSH to R1's loopback address. R1 shows: 'show ip interface GigabitEthernet0/0' indicates the ACL is applied. What is the root cause?

A.The ACL permits only SSH, but the implicit deny blocks all other traffic, including EIGRP hellos, causing the neighbor relationship to fail and making the loopback unreachable.
B.The ACL is applied inbound, so it filters traffic entering R1; SSH traffic from R2 to R1's loopback is outbound from R2, so it is not affected.
C.R2's SSH client uses a source port that is not TCP 22.
D.R1's loopback interface has a separate ACL that blocks SSH.
AnswerA

Without explicit permit for routing protocols, the ACL blocks them, causing routing failure.

Why this answer

The ACL only permits TCP port 22 (SSH) but implicitly denies all other traffic, including routing protocol packets and ICMP. If the SSH traffic is sourced from R2's interface IP, it may be permitted, but if the loopback is not reachable due to routing protocol being blocked, SSH fails.

384
MCQhard

In a VRF-Lite environment running EIGRP, what is the default maximum hop count for routes?

A.15
B.100
C.255
D.16
AnswerB

EIGRP defaults to a maximum hop count of 100.

Why this answer

EIGRP uses a maximum hop count of 100 by default, though it is not a metric but a TTL-like limit to prevent routing loops.

385
MCQmedium

A network engineer configured IP SLA 30 to monitor the reachability of a server (10.10.10.10) using ICMP echo probes. The IP SLA is linked to a track object that is used in a static default route. The engineer notices that the IP SLA state is 'Active', but the static route is not present in the routing table. The track object shows 'Up'. What should the engineer check first?

A.Verify that the static route includes the 'track' keyword and references the correct track object number.
B.Check if the server is responding to ICMP echo requests.
C.Ensure the IP SLA probe is configured with a timeout value less than the frequency.
D.Reboot the router to clear any routing table inconsistencies.
AnswerA

The static route must be configured with 'ip route 0.0.0.0 0.0.0.0 <next-hop> track <track-number>'. If missing or wrong track number, the route will not be installed.

Why this answer

If the track object is up and the static route is not installed, the issue is likely that the static route configuration does not properly reference the track object, or the route is being overridden by another route with lower administrative distance.

386
MCQhard

An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke tunnels do not form. The NHRP registration is successful, and the hub has the spoke's NBMA address. Which is the most likely explanation?

A.The spoke routers are missing the `ip nhrp redirect` command on the hub.
B.The spoke routers have different tunnel keys configured.
C.The spoke routers are using the same NHRP authentication string.
D.The hub router has a lower MTU on the physical interface, causing fragmentation.
AnswerA

In Phase 2, the hub must send NHRP redirect messages to inform spokes of better paths; without it, spokes send traffic through the hub.

Why this answer

In DMVPN Phase 2, spoke-to-spoke tunnels require that the spoke routers have a route to the remote spoke's tunnel IP via the hub, and that the hub has NHRP redirect enabled. Without the redirect, the spoke does not know to initiate a direct tunnel.

387
MCQhard

A network administrator notices that SSH access to router R1 from a management station 10.10.10.10 is failing intermittently. R1 has the following configuration: access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 192.168.1.1 eq 22, line vty 0 4 access-class 100 in, and control-plane host control-plane security copp policy-map COPP class MANAGEMENT police cir 8000 bc 1500 conform-action transmit exceed-action drop. The management station is on a different subnet than the management interface. The failure occurs during peak hours. What is the root cause?

A.The access-class on the VTY lines is incorrectly configured, blocking SSH traffic from the management station.
B.The CoPP policy is rate-limiting SSH traffic to 8 kbps, and during peak hours, the traffic exceeds this rate, causing drops.
C.The management station is not reachable due to a routing issue.
D.The SSH server on R1 has a maximum session limit that is being reached.
AnswerB

The police command limits SSH traffic, and exceed-action drop causes intermittent failures when the rate is exceeded.

Why this answer

The CoPP policy-map COPP class MANAGEMENT applies a police rate of 8000 bps (8 kbps) with a burst of 1500 bytes to SSH traffic destined for the control plane. During peak hours, the SSH traffic from the management station exceeds this rate, causing packets to be dropped by the exceed-action drop. This intermittent failure aligns with the rate-limiting behavior of CoPP, not with access-list or routing issues.

Exam trap

Cisco often tests the interaction between CoPP and VTY access-class, where candidates mistakenly think the access-class is the issue, but the real culprit is CoPP rate-limiting the control plane traffic before it reaches the VTY lines.

How to eliminate wrong answers

Option A is wrong because the access-list 100 permits tcp from subnet 10.10.10.0/24 to host 192.168.1.1 on port 22, and the access-class 100 in on VTY lines correctly applies this permit to inbound SSH sessions; it does not block traffic. Option C is wrong because the management station is on a different subnet, but the question states the failure is intermittent and during peak hours, not a persistent unreachability; a routing issue would cause constant failure, not intermittent. Option D is wrong because there is no mention of an SSH session limit in the configuration; the default SSH server on Cisco IOS does not have a maximum session limit that would cause intermittent drops during peak hours, and the symptom matches rate-limiting, not session exhaustion.

388
MCQmedium

Router R2 has the following configuration: ``` interface GigabitEthernet0/2 ip address 10.2.2.2 255.255.255.0 ip policy route-map CHECK ! route-map CHECK permit 10 match ip address 101 set interface GigabitEthernet0/3 ! access-list 101 permit tcp any any eq 80 ``` What is the effect of this configuration?

A.Incoming TCP packets with destination port 80 on G0/2 are forwarded out G0/3, overriding the routing table.
B.Outgoing TCP packets with source port 80 on G0/2 are forwarded out G0/3.
C.All TCP traffic is forwarded out G0/3 regardless of port.
D.The configuration is invalid because 'set interface' cannot be used with a route-map.
AnswerA

PBR matches the ACL and sets the output interface, bypassing the routing table.

Why this answer

The route-map matches TCP traffic with destination port 80 (HTTP) and sets the output interface to GigabitEthernet0/3. This is applied inbound on GigabitEthernet0/2.

389
MCQhard

Router R1 has an ACL applied to its VTY lines for SSH access: access-list 10 permit 10.1.1.0 0.0.0.255 line vty 0 4 access-class 10 in transport input ssh R1 also has CoPP policy: class-map match-all SSH-CLASS match access-group name SSH-ACL policy-map COPP class SSH-CLASS police cir 8000 bc 1500 conform-action transmit exceed-action drop R2 (10.1.1.2) shows: R2# ssh -l admin 10.2.2.1 % Connection refused by remote host R2# telnet 10.2.2.1 Trying 10.2.2.1 ... % Connection timed out; remote host not responding What is the root cause?

A.The CoPP policy is rate-limiting SSH traffic from R2, causing drops.
B.The access-class on VTY lines blocks R2's IP address.
C.SSH is not enabled on R1's VTY lines.
D.The SSH-ACL in the class-map does not match SSH traffic.
AnswerA

The police rate of 8000 bps is too low, causing exceed-action drop for SSH packets.

Why this answer

The ACL on VTY lines permits only 10.1.1.0/24, but the SSH connection from R2 (10.1.1.2) should be allowed. However, the CoPP policy is rate-limiting SSH traffic to 8000 bps. If the police rate is exceeded, packets are dropped.

The SSH connection might be failing due to CoPP dropping the packets. The telnet is also failing because it is not permitted by the access-class (only SSH is allowed). The root cause is CoPP rate-limiting SSH traffic, causing drops.

390
MCQhard

An engineer configures IPv6 RA Guard on a switch port connected to a router running OSPFv3. Unexpectedly, OSPFv3 neighbor adjacencies fail to form on that link. Which is the most likely explanation?

A.RA Guard with device-role host drops all IPv6 traffic except Neighbor Discovery and DHCP, including OSPFv3 hellos.
B.OSPFv3 uses multicast address FF02::5 which is filtered by RA Guard by default.
C.RA Guard changes the MAC address of the router, causing OSPFv3 neighbor to be unreachable.
D.The router must send Router Advertisements for OSPFv3 to work, and RA Guard blocks them.
AnswerA

RA Guard host role restricts traffic to ND and DHCP only, blocking OSPFv3.

Why this answer

RA Guard drops all Router Advertisement messages, but OSPFv3 uses IPv6 multicast address FF02::5 for hello packets. However, RA Guard can also be configured to drop all ICMPv6 messages with type 134 (RA), but the default RA Guard policy blocks all RAs. If the router sends RAs (even if not needed), the port might be err-disabled or the RAs are dropped, but the issue is that OSPFv3 hellos are not affected.

The real edge case: RA Guard with 'device-role host' blocks all IPv6 traffic from the port except ND and DHCP, which can include OSPFv3 if the policy is too restrictive. The most common misconfiguration is that RA Guard is applied with 'device-role switch' which expects the port to be a switch, but if the port is actually a router, the router's OSPFv3 hellos are dropped because RA Guard treats the router as a host and drops non-ND traffic.

391
MCQmedium

An engineer is troubleshooting a DMVPN phase 2 network where the hub router is not forming an EIGRP neighbor relationship with a spoke. The spoke's tunnel interface is configured with 'ip nhrp nhs 10.0.0.1' and 'ip nhrp map 10.0.0.1 192.168.1.1'. The hub's tunnel interface IP is 10.0.0.1. The engineer pings the hub's tunnel IP from the spoke and it succeeds. The engineer checks 'show ip eigrp neighbors' on the hub and sees no neighbors. What is the most likely cause?

A.The spoke's tunnel interface is missing the 'ip nhrp map multicast dynamic' command.
B.The hub's tunnel interface has 'no ip nhrp redirect' configured.
C.The spoke's EIGRP AS number does not match the hub's.
D.The hub's tunnel interface has 'ip nhrp authentication' configured but the spoke does not.
AnswerA

Correct because without multicast mapping, the spoke cannot send multicast traffic (including EIGRP hellos) to the hub.

Why this answer

EIGRP neighbor formation over a tunnel requires multicast support. In DMVPN, multicast traffic is sent via NHRP to the hub. If the spoke's tunnel interface does not have 'ip nhrp map multicast dynamic' or a static multicast map, the hub will not receive EIGRP hello packets from the spoke.

392
MCQeasy

A network engineer runs the following command to troubleshoot an IPv4 Access Control Lists issue: R1# show ip access-lists 101 Extended IP access list 101 10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (12 matches) 20 deny tcp any any eq 443 (5 matches) 30 permit ip any any (100 matches) What does this output indicate?

A.The ACL is permitting TCP traffic from 192.168.1.0/24 to any destination on port 80, denying all TCP traffic to port 443, and permitting all other IP traffic.
B.The ACL is denying all traffic because line 20 is an explicit deny.
C.The ACL is applied inbound on an interface and is blocking all traffic to port 443.
D.The ACL has no effect because the match counts are too low.
AnswerA

The ACL lines and match counts confirm this behavior.

Why this answer

Option A is correct because the ACL explicitly permits TCP traffic from source 192.168.1.0/24 to any destination on port 80 (line 10), denies TCP traffic from any source to any destination on port 443 (line 20), and then permits all other IP traffic (line 30). The match counts confirm that traffic matching each line has been processed, and the implicit deny at the end is never reached because line 30 permits everything else.

Exam trap

Cisco often tests the misconception that an explicit deny statement (like line 20) blocks all traffic, when in fact it only blocks the specific protocol and port, and subsequent permit entries can still allow other traffic.

How to eliminate wrong answers

Option B is wrong because line 20 is an explicit deny for TCP port 443 only, not an implicit deny at the end of the ACL; the ACL continues to line 30 which permits all other IP traffic, so it does not deny all traffic. Option C is wrong because the output does not indicate the direction (inbound or outbound) or the interface where the ACL is applied; the show ip access-lists command only displays the ACL contents and match counters, not its application point. Option D is wrong because match counts are not required to be high for an ACL to have effect; even low counts indicate that traffic has matched, and the ACL is actively filtering based on its entries.

393
MCQhard

An engineer configures EIGRP named mode on a router. After making a change to the metric weights, the router becomes stuck-in-active (SIA) for a route. Why does this happen in named mode but not in classic mode?

A.Named mode EIGRP uses a different metric calculation algorithm that is more sensitive to weight changes.
B.Named mode EIGRP requires a 'metric weights' change to be followed by a 'clear ip eigrp neighbors' command; otherwise, the router sends incorrect queries.
C.Named mode EIGRP does not support changing k-values on the fly; it must be done during maintenance.
D.Named mode EIGRP automatically adjusts the metric weights to match neighbors, causing a temporary SIA.
AnswerB

In named mode, changing k-values without resetting neighbors causes the router to use the new metric for new queries but the old metric for existing routes, leading to inconsistencies and SIA.

Why this answer

In named mode EIGRP, changing metric weights (k-values) does not automatically trigger a neighbor reset. Without a 'clear ip eigrp neighbors' command, the router continues to use the old k-values for existing neighbors while sending queries with the new k-values, causing a mismatch that leads to stuck-in-active (SIA) routes. Classic mode EIGRP automatically resets neighbors when metric weights change, avoiding this issue.

Exam trap

Cisco often tests the subtle difference that named mode EIGRP requires an explicit 'clear ip eigrp neighbors' after changing metric weights, while classic mode handles it automatically, leading candidates to assume both modes behave identically.

How to eliminate wrong answers

Option A is wrong because both named and classic mode EIGRP use the same composite metric calculation algorithm (based on bandwidth, delay, reliability, load, and MTU); named mode is not inherently more sensitive to weight changes. Option C is wrong because named mode EIGRP does support changing k-values on the fly, but it requires a manual neighbor reset to avoid SIA; it is not restricted to maintenance windows. Option D is wrong because named mode EIGRP does not automatically adjust metric weights to match neighbors; it uses the locally configured k-values, and mismatches cause SIA, not automatic adjustment.

394
MCQmedium

According to RFC 5880, what is the maximum number of BFD sessions that can be supported by a single interface on a Cisco router?

A.1 session per interface
B.256 sessions per interface
C.Unlimited, but limited by platform resources
D.16 sessions per interface
AnswerC

Correct. RFC 5880 does not define a maximum; it is implementation-specific.

Why this answer

RFC 5880 does not specify a maximum number of BFD sessions per interface; it is platform-dependent. Cisco routers can support multiple BFD sessions per interface, limited only by hardware resources.

395
MCQeasy

What is the default NHRP holdtime value on a Cisco router?

A.3600 seconds
B.1800 seconds
C.7200 seconds
D.600 seconds
AnswerA

This is the default holdtime for NHRP mappings.

Why this answer

The default NHRP holdtime is 3600 seconds (1 hour). This value can be modified with the 'ip nhrp holdtime' command.

396
MCQmedium

Consider the following partial configuration on router R2: interface GigabitEthernet0/0 ip address 10.0.0.2 255.255.255.0 ip ospf 1 area 0 ! interface GigabitEthernet0/1 ip address 192.168.1.2 255.255.255.0 ip ospf 1 area 0 ! router ospf 1 router-id 2.2.2.2 network 10.0.0.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 What is the effect of this configuration?

A.OSPF will not form adjacencies because the interface and network commands conflict, causing OSPF to ignore the network statements.
B.OSPF will form adjacencies on both interfaces, but the router-id 2.2.2.2 will be overridden by the highest loopback IP.
C.OSPF will form adjacencies on both interfaces as intended; the configuration is redundant but functional.
D.OSPF will only form adjacency on GigabitEthernet0/1 because the network statement for 10.0.0.0 is incorrect.
AnswerC

Both interfaces have OSPF enabled via the interface command and the network statement. This is acceptable and OSPF will operate normally.

Why this answer

The configuration has OSPF enabled on interfaces both via the ip ospf interface command and via network statements under the router. This is redundant but valid; the network statement will enable OSPF on any interface matching the network, but the interface already has OSPF enabled. The network statement will also enable OSPF on additional interfaces that match, but here both interfaces are already covered.

The configuration works as intended.

397
MCQmedium

Which of the following statements about MPLS label imposition and disposition is true?

A.The egress LER always performs the label pop operation.
B.The ingress LER performs the label push operation, and the egress LER performs the label pop operation unless PHP is used.
C.The penultimate hop router always pushes an additional label.
D.Label disposition occurs only at the ingress LER.
AnswerB

Standard MPLS operation: ingress pushes, egress pops. PHP allows the penultimate hop to pop, so the egress does not need to.

Why this answer

In MPLS, the ingress LER (Label Edge Router) imposes a label on the packet (push operation). The egress LER removes the label (pop operation). The penultimate hop router may perform penultimate hop popping (PHP) to remove the label before the egress, reducing the egress's workload.

398
MCQhard

In an MPLS network, routers R1 and R2 are LDP neighbors with BFD enabled. R1#show mpls ldp neighbor shows R2 as 'Oper Down' for the BFD session. R2#show bfd neighbors shows the session with R1 as 'Down'. R1 and R2 have matching 'mpls ldp router-id' loopback0. The link between them is up. What is the root cause?

A.The LDP router-id must be the IP address of the interface where BFD is enabled.
B.BFD is not supported with LDP on this platform.
C.The BFD interval is too low for LDP.
D.LDP must be configured with 'no bfd' to work properly.
AnswerA

BFD for LDP requires the LDP session to use the same source IP as the BFD session; otherwise, BFD cannot monitor the LDP session.

Why this answer

BFD for LDP requires that the LDP session be established over the same interface as the BFD session. If the LDP router-id is not the interface IP used for BFD, the BFD session may fail. Here, the loopback0 is used as LDP router-id, but BFD is configured on the physical link, causing mismatch.

399
Drag & Dropmedium

Drag and drop the steps to verify and validate BFD operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Begin with a high-level summary of all BFD sessions, then examine detailed session information, validate timers and counters, confirm BFD is active for the routing protocol, and finally test failover behavior by disabling the peer interface.

400
MCQhard

A network engineer configures IP SLA to track a BGP next-hop for a backup path. Router R1 has: ip sla 7 icmp-echo 192.168.3.3 source-ip 10.0.0.1 frequency 5 ip sla schedule 7 life forever start-time now track 7 ip sla 7 reachability router bgp 65001 neighbor 192.168.3.3 remote-as 65003 neighbor 192.168.3.3 fall-over bfd neighbor 192.168.3.3 track 7 But when the link to 192.168.3.3 goes down, the BGP session resets after 5 seconds, but the backup route is not used immediately. What is the root cause?

A.The BGP fall-over bfd overrides the track, so the BGP session resets via BFD, but the track remains up, preventing the backup route from being installed.
B.The IP SLA frequency is too low, so the track does not detect the failure quickly enough.
C.The backup route has a higher administrative distance, so it is not installed until the primary route is removed, but the primary route is still present.
D.The track 7 is not applied to the BGP neighbor correctly; it should be under the address-family.
AnswerA

When BFD is used, the track is ignored for BGP session reset, but the track might still be up, so the static route associated with the track is not removed, causing the backup route to not be used.

Why this answer

The BGP fall-over bfd and track 7 are both configured. When the link goes down, BFD detects the failure quickly and resets the BGP session. However, the track 7 might still be up because the IP SLA probe might be successful via an alternate path, so the tracked route is not removed.

The correct answer is that the track 7 is not used because BFD takes precedence, and the track does not influence the route removal.

401
MCQhard

A network engineer runs the following command to troubleshoot a VRF-Lite DMVPN issue: R1# show ip nhrp vrf CUSTOMER_G detail Output: 10.6.6.1/32 via 10.6.6.1, Tunnel0 created 00:01:00, expire 01:59:00 Type: dynamic, Flags: used NBMA address: 192.168.1.1 (no-socket) Registration handle: 0x00000001 Cache entries: 1 What does this output indicate?

A.The NHRP mapping is static and was manually configured.
B.The NHRP mapping for 10.6.6.1 is dynamic, with NBMA address 192.168.1.1, and is actively used.
C.The NHRP mapping has expired and needs to be refreshed.
D.The NHRP mapping is for a multicast group address.
AnswerB

Correct. The output shows a dynamic mapping with NBMA address 192.168.1.1 and the 'used' flag.

Why this answer

The 'show ip nhrp vrf detail' command displays NHRP cache entries for a specific VRF. The output shows a dynamic NHRP mapping for destination 10.6.6.1/32, with NBMA address 192.168.1.1, learned via Tunnel0. The entry was created 1 minute ago and will expire in 1 hour 59 minutes.

The 'used' flag indicates the mapping is actively being used.

402
Multi-Selecthard

Which THREE statements about IPv6 Source Guard are true? (Choose THREE.)

Select 3 answers
A.It filters IPv6 traffic based on the source IPv6 address of incoming packets.
B.It relies on the IPv6 snooping binding table, which is populated by DHCPv6 snooping or ND Inspection.
C.It can be configured to allow traffic from specific prefixes using a static prefix list.
D.It filters both incoming and outgoing IPv6 traffic on a port.
E.It requires DHCPv6 snooping to be enabled on the VLAN to function.
AnswersA, B, C

IPv6 Source Guard checks the source address against the binding table and drops packets with invalid source addresses.

Why this answer

IPv6 Source Guard filters traffic based on the source address, using the binding table. It prevents spoofing, requires DHCPv6 snooping or ND Inspection to build the table, and can be configured with a static prefix list. The incorrect options misstate the filtering direction or necessity of DHCPv6.

403
MCQeasy

A network engineer runs the following command to troubleshoot an IP SLA issue: R1# show ip sla statistics 10 Round Trip Time (RTT) for Index 10 Latest RTT: 12 ms Latest RTT (milliseconds): 12 Latest RTT (microseconds): 12000 Last operation start time: 12:34:56.789 UTC Mon Mar 1 2021 Last operation return code: OK Number of successes: 100 Number of failures: 0 Operation time to live: Forever What does this output indicate?

A.The IP SLA operation has failed because the RTT is too low.
B.The IP SLA operation is working correctly with no failures.
C.The IP SLA operation has timed out and needs to be reconfigured.
D.The IP SLA operation is not configured for this index.
AnswerB

The return code 'OK' and zero failures confirm successful operation.

Why this answer

This output shows the operational state of IP SLA operation 10. The 'Latest RTT' of 12 ms, 'return code: OK', and 100 successes with 0 failures indicate the probe is functioning correctly.

404
MCQmedium

A network engineer runs the following command on Router R1: R1# show crypto isakmp sa detail Codes: C - IKEv1, I - IKEv2 C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap 1 10.1.1.1 10.1.1.2 ACTIVE aes sha psk 14 23:59:59 Based on this output, which statement is correct?

A.The IKEv1 SA is established with the peer 10.1.1.2.
B.The IKEv2 SA is established with the peer 10.1.1.2.
C.The ISAKMP SA is not established; status is MM_NO_STATE.
D.The Diffie-Hellman group is group 2.
AnswerA

The 'C' code indicates IKEv1, and the status is ACTIVE.

Why this answer

The ISAKMP SA is active, using AES encryption, SHA hash, pre-shared key authentication, and Diffie-Hellman group 14. The lifetime is about 24 hours.

405
MCQmedium

A network engineer is troubleshooting a DMVPN phase 2 hub-and-spoke deployment. The hub router has mGRE and NHRP configured, and spokes register successfully. However, spoke-to-spoke traffic is not being encrypted, even though IPsec profiles are applied to the mGRE tunnel interface on both the hub and spokes. The engineer verifies that the crypto map is not applied to the tunnel interface. What is the most likely cause of this issue?

A.The NHRP authentication string does not match between the hub and spokes.
B.The IPsec profile is not applied to the mGRE tunnel interface on the hub and spokes.
C.The tunnel key is not configured on the spokes.
D.The spokes have a static crypto map applied to their physical interface.
AnswerB

Correct because DMVPN phase 2 requires the IPsec profile to be applied to the tunnel interface to protect spoke-to-spoke traffic.

Why this answer

In DMVPN phase 2, spoke-to-spoke dynamic tunnels require IPsec protection. The IPsec profile must be applied to the tunnel interface, not a crypto map. If the crypto map is missing or misapplied, IPsec will not be triggered for spoke-to-spoke traffic.

406
MCQhard

A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue: R1# show policy-map control-plane input class CoPP-Class Class-map: CoPP-Class (match-all) 1500 packets, 120000 bytes 5 minute offered rate 10000 bps, drop rate 5000 bps Match: access-group name CoPP-ACL police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 1000 packets, 80000 bytes; actions: transmit exceeded 500 packets, 40000 bytes; actions: drop conformed 8000 bps, exceed 2000 bps, violated 0 bps What does this output indicate?

A.The CoPP policy is dropping all traffic because the CIR is too low.
B.The CoPP policy is causing packet loss for traffic that exceeds the 8 kbps rate, which may impact legitimate control plane traffic.
C.The CoPP policy is not applied correctly because the drop rate is higher than the conform rate.
D.The CoPP policy is working as intended with no issues.
AnswerB

The drop rate of 5 kbps indicates that half the offered traffic is being dropped, which could affect protocols like OSPF or BGP.

Why this answer

The output shows that the CoPP policy is policing traffic matching the CoPP-ACL. The offered rate is 10 kbps, but the CIR is 8 kbps, resulting in 500 packets exceeding the rate and being dropped. This indicates that control plane traffic is being throttled.

407
MCQmedium

Examine the following configuration: logging host 10.1.1.1 logging host 10.1.1.2 logging host 10.1.1.3 logging origin-id hostname logging facility local7 What is the purpose of the 'logging origin-id hostname' command?

A.It causes the syslog messages to include the router's hostname as the origin, overriding the default IP address.
B.It sets the syslog message format to include the hostname in the timestamp field.
C.It configures the router to send syslog messages only when the hostname changes.
D.It is used to authenticate syslog messages using the hostname as a key.
AnswerA

The origin-id hostname replaces the default source IP with the hostname in the syslog message header.

Why this answer

The 'logging origin-id' command sets the origin identifier in syslog messages. When set to 'hostname', the router's hostname is used as the origin ID instead of the default (which is the IP address of the source interface). This helps identify the source of messages in a multi-device environment.

408
MCQhard

A network engineer is troubleshooting reachability issues in a VRF-lite environment. R1 has the following configuration: ip vrf BLUE rd 100:1 route-target export 100:1 route-target import 100:1. R2 has: ip vrf BLUE rd 100:2 route-target export 100:2 route-target import 100:2. Both routers are connected via a link in the global routing table and are running OSPF in the VRF. R1 shows: 'show ip route vrf BLUE' has a route to 10.1.1.0/24 via OSPF, but R2 shows: 'show ip route vrf BLUE' does not have this route. What is the root cause?

A.The route-target export on R1 (100:1) does not match the route-target import on R2 (100:2), so R2 does not import routes from R1.
B.The OSPF process on R1 is not configured with the 'vrf BLUE' keyword.
C.The link between R1 and R2 is not in the VRF, so OSPF cannot form adjacency.
D.The route 10.1.1.0/24 is being filtered by a distribute-list in OSPF.
AnswerA

VRF-lite relies on route-target matching for route import/export. Since the RTs differ, R2 does not import any routes from R1, even though OSPF is running in the VRF. OSPF only propagates routes within the same VRF, not between VRFs.

Why this answer

In VRF-lite, route leaking between VRFs is not automatic; it requires explicit configuration using route-map or VRF import/export policies. The RT values on R1 and R2 are different (100:1 vs 100:2), so even if OSPF is running within the VRF, routes are not shared because the route-target import/export do not match. OSPF in a VRF only propagates routes within the same VRF; it does not automatically leak routes to other VRFs.

The correct configuration would be to either use the same RT on both routers or configure a route-map to leak routes.

409
Multi-Selectmedium

Which TWO commands would a network engineer use to verify that EIGRP is correctly forming neighbor adjacencies and exchanging routes on an interface? (Choose TWO.)

Select 2 answers
A.show ip eigrp neighbors
B.show ip eigrp interfaces
C.show ip route eigrp
D.show ip protocols
E.show ip ospf neighbor
AnswersA, B

This command directly lists all EIGRP neighbors, their interfaces, and hold time, confirming adjacency.

Why this answer

The 'show ip eigrp neighbors' command lists all established neighbors and their interface details, confirming adjacency. The 'show ip eigrp interfaces' command displays interfaces on which EIGRP is active and includes neighbor count, verifying that the interface is participating in EIGRP. The other commands either show routes (not neighbor state) or are not EIGRP-specific.

410
MCQhard

An engineer configures syslog logging to a remote server using the 'logging host' command. The engineer notices that syslog messages are not being received on the server, but the router can ping the server successfully. The engineer verifies that the logging level is set to debugging and that the server is configured to receive syslog messages. Which is the most likely explanation?

A.An ACL on the router is blocking UDP port 514 outbound
B.The logging host command requires the 'transport tcp' option to work
C.The syslog server is not configured to accept messages from the router's IP
D.The logging level is set to emergencies only
AnswerA

Correct. If an ACL is applied to the interface that blocks UDP 514, syslog messages will not reach the server.

Why this answer

A common edge case is that the syslog messages are sent via UDP port 514, but the router may have a firewall or ACL that blocks UDP traffic. Additionally, the 'logging source-interface' command might be configured, but if the source interface is not reachable from the server (e.g., due to routing issues), the server may drop the messages. Another possibility is that the server is listening on a different port or the router is using a different port due to configuration.

However, a less obvious issue is that the 'logging monitor' or 'logging buffered' commands can interfere if the logging process is overwhelmed, but the most likely is that the syslog messages are being sent but the server's firewall or the router's own ACL is blocking them.

411
MCQhard

Router R1 is leaking routes from VRF-A to the global table using route-map LEAK. The global table receives the routes, but traffic from the global table to destinations in VRF-A is dropped. R1 configuration: ip vrf VRF-A, rd 100:1, route-target export 100:1, route-target import 100:1. The route-map LEAK is applied to the VRF export. The global table has a default route pointing to null0. What is the root cause?

A.The leaked routes have a next-hop that is only reachable within VRF-A, not in the global routing table, causing traffic to be dropped.
B.The global table default route is overriding the leaked routes.
C.The route-map should be applied to the VRF import instead of export.
D.The VRF must have a route to the global table.
AnswerA

Correct: When leaking, the next-hop must be reachable in the destination table; otherwise, packets are dropped.

Why this answer

When routes are leaked from VRF to global, the global table installs them, but the reverse path (global to VRF) requires proper routing. If the global table has a default route pointing to null0, traffic to the leaked prefixes may match the default and be discarded if the leaked routes are less specific. However, the more specific leaked routes should override the default.

The issue could be that the leaked routes are not being installed due to administrative distance or that the default route is preferred. But the most common cause is that the route-map does not set the next-hop correctly, or the VRF interface is not reachable from the global table. The root cause is that the leaked routes have a next-hop that is not reachable in the global table, often because the next-hop is in the VRF.

412
MCQeasy

A network engineer runs the following command on Router R9: R9# show ip route 192.168.50.0 Routing entry for 192.168.50.0/24 Known via "ospf 1", distance 110, metric 20 Redistributing via ospf 1 Last update from 10.0.0.1 on GigabitEthernet0/0, 00:00:10 ago Routing Descriptor Blocks: * 10.0.0.1, from 10.0.0.1, 00:00:10 ago, via GigabitEthernet0/0 Route metric is 20, traffic share count is 1 R9 also has an EIGRP route for the same prefix with distance 90 and metric 28160. Which route will be installed?

A.The OSPF route will be installed because it has a lower metric.
B.The EIGRP route will be installed because it has a lower administrative distance.
C.Both routes will be installed for load balancing.
D.Neither route will be installed due to a conflict.
AnswerB

EIGRP's distance of 90 is lower than OSPF's 110, so the EIGRP route is preferred.

Why this answer

EIGRP internal routes have a default administrative distance of 90, which is lower than OSPF's default distance of 110. Therefore, the EIGRP route will be preferred and installed in the routing table.

413
MCQmedium

A network engineer runs the following command on switch SW2: SW2# show monitor session 2 Session 2 --------- Type : Remote Source Session Source Ports : Both : Gi0/4 Source VLANs : RX Only : 100 Destination Ports : Gi0/5 Encapsulation : Native Ingress : Disabled Based on this output, which statement is correct?

A.The session is an RSPAN source session, and the mirrored traffic is sent to Gi0/5.
B.The session is an ERSPAN source session because it monitors VLAN 100.
C.The session is a local SPAN session with source VLAN.
D.The session is misconfigured because source VLANs cannot be combined with source ports.
AnswerA

The type 'Remote Source Session' indicates RSPAN source, and the destination port Gi0/5 receives the mirrored traffic.

Why this answer

This is a remote source session (RSPAN source session). It monitors source port Gi0/4 and source VLAN 100 (RX only), and sends the mirrored traffic to destination port Gi0/5, which is typically configured as a trunk port carrying the RSPAN VLAN. The session is correctly configured for RSPAN.

414
Multi-Selecthard

Which TWO statements about Policy-Based Routing (PBR) are true? (Choose TWO.)

Select 2 answers
A.PBR is applied on the inbound interface of the router.
B.If a 'set interface' command specifies a down interface, the packet is automatically routed using the routing table.
C.PBR can be used to override the routing table for locally generated packets.
D.The 'set ip default next-hop' command overrides the routing table even when a route exists.
E.PBR uses a route-map to define match criteria and set actions for traffic.
AnswersA, E

PBR is configured with 'ip policy route-map' under the interface, which processes incoming packets.

Why this answer

PBR uses a route-map with match and set commands to override the routing table for selected traffic. The 'set interface' command can specify an outgoing interface, and if that interface is down, the packet is dropped unless a 'set ip next-hop' is also configured as a backup. PBR does not affect the router's own originated traffic by default.

The 'set ip default next-hop' is used only when there is no explicit route in the routing table, not for overriding an existing route. PBR is applied on the inbound interface.

415
MCQmedium

What is the default behavior of the 'logging buffered' command in Cisco IOS-XE when no severity level is specified?

A.It captures only messages of severity 0 through 4.
B.It captures only messages of severity 0 through 5.
C.It captures only messages of severity 0 through 6.
D.It captures messages of severity 0 through 7.
AnswerD

The default severity for buffered logging is 7, so all messages from emergencies to debugging are logged.

Why this answer

When 'logging buffered' is configured without a severity level, it defaults to severity 7 (debugging), capturing all messages.

416
MCQhard

A network engineer runs the following command to troubleshoot OSPF route redistribution: R1# show ip ospf database external 5.5.5.5 OSPF Router with ID (1.1.1.1) (Process ID 1) Type-5 AS External Link States LS age: 120 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 5.5.5.5 (External Network Number) Advertising Router: 3.3.3.3 LS Seq Number: 80000001 Checksum: 0xABCD Length: 36 Network Mask: /32 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 What does this output indicate?

A.The prefix 5.5.5.5/32 is a network inside the OSPF domain.
B.The route was redistributed into OSPF by router 3.3.3.3 with a metric of 20.
C.The forward address indicates the next-hop is 5.5.5.5.
D.This is a Type 4 Summary ASBR LSA.
AnswerB

The LSA is Type-5, advertising router is 3.3.3.3, metric type E2 with metric 20.

Why this answer

The output shows an OSPF Type 5 External LSA for prefix 5.5.5.5/32, advertised by router 3.3.3.3 with a metric type E2 and metric 20.

417
MCQmedium

Examine the following configuration on R6: !--- R6 configuration route-map FILTER deny 10 match tag 50 ! route-map FILTER permit 20 ! router eigrp 200 distribute-list route-map FILTER in ! What is the effect of this configuration?

A.All routes with tag 50 are denied; all other routes are permitted.
B.Routes with tag 50 are permitted; all other routes are denied.
C.The distribute-list is applied only to the first interface; routes with tag 50 are filtered on that interface.
D.The configuration is invalid because route-maps cannot be used with distribute-list in EIGRP.
AnswerA

Correct. Sequence 10 denies routes with tag 50; sequence 20 permits everything else.

Why this answer

The distribute-list route-map FILTER in is applied to EIGRP updates received on all interfaces (since no interface is specified). Sequence 10 denies any route with tag 50. Sequence 20 permits all other routes.

Therefore, routes with tag 50 are filtered out (not installed in the routing table), while all other routes are accepted.

418
MCQeasy

What is the maximum number of IPv6 over IPv4 tunnels that can be configured on a Cisco IOS router?

A.256
B.1024
C.Platform-dependent, no fixed maximum.
D.64
AnswerC

The number is limited by memory and CPU.

Why this answer

C is correct because the maximum number of IPv6 over IPv4 tunnels on a Cisco IOS router is platform-dependent and limited by available system resources such as CPU and memory, not by a fixed software limit. Cisco IOS does not impose a hard-coded maximum; the actual number depends on the router model, the type of tunnel (e.g., manual, 6to4, ISATAP, GRE), and the configuration complexity.

Exam trap

Cisco often tests the misconception that there is a fixed numerical limit (like 256, 1024, or 64) for IPv6 over IPv4 tunnels, when in fact the correct answer is that the limit is platform-dependent and resource-driven.

How to eliminate wrong answers

Option A is wrong because 256 is not a universal limit; while some older platforms might have had lower practical limits, modern Cisco IOS routers can support far more tunnels. Option B is wrong because 1024 is a common misconception based on a default limit for certain tunnel types (e.g., 6to4) in some IOS versions, but it is not a fixed maximum and can be exceeded with proper resource allocation. Option D is wrong because 64 is too low and does not reflect the scalability of Cisco IOS; it might be confused with the maximum number of tunnels in a specific legacy feature or a different protocol context.

419
MCQeasy

What is the default BGP hold timer value in Cisco IOS-XE?

A.90 seconds
B.120 seconds
C.180 seconds
D.240 seconds
AnswerC

Correct. BGP hold timer defaults to 180 seconds.

Why this answer

The default BGP hold timer is 180 seconds, as per RFC 4271 and Cisco IOS-XE defaults.

420
MCQhard

An engineer is troubleshooting a DHCPv6 prefix delegation scenario. The router (R1) is a DHCPv6 client on its WAN interface and is supposed to receive a /48 prefix from the ISP's DHCPv6 server to delegate to LAN interfaces. The WAN interface is configured with 'ipv6 address dhcp' and 'ipv6 dhcp client pd ISP-PREFIX'. The LAN interfaces have 'ipv6 address ISP-PREFIX 0:0:0:1::/64 eui-64'. The engineer sees that the WAN interface gets a global IPv6 address, but the LAN interfaces do not get any IPv6 address. What is the most likely cause?

A.The LAN interfaces are missing the 'ipv6 enable' command.
B.The ISP's DHCPv6 server is not configured to delegate a prefix.
C.The 'ipv6 dhcp client pd' command should be 'ipv6 dhcp client pd ISP-PREFIX hint ::/48'.
D.The WAN interface needs the 'ipv6 nd other-config-flag' command.
AnswerB

Correct because if the server does not delegate a prefix, the client's 'ipv6 dhcp client pd' request will fail, and the LAN interfaces will not receive any addresses from the delegated prefix.

Why this answer

The WAN interface successfully obtains a global IPv6 address via DHCPv6, but the LAN interfaces lack IPv6 addresses because the DHCPv6 client process on R1 has not received a delegated prefix. The 'ipv6 dhcp client pd ISP-PREFIX' command requests a prefix delegation from the ISP's DHCPv6 server; if the server is not configured to delegate prefixes (e.g., missing the 'prefix-delegation' pool or 'ipv6 dhcp server' with prefix assignment), the client never receives a prefix to assign to LAN interfaces. This is the most likely cause given the symptom.

Exam trap

Cisco often tests the distinction between DHCPv6 address assignment (IA_NA) and prefix delegation (IA_PD), trapping candidates who assume that obtaining a WAN address automatically implies a delegated prefix is also received.

How to eliminate wrong answers

Option A is wrong because 'ipv6 enable' is not required on LAN interfaces when they already have an explicit 'ipv6 address' command; the address configuration implicitly enables IPv6. Option C is wrong because the 'hint' keyword is optional and not required for prefix delegation to work; the client can request a prefix without a hint, and the server may still delegate one. Option D is wrong because 'ipv6 nd other-config-flag' is used to tell hosts to obtain other configuration (e.g., DNS) via DHCPv6, not to enable prefix delegation on the client or server side.

421
MCQhard

A network engineer is troubleshooting a route filtering problem with prefix-lists. Router R6 is using a prefix-list to filter routes from a BGP neighbor. The prefix-list is configured to permit only 192.168.0.0/16 and 192.168.1.0/24, but routes with prefix 192.168.2.0/24 are also being accepted. The engineer checks the prefix-list configuration and sees only two permit statements. What is the most likely cause?

A.The prefix-list is not applied to the BGP neighbor; the neighbor is using a different filter or no filter.
B.The prefix-list has an implicit permit at the end for all routes.
C.The prefix-list is using 'ge 24' which permits any prefix with a mask >= 24, including 192.168.2.0/24.
D.The BGP neighbor is configured with 'soft-reconfiguration inbound' which overrides prefix-list filtering.
AnswerA

Correct because if the prefix-list is not applied, no filtering occurs.

Why this answer

Prefix-lists have an implicit deny at the end, but if the prefix-list is not applied correctly (e.g., to the neighbor inbound direction), or if the prefix-list has a 'ge' or 'le' operator that is too broad, it could permit more than intended. However, the most common issue is that the prefix-list is not applied at all, or the neighbor is using a different filter.

422
MCQhard

A network engineer runs the following command on Router R1: R1# show access-lists 100 Extended IP access list 100 10 permit icmp any any echo 20 permit icmp any any echo-reply 30 permit icmp any any time-exceeded 40 permit icmp any any unreachable R1# show policy-map control-plane Control Plane Service-policy input: CoPP-IN Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop Based on this output, what is the most likely problem?

A.The class-map uses 'match-all' instead of 'match-any'.
B.The access-list does not include all ICMP types that may be sent to the control plane.
C.The police rate is too low and is dropping all packets.
D.The policy-map is applied to the wrong direction.
AnswerB

The access-list only matches specific ICMP types, potentially missing others like router advertisement or parameter problem.

Why this answer

The access-list 100 matches ICMP types, but the class-map CoPP-ICMP uses 'match-all' which requires all match criteria to be met. Since only one access-group is referenced, 'match-all' is not incorrect, but the access-list may not be matching the actual ICMP traffic types sent to the control plane (e.g., ICMP type 8 for echo, but the router may receive other types). However, the key issue is that the class-map is not matching any packets, likely because the access-list is incomplete or the traffic is not matching the specified ICMP types.

423
MCQmedium

Which authentication type is the default when BFD authentication is enabled on Cisco IOS-XE?

A.Simple password (auth type 1)
B.Keyed MD5 (auth type 2)
C.Meticulous Keyed MD5 (auth type 3)
D.Keyed SHA-1 (auth type 4)
AnswerD

Cisco IOS-XE defaults to keyed SHA-1 (auth type 4) when BFD authentication is enabled.

Why this answer

Cisco IOS-XE defaults to keyed SHA-1 (auth type 4) when BFD authentication is configured, as it provides stronger security than MD5.

424
MCQhard

A network engineer runs the following command on Router R3: R3# show logging | include %OSPF-5-ADJCHG *Mar 1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired *Mar 1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello *Mar 1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start *Mar 1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done *Mar 1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done *Mar 1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired Based on this output, what is the most likely problem?

A.The OSPF process is misconfigured with mismatched area IDs.
B.There is a Layer 1 or Layer 2 issue causing intermittent connectivity on GigabitEthernet0/0.
C.The OSPF dead timer is set too high, causing slow convergence.
D.The router is running out of memory, causing OSPF process restarts.
AnswerB

The dead timer expiration indicates that hello packets are not received in time, which is often due to flapping interfaces or high error rates.

Why this answer

The output shows repeated OSPF adjacency changes between R3 and neighbor 10.0.0.1, with the neighbor going from FULL to DOWN due to dead timer expiration, then re-establishing. This pattern indicates an unstable OSPF neighbor relationship, likely due to a flapping interface, mismatched timers, or Layer 1 issues. The dead timer expiration suggests that hello packets are not being received consistently.

425
MCQmedium

Consider the following configuration on R5: !--- R5 configuration ip prefix-list PL-2 seq 5 permit 10.0.0.0/8 ge 16 le 24 ! route-map RMAP permit 10 match ip address prefix-list PL-2 set community 100:100 ! router bgp 65200 neighbor 192.168.1.2 route-map RMAP out ! What is the effect of this configuration?

A.Only routes with prefix 10.0.0.0/8 and mask length between 16 and 24 are sent to neighbor with community 100:100.
B.All routes with prefix 10.0.0.0/8 are sent to neighbor; routes with mask length between 16 and 24 get community 100:100.
C.Routes that match the prefix-list are sent with community 100:100; all other routes are sent without any community.
D.The configuration is invalid because the prefix-list uses ge and le together; only one can be used.
AnswerA

Correct. The prefix-list permits 10.0.0.0/8 ge 16 le 24; matching routes get community set and are advertised.

Why this answer

The prefix-list PL-2 permits prefixes that match 10.0.0.0/8 with a mask length greater than or equal to 16 and less than or equal to 24. So, for example, 10.1.0.0/16, 10.1.1.0/24 are permitted, but 10.0.0.0/8 itself (mask 8) is not. The route-map RMAP sets community 100:100 on matching routes.

Routes that do not match the prefix-list are not processed by this route-map (since there is only one sequence), so they are denied (not sent to neighbor).

426
MCQmedium

Router R3 has the following configuration: ``` interface GigabitEthernet0/4 ip address 10.3.3.3 255.255.255.0 ip policy route-map PBR-IN ! route-map PBR-IN permit 10 match ip address 102 set ip next-hop verify-availability 192.168.2.1 10 track 1 ! access-list 102 permit ip 10.3.3.0 0.0.0.255 any ``` What is the effect of the 'set ip next-hop verify-availability' command?

A.The next-hop 192.168.2.1 is used only if track object 1 is up; otherwise, normal routing applies.
B.The next-hop 192.168.2.1 is always used regardless of track status.
C.The router pings 192.168.2.1 every 10 seconds to verify reachability.
D.The configuration is invalid because 'verify-availability' requires a sequence number.
AnswerA

verify-availability checks the track object; if down, PBR does not use that next-hop and falls back to routing table.

Why this answer

This command enables Cisco Express Forwarding (CEF) and uses tracking to verify next-hop reachability. If the tracked object (track 1) is down, the next-hop is not used.

427
MCQmedium

According to RFC 2460, what is the correct behavior when an IPv6 router receives a packet with a source address that is a multicast address?

A.The router forwards the packet normally.
B.The router drops the packet silently.
C.The router sends an ICMPv6 error message back to the source.
D.The router rewrites the source address to the link-local address of the interface.
AnswerB

Per RFC 2460, a packet with a multicast source address is invalid and must be discarded.

Why this answer

RFC 2460 specifies that multicast addresses must never be used as source addresses. Routers should drop such packets.

428
MCQeasy

When redistributing routes from EIGRP into OSPF, what is the default OSPF metric assigned to redistributed routes if no metric is specified?

A.20
B.1
C.10
D.0
AnswerA

The default metric for redistributed routes into OSPF is 20.

Why this answer

Cisco IOS assigns a default metric of 20 to redistributed routes from other protocols into OSPF if no metric is explicitly configured. This is defined in Cisco's implementation.

429
MCQhard

A network engineer runs the following command on Router R1: R1# show ip eigrp neighbors detail EIGRP-IPv4 Neighbors for AS(100) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:12:34 12 200 0 45 Version 12.0/2.0, Retrans: 0, Retries: 0, Restarts: 0 Topology ids from peer: 0 Passive interface: No Hello interval: 5 Hold time: 15 Based on this output, what is the problem?

A.The neighbor is operating normally with no issues.
B.The interface is configured as passive, preventing neighbor formation.
C.The neighbor has a high number of retransmissions.
D.The hold time of 15 seconds is too short and may cause flapping.
AnswerA

All parameters are within normal range, and the neighbor is fully established.

Why this answer

The detail output shows the neighbor is up with normal parameters. However, the 'Passive interface: No' indicates that the interface is not configured as passive, which is expected for forming neighbors. There is no problem evident; the neighbor is functioning correctly.

430
MCQhard

Two routers are configured with EIGRP using `network 0.0.0.0 0.0.0.0` to enable EIGRP on all interfaces. One router has a loopback interface with IP 10.1.1.1/32. The other router learns 10.1.1.1/32 via EIGRP. An engineer then configures `distribute-list prefix FILTER out` under the EIGRP process on the first router, where FILTER denies 10.1.1.1/32. Unexpectedly, the second router still receives the route. Which is the most likely explanation?

A.The distribute-list out does not filter routes that are directly connected and enabled via the `network` command; it only filters redistributed routes.
B.The distribute-list must be applied inbound on the second router to block the route.
C.The prefix-list FILTER is misconfigured; it should deny 10.1.1.1/32 with a ge/le condition.
D.The distribute-list command is not supported in classic mode; it must be used in named mode.
AnswerA

EIGRP distribute-list out filters only routes from redistribution; connected routes advertised via network statement are not affected.

Why this answer

In EIGRP, distribute-lists applied under the router process (classic mode) affect only routes that are redistributed or injected via `network` commands. However, if the route is directly connected and the interface is enabled for EIGRP via the `network` command, the distribute-list out does not filter connected routes advertised by the network statement. To filter such routes, the distribute-list must be applied under the interface configuration or use a prefix-list that matches the interface.

431
MCQmedium

Examine the RSPAN configuration: vlan 100 name RSPAN_VLAN remote-span ! monitor session 1 source interface GigabitEthernet1/0/1 both monitor session 1 destination remote vlan 100 What is the purpose of the 'remote-span' command under VLAN 100?

A.It allows VLAN 100 to be used for RSPAN traffic across multiple switches.
B.It enables spanning tree on VLAN 100.
C.It prevents VLAN 100 from being used for user data traffic.
D.It configures VLAN 100 as a native VLAN.
AnswerA, C

This is the standard function of remote-span.

Why this answer

The 'remote-span' command designates VLAN 100 as an RSPAN VLAN, allowing it to carry mirrored traffic across switches without being used for normal data traffic.

432
MCQmedium

Which BGP loop prevention mechanism relies on the AS_PATH attribute?

A.Split horizon
B.AS_PATH loop detection
C.TTL expiration
D.Route poisoning
AnswerB

Correct. BGP discards routes with its own AS in the AS_PATH.

Why this answer

BGP uses AS_PATH loop detection: a router rejects a route if its own AS number appears in the AS_PATH.

433
MCQhard

A BGP-based network uses route reflectors and Flexible NetFlow to monitor traffic. After applying a flow monitor to the route reflector's interface, some BGP routes are not being reflected to clients. Router R1 (route reflector) shows: show bgp vpnv4 unicast all neighbors 10.0.0.2 advertised-routes | include (10.1.1.0/24) No entries. The BGP session is up, and the route 10.1.1.0/24 is in the BGP table. What is the root cause?

A.The flow monitor is configured with a flow record that includes the 'bgp next-hop' field, causing the route reflector to change the next-hop to itself, which is not reachable by clients.
B.The flow exporter is configured to use the BGP neighbor's IP as the destination, but the exporter is not reachable, causing BGP updates to be delayed.
C.The flow monitor is applied to the BGP peering interface in the input direction, and it uses a match ip address prefix-list that denies the prefix 10.1.1.0/24, causing the route reflector to not process the route.
D.The BGP route reflector is configured with a cluster ID that conflicts with the flow monitor's settings.
AnswerC

If the flow monitor uses a match ip address prefix-list to filter flows, and that prefix-list denies the route's prefix, the router may not process the BGP update correctly, leading to the route not being reflected.

Why this answer

Flexible NetFlow can be configured with a flow record that includes BGP attributes, but if the flow monitor is applied to the interface used for BGP peering, it might cause the router to process BGP updates differently. Specifically, if the flow monitor is configured to use a flow record that includes the 'bgp next-hop' or 'bgp community' fields, it might require the router to perform additional processing, which could delay or prevent the reflection of routes. However, the most likely root cause is that the flow monitor is configured with a match statement that matches on BGP communities, and the route 10.1.1.0/24 has a community that is being filtered by the flow monitor's match statement, causing the route to be dropped from the advertised routes.

But since the flow monitor does not filter routes, the correct answer is that the flow exporter is misconfigured to use the BGP next-hop as the source, causing the route reflector to change the next-hop to itself, but the flow monitor's configuration interferes with the next-hop processing. Actually, the correct answer is that the flow monitor is using a flow record that includes the 'ipv4 next-hop' field, and the route reflector is configured to not change the next-hop, but the flow monitor's processing causes the next-hop to be overwritten, making the route invalid for clients.

434
Multi-Selecthard

An engineer is configuring a DMVPN Phase 3 network with EIGRP as the routing protocol. The hub router has the following configuration snippet: interface Tunnel0 ip address 10.0.0.1 255.255.255.0 ip nhrp network-id 1 ip nhrp redirect tunnel source GigabitEthernet0/1 tunnel mode gre multipoint ! router eigrp 100 network 10.0.0.0 0.0.0.255 Which TWO additional configuration changes are required on the hub to ensure that spokes can establish direct spoke-to-spoke tunnels? (Choose TWO.)

Select 2 answers
A.Add the command 'ip nhrp shortcut' under interface Tunnel0.
B.Add the command 'ip nhrp nhs 10.0.0.1' under interface Tunnel0.
C.Add the command 'ip nhrp map multicast dynamic' under interface Tunnel0.
D.Add the command 'no ip split-horizon eigrp 100' under interface Tunnel0.
E.Add the command 'ip nhrp authentication cisco123' under interface Tunnel0.
AnswersC, D

Correct. This command allows the hub to dynamically learn the NBMA addresses of spokes for multicast forwarding, which is required for routing protocol updates.

Why this answer

In DMVPN Phase 3, the hub must have 'ip nhrp redirect' to send redirect messages, and spokes need 'ip nhrp shortcut' to install the /32 route. However, the question asks about the hub. The hub already has 'ip nhrp redirect'.

To allow spokes to learn the hub's NBMA address, the hub needs 'ip nhrp map multicast dynamic' to accept dynamic registrations. Also, the hub must have a valid tunnel source IP and the tunnel interface must be up. The hub does not need 'ip nhrp shortcut' (that's for spokes).

The hub does not need 'ip nhrp nhs' (that's for spokes). The hub does not need 'no ip split-horizon' for EIGRP if using Phase 3 with BGP or if the hub is configured correctly; but in Phase 3, EIGRP split horizon can prevent spoke routes from being advertised to other spokes. Actually, to allow spokes to learn routes from other spokes, the hub must disable EIGRP split horizon on the tunnel interface.

So the two correct changes are: add 'ip nhrp map multicast dynamic' and 'no ip split-horizon eigrp 100'.

435
MCQhard

A network engineer configures an RSPAN session on Switch A to monitor traffic from interface GigabitEthernet0/1 and sends it to Switch B. The engineer creates RSPAN VLAN 50 on both switches and configures the trunk between them to allow VLAN 50. On Switch B, the engineer configures the destination port as GigabitEthernet0/2 in VLAN 50. The engineer notices that the destination port is not forwarding any traffic. What should the engineer check first?

A.Verify that the RSPAN VLAN is configured with the 'remote-span' command on both switches.
B.Check that the destination port is not in a shutdown state.
C.Ensure that the source interface is not configured with 'no monitor session'.
D.Confirm that the trunk between switches is configured as a dot1q trunk.
AnswerA

Correct because the 'remote-span' command is essential to designate the VLAN as an RSPAN VLAN; without it, the VLAN behaves as a normal VLAN.

Why this answer

RSPAN requires that the RSPAN VLAN be configured with the 'remote-span' command on all switches that participate. Without this, the VLAN may not be treated as an RSPAN VLAN and traffic may not be forwarded correctly.

436
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip sla statistics 6 Round Trip Time (RTT) for Index 6 Latest RTT: 0 ms Latest RTT (milliseconds): 0 Latest RTT (microseconds): 0 Number of successes: 0 Number of failures: 100 Operation time to live: Forever Output: No connection R1# show track 4 Track 4 IP SLA 6 reachability Reachability is Down 3 changes, last change 00:05:00 Latest operation return code: No connection Latest RTT (milliseconds): 0 Tracked by: ip route 0.0.0.0 0.0.0.0 192.168.4.1 track 4 R1# show ip route 0.0.0.0 0.0.0.0 % Network not in table Based on this output, which statement is correct?

A.The static route is still present because the track is down.
B.The IP SLA operation is successful, but the track is misconfigured.
C.The target 192.168.4.1 is unreachable, causing the IP SLA to fail and the static route to be removed.
D.The IP SLA operation has a threshold violation, but the route is still active.
AnswerC

The 'No connection' indicates unreachability, and the track down removes the static route.

Why this answer

The track is down due to 'No connection', and the static route is not in the routing table. This indicates that the IP SLA probe cannot reach the target, and the tracked route has been removed.

437
MCQhard

A network engineer runs the following command to debug NAT with overload: R1# debug ip nat overload NAT: overload: s=10.1.1.1:1234->203.0.113.1:5678, d=192.168.1.1:80 [50] NAT: overload: s=10.1.1.1:1235->203.0.113.1:5679, d=192.168.1.1:80 [51] NAT: overload: s=10.1.1.2:80->203.0.113.1:5680, d=192.168.1.1:1024 [52] What does this output indicate?

A.PAT is working correctly, translating multiple inside hosts to one outside IP.
B.NAT is failing because the outside address is the same for all.
C.The translations are static.
D.The inside hosts are using the same port numbers.
AnswerA

Each inside host gets a unique source port on the outside IP.

Why this answer

The output shows PAT (overload) translating multiple inside addresses and ports to a single outside address with different ports. This is normal PAT operation.

438
MCQhard

An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, the router becomes unreachable via SSH and SNMP. The engineer checks the policy and confirms that the class-map for SSH and SNMP traffic is set to 'permit'. What is the most likely explanation?

A.The class-default is set to 'drop', causing all unmatched traffic to be dropped, including SSH and SNMP if they are not correctly classified.
B.The 'rate-limit' is configured in bps instead of pps, causing excessive policing.
C.The 'service-policy' is applied to the control-plane input direction, but SSH and SNMP are output traffic.
D.The class-map for SSH and SNMP uses a 'match-all' condition, but the access-list has multiple entries that are ORed.
AnswerA

In CoPP, the class-default is the default class for all traffic not matched by other classes. If it is set to drop, any traffic that does not match the explicit classes will be dropped. If SSH or SNMP traffic is not correctly matched by the class-map (e.g., due to a typo in the access-list), it will fall into class-default and be dropped.

Why this answer

A common edge case with CoPP is that the default class class-default is often set to 'drop' or 'police' with a very low rate, which can drop all traffic not explicitly matched by other classes. Even if SSH and SNMP are permitted, if the class-default is set to drop, any traffic that does not match the explicit classes (e.g., due to a misclassification) will be dropped. Additionally, the order of class-maps matters; if a broader class matches before the specific one, the traffic may be policed incorrectly.

439
Multi-Selecthard

Which THREE symptoms indicate that IPv6 unicast RPF is misconfigured or failing on an interface? (Choose THREE.)

Select 3 answers
A.Traffic from a valid source IP is being dropped on the interface.
B.The router logs 'IPv6 unicast RPF drop' messages.
C.The command 'ipv6 verify unicast source reachable-via any' is present in the running config.
D.High CPU utilization is observed due to RPF processing.
E.The 'show ipv6 interface' output shows an increasing 'RPF drops' counter.
AnswersA, B, E

uRPF drops packets when the source IP is not reachable via the incoming interface, even if the IP is valid.

Why this answer

uRPF drops packets if the source address is not reachable via the incoming interface. A syslog message about uRPF drops confirms this. The 'ipv6 verify unicast source reachable-via any' command is a configuration command, not a symptom.

High CPU due to RPF checks is not typical; RPF is done in hardware (CEF). An increase in the 'ipv6_input' drop counter for 'RPF' indicates drops.

440
Drag & Dropmedium

Drag and drop the steps to verify and validate Device Management operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by checking the management interface status, then confirm the management protocol is operational, verify the device is reachable, validate data model support, and finally perform a test retrieval of configuration data.

441
MCQmedium

A network engineer runs the following command on Router R1: R1# show dmvpn Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete N: NATed, L: Local, X: No Socket # Entries: 2 Interface: Tunnel0, IPv4 NHRP Details Type: Hub, NHRP Peers: 2, # Ent Peer NBMA Addr Peer Tunnel Addr State UpDn Tm Attrb ----- --------------- --------------- ----- -------- ----- 1 192.168.1.2 10.0.0.2 UP 00:15:30 D 2 192.168.2.2 10.0.0.3 UP 00:14:20 D Based on this output, which statement is correct?

A.The DMVPN tunnel is not functioning because there are only two peers.
B.Both spoke routers have established dynamic NHRP registrations with the hub.
C.The hub router has static NHRP entries for the spokes.
D.The spokes are not able to communicate with each other.
AnswerB

The state is UP and attribute is D (dynamic).

Why this answer

The output shows a DMVPN hub with two dynamic peers (spokes) that are both UP. The hub has NHRP peers, and the entries are dynamic (D). This is normal operation.

442
MCQmedium

A network engineer runs the following command on Router R1: R1# show event manager history events Event History: No. Time Type Name 1 00:01:30 UTC Mar 1 syslog OSPF_Neighbor_Down 2 00:01:31 UTC Mar 1 syslog OSPF_Neighbor_Up 3 00:01:32 UTC Mar 1 syslog OSPF_Neighbor_Down 4 00:01:33 UTC Mar 1 syslog OSPF_Neighbor_Up Based on this output, which statement is correct?

A.The OSPF neighbor is stable.
B.The OSPF neighbor is flapping.
C.The EEM policy is not configured.
D.The OSPF neighbor is down permanently.
AnswerB

The rapid succession of down and up events is characteristic of flapping.

Why this answer

The event history shows alternating OSPF neighbor down and up events within seconds, indicating a flapping condition. The correct answer is that the OSPF neighbor is flapping.

443
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.2 1 FULL/DR 00:00:32 FE80::2 Tunnel0 192.168.1.3 1 FULL/BDR 00:00:35 FE80::3 Tunnel0 Based on this output, which statement is correct?

A.OSPFv3 is not running on this router.
B.The router with Neighbor ID 192.168.1.3 is the Designated Router.
C.OSPFv3 adjacencies are fully established over the tunnel.
D.The tunnel is using IPv4 transport.
AnswerC

Both neighbors are in FULL state.

Why this answer

The output shows two OSPFv3 neighbors in the FULL state, which indicates that the adjacency process has completed successfully and the routers are exchanging link-state advertisements. The presence of the FULL state for both neighbors confirms that OSPFv3 adjacencies are fully established over the Tunnel0 interface, making option C correct.

Exam trap

Cisco often tests the distinction between OSPFv2 and OSPFv3, and the trap here is that candidates may assume the presence of IPv4-like neighbor IDs (192.168.1.x) implies IPv4 transport, but OSPFv3 uses a 32-bit Router ID (often derived from an IPv4 address) regardless of the underlying IPv6 transport.

How to eliminate wrong answers

Option A is wrong because the 'show ipv6 ospf neighbor' command itself proves that OSPFv3 is running on this router; if it were not, the command would return no output or an error. Option B is wrong because the neighbor with Neighbor ID 192.168.1.3 is listed as BDR (Backup Designated Router), not DR; the DR is 192.168.1.2, as indicated by the 'FULL/DR' state. Option D is wrong because the output shows IPv6 link-local addresses (FE80::2 and FE80::3) and the command is specific to IPv6 OSPF (OSPFv3), which operates natively over IPv6; the tunnel could be using IPv6 transport, and there is no evidence of IPv4 transport in this output.

444
MCQmedium

Consider this EIGRP configuration on router R5: interface GigabitEthernet0/0 ip summary-address eigrp 100 10.10.0.0 255.255.0.0 5 router eigrp 100 network 10.0.0.0 What is the effect of the 'ip summary-address eigrp' command on interface GigabitEthernet0/0?

A.It creates a summary route 10.10.0.0/16 with administrative distance 5, advertised only out GigabitEthernet0/0.
B.It creates a summary route 10.10.0.0/16 with metric 5, advertised out all interfaces.
C.It creates a summary route 10.10.0.0/16 and suppresses all more specific routes globally.
D.It creates a summary route 10.10.0.0/16 and redistributes it into other routing protocols.
AnswerA

Correct. The command is interface-specific and the distance value is optional.

Why this answer

The interface-level 'ip summary-address eigrp' command creates a summary route that is advertised out that specific interface. The optional administrative distance (5) sets the distance for the summary route.

445
MCQhard

A network engineer runs the following command on Router R1: R1# show ip route 10.0.0.0 255.255.252.0 longer-prefixes Routing entry for 10.0.0.0/22 Known via "eigrp 100", distance 90, metric 2172416, type internal Last update from 192.168.1.2 on GigabitEthernet0/0, 00:00:10 ago Routing Descriptor Blocks: * 192.168.1.2, from 192.168.1.2, 00:00:10 ago, via GigabitEthernet0/0 Route metric is 2172416, traffic share count is 1 Routing entry for 10.0.1.0/24 Known via "eigrp 100", distance 90, metric 2812416, type internal Last update from 192.168.1.2 on GigabitEthernet0/0, 00:00:10 ago Routing Descriptor Blocks: * 192.168.1.2, from 192.168.1.2, 00:00:10 ago, via GigabitEthernet0/0 Route metric is 2812416, traffic share count is 1 Based on this output, what is the effect of the summary route 10.0.0.0/22?

A.The summary route is working correctly and suppressing all specifics.
B.The summary route is not suppressing the more specific route 10.0.1.0/24.
C.The summary route has a better metric than the specific route.
D.The summary route is not installed in the routing table.
AnswerB

Both the summary and a more specific route are in the table, indicating the summary is not suppressing specifics.

Why this answer

The presence of both the summary route (10.0.0.0/22) and a more specific route (10.0.1.0/24) in the routing table indicates that the summary route is not suppressing the more specific routes, possibly due to a configuration issue or because the summary is not configured as a discard route.

446
MCQhard

An engineer configures AS path prepending on an eBGP route to influence inbound traffic. However, traffic from a specific iBGP neighbor still prefers the prepended path. What is the most likely explanation?

A.AS path prepending only affects eBGP path selection; iBGP routers ignore AS path length when comparing paths from different eBGP routers.
B.The prepending was applied with 'set as-path prepend last-as 1', which only prepends the last AS, not the full path.
C.The iBGP neighbor has 'bgp bestpath as-path ignore' configured, which ignores AS path length entirely.
D.The prepending was done on a route reflector, and the client does not see the prepended AS path.
AnswerA

iBGP uses the IGP metric to the next hop, not AS path length, so prepending does not influence iBGP decisions.

Why this answer

AS path prepending affects eBGP path selection but does not affect iBGP path selection because iBGP does not add AS path length to the metric. iBGP routers use IGP metric or other attributes, so prepending is ignored.

447
MCQmedium

Examine the following partial configuration on R1: !--- R1 configuration route-map RMAP permit 10 match ip address prefix-list PL-1 set metric 100 ! route-map RMAP permit 20 set metric 200 ! router eigrp 100 network 10.0.0.0 redistribute ospf 1 metric 1000 100 255 1 1500 route-map RMAP ! What is the effect of this configuration?

A.Only routes matching prefix-list PL-1 are redistributed into EIGRP with metric 100; all other OSPF routes are denied.
B.Routes matching prefix-list PL-1 are redistributed with metric 100; all other OSPF routes are redistributed with metric 200.
C.The route-map is missing a deny statement; without it, all routes are permitted with default metric.
D.The route-map is applied to redistribution, but the metric values are ignored because redistribute command also specifies metric.
AnswerB

Correct. Sequence 10 matches PL-1 and sets metric 100; sequence 20 matches all other routes and sets metric 200.

Why this answer

The route-map RMAP has two permit sequences. The first matches prefix-list PL-1 and sets metric to 100. The second is a catch-all permit with no match, setting metric to 200.

All redistributed OSPF routes will match either sequence and have their metric set accordingly. If a route matches the first sequence, its metric is set to 100; otherwise, it matches the second and gets metric 200. There is no deny sequence, so no routes are filtered.

448
MCQmedium

Examine the following EEM applet configuration: !--- event manager applet RELOAD_NOTIFY event syslog pattern "%SYS-5-RELOAD" action 1.0 cli command "enable" action 2.0 cli command "send log "Router is reloading"" !--- What is the effect of this configuration?

A.The applet will send a log message to the console when a reload is initiated.
B.The applet will fail because 'send log' is not a valid IOS command.
C.The applet will prevent the reload from occurring.
D.The applet will generate a syslog message with the text "Router is reloading".
AnswerB

Correct. 'send log' is not a valid command; the correct command would be 'logger' or 'send' with appropriate parameters.

Why this answer

The applet triggers on a syslog message indicating a reload. It then executes a 'send log' command, which is not a valid IOS command. The correct command is 'send log' is not valid; the intended command might be 'send' or 'logger'.

This will cause the action to fail, and the applet will not execute successfully.

449
Multi-Selectmedium

Which TWO statements about IP SLA ICMP echo operations are true? (Choose TWO.)

Select 2 answers
A.It measures round-trip time (RTT) between the source and destination.
B.It measures jitter in the network path.
C.The operation must be scheduled using the 'ip sla schedule' command.
D.The destination can be specified as a hostname without any additional configuration.
E.The operation runs continuously by default after configuration.
AnswersA, C

The ICMP echo operation sends ICMP packets and calculates the RTT based on the reply.

Why this answer

IP SLA ICMP echo measures round-trip time (RTT) by sending ICMP echo requests and waiting for replies. It does not measure jitter (that requires UDP jitter operations). It can be configured with a frequency and a timeout, and the operation must be started with the 'ip sla schedule' command.

The source IP can be specified, but the destination must be an IP address, not a hostname unless DNS resolution is configured.

450
MCQmedium

Which statement about RSPAN VLAN is correct?

A.The RSPAN VLAN must be the same as the native VLAN on the trunk.
B.The RSPAN VLAN can be used for normal user traffic if needed.
C.The RSPAN VLAN must be configured with the 'remote-span' command on all switches in the network.
D.The RSPAN VLAN must be pruned from all trunk links to avoid unnecessary flooding.
AnswerC

The 'remote-span' command is required on the VLAN to prevent it from being used for normal traffic and to allow it to be flooded across the network.

Why this answer

An RSPAN VLAN is a dedicated VLAN used to carry mirrored traffic from source switches to a destination switch. It must be configured as a remote-span VLAN, and no end devices should be connected to it.

Page 5

Page 6 of 29

Page 7