CCNA Route Maps and Route Filtering Questions

75 of 76 questions · Page 1/2 · Route Maps and Route Filtering · Answers revealed

1
MCQeasy

What is the default maximum hop count for RIP routes in Cisco IOS?

A.15
B.16
C.255
D.10
AnswerA

Correct. 15 is the maximum hop count; 16 is considered infinity.

Why this answer

RIP uses a hop count metric with a maximum of 15 hops; 16 indicates an unreachable route. This is a fundamental loop prevention mechanism.

2
MCQhard

An EIGRP network is experiencing a stuck-in-active (SIA) condition for a route 192.168.1.0/24. R1 has the following configuration: router eigrp 100 network 10.0.0.0 distribute-list prefix PL-FILTER in. R2 shows: 'show ip eigrp topology 192.168.1.0/24' is in active state, and 'show ip eigrp events' shows that R1 sent a query but never received a reply. R1's prefix-list PL-FILTER permits only 10.0.0.0/8. What is the root cause?

A.The distribute-list inbound on R1 filters the EIGRP query for 192.168.1.0/24, preventing R1 from replying and causing SIA on R2.
B.The EIGRP K-values are mismatched between R1 and R2.
C.The route 192.168.1.0/24 is not in R1's topology table, so it cannot reply.
D.The EIGRP timers on R1 are set too high, causing a delay in reply.
AnswerA

EIGRP distribute-lists applied inbound also filter queries. Since the prefix 192.168.1.0/24 is not permitted by PL-FILTER, R1 drops the query and does not send a reply, leaving R2 in active state.

Why this answer

The distribute-list prefix PL-FILTER in on R1 filters incoming routes, but it also affects queries. When R2 sends a query for 192.168.1.0/24, R1 receives it but the distribute-list filters the query (since the prefix is not permitted), so R1 does not process it and does not send a reply. This causes R2 to wait indefinitely for a reply, leading to an SIA condition.

The distribute-list should be applied outbound or should permit the necessary prefixes to allow queries to be processed.

3
Drag & Dropmedium

Drag and drop the steps to verify and validate Route Maps and Route Filtering operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, display the route-map configuration and statistics with show route-map. Second, check which route-map is applied to interfaces or routing protocols using show ip policy. Third, verify the filtered prefixes in the BGP table with show ip bgp.

Fourth, confirm the impact on routing table entries with show ip route. Finally, test connectivity end-to-end using ping or traceroute.

4
MCQhard

A network engineer is troubleshooting a PBR route-map that is supposed to set the next-hop for traffic from a specific source to a different next-hop. The route-map is applied to the incoming interface, and the ACL matches the traffic. However, the engineer notices that the traffic is still being forwarded using the routing table. The engineer checks the route-map and sees that the 'set ip next-hop' command points to an IP address that is not reachable. What is the most likely result?

A.PBR will fall back to the routing table and forward the packet normally.
B.The packet will be dropped because PBR cannot forward it.
C.The router will send an ICMP unreachable message to the source.
D.The route-map will be ignored and all traffic will be dropped.
AnswerA

Correct because PBR uses the routing table if the next-hop is unreachable.

Why this answer

If the next-hop in a PBR set command is not reachable (i.e., not in the routing table), PBR will fall back to the routing table for forwarding. PBR does not drop the packet; it uses the default routing decision.

5
MCQhard

Which BGP attribute is considered 'well-known mandatory' and must be present in all BGP update messages?

A.LOCAL_PREF
B.AS_PATH
C.MED
D.COMMUNITY
AnswerB

Correct. AS_PATH is well-known mandatory.

Why this answer

The AS_PATH attribute is well-known mandatory, meaning it must be included in all BGP updates. Other well-known mandatory attributes include NEXT_HOP and ORIGIN.

6
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip ospf database OSPF Router with ID (10.1.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.1.1.1 10.1.1.1 100 0x80000001 0x00A0B0 1 10.2.2.2 10.2.2.2 200 0x80000003 0x00C0D0 2 Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 10.1.1.2 10.1.1.2 150 0x80000001 0x00E0F0 R1# show ip route ospf 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O 10.2.2.0/24 [110/20] via 10.1.1.2, 00:10:00, FastEthernet0/0 Based on this output, what is a likely issue?

A.A route-map is filtering OSPF routes, causing only one route to be installed.
B.OSPF is not running on any interface.
C.The router ID is misconfigured.
D.The area is not configured correctly.
AnswerA

The database has more routes than the routing table, indicating filtering.

Why this answer

The OSPF database shows two routers and a net link, but only one OSPF route is in the routing table. This could be due to a route-map filtering OSPF routes. The correct answer is that a route-map may be filtering some OSPF routes from being installed.

7
Multi-Selectmedium

Which TWO statements about route-maps used for route filtering are true? (Choose TWO.)

Select 2 answers
A.A route-map with a 'deny' statement will drop the route if the match conditions are met.
B.If a route does not match any sequence in a route-map, it is implicitly denied.
C.The 'continue' clause forces the route-map to evaluate the next sequence number.
D.Route-maps can only be applied to BGP neighbors.
E.The sequence numbers in a route-map are evaluated in descending order.
AnswersA, B

A deny statement explicitly denies the route when the match conditions are satisfied.

Why this answer

Route-maps permit or deny routes based on match conditions, and an implicit deny all exists at the end. If no match is found, the route is denied. The sequence number determines the order of evaluation; lower numbers are processed first.

The 'continue' clause allows jumping to a different sequence, not the next sequence automatically. A route-map can be used with multiple protocols, but it is not protocol-specific by default.

8
MCQmedium

A network engineer runs the following command to troubleshoot a route filtering issue: R1# debug ip bgp updates BGP(0): 10.1.1.2 rcvd UPDATE w/ attr: nexthop 10.1.1.2, origin i, metric 0, path 65001 65002 BGP(0): 10.1.1.2 rcvd UPDATE about 192.168.100.0/24 -- DENIED due to: community no-export; What does this output indicate?

A.The prefix 192.168.100.0/24 is being accepted and installed in the BGP table.
B.The prefix 192.168.100.0/24 is denied because of the no-export community.
C.The prefix 192.168.100.0/24 is denied because of an AS_PATH filter.
D.The prefix 192.168.100.0/24 is accepted but not advertised to any neighbor.
AnswerB

The debug output explicitly shows that the update is denied due to the no-export community.

Why this answer

The debug output shows that BGP received an update for prefix 192.168.100.0/24 from neighbor 10.1.1.2, but the update was denied because the prefix has the community 'no-export'. This indicates that an inbound route-map or filter is configured to deny routes with the no-export community.

9
MCQhard

An enterprise is using CoPP to protect the control plane. R1 has the following configuration: access-list 100 permit udp any any eq 179 class-map match-any BGP match access-group 100 policy-map COPP class BGP police 100000 20000 conform-action transmit exceed-action drop. Router R2 shows: 'show ip bgp summary' indicates the BGP session to R1 is flapping every 30 seconds. R1's 'show policy-map control-plane' shows drops for class BGP. What is the root cause?

A.The CoPP policy is rate-limiting BGP traffic too aggressively, causing BGP packets to be dropped and the session to flap.
B.The ACL in the class-map uses UDP instead of TCP, so it does not match BGP traffic, and the drops are from another protocol.
C.The police rate is set too high, causing the router to drop all BGP traffic.
D.The class-map is not applied to the control-plane, so the policy has no effect.
AnswerA, B

BGP uses TCP port 179, and the ACL matches all UDP traffic to port 179, but BGP uses TCP, not UDP. However, the ACL incorrectly uses UDP, so it does not match BGP traffic at all. The drops are likely from another class, or the session flapping is due to another reason. Wait, the ACL uses UDP, so it does not match BGP (TCP). The correct answer should be that the ACL is misconfigured.

Why this answer

CoPP is rate-limiting BGP traffic (TCP port 179) to 100 kbps with a burst of 20 kbps. BGP keepalives and updates can exceed this rate, especially if there are many prefixes or if the session is flapping. The drops cause BGP packets to be lost, leading to hold timer expiry and session flapping.

The root cause is that the police rate is too low for the BGP traffic volume. The correct fix is to increase the police rate or add a more specific match to only rate-limit certain BGP packets.

10
Multi-Selecthard

Which THREE commands can be used to verify the effects of a route-map applied to a BGP neighbor for outbound route filtering? (Choose THREE.)

Select 3 answers
A.show ip bgp neighbor X.X.X.X advertised-routes
B.show route-map
C.show ip bgp
D.show ip bgp neighbors
E.show ip prefix-list
AnswersA, B, C

Correct. This shows the routes actually advertised to the neighbor, reflecting the outbound route-map filtering.

Why this answer

To verify outbound route-map filtering on a BGP neighbor, you can check the route-map itself, the BGP table for routes that should be filtered, and the neighbor's advertised routes. show ip bgp neighbor advertised-routes shows what the router is actually sending. show route-map displays the route-map configuration and match counts. show ip bgp shows the BGP table with path attributes. show ip bgp neighbors displays neighbor information but not the filtered routes. show ip prefix-list shows prefix-list entries but not the route-map application.

11
MCQhard

A network engineer runs the following command on Router R1: R1# show ip route vrf CUSTOMER_A Routing Table: CUSTOMER_A Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks B 10.10.10.0/24 [200/0] via 192.168.1.2, 00:10:00 B 10.20.20.0/24 [200/0] via 192.168.1.2, 00:10:00 R1# show ip bgp vpnv4 vrf CUSTOMER_A BGP table version is 6, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf CUSTOMER_A) *> 10.10.10.0/24 192.168.1.2 0 0 65001 i *> 10.20.20.0/24 192.168.1.2 0 0 65001 i *> 10.30.30.0/24 192.168.1.2 0 0 65001 i Based on this output, what is the likely issue?

A.A route-map is filtering the route 10.30.30.0/24 from the VRF routing table.
B.The VRF is not properly configured.
C.The BGP session is down.
D.The route distinguisher is misconfigured.
AnswerA

BGP table has three routes, but routing table only has two, indicating filtering.

Why this answer

The VRF routing table shows only two routes, but the BGP table shows three routes for the VRF. This indicates that a route-map is filtering one of the routes from being installed in the routing table. The correct answer is that a route-map is filtering the route 10.30.30.0/24.

12
MCQmedium

A network engineer runs the following command to verify CoPP (Control Plane Policing) with route-maps: R1# show policy-map control-plane input class class-default Control Plane Service-policy input: CoPP Class-map: class-default (match-any) 12234 packets, 1234567 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: any police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 12234 packets, 1234567 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop What does this output indicate?

A.The CoPP policy is dropping all traffic because the CIR is too low.
B.The CoPP policy is allowing all traffic and not dropping any packets.
C.The CoPP policy is only matching specific traffic classes.
D.The CoPP policy is not applied to the control plane.
AnswerB

All packets have conformed to the police rate and have been transmitted, with no drops.

Why this answer

The output shows the CoPP policy applied to the control plane. The class-default matches all traffic and polices it at 8000 bps. All packets have conformed and been transmitted, with no drops.

This indicates that the CoPP policy is working and not dropping any traffic.

13
MCQmedium

Consider the following configuration on router R2: !--- R2 configuration ip prefix-list FILTER seq 5 deny 10.1.0.0/16 le 24 ip prefix-list FILTER seq 10 permit 0.0.0.0/0 le 32 ! route-map BGP-IN permit 10 match ip address prefix-list FILTER ! router bgp 65000 neighbor 192.168.1.1 route-map BGP-IN in ! What is the effect of this configuration?

A.All routes from neighbor 192.168.1.1 are accepted; the prefix-list is not applied correctly because the route-map only has a permit sequence.
B.Routes within 10.1.0.0/16 with mask length 24 or shorter are denied; all other routes are permitted.
C.Only routes with mask length exactly 24 are denied; all other routes are permitted.
D.The configuration is incomplete; a route-map must have a deny statement to filter routes.
AnswerB

Correct. The prefix-list denies 10.1.0.0/16 le 24, which includes /16 to /24 subnets; all other prefixes are permitted.

Why this answer

The prefix-list FILTER denies any prefix within 10.1.0.0/16 with a mask length less than or equal to 24 (i.e., 10.1.0.0/16 through 10.1.255.0/24). The permit statement allows all other prefixes. The route-map BGP-IN calls this prefix-list; since there is only one permit sequence, routes that match the deny statement in the prefix-list are implicitly denied by the route-map.

Therefore, routes like 10.1.0.0/16, 10.1.1.0/24, etc., are filtered out.

14
MCQhard

A network engineer is troubleshooting reachability issues in a VRF-lite environment. R1 has the following configuration: ip vrf BLUE rd 100:1 route-target export 100:1 route-target import 100:1. R2 has: ip vrf BLUE rd 100:2 route-target export 100:2 route-target import 100:2. Both routers are connected via a link in the global routing table and are running OSPF in the VRF. R1 shows: 'show ip route vrf BLUE' has a route to 10.1.1.0/24 via OSPF, but R2 shows: 'show ip route vrf BLUE' does not have this route. What is the root cause?

A.The route-target export on R1 (100:1) does not match the route-target import on R2 (100:2), so R2 does not import routes from R1.
B.The OSPF process on R1 is not configured with the 'vrf BLUE' keyword.
C.The link between R1 and R2 is not in the VRF, so OSPF cannot form adjacency.
D.The route 10.1.1.0/24 is being filtered by a distribute-list in OSPF.
AnswerA

VRF-lite relies on route-target matching for route import/export. Since the RTs differ, R2 does not import any routes from R1, even though OSPF is running in the VRF. OSPF only propagates routes within the same VRF, not between VRFs.

Why this answer

In VRF-lite, route leaking between VRFs is not automatic; it requires explicit configuration using route-map or VRF import/export policies. The RT values on R1 and R2 are different (100:1 vs 100:2), so even if OSPF is running within the VRF, routes are not shared because the route-target import/export do not match. OSPF in a VRF only propagates routes within the same VRF; it does not automatically leak routes to other VRFs.

The correct configuration would be to either use the same RT on both routers or configure a route-map to leak routes.

15
MCQmedium

Examine the following configuration on R6: !--- R6 configuration route-map FILTER deny 10 match tag 50 ! route-map FILTER permit 20 ! router eigrp 200 distribute-list route-map FILTER in ! What is the effect of this configuration?

A.All routes with tag 50 are denied; all other routes are permitted.
B.Routes with tag 50 are permitted; all other routes are denied.
C.The distribute-list is applied only to the first interface; routes with tag 50 are filtered on that interface.
D.The configuration is invalid because route-maps cannot be used with distribute-list in EIGRP.
AnswerA

Correct. Sequence 10 denies routes with tag 50; sequence 20 permits everything else.

Why this answer

The distribute-list route-map FILTER in is applied to EIGRP updates received on all interfaces (since no interface is specified). Sequence 10 denies any route with tag 50. Sequence 20 permits all other routes.

Therefore, routes with tag 50 are filtered out (not installed in the routing table), while all other routes are accepted.

16
MCQhard

A network engineer is troubleshooting a route filtering problem with prefix-lists. Router R6 is using a prefix-list to filter routes from a BGP neighbor. The prefix-list is configured to permit only 192.168.0.0/16 and 192.168.1.0/24, but routes with prefix 192.168.2.0/24 are also being accepted. The engineer checks the prefix-list configuration and sees only two permit statements. What is the most likely cause?

A.The prefix-list is not applied to the BGP neighbor; the neighbor is using a different filter or no filter.
B.The prefix-list has an implicit permit at the end for all routes.
C.The prefix-list is using 'ge 24' which permits any prefix with a mask >= 24, including 192.168.2.0/24.
D.The BGP neighbor is configured with 'soft-reconfiguration inbound' which overrides prefix-list filtering.
AnswerA

Correct because if the prefix-list is not applied, no filtering occurs.

Why this answer

Prefix-lists have an implicit deny at the end, but if the prefix-list is not applied correctly (e.g., to the neighbor inbound direction), or if the prefix-list has a 'ge' or 'le' operator that is too broad, it could permit more than intended. However, the most common issue is that the prefix-list is not applied at all, or the neighbor is using a different filter.

17
MCQmedium

Consider the following configuration on R5: !--- R5 configuration ip prefix-list PL-2 seq 5 permit 10.0.0.0/8 ge 16 le 24 ! route-map RMAP permit 10 match ip address prefix-list PL-2 set community 100:100 ! router bgp 65200 neighbor 192.168.1.2 route-map RMAP out ! What is the effect of this configuration?

A.Only routes with prefix 10.0.0.0/8 and mask length between 16 and 24 are sent to neighbor with community 100:100.
B.All routes with prefix 10.0.0.0/8 are sent to neighbor; routes with mask length between 16 and 24 get community 100:100.
C.Routes that match the prefix-list are sent with community 100:100; all other routes are sent without any community.
D.The configuration is invalid because the prefix-list uses ge and le together; only one can be used.
AnswerA

Correct. The prefix-list permits 10.0.0.0/8 ge 16 le 24; matching routes get community set and are advertised.

Why this answer

The prefix-list PL-2 permits prefixes that match 10.0.0.0/8 with a mask length greater than or equal to 16 and less than or equal to 24. So, for example, 10.1.0.0/16, 10.1.1.0/24 are permitted, but 10.0.0.0/8 itself (mask 8) is not. The route-map RMAP sets community 100:100 on matching routes.

Routes that do not match the prefix-list are not processed by this route-map (since there is only one sequence), so they are denied (not sent to neighbor).

18
MCQmedium

Examine the following partial configuration on R1: !--- R1 configuration route-map RMAP permit 10 match ip address prefix-list PL-1 set metric 100 ! route-map RMAP permit 20 set metric 200 ! router eigrp 100 network 10.0.0.0 redistribute ospf 1 metric 1000 100 255 1 1500 route-map RMAP ! What is the effect of this configuration?

A.Only routes matching prefix-list PL-1 are redistributed into EIGRP with metric 100; all other OSPF routes are denied.
B.Routes matching prefix-list PL-1 are redistributed with metric 100; all other OSPF routes are redistributed with metric 200.
C.The route-map is missing a deny statement; without it, all routes are permitted with default metric.
D.The route-map is applied to redistribution, but the metric values are ignored because redistribute command also specifies metric.
AnswerB

Correct. Sequence 10 matches PL-1 and sets metric 100; sequence 20 matches all other routes and sets metric 200.

Why this answer

The route-map RMAP has two permit sequences. The first matches prefix-list PL-1 and sets metric to 100. The second is a catch-all permit with no match, setting metric to 200.

All redistributed OSPF routes will match either sequence and have their metric set accordingly. If a route matches the first sequence, its metric is set to 100; otherwise, it matches the second and gets metric 200. There is no deny sequence, so no routes are filtered.

19
MCQhard

A network engineer runs the following command on Router R1: R1# show bgp ipv4 unicast 10.10.10.0/24 BGP routing table entry for 10.10.10.0/24, version 5 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local 10.1.1.2 from 10.1.1.2 (10.2.2.2) Origin IGP, metric 0, localpref 100, valid, external, best rx pathid: 0, tx pathid: 0x0 (received-only) Based on this output, what does the "(received-only)" flag indicate?

A.The route is received but not installed in the routing table, likely due to a route-map filtering.
B.The route is best and installed in the routing table.
C.The route is suppressed by a route-map.
D.The route is being advertised to neighbors.
AnswerA

The received-only flag means the route is not used, often due to filtering.

Why this answer

The "(received-only)" flag indicates that the route was received from a neighbor but is not installed in the routing table, often due to a route-map filtering or a prefix-list. The correct answer is that a route-map is likely filtering this route from being installed.

20
MCQhard

An OSPF network is experiencing routing loops between two routers. R1 has the following configuration: interface GigabitEthernet0/0 ip address 10.1.1.1 255.255.255.0 ip ospf network point-to-point. R2 has: interface GigabitEthernet0/0 ip address 10.1.1.2 255.255.255.0 ip ospf network broadcast. Both routers are in area 0. R1 shows: 'show ip ospf neighbor' lists R2 as FULL/DR, but R2 shows R1 as FULL/DROTHER. Traffic between two subnets behind each router is looping. What is the root cause?

A.The OSPF network type mismatch causes both routers to become DR/BDR, leading to incorrect LSA generation and routing loops.
B.The IP addresses are on the same subnet, but the OSPF cost is set differently, causing unequal cost load balancing.
C.The OSPF hello and dead intervals are mismatched due to the network type, causing the adjacency to flap.
D.The OSPF area is misconfigured; one router is in a different area.
AnswerA

R1's point-to-point configuration means it does not participate in DR election, so R2 becomes DR. R1 treats the link as a point-to-point link and may not advertise the correct type 2 LSA, while R2 advertises a type 2 LSA. This mismatch can cause R1 to learn routes via R2 and R2 to learn routes via R1, creating a loop.

Why this answer

OSPF network type mismatch on a multi-access link can cause adjacency issues. R1 is configured as point-to-point, which does not participate in DR/BDR election and expects a point-to-point link. R2 is configured as broadcast, which expects a DR/BDR election.

This mismatch can cause both routers to form an adjacency (since OSPF still works), but they have different views of the network. R1 thinks the link is point-to-point and does not expect a DR, so it may advertise the link as a stub network or with different metrics. R2 thinks it is the DR (since R1 is not participating in election), and it advertises the link as a transit network.

This inconsistency can cause routing loops because R1 may advertise a route via R2, and R2 may advertise the same route via R1, creating a loop. The correct fix is to match the network type on both ends.

21
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 192.168.1.2 advertised-routes BGP table version is 14, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.10.10.0/24 192.168.1.2 0 0 65001 i *> 10.20.20.0/24 192.168.1.2 0 0 65001 i Total number of prefixes 2 Based on this output, what is a likely issue?

A.The neighbor 192.168.1.2 is not receiving all routes because a route-map is filtering them.
B.The BGP session is down because there are no prefixes advertised.
C.The router is not receiving updates from its peers.
D.The prefix-list is misconfigured and blocking all routes.
AnswerA

Only two prefixes are advertised; a route-map applied to the neighbor could be restricting the advertisement.

Why this answer

The output shows only two prefixes advertised to the neighbor, but the network likely has more routes. The route-map applied to the neighbor may be filtering routes. The correct answer identifies that a route-map is likely filtering out other prefixes.

22
MCQhard

An engineer configures a route map to filter BGP routes based on AS-path using a regex. The route map is applied inbound to an eBGP neighbor. The engineer notices that routes with an AS-path containing the neighbor's AS are still being accepted. Which is the most likely explanation?

A.The AS-path is prepended with the local AS before the inbound route map is applied, so the regex does not match the original AS-path.
B.The route map is applied outbound instead of inbound.
C.The regex is incorrect; it should use _AS_ to match the AS number.
D.The neighbor is configured with 'send-community' which overrides the route map.
AnswerA

eBGP prepends the local AS before route map processing; the route map sees the modified path.

Why this answer

When an eBGP route is received, the router prepends its own AS to the AS-path before the route map is applied. Therefore, if the route map is trying to match the neighbor's AS in the AS-path, it will fail because the neighbor's AS is now the first AS in the path. The edge case is that the AS-path is modified before the route map is processed.

23
MCQhard

A large enterprise network is experiencing intermittent connectivity between Site A (R1) and Site B (R2) over an MPLS L3VPN. R1 has the following relevant configuration: route-map RMAP-IN permit 10 match ip address prefix-list PL-ALLOW set extcommunity rt 100:1. Router R2 shows: 'show bgp vpnv4 unicast all neighbors 10.1.1.1 received-routes' lists only the default route, but 'show ip route vrf CUSTOMER' shows no default route. What is the root cause?

A.The route-map RMAP-IN is missing a permit statement for other prefixes, causing implicit deny of all routes except the default.
B.The prefix-list PL-ALLOW is misconfigured and does not match the default route correctly.
C.The VRF CUSTOMER on R1 is missing the route-target import 100:1 command.
D.The BGP session between R1 and R2 is flapping due to a mismatch in the BGP update-source.
AnswerA

The route-map has only one permit sequence matching the default route, so all other VPNv4 routes are denied by the implicit deny at the end of the route-map. This prevents R1 from receiving routes for other prefixes.

Why this answer

The route-map RMAP-IN on R1 is configured to set the route-target extended community (RT) on incoming BGP VPNv4 routes. However, the route-map is applied inbound on the BGP session, which means it modifies routes received from R2. The match condition uses prefix-list PL-ALLOW, which likely permits only the default route.

The set extcommunity rt 100:1 command overwrites or adds the RT, but if the route-map does not explicitly permit other routes (e.g., via a subsequent permit statement), those routes are denied by the implicit deny at the end of the route-map. This causes R1 to reject all routes except the default, but the default route may not be installed in the VRF due to missing RT matching or other VRF configuration issues. The correct fix is to add a permit statement for all necessary prefixes or remove the route-map from the neighbor statement.

24
MCQmedium

A network engineer is troubleshooting a BGP route-map that is supposed to prepend AS-path to routes from a specific neighbor. The engineer configures a route-map with 'set as-path prepend 65001' and applies it outbound to the neighbor. After the configuration, the engineer checks the BGP table on the neighbor and sees that the AS-path does not include the prepended AS. What is the most likely cause?

A.The route-map is missing a 'match' statement; without it, the set command is not applied to any routes.
B.The AS 65001 is the same as the neighbor's AS, so BGP ignores the prepend.
C.The route-map is applied inbound instead of outbound.
D.The neighbor has 'soft-reconfiguration inbound' which prevents AS-path changes.
AnswerA

Correct because a route-map without a match statement will not match any routes, so the set command is not executed.

Why this answer

The 'set as-path prepend' command must be used with 'ip as-path access-list' or in a route-map, but the route-map must be applied in the correct direction. If the route-map is applied outbound, it modifies the AS-path before sending. However, if the neighbor is an eBGP neighbor, the router will not prepend its own AS unless the AS is different from the neighbor's AS.

Also, the route-map must have a 'match' statement that matches the routes.

25
MCQhard

An engineer configures a DMVPN Phase 2 network. Spoke routers are configured with a route map that sets the next-hop to the tunnel interface for routes learned from the hub. This is intended to allow spoke-to-spoke direct communication. However, spoke-to-spoke traffic still goes through the hub. Which is the most likely explanation?

A.The route map is applied on the spoke router inbound from the hub, but it should be applied on the hub router outbound to the spokes.
B.The route map uses a prefix-list that does not match the spoke's subnet.
C.The spoke routers have NHRP authentication mismatch, preventing direct communication.
D.The tunnel mode is mGRE on the spokes, which does not support spoke-to-spoke.
AnswerA

The hub must set the next-hop to the remote spoke's tunnel IP; the spoke cannot change the next-hop for routes received from the hub.

Why this answer

In DMVPN Phase 2, spoke-to-spoke direct communication requires that the spoke routers have a route with the next-hop set to the tunnel interface of the remote spoke. However, if the route map is applied inbound on the spoke from the hub, it sets the next-hop to the hub's tunnel interface, not the remote spoke. The correct approach is to use a route map on the hub that sets the next-hop to the spoke's tunnel IP when advertising routes, or to use the 'next-hop-self' command incorrectly.

The edge case is that the route map is applied on the spoke, not the hub.

26
MCQmedium

In Cisco IOS-XE, what is the default behavior of the 'route-map' command when no 'match' or 'set' clauses are configured?

A.It denies all routes by default.
B.It permits all routes and applies no changes.
C.It permits all routes and sets the metric to 0.
D.It denies all routes and logs the action.
AnswerB

Correct. An empty permit route-map matches everything and does nothing.

Why this answer

A route-map without any match or set clauses is a permit statement that matches all routes and performs no modifications. This is a common source of unintended route filtering.

27
MCQhard

A network engineer is troubleshooting suboptimal routing in a DMVPN Phase 2 deployment. Hub router R1 has the following configuration: route-map SET-NEXT-HOP permit 10 match ip address prefix-list SPOKE-NET set ip next-hop 10.0.0.1. Spoke R2 shows: 'show ip route 192.168.1.0' points to the hub (R1) instead of directly to another spoke (R3). R2's NHRP shows 'show dmvpn' with no spoke-to-spoke tunnels established. What is the root cause?

A.The route-map SET-NEXT-HOP incorrectly sets the next-hop to the hub, preventing NHRP from establishing direct spoke-to-spoke tunnels.
B.The prefix-list SPOKE-NET does not include the network 192.168.1.0.
C.The NHRP authentication is mismatched between R2 and R3.
D.The tunnel interface on R2 is not configured with ip nhrp redirect.
AnswerA

By setting the next-hop to the hub, R2 sees R1 as the next-hop for 192.168.1.0, so it does not attempt to build a direct tunnel to R3. NHRP requires the next-hop to be the remote spoke's tunnel IP.

Why this answer

In DMVPN Phase 2, spoke-to-spoke tunnels require that the next-hop in the routing table not be changed to the hub. The route-map SET-NEXT-HOP on R1 is setting the next-hop to the hub's tunnel IP (10.0.0.1) for routes matching SPOKE-NET. This causes spokes to see the hub as the next-hop for other spoke networks, preventing NHRP from triggering a spoke-to-spoke tunnel.

The correct behavior is to not set the next-hop (or set it to itself) so that spokes use the original next-hop (the other spoke's tunnel IP) and NHRP can resolve it.

28
MCQeasy

A network engineer runs the following command to troubleshoot IPsec with route-maps: R1# show crypto ipsec transform-set Transform set combined: { esp-aes 256 esp-sha-hmac } will negotiate = { Transport, } Transform set ESP-AES: { esp-aes 256 esp-sha-hmac } will negotiate = { Tunnel, } What does this output indicate?

A.There are two transform sets configured, one using transport mode and one using tunnel mode.
B.The transform set 'combined' is not valid.
C.IPsec is not configured because no transform set is active.
D.The transform set 'ESP-AES' is used for route-map filtering.
AnswerA

The output shows two transform sets with different modes: transport and tunnel.

Why this answer

The output shows two IPsec transform sets: 'combined' and 'ESP-AES'. The 'combined' set uses transport mode, while 'ESP-AES' uses tunnel mode. This indicates that different transform sets are configured for different purposes.

29
MCQmedium

Which of the following is true regarding the use of prefix-lists versus access-lists for route filtering?

A.Access-lists can match on prefix length using the 'ge' and 'le' keywords.
B.Prefix-lists can match on both network address and prefix length, while access-lists match only on network address.
C.Access-lists are more efficient than prefix-lists for route filtering.
D.Prefix-lists can only be used with BGP, while access-lists can be used with any protocol.
AnswerB

Correct. Prefix-lists can specify both the prefix and a range of prefix lengths.

Why this answer

Prefix-lists are designed specifically for route filtering and can match on prefix length using ge and le operators. Access-lists match on source/destination IP and wildcard mask but do not have the ability to specify prefix length ranges. Prefix-lists are more efficient and flexible for route filtering.

30
MCQeasy

A network engineer runs the following command to verify BGP route filtering: R1# show bgp ipv4 unicast 192.168.1.0/24 BGP routing table entry for 192.168.1.0/24, version 2 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local, (received & used) 10.1.1.2 (metric 20) from 10.1.1.2 (2.2.2.2) Origin IGP, metric 0, localpref 100, valid, internal, best rx pathid: 0, tx pathid: 0x0 Community: no-export What does the 'Community: no-export' indicate?

A.The route will not be advertised to any iBGP peers.
B.The route will not be advertised to any eBGP peers.
C.The route is filtered by an inbound route-map.
D.The route is not installed in the routing table.
AnswerB

The no-export community tells BGP not to advertise the route to any eBGP peers.

Why this answer

The community 'no-export' indicates that this route should not be advertised to any eBGP peers. This is a well-known community that controls route propagation.

31
MCQhard

A network engineer is troubleshooting a redistribution loop between OSPF and EIGRP. Router R7 is redistributing EIGRP routes into OSPF, and also redistributing OSPF routes into EIGRP. The engineer notices that some OSPF routes are appearing in the EIGRP topology table with a higher metric than expected, causing suboptimal routing. What is the most likely cause?

A.Routes are being re-redistributed due to missing route tags; a route-map with 'set tag' should be used to prevent loops.
B.The OSPF process has a 'default-information originate' command that is injecting a default route into EIGRP.
C.The EIGRP process has a 'variance' command that is causing unequal-cost load balancing.
D.The route-map applied to redistribution is missing a 'match tag' statement to filter out redistributed routes.
AnswerA

Correct because route tags allow filtering to prevent redistribution loops.

Why this answer

Redistribution loops can cause routes to be re-injected with different metrics. The most common fix is to use route-maps with tags to prevent re-redistribution. Without proper tagging, routes can loop between the two protocols.

32
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip policy Interface Route-map FastEthernet0/0 PBR_MAP R1# show route-map PBR_MAP route-map PBR_MAP, permit, sequence 10 Match clauses: ip address prefix-list MATCH_HTTP Set clauses: ip next-hop 10.10.10.2 Policy routing matches: 0 packets, 0 bytes Based on this output, what is the most likely problem?

A.The route-map is not being applied to any interface.
B.The prefix-list MATCH_HTTP may not be matching any traffic, causing no policy routing.
C.The next-hop 10.10.10.2 is unreachable.
D.The route-map is configured with the wrong sequence number.
AnswerB

0 packets matched indicates no traffic matches the prefix-list.

Why this answer

The route-map PBR_MAP is applied to FastEthernet0/0 for policy routing, but the match counter shows 0 packets matched. This indicates that either the prefix-list MATCH_HTTP is not matching any traffic, or no traffic is hitting the interface. The correct answer is that the prefix-list may be misconfigured or not matching desired traffic.

33
Drag & Dropmedium

Drag and drop the steps to apply a route-map to filter BGP prefix advertisements into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, define the route-map with a permit or deny clause and match criteria. Second, configure the set actions to modify attributes. Third, apply the route-map to the BGP neighbor using the neighbor route-map command.

Fourth, clear the BGP session to activate the filter. Finally, verify the filtered prefixes using show ip bgp.

34
MCQeasy

What is the default behavior of a route-map when a route does not match any match clause in any sequence?

A.The route is permitted by default.
B.The route is denied by default.
C.The route is processed by the last sequence regardless of match.
D.The route is forwarded to the next route-map if one exists.
AnswerB

Correct. If a route does not match any sequence, it is implicitly denied.

Why this answer

A route-map consists of sequences with permit or deny actions. If a route does not match any match clause in any sequence, it is implicitly denied. This is similar to an access-list: there is an implicit deny at the end of the route-map.

35
MCQhard

An engineer configures IPsec site-to-site VPN with a route map that defines interesting traffic using an extended access list. The VPN tunnel is established, but traffic from the local LAN to the remote LAN is not encrypted. The engineer verifies that the access list matches the traffic correctly. Which is the most likely explanation?

A.The route map must be applied to the crypto map using the 'match ip address' command, but route maps are not supported for crypto maps.
B.The crypto map is applied to the wrong interface; it should be applied to the LAN interface.
C.The IPsec transform set is missing the ESP protocol.
D.The route map uses a prefix-list instead of an access list.
AnswerA

Crypto maps only support access lists for interesting traffic; route maps are not valid.

Why this answer

In IPsec, the crypto map applies to the interface, and the access list defines interesting traffic. However, if the route map is applied to the crypto map, it is not used for interesting traffic; route maps are not supported for defining interesting traffic in crypto maps. The correct method is to use an access list directly in the crypto map.

The edge case is that the engineer mistakenly used a route map instead of an access list.

36
MCQmedium

Examine the following configuration on R3: !--- R3 configuration access-list 10 permit 192.168.0.0 0.0.255.255 access-list 10 deny any ! route-map OSPF-REDIST permit 10 match ip address 10 set metric-type type-1 ! router ospf 1 redistribute eigrp 100 subnets route-map OSPF-REDIST ! What is the effect of this configuration?

A.All EIGRP routes are redistributed into OSPF as type-1 external routes.
B.Only EIGRP routes in the 192.168.0.0/16 range are redistributed into OSPF as type-1 external routes.
C.EIGRP routes in 192.168.0.0/16 are redistributed as type-2 by default; the set metric-type is ignored.
D.The configuration is invalid because the route-map uses an ACL that ends with deny any; a prefix-list must be used instead.
AnswerB

Correct. The ACL permits 192.168.0.0/16; the route-map sets metric-type type-1 for matching routes.

Why this answer

The ACL 10 permits only routes with source IP in the 192.168.0.0/16 range. The route-map OSPF-REDIST matches this ACL and sets the metric type to type-1. Only EIGRP routes that match the ACL (i.e., have a network starting with 192.168.x.x) are redistributed into OSPF as type-1 external routes.

Routes not matching the ACL are denied because the route-map has only one permit sequence and the ACL ends with deny any.

37
Drag & Drophard

Drag and drop the steps to troubleshoot Route Maps and Route Filtering adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by verifying BGP neighbor state with show ip bgp summary. Next, examine the route-map configuration for syntax errors using show route-map. Then, check if the route-map is applied correctly to the neighbor with show running-config.

After that, use debug ip bgp updates to see if prefixes are being filtered. Finally, adjust the route-map sequence or match criteria to resolve the issue.

38
MCQeasy

In OSPF, what is the default hello interval on a point-to-point network type?

A.10 seconds
B.30 seconds
C.5 seconds
D.40 seconds
AnswerA

Correct. Point-to-point and broadcast networks use a 10-second hello interval.

Why this answer

OSPF default hello interval is 10 seconds for broadcast and point-to-point networks, and 30 seconds for NBMA networks. This is defined in RFC 2328.

39
MCQhard

An MPLS network is experiencing label distribution failures. Router R1 (LSR) has the following configuration: mpls ldp neighbor 10.0.0.2 password cisco. Router R2 shows: 'show mpls ldp neighbor' lists R1 as 'Oper Down' with reason 'TCP MD5 authentication failure'. R1's 'show mpls ldp neighbor' shows R2 as 'Oper Down' with the same reason. Both routers have the same password configured. What is the root cause?

A.The LDP neighbor IP address configured on R1 does not match R2's LDP transport address, causing MD5 authentication to fail.
B.The password is not configured globally under 'mpls ldp password' on both routers.
C.The MPLS LDP session is using a different port number, causing authentication to be ignored.
D.The interface between R1 and R2 has 'mpls ip' disabled.
AnswerA

The 'mpls ldp neighbor' command expects the neighbor's LDP transport address (usually the router ID). If R1 uses 10.0.0.2 but R2's transport address is different (e.g., 10.0.0.3), the TCP connection uses a different IP, and MD5 authentication fails because the password is associated with the wrong IP.

Why this answer

LDP uses TCP for session establishment, and MD5 authentication is configured via the 'mpls ldp neighbor' command. However, the password must match on both ends, and the command must specify the correct neighbor IP. If the IP address specified is incorrect (e.g., using a loopback IP instead of the transport address), the authentication will fail.

Additionally, the 'mpls ldp password' command under the interface or global configuration may be required. In this scenario, the root cause is likely that the neighbor IP in the command does not match the actual LDP transport address (e.g., R1 uses 10.0.0.2 but R2's LDP transport address is 10.0.0.3).

40
MCQmedium

In BGP, what is the effect of using a route-map with a set community command but without the additive keyword?

A.The specified community is added to the existing communities.
B.The existing communities are overwritten by the specified community.
C.The community attribute is not modified; the set command is ignored.
D.The route is denied if it already has communities.
AnswerB

Correct. Without additive, set community replaces the community attribute.

Why this answer

When set community is used without the additive keyword, it replaces any existing community attributes on the route with the specified community. With the additive keyword, the specified community is added to the existing communities.

41
MCQeasy

What is the default administrative distance for routes learned via OSPF in Cisco IOS?

A.90
B.100
C.110
D.120
AnswerC

Correct. OSPF uses AD 110 by default.

Why this answer

OSPF has a default administrative distance of 110, as defined in Cisco IOS. This is used for route selection when multiple routing protocols provide the same prefix.

42
Multi-Selecthard

Which THREE symptoms indicate that a route-map applied to a redistribution configuration is not working as intended? (Choose THREE.)

Select 3 answers
A.Routes that should be filtered are still present in the routing table of the receiving router.
B.Routes that are redistributed have an incorrect metric or metric type.
C.After modifying the route-map, the redistributed routes do not change until the route-map is reapplied or the routing process is cleared.
D.Routes have the correct next-hop but an incorrect administrative distance.
E.Routes appear in the routing table with the correct attributes as defined in the route-map.
AnswersA, B, C

This indicates the route-map is not denying the intended routes.

Why this answer

Common symptoms of misconfigured route-maps include missing routes in the routing table, routes with wrong metrics, and no change after modifying the route-map (due to route-map caching or not reapplying). Routes with correct next hops but wrong administrative distance usually indicate a different issue. Routes appearing in the routing table with correct attributes suggest the route-map is working.

43
MCQmedium

Router R4 has the following configuration: !--- R4 configuration route-map SETTAG permit 10 match tag 100 set tag 200 ! route-map SETTAG permit 20 ! router bgp 65100 neighbor 10.0.0.1 route-map SETTAG in ! What is the effect of this configuration?

A.All routes from neighbor 10.0.0.1 are permitted; routes with tag 100 have their tag changed to 200.
B.Routes with tag 100 are denied; all other routes are permitted.
C.Only routes with tag 100 are permitted; all other routes are denied.
D.The route-map is misconfigured because sequence 20 has no match statement; it should have a match any statement.
AnswerA

Correct. Sequence 10 changes the tag for routes with tag 100; sequence 20 permits all others.

Why this answer

The route-map SETTAG has two permit sequences. Sequence 10 matches routes with tag 100 and sets the tag to 200. Sequence 20 is a catch-all permit with no match or set statements.

Routes from neighbor 10.0.0.1 that have tag 100 will have their tag changed to 200; all other routes are permitted unchanged. No routes are filtered.

44
MCQhard

An engineer configures a BGP route reflector with a route map that sets a higher local preference on routes received from a client. The route map is applied to the neighbor statement for the client. Unexpectedly, the route reflector does not reflect the modified local preference to other clients. Which is the most likely explanation?

A.The route map is applied outbound, not inbound, so the local preference is set after the route is reflected.
B.Route reflectors do not modify local preference; only the route reflector itself can set local preference.
C.The route map must be applied to the route reflector's cluster list, not the neighbor.
D.The local preference is overridden by the next-hop-self command.
AnswerA

Outbound route maps affect routes sent to the neighbor, not routes received; reflection happens before outbound processing.

Why this answer

When a route map is applied to a BGP neighbor inbound, it modifies the route before it is installed in the BGP table. However, route reflectors reflect routes based on the best path selection, and if the local preference is set, it should be reflected. The issue is that the route map is applied outbound instead of inbound, or the route map does not explicitly set the local preference before the route is processed.

The most common edge case is that the route map is applied outbound, which does not affect the route before reflection.

45
MCQhard

In EIGRP, what is the default hello timer on a point-to-point interface?

A.5 seconds
B.10 seconds
C.15 seconds
D.60 seconds
AnswerA

Correct. Point-to-point links use a 5-second hello interval by default.

Why this answer

EIGRP uses a default hello interval of 5 seconds on high-speed interfaces (including point-to-point) and 60 seconds on low-speed NBMA interfaces (T1 or slower).

46
Multi-Selectmedium

Which TWO commands can be used to verify the effect of a route-map applied to a BGP neighbor? (Choose TWO.)

Select 2 answers
A.show ip bgp neighbors x.x.x.x advertised-routes
B.show ip bgp neighbors x.x.x.x routes
C.show route-map
D.show ip bgp
E.show ip bgp neighbors x.x.x.x
AnswersA, B

This command shows the routes that are actually advertised to the neighbor after any outbound route-map filtering.

Why this answer

The commands 'show ip bgp neighbors x.x.x.x advertised-routes' and 'show ip bgp neighbors x.x.x.x routes' directly show the routes being sent or received after route-map filtering. 'show route-map' only displays the route-map definition, not its effect on a specific neighbor. 'show ip bgp' displays the BGP table without neighbor-specific filtering context. 'show ip bgp neighbors' alone does not show the filtered routes.

47
MCQhard

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 10.1.1.2 advertised-routes BGP table version is 10, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.10.10.0/24 0.0.0.0 0 32768 i *> 10.20.20.0/24 0.0.0.0 0 32768 i R1# show route-map route-map BLOCK_RFC1918, permit, sequence 10 Match clauses: ip address prefix-list RFC1918 Set clauses: Policy routing matches: 0 packets, 0 bytes route-map BLOCK_RFC1918, deny, sequence 20 Match clauses: Set clauses: Policy routing matches: 0 packets, 0 bytes R1# show ip prefix-list RFC1918 ip prefix-list RFC1918: 3 entries seq 5 deny 10.0.0.0/8 le 32 seq 10 deny 172.16.0.0/12 le 32 seq 15 deny 192.168.0.0/16 le 32 seq 20 permit 0.0.0.0/0 le 32 Based on this output, what is the most likely issue?

A.The route-map BLOCK_RFC1918 is not applied to the BGP neighbor, so RFC 1918 routes are being advertised.
B.The prefix-list RFC1918 is misconfigured and permits all routes.
C.The route-map is applied but the match clause is incorrect.
D.The BGP session is not established.
AnswerA

The prefix-list denies RFC 1918, but the route-map is not applied to the neighbor, so routes are advertised.

Why this answer

The route-map BLOCK_RFC1918 is applied to filter routes, but the advertised routes include 10.10.10.0/24 and 10.20.20.0/24, which are RFC 1918 addresses. The prefix-list RFC1918 should deny these, but the route-map is not being applied to the BGP neighbor, so routes are not filtered. The correct answer is that the route-map is not applied to the BGP neighbor.

48
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip bgp neighbors 192.168.1.2 BGP neighbor is 192.168.1.2, remote AS 65001, external link BGP version 4, remote router ID 10.2.2.2 BGP state = Established, up for 00:15:00 Last read 00:00:05, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is multisession capable Neighbor capabilities: Route refresh: advertised and received(new) Four-octets ASN: advertised and received Address family IPv4 Unicast: advertised and received Enhanced Refresh: advertised Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 10 5 Keepalives: 15 15 Route Refresh: 0 0 Total: 26 21 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast Session: 192.168.1.2 BGP table version 14, neighbor version 14/0 Output queue size : 0 Index 1, Advertise bit 0 1 update-group member Incoming update prefix filter list: FILTER_IN Outgoing update prefix filter list: FILTER_OUT Sent Rcvd Prefixes: 2 2 Updates: 10 5 Based on this output, what is the effect of the prefix lists?

A.The prefix lists FILTER_IN and FILTER_OUT are allowing only 2 prefixes in each direction.
B.The prefix lists are blocking all prefixes.
C.The prefix lists are not applied because the session is established.
D.The prefix lists are misconfigured and causing route flapping.
AnswerA

The counters show 2 prefixes sent and received, matching the filter lists.

Why this answer

The output shows that incoming and outgoing prefix filters (FILTER_IN and FILTER_OUT) are applied. The prefixes sent and received are both 2, indicating that the filters are allowing exactly 2 prefixes in each direction. The correct answer is that the prefix lists are filtering routes to only 2 prefixes.

49
MCQhard

An engineer configures a route map to filter OSPF routes using a distribute-list in OSPF process 1. The distribute-list references a prefix-list that permits only the 10.0.0.0/8 network. After applying the distribute-list in, the engineer notices that the OSPF neighbor state remains stuck in EXSTART/EXCHANGE. Which is the most likely explanation?

A.The distribute-list is applied incorrectly; it should be applied out instead of in.
B.The distribute-list filters LSAs during the exchange, causing the neighbor to be stuck.
C.There is an MTU mismatch between the OSPF neighbors, preventing the exchange of Database Description packets.
D.The prefix-list is misconfigured; it should permit 10.0.0.0/8 with a ge 24 operator.
AnswerC

MTU mismatch causes OSPF to get stuck in EXSTART/EXCHANGE because DBD packets are dropped.

Why this answer

OSPF distribute-list in only filters routes in the routing table, not LSAs. It does not affect the exchange of LSAs during adjacency formation. The adjacency stall is unrelated to the distribute-list; the issue is likely an MTU mismatch between the interfaces.

50
MCQhard

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface connected to a service provider. The router has a default route pointing to the ISP. Traffic from the ISP is being dropped by uRPF. Which is the most likely explanation?

A.Strict mode uRPF does not use the default route for verification unless the 'allow-default' option is enabled.
B.The interface is configured with the wrong IP address, causing uRPF to fail.
C.uRPF should be configured in loose mode to work with default routes.
D.The router has multiple default routes, causing uRPF to fail.
AnswerA

By default, strict mode ignores default routes; 'allow-default' includes them.

Why this answer

Strict mode uRPF checks that the source IP of incoming packets has a matching route in the routing table that points back to the same interface. If the router has a default route, it may not match the specific source IP, causing drops. However, the edge case is that the default route is not considered by strict mode unless the 'allow-default' option is configured.

Without 'allow-default', strict mode requires a specific route back to the interface.

51
MCQhard

An engineer configures Control Plane Policing (CoPP) with a policy map that includes a class-map matching BGP traffic. The policy map has a 'police' action that sets the rate-limit in bps. After applying the policy to the control plane, BGP sessions start flapping. Which is the most likely explanation?

A.The police rate is configured in bps, but BGP keepalives are small packets; pps should be used to avoid dropping.
B.The class-map matches BGP traffic incorrectly; it should match on protocol BGP.
C.The policy map is applied to the control plane inbound, but BGP packets are sent outbound.
D.The default class is not configured, causing all other traffic to be dropped.
AnswerA

bps rate-limit can drop many small packets; pps is recommended for control plane traffic.

Why this answer

CoPP rate-limits are often configured in bps by default, but for control plane traffic, pps (packets per second) is more appropriate. If the rate-limit is set in bps, it may be too low for BGP keepalive packets, which are small. The edge case is that the engineer used bps instead of pps, causing the policer to drop BGP packets.

52
MCQmedium

A network engineer runs the following command to verify MPLS LDP route filtering: R1# show mpls ldp bindings 192.168.10.0 255.255.255.0 lib entry: 192.168.10.0/24, rev 6 local binding: label: 21 remote binding: lsr: 2.2.2.2:0, label: 22 remote binding: lsr: 3.3.3.3:0, label: 23 What does this output indicate?

A.The prefix 192.168.10.0/24 has a local label of 21 and remote labels from two neighbors.
B.The prefix 192.168.10.0/24 is being filtered by a route-map.
C.The LDP session with 2.2.2.2 is down.
D.The prefix 192.168.10.0/24 is not in the routing table.
AnswerA

The output clearly shows the local binding label 21 and two remote bindings with labels 22 and 23.

Why this answer

The output shows the MPLS LDP label bindings for prefix 192.168.10.0/24. The local label is 21, and remote labels from two LSRs (2.2.2.2 and 3.3.3.3) are 22 and 23 respectively. This indicates that the prefix is known in the MPLS network and labels have been assigned.

53
MCQhard

A network administrator is troubleshooting BGP path selection for a dual-homed enterprise. Router R1 (AS 65001) has the following configuration: route-map SET-LOCAL-PREF permit 10 match ip address prefix-list PREFER set local-preference 200. Router R2 (AS 65002) shows: 'show bgp ipv4 unicast 10.1.1.0' has two paths: one via R1 with local pref 200, and one via R3 with local pref 100. However, 'show ip route 10.1.1.0' on R2 shows the path via R3 is installed. What is the root cause?

A.The route-map SET-LOCAL-PREF is applied outbound on R1 instead of inbound on R2, so R2 does not receive the modified local preference.
B.The prefix-list PREFER is missing a permit statement for 10.1.1.0/24.
C.The route via R3 has a lower MED value, overriding local preference.
D.The route via R1 is not synchronized with IGP, causing it to be considered invalid.
AnswerA

Local preference is a well-known mandatory attribute that is not passed between ASes. If the route-map is applied outbound on R1, it sets local preference in R1's BGP table, but when the route is sent to R2, the local preference is reset to 100 (default) because it is not sent in eBGP updates. R2 sees the path via R1 with local pref 100, not 200.

Why this answer

BGP path selection compares local preference first, so the path with local pref 200 should be preferred. However, if the route-map SET-LOCAL-PREF is applied inbound on R2 from R1, but the prefix-list PREFER does not match the route (e.g., incorrect prefix or mask), then the local preference is not set, and the default local preference (100) applies. The show bgp output shows local pref 200 for the path via R1, which suggests the route-map is applied correctly, but the route may be received from R1 with a different attribute (e.g., a higher MED or longer AS path) that overrides local preference after the fact.

Alternatively, if the route-map is applied outbound on R1, it would not affect R2's path selection. The root cause is that the route-map is applied on the wrong neighbor or direction.

54
MCQhard

A network engineer runs the following command on Router R1: R1# show ip eigrp topology 10.10.10.0/24 IP-EIGRP (AS 100): Topology entry for 10.10.10.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 131072 Routing Descriptor Blocks: 10.1.1.2 (FastEthernet0/0), from 10.1.1.2, Send flag is 0x0 Composite metric is (131072/128256), Route is Internal Vector metric: Minimum bandwidth is 10000 Kbit Total delay is 100 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 R1# show ip route 10.10.10.0 Routing entry for 10.10.10.0/24 Known via "eigrp 100", distance 90, metric 131072, type internal Last update from 10.1.1.2 on FastEthernet0/0, 00:00:12 ago Routing Descriptor Blocks: * 10.1.1.2, from 10.1.1.2, 00:00:12 ago, via FastEthernet0/0 Route metric is 131072, traffic share count is 1 R1# show ip eigrp interfaces Interface Peers Xmit Queue Mean Pacing Time Multicast Pending Un/Reliable SRTT Un/Reliable Flow Timer Routes Fa0/0 1 0/0 10 0/10 50 0 Fa0/1 0 0/0 0 0/10 50 0 Based on this output, what is a likely issue?

A.EIGRP neighbor on FastEthernet0/1 is not forming due to a route-map filtering updates.
B.The route 10.10.10.0/24 is not in the routing table.
C.The EIGRP process is not running.
D.The metric is too high for the route to be installed.
AnswerA

FastEthernet0/1 has 0 peers, indicating no neighbor; a route-map could be blocking hello packets or updates.

Why this answer

The route is in the topology table and routing table, but the interface FastEthernet0/1 has 0 peers. This suggests that a route-map filtering EIGRP updates on FastEthernet0/1 may be preventing neighbor formation or route advertisement. The correct answer is that a route-map may be filtering EIGRP updates on FastEthernet0/1.

55
Multi-Selecthard

Which TWO statements about the behavior of route-map sequence numbers and the "continue" clause in Cisco IOS are true? (Choose TWO.)

Select 2 answers
A.A route-map sequence with no match command matches all routes and applies any set commands.
B.The continue clause can cause evaluation to jump to a lower sequence number.
C.If a route does not match any sequence, it is permitted by default.
D.When a route matches a sequence with a continue clause, the continue is processed before any set commands in that sequence.
E.The continue clause allows a route to be evaluated by a later sequence even if the current sequence matches and applies set actions.
AnswersA, E

Correct. If no match command is configured, the sequence matches all routes by default.

Why this answer

The continue clause allows a route-map to jump to a later sequence after a match, but not to an earlier one. If a sequence does not have a match statement, it matches all routes by default. The default action for an unmatched route is to deny (implicit deny).

The continue clause is processed only if the current sequence matches and the set actions are applied; it does not skip the current sequence's processing. Sequence numbers are evaluated in ascending order, and the first match wins.

56
MCQhard

What is the default maximum number of paths that BGP can install in the routing table using the 'maximum-paths' command in Cisco IOS?

A.1
B.2
C.4
D.6
AnswerA

Correct. BGP defaults to a single path unless explicitly configured otherwise.

Why this answer

By default, BGP installs only one best path (maximum-paths 1). This can be increased to allow load balancing, but the default is 1.

57
MCQmedium

A network engineer runs the following command to verify redistribution with route-maps: R1# show ip route 10.10.10.0 255.255.255.0 Routing entry for 10.10.10.0/24 Known via "eigrp 100", distance 170, metric 2560002816 Tag 100, type internal Last update from 10.1.1.2 on GigabitEthernet0/0, 00:00:45 ago Routing Descriptor Blocks: * 10.1.1.2, from 10.1.1.2, 00:00:45 ago, via GigabitEthernet0/0 Route metric is 2560002816, traffic share count is 1 Total delay is 2000 microseconds, minimum bandwidth is 100000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 What does the 'Tag 100' indicate?

A.The route was originated by EIGRP autonomous system 100.
B.The route has a tag of 100, likely set by a route-map during redistribution.
C.The route is internal to EIGRP and has a metric of 100.
D.The route is from a BGP AS 100.
AnswerB

The 'Tag 100' is a route tag, commonly set by a route-map to mark routes for filtering or administrative purposes.

Why this answer

The 'Tag 100' indicates that a route-map applied during redistribution set the tag to 100. Route tags are often used for filtering or administrative purposes during redistribution.

58
MCQhard

An engineer configures EIGRP named mode with an offset-list applied to the EIGRP topology table. The offset-list increases the metric of a route learned from a neighbor. However, the route is still used as the successor even though the offset-list increased its metric above the feasible distance (FD) of another route. Which is the most likely explanation?

A.The offset-list is applied to the wrong interface; it must be applied to the outgoing interface.
B.The offset-list only affects the advertised distance (AD), not the feasible distance (FD).
C.The offset-list is applied in classic mode, but the router is running named mode.
D.The offset-list value is too small to change the successor; a larger value is needed.
AnswerB

Offset-list modifies the metric of the route but does not update the FD, which is the metric of the best path at the time of learning.

Why this answer

In EIGRP named mode, the offset-list is applied to the route's metric in the topology table, but it does not affect the feasible distance (FD) calculation. The FD is computed from the original metric before the offset. The successor is chosen based on the FD, not the offset metric, so the route remains the successor.

59
MCQmedium

A network engineer runs the following command to troubleshoot OSPF route filtering: R1# show ip ospf database router 2.2.2.2 OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) LS age: 300 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 2.2.2.2 Advertising Router: 2.2.2.2 LS Seq Number: 80000004 Checksum: 0x1234 Length: 48 Number of Links: 2 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.1.1.0 (Link Data) Network Mask: 255.255.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.1.2 (Link Data) Router Interface address: 10.1.1.1 Number of TOS metrics: 0 TOS 0 Metrics: 10 What does this output indicate?

A.Router 2.2.2.2 is advertising two links, one of which is a stub network 10.1.1.0/24.
B.Router 2.2.2.2 is filtering routes from area 0.
C.Router 2.2.2.2 is a DR for the transit network.
D.Router 2.2.2.2 has a mismatched area ID.
AnswerA

The LSA shows two links: a stub network and a transit network. The stub network is 10.1.1.0/24.

Why this answer

The output shows the OSPF router LSA from router 2.2.2.2. It lists two links: one stub network (10.1.1.0/24) and one transit network (via DR 10.1.1.2). This is normal OSPF operation.

60
MCQmedium

A network engineer is troubleshooting a BGP route filtering issue. Router R1 is advertising a prefix 10.1.1.0/24 to its eBGP neighbor R2, but R2 is not receiving it. The engineer checks R1's BGP configuration and sees a route-map named FILTER-OUT applied outbound to the neighbor. The route-map references an ACL that permits 10.1.1.0/24, but the prefix is still not being sent. What is the most likely cause?

A.The route-map is missing a 'permit' statement; the default action is deny.
B.The ACL is using the wrong wildcard mask; it should be 0.0.0.255 instead of 0.0.0.0.
C.The neighbor is configured with 'soft-reconfiguration inbound' which blocks outbound updates.
D.The route-map is applied inbound instead of outbound on R1.
AnswerA

Correct because route-maps without an explicit permit will implicitly deny all prefixes.

Why this answer

The route-map must have an explicit permit statement; if the route-map is missing the permit clause, or if the sequence number is incorrect, the implicit deny at the end of the route-map will filter all routes. The ACL permitting the prefix is necessary but not sufficient if the route-map itself does not have a permit action.

61
MCQmedium

A network engineer is troubleshooting a PBR (Policy-Based Routing) issue on router R5. The engineer configured a route-map to set the next-hop for traffic from a specific source subnet. The route-map is applied to the incoming interface, but traffic from the source subnet is still being forwarded using the regular routing table. The engineer verifies that the ACL matches the traffic correctly. What is the most likely cause?

A.The route-map is missing a 'set ip next-hop' command, or the next-hop is not reachable.
B.The route-map is applied outbound instead of inbound on the interface.
C.The ACL is using a standard ACL, which cannot match source subnet correctly.
D.The route-map has a 'set default interface' command that overrides the next-hop.
AnswerA

Correct because without a valid 'set' command, PBR does not alter forwarding.

Why this answer

PBR route-maps must have at least one 'match' and one 'set' statement. If the route-map has a 'match ip address' but no 'set ip next-hop' (or the next-hop is unreachable), PBR will not apply and traffic will use the routing table. Also, the route-map must be applied to the correct interface and direction.

62
Multi-Selectmedium

Which TWO statements about the 'match ip address' command within a route-map are true? (Choose TWO.)

Select 2 answers
A.It can reference a standard access-list, extended access-list, or prefix-list.
B.It matches the source IP address of the route.
C.It can only be used in a route-map sequence with a 'permit' clause.
D.If multiple access-lists are listed in the same match command, they are evaluated with a logical OR.
E.The command 'match ip address prefix-list' is not valid.
AnswersA, D

The command accepts access-list numbers/names and prefix-list names.

Why this answer

The 'match ip address' command can reference either a standard or extended access-list, or a prefix-list. It matches the destination network of the route. It cannot match source address (that would be 'match ip next-hop' or 'match ip route-source').

The command can be used in both permit and deny sequences. A single route-map sequence can have multiple match commands, but they are logically ANDed only if under the same match statement type.

63
MCQmedium

A network engineer is troubleshooting a route filtering issue using distribute-lists under OSPF. Router R8 has a distribute-list out applied to the OSPF process to filter routes being advertised to a specific neighbor. The distribute-list references an ACL that denies a specific prefix, but the prefix is still being advertised to the neighbor. What is the most likely cause?

A.The distribute-list is applied to the OSPF process, not to the specific neighbor; use 'neighbor distribute-list' instead.
B.The ACL is using the wrong wildcard mask; it should deny the exact prefix with 0.0.0.0 mask.
C.The distribute-list is applied inbound instead of outbound.
D.The OSPF process has 'default-information originate' that overrides the distribute-list.
AnswerA

Correct because per-neighbor filtering requires the distribute-list under the neighbor command.

Why this answer

Distribute-lists under OSPF can be applied in or out, but the 'out' direction filters routes being advertised out of the OSPF process to all neighbors. However, if the distribute-list is applied to the OSPF process (not to a specific interface), it filters routes from the routing table into OSPF, not to a specific neighbor. To filter per neighbor, a distribute-list must be applied to the neighbor under the OSPF process using 'neighbor x.x.x.x distribute-list'.

64
Multi-Selecthard

Which TWO statements about using prefix-lists in conjunction with route-maps for filtering IPv4 routes are true? (Choose TWO.)

Select 2 answers
A.A prefix-list entry with "ge 24" matches any prefix with a subnet mask greater than or equal to 24 bits.
B.A route-map with a match ip address prefix-list command will process the route only if the prefix-list permits the route.
C.A prefix-list can be used directly in a route-map without a match command.
D.The le operator in a prefix-list matches prefixes with a mask length less than the specified value.
E.A prefix-list can only be used with route-maps, not with distribute-lists.
AnswersA, B

Correct. The ge (greater or equal) operator matches prefixes with a mask length >= the specified value.

Why this answer

Prefix-lists can match on prefix length and subnet mask using ge and le operators. A prefix-list entry can be configured to permit or deny. When used in a route-map, the match ip address prefix-list command references the prefix-list.

If the prefix-list denies, the route-map clause is not matched, and the route falls to the next clause. The prefix-list can also be used directly in a distribute-list without a route-map.

65
MCQhard

An engineer configures mutual redistribution between OSPF and EIGRP. A route map is used to set the OSPF metric type to type-1 when redistributing EIGRP routes into OSPF. However, the redistributed routes appear as type-2 in the OSPF database. Which is the most likely explanation?

A.The route map sets the metric type but does not set the metric; OSPF requires both to be set for type-1 to work.
B.The redistribute command uses the subnets keyword, which overrides the route map.
C.The route map is applied to the OSPF process, not the redistribute command.
D.The EIGRP routes have a high administrative distance, causing OSPF to ignore the metric type.
AnswerA

OSPF may ignore the metric type if the metric is not explicitly set in the route map.

Why this answer

When redistributing into OSPF, the default metric type is type-2. If the route map sets the metric type but does not also set the metric, OSPF may ignore the metric type setting because the metric is not specified. In some IOS versions, the route map must set both the metric and metric type for the metric type to take effect.

66
Multi-Selecthard

Which TWO configuration steps are required to filter routes using a prefix-list in a route-map applied to a BGP neighbor? (Choose TWO.)

Select 2 answers
A.Configure a prefix-list with permit or deny statements for the desired prefixes.
B.Create a route-map that uses the 'match ip address prefix-list' command to reference the prefix-list.
C.Define an extended access-list to match the prefixes.
D.Apply the route-map to the BGP neighbor using the 'neighbor x.x.x.x route-map' command.
E.Use the 'network' command under BGP to advertise the filtered routes.
AnswersA, B

The prefix-list defines which prefixes to match.

Why this answer

To filter routes, you must define the prefix-list to match the desired prefixes, then create a route-map that uses the prefix-list in a match statement. The route-map is then applied to the BGP neighbor. Defining an access-list is an alternative but not required if using a prefix-list.

The 'network' command under BGP is for originating routes, not filtering. The 'distribute-list' command is a separate method and does not use a route-map.

67
MCQmedium

A network engineer is troubleshooting a BGP route-map that is supposed to set a community value on routes from a specific neighbor. The engineer configures a route-map with 'set community 100:100' and applies it inbound to the neighbor. After the configuration, the engineer checks the BGP table on the local router and sees that the routes do not have the community set. What is the most likely cause?

A.The neighbor is missing the 'send-community' command under the BGP neighbor configuration.
B.The route-map is applied outbound instead of inbound.
C.The community value 100:100 is reserved and cannot be used.
D.The route-map has a 'match community' statement that is filtering the routes before the set command.
AnswerA

Correct because communities are not exchanged without this command.

Why this answer

By default, BGP does not send or receive communities unless the 'neighbor send-community' command is configured. Even if the route-map sets the community, the router will not attach it to the routes unless the neighbor is configured to send communities.

68
MCQmedium

Which statement correctly describes the behavior of the 'set metric' command in a route-map when applied to redistributed routes into OSPF?

A.It sets the OSPF metric to a value between 1 and 65535, with a default of 10.
B.It sets the OSPF metric to a value between 1 and 65535, with a default of 20.
C.It sets the OSPF metric to a value between 1 and 16777215, with a default of 20.
D.It sets the OSPF metric to a value between 1 and 255, with a default of 1.
AnswerB

Correct. The default metric for redistributed OSPF routes is 20.

Why this answer

When redistributing into OSPF, the 'set metric' command sets the metric type and value. The default metric type is E2 (external type 2), and the default metric value is 20.

69
MCQmedium

A network engineer runs the following command on Router R1: R1# show route-map route-map FILTER_OSPF, permit, sequence 10 Match clauses: ip address prefix-list OSPF_ROUTES Set clauses: Policy routing matches: 0 packets, 0 bytes route-map FILTER_OSPF, deny, sequence 20 Match clauses: Set clauses: Policy routing matches: 0 packets, 0 bytes Based on this output, which statement is correct?

A.The route-map will permit all routes that match the prefix-list OSPF_ROUTES and deny all others.
B.The route-map will permit all routes because sequence 20 has no match clause.
C.The route-map is used for policy-based routing and has matched 0 packets.
D.The route-map will deny only routes matching the prefix-list OSPF_ROUTES.
AnswerA

Sequence 10 permits matching routes; sequence 20 denies everything else.

Why this answer

The route-map FILTER_OSPF has two sequences: sequence 10 permits routes matching prefix-list OSPF_ROUTES, and sequence 20 denies all other routes (since no match clause). The match counters show 0 packets/bytes, indicating no traffic has been matched yet, but this is a route-map used for route filtering, not policy routing. The correct answer is that the route-map will deny all routes not matching the prefix-list.

70
Multi-Selecthard

Which TWO statements about using a route-map with the "set metric" command to influence route selection in EIGRP are true? (Choose TWO.)

Select 2 answers
A.The set metric command in a route-map can set the EIGRP composite metric components such as bandwidth and delay.
B.A route-map applied to a redistribute command under EIGRP can modify the metric of redistributed routes.
C.The route-map must be applied to the EIGRP process using the "route-map" command under router eigrp to affect all updates.
D.The set metric command can also change the administrative distance of the route.
E.The route-map can only be used to set the metric to a single value, not multiple components.
AnswersA, B

Correct. EIGRP metric components can be set using set metric bandwidth delay reliability load mtu.

Why this answer

In EIGRP, the metric is composite (bandwidth, delay, etc.). The set metric command can modify these values. A route-map can be applied to redistribute routes into EIGRP or to filter outbound updates.

The set metric command can set multiple components. However, the route-map must be applied to the redistribution or neighbor statement to affect EIGRP. The set metric command does not affect the administrative distance.

71
Multi-Selecthard

Which TWO configuration changes will prevent a specific route from being redistributed from OSPF into EIGRP using a route-map? (Choose TWO.)

Select 2 answers
A.Configure a route-map with a deny clause that matches the route, and apply it to the redistribution command.
B.Apply a distribute-list out under the EIGRP process that denies the route.
C.Use a route-map with a permit clause and no match statement, then apply it to the redistribution.
D.Create a prefix-list that denies the route, then use match ip address prefix-list in a route-map permit clause.
E.Add a match ip address prefix-list command that references a prefix-list with a deny entry, inside a route-map deny clause.
AnswersA, E

Correct. A deny clause in the route-map will prevent the route from being redistributed.

Why this answer

To block redistribution, you can either match the route with a deny clause in the route-map, or use a prefix-list that denies the route and reference it in a match clause. A distribute-list under EIGRP is not used for redistribution filtering. A route-map with a permit clause and no match will permit all routes.

A match ip address prefix-list with a permit entry will permit the route.

72
MCQmedium

Which BGP attribute is used as the first tie-breaker in the route selection process when comparing routes from different peers?

A.Local preference
B.Weight
C.AS path length
D.MED
AnswerB

Correct. Weight is the first attribute checked; it is Cisco proprietary.

Why this answer

The BGP best-path selection algorithm first prefers the path with the highest weight (Cisco proprietary), then highest local preference, then locally originated routes.

73
MCQhard

A network engineer is troubleshooting a redistribution issue between OSPF and EIGRP. Router R3 is redistributing OSPF routes into EIGRP, but some OSPF external routes are not appearing in the EIGRP topology table. The engineer checks the redistribute command under EIGRP and sees a route-map named RM-OSPF that uses a prefix-list to match specific prefixes. The missing routes are permitted by the prefix-list. What is the most likely cause?

A.The route-map is missing a 'set metric' command; EIGRP requires a metric for redistributed routes.
B.The prefix-list is using the wrong sequence number and is being overridden by a later deny statement.
C.The OSPF routes are type-5 LSAs, which cannot be redistributed into EIGRP.
D.The route-map is applied to the OSPF process instead of the EIGRP process.
AnswerA

Correct because EIGRP will not accept redistributed routes without an explicit metric.

Why this answer

The route-map may have a 'set metric' command that is misconfigured, or the route-map may be missing the 'set metric' command entirely, causing EIGRP to reject the route because it requires a metric for redistributed routes. Alternatively, the route-map might have a 'match route-type' that excludes external type-2 routes.

74
MCQmedium

A network engineer runs the following command to troubleshoot DMVPN with NHRP filtering: R1# show ip nhrp detail 10.1.1.2/8 via 10.1.1.2, Tunnel0 created 00:10:00, expire 01:50:00 Type: dynamic, Flags: authoritative unique registered NBMA address: 192.168.1.2 (no-socket) (no-socket) What does this output indicate?

A.The spoke at 10.1.1.2 has registered with the hub and is reachable via NBMA address 192.168.1.2.
B.The spoke is being filtered by an NHRP filter.
C.The NHRP entry is static and configured manually.
D.The spoke is not reachable because the NBMA address is incorrect.
AnswerA

The entry shows a dynamic registration with the NBMA address, indicating successful NHRP registration.

Why this answer

The output shows an NHRP cache entry for a remote spoke (10.1.1.2) with NBMA address 192.168.1.2. The entry is dynamic and registered, indicating that the spoke has successfully registered with the hub.

75
MCQhard

An enterprise is redistributing EIGRP into OSPF on router R1. R1 has the following configuration: router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 route-map RMAP-OSPF. Router R2 (OSPF-only) shows: 'show ip route 10.1.1.0' as an O E2 route with metric 20, but 'show ip ospf database external 10.1.1.0' shows the forwarding address is 0.0.0.0. Router R3 (also OSPF) cannot reach 10.1.1.0. What is the root cause?

A.The redistributed route's next-hop is not reachable via OSPF, causing the forwarding address to be 0.0.0.0, but R1's router ID is not reachable from R3 due to a missing OSPF network statement.
B.The route-map RMAP-OSPF is setting the metric to 20, which is too high and causes the route to be suppressed.
C.The EIGRP process on R1 has a distribute-list blocking the route.
D.The OSPF process on R1 has a route-map applied inbound that filters the route.
AnswerA

If the next-hop is not in OSPF, the forwarding address is set to 0.0.0.0, meaning the packet should be sent to the advertising router (R1). If R1's router ID is not reachable (e.g., R1's OSPF interfaces are not advertised correctly), R3 cannot reach the route.

Why this answer

When redistributing into OSPF, if the redistributed route's next-hop is not reachable via OSPF (e.g., it is an EIGRP-learned route with a next-hop that is not in the OSPF domain), the forwarding address is set to 0.0.0.0. This causes other OSPF routers to try to reach the originating router (R1) as the next-hop. However, if R1's OSPF router ID is not reachable or if there is a filtering issue, the route may be installed but unreachable.

In this scenario, the route-map RMAP-OSPF may be filtering the route or setting incorrect metrics, but the forwarding address issue suggests that the next-hop is not being advertised correctly. The root cause is likely that the redistributed route's next-hop is not in the OSPF domain, so R1 should use a route-map to set the forwarding address to itself (e.g., set forwarding-address 0.0.0.0 is default, but if the next-hop is reachable, it should be set to the router's own interface IP).

Page 1 of 2 · 76 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Route Maps and Route Filtering questions.