300-101 CCNP Route Exam Questions

s@lm@n
Cisco
Exam 300-101
Implementing Cisco IP Routing
Version: 11.0
[ Total Questions: 150 ]
Cisco 300-101 : Practice Test

Topic break down
Topic
No. of Questions
Topic 1: Network Principles
12
Topic 2: Layer 2 Technologies
Topic 3: Layer 3 Technologies
25
Topic 4: VPN Technologies
Topic 5: Infrastructure Security
Topic 6: Infrastructure Services
22
Topic 7: Mix Questions
68
A Composite Solution With Just One Click - Certification Guaranteed

Topic 1, Network Principles
Question No : 1 - (Topic 1)
Which three problems result from application mixing of UDP and TCP streams within a
network with no QoS? (Choose three.)
A. starvation
B. jitter
C. latency
D. windowing
E. lower throughput
Answer: A,C,E
Which statement about the use of tunneling to migrate to IPv6 is true?
A. Tunneling is less secure than dual stack or translation.
B. Tunneling is more difficult to configure than dual stack or translation.
C. Tunneling does not enable users of the new protocol to communicate with users of the
old protocol without dual-stack hosts.
D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32
bits of IPv4-compatible IPv6 addresses.
Answer: C
Which two actions must you perform to enable and use window scaling on a router?
(Choose two.)
A. Execute the command ip tcp window-size 65536.
B. Set window scaling to be used on the remote host.
C. Execute the command ip tcp queuemax.
D. Set TCP options to "enabled" on the remote host.
E. Execute the command ip tcp adjust-mss.

Answer: A,B
A network administrator executes the command clear ip route. Which two tables does this
command clear and rebuild? (Choose two.)
A. IP routing
B. FIB
C. ARP cache
D. MAC address table
E. Cisco Express Forwarding table
F. topology table
Answer: A,B
Under which condition does UDP dominance occur?
A. when TCP traffic is in the same class as UDP
B. when UDP flows are assigned a lower priority queue
C. when WRED is enabled
D. when ACLs are in place to block TCP traffic
Answer: A
Refer to the exhibit.

A network administrator checks this adjacency table on a router. What is a possible cause
for the incomplete marking?
A. incomplete ARP information
B. incorrect ACL
C. dynamic routing protocol failure
D. serial link congestion
Answer: A
A network administrator uses IP SLA to measure UDP performance and notices that
packets on one router have a higher one-way delay compared to the opposite direction.
Which UDP characteristic does this scenario describe?
A. latency
B. starvation
C. connectionless communication
D. nonsequencing unordered packets
E. jitter
Answer: A
Which method allows IPv4 and IPv6 to work together without requiring both to be used for
a single connection during the migration process?
A. dual-stack method
B. 6to4 tunneling
C. GRE tunneling
D. NAT-PT
Answer: A

Which switching method is used when entries are present in the output of the command
show ip cache?
A. fast switching
B. process switching
C. Cisco Express Forwarding switching
D. cut-through packet switching
Answer: A
Based on this FIB table, which statement is correct?

A. There is no default gateway.
B. The IP address of the router on FastEthernet is 209.168.201.1.
C. The gateway of last resort is 192.168.201.1.
D. The router will listen for all multicast traffic.

Answer: C
Which three TCP enhancements can be used with TCP selective acknowledgments?
(Choose three.)
A. header compression
B. explicit congestion notification
C. keepalive
D. time stamps
E. TCP path discovery
F. MTU window
Answer: B,C,D
A network engineer notices that transmission rates of senders of TCP traffic sharply
increase and decrease simultaneously during periods of congestion. Which condition
causes this?
A. global synchronization
B. tail drop
C. random early detection
D. queue management algorithm
Answer: A
Topic 2, Layer 2 Technologies
A corporate policy requires PPPoE to be enabled and to maintain a connection with the
ISP, even if no interesting traffic exists. Which feature can be used to accomplish this task?
A. TCP Adjust

B. Dialer Persistent
C. PPPoE Groups
D. half-bridging
E. Peer Neighbor Route
Answer: B
Prior to enabling PPPoE in a virtual private dialup network group, which task must be
completed?
A. Disable CDP on the interface.
B. Execute the vpdn enable command.
C. Execute the no switchport command.
D. Enable QoS FIFO for PPPoE support.
Answer: B
Which protocol uses dynamic address mapping to request the next-hop protocol address
for a specific connection?
A. Frame Relay inverse ARP
B. static DLCI mapping
C. Frame Relay broadcast queue
D. dynamic DLCI mapping
Answer: A
A network engineer has been asked to ensure that the PPPoE connection is established
and authenticated using an encrypted password. Which technology, in combination with
PPPoE, can be used for authentication in this manner?

A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP
Answer: D
Which PPP authentication method sends authentication information in clear text?
A. MS CHAP
B. CDPCP
C. CHAP
D. PAP
Answer: D
Which statement is true about the PPP Session Phase of PPPoE?
A. PPP options are negotiated and authentication is not performed. Once the link setup is
completed, PPPoE functions as a Layer 3 encapsulation method that allows data to be
transferred over the PPP link within PPPoE headers.
B. PPP options are not negotiated and authentication is performed. Once the link setup is
C. PPP options are automatically enabled and authorization is performed. Once the link
setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data
to be encrypted over the PPP link within PPPoE headers.
D. PPP options are negotiated and authentication is performed. Once the link setup is
Answer: D

PPPoE is composed of which two phases?
A. Active Authentication Phase and PPP Session Phase
B. Passive Discovery Phase and PPP Session Phase
C. Active Authorization Phase and PPP Session Phase
D. Active Discovery Phase and PPP Session Phase
Answer: D
Topic 3, Layer 3 Technologies
What is the default OSPF hello interval on a Frame Relay point-to-point network?
A. 10
B. 20
C. 30
D. 40
Answer: A
You have been asked to evaluate how EIGRP is functioning in a customer network.
10
11
12
13
What type of route filtering is occurring on R6
A. Distribute-list using an ACL

B. Distribute-list using a prefix-list
C. Distribute-list using a route-map
D. An ACL using a distance of 255
Answer: A
What is the purpose of the autonomous-system {autonomous-system-number} command?
A. It sets the EIGRP autonomous system number in a VRF.
B. It sets the BGP autonomous system number in a VRF.
C. It sets the global EIGRP autonomous system number.
D. It sets the global BGP autonomous system number.
Answer: A
14

Which one statement is true?

A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.
B. The 10.0.0.0/8 network will not be advertised by Router B because the network
statement for the 10.0.0.0/8 network is missing from Router B.
C. The 10.0.0.0/8 network will not be in the routing table on Router B.
D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24
network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8
network.
E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Answer: E
A router with an interface that is configured with ipv6 address autoconfig also has a linklocal address assigned. Which message is required to obtain a global unicast address
when a router is present?
A. DHCPv6 request
B. router-advertisement
C. neighbor-solicitation
15

D. redirect
Answer: B
For security purposes, an IPv6 traffic filter was configured under various interfaces on the
local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor
adjacencies were lost. What caused this issue?
A. The traffic filter is blocking all ICMPv6 traffic.
B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work
properly.
C. The link-local addresses that were used by OSPFv3 were explicitly denied, which
caused the neighbor relationships to fail.
D. IPv6 traffic filtering can be implemented only on SVIs.
Answer: C
16
17
18
19
What percent of R1s interfaces bandwidth is EIGRP allowed to use?
A. 10
B. 20
C. 30
D. 40
Answer: B
Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer
questions a customer has about its operation. The customer has disabled your access to
the show running-config command.
20
21
22
23
Which of the following statements is true about the serial links that terminate in R3
A. The R1-R3 link needs the neighbor command for the adjacency to stay up
B. The R2-R3 link OSPF timer values are 30, 120, 120
C. The R1-R3 link OSPF timer values should be 10,40,40
D. R3 is responsible for flooding LSUs to all the routers on the network.
Answer: B
Router A and Router B are configured with IPv6 addressing and basic routing capabilities
using OSPFv3. The networks that are advertised from Router A do not show up in Router
B's routing table. After debugging IPv6 packets, the message "not a router" is found in the
output. Why is the routing information not being learned by Router B?
A. OSPFv3 timers were adjusted for fast convergence.
B. The networks were not advertised properly under the OSPFv3 process.
C. An IPv6 traffic filter is blocking the networks from being learned via the Router B
interface that is connected to Router A.
D. IPv6 unicast routing is not enabled on Router A or Router B.
24

Answer: D
Question No : 29 CORRECT TEXT - (Topic 3)

You are a network engineer with ROUTE.com, a small IT company. ROUTE.com has two
connections to the Internet; one via a frame relay link and one via an EoMPLS link. IT
policy requires that all outbound HTTP traffic use the frame relay link when it is available.
All other traffic may use either link. No static or default routing is allowed.
Choose and configure the appropriate path selection feature to accomplish this task. You
may use the Test Workstation to generate HTTP traffic to validate your solution.
25
Answer: We need to configure policy based routing to send specific traffic along a path
that is different from the best path in the routing table.
Here are the step by Step Solution for this:
1) First create the access list that catches the HTTP traffic:
R1(config)#access-list 101 permit tcp any any eq www
2) Configure the route map that sets the next hop address to be ISP1 and permits the rest
of the traffic:
R1(config)#route-map pbr permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#set ip next-hop 10.1.100.2
R1(config-route-map)#exit
R1(config)#route-map pbr permit 20
3) Apply the route-map on the interface to the server in the EIGRP Network:
R1(config-route-map)#exit
R1(config)#int fa0/1
R1(config-if)#ip policy route-map pbr
R1(config-if)#exit
R1(config)#exit
26

You are a network engineer with ROUTE.com, a small IT company. They have recently
merged two organizations and now need to merge their networks as shown in the topology
exhibit. One network is using OSPF as its IGP and the other is using EIGRP as its IGP. R4
has been added to the existing OSPF network to provide the interconnect between the
OSPF and EIGRP networks. Two links have been added that will provide redundancy.
The network requirements state that you must be able to ping and telnet from loopback 101
on R1 to the OPSF domain test address of 172.16.1.100. All traffic must use the shortest
path that provides the greatest bandwidth. The redundant paths from the OSPF network to
the EIGRP network must be available in case of a link failure. No static or default routing is
allowed in either network.
A previous network engineer has started the merger implementation and has successfully
assigned and verified all IP addressing and basic IGP routing. You have been tasked with
completing the implementation and ensuring that the network requirements are met. You
may not remove or change any of the configuration commands currently on any of the
routers. You may add new commands or change default values.
Answer: First we need to find out 5 parameters (Bandwidth, Delay, Reliability, Load, MTU)
of the s0/0/0 interface (the interface of R2 connected to R4) for redistribution:
R2#show interface s0/0/0
Write down these 5 parameters, notice that we have to divide the Delay by 10 because the
metric unit is in tens of microsecond. For example, we get Bandwidth=1544 Kbit,
Delay=20000 us, Reliability=255, Load=1, MTU=1500 bytes then we would redistribute as
follows:
R2#config terminal
27

R2(config)# router ospf 1
R2(config-router)# redistribute eigrp 100 metric-type 1 subnets
R2(config-router)#exit
R2(config-router)#router eigrp 100
R2(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500
Note: In fact, these parameters are just used for reference and we can use other
parameters with no problem.
If the delay is 20000us then we need to divide it by 10, that is 20000 / 10 = 2000)
For R3 we use the show interface fa0/0 to get 5 parameters too
R3#show interface fa0/0
For example we get Bandwidth=10000 Kbit, Delay=1000 us, Reliability=255, Load=1,
MTU=1500 bytes
R3#config terminal
R3(config)#router ospf 1
R3(config-router)#redistribute eigrp 100 metric-type 1 subnets
R3(config)#exit
R3(config-router)#router eigrp 100
R3(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500
Finally you should try to show ip route to see the 172.16.100.1 network (the network
behind R4) in the routing table of R1 and make a ping from R1 to this network.
Note: If the link between R2 and R3 is FastEthernet link, we must put the command below
under EIGRP process to make traffic from R1 to go through R3 (R1 -> R2 -> R3 -> R4),
which is better than R1 -> R2 -> R4.
R2(config-router)# distance eigrp 90 105
This command sets the Administrative Distance of all EIGRP internal routes to 90 and all
EIGRP external routes to 105, which is smaller than the Administrative Distance of OSPF
(110) -> the link between R2 & R3 will be preferred to the serial link between R2 & R4.
Note: The actual OPSF and EIGRP process numbers may change in the actual exam so
be sure to use the actual correct values, but the overall solution is the same.

JS Industries has expanded their business with the addition of their first remote office. The
remote office router (R3) was previously configured and all corporate subnets were
reachable from R3. JS Industries is interested in using route summarization along with the
EIGRP Stub Routing feature to increase network stability while reducing the memory usage
and bandwidth utilization to R3. Another network professional was tasked with
implementing this solution. However, in the process of configuring EIGRP stub routing
connectivity with the remote network devices off of R3 has been lost.
28

Currently EIGRP is configured on all routers R2, R3, and R4 in the network. Your task is to
identify and resolve the cause of connectivity failure with the remote office router R3. Once
the issue has been resolved you should complete the task by configuring route
summarization only to the remote office router R3.
You have corrected the fault when pings from R2 to the R3 LAN interface are successful,
and the R3 IP routing table only contains 2 10.0.0.0 subnets.
29
Answer: Here are the solution as below:
30

ROUTE.com is a small IT corporation that has an existing enterprise network that is
running IPv6 0SPFv3. Currently OSPF is configured on all routers. However, R4's loopback
address (FEC0:4:4) cannot be seen in R1's IPv6 routing table. You are tasked with
identifying the cause of this fault and implementing the needed corrective actions that uses
OPSF features and does not change the current area assignments. You will know that you
have corrected the fault when R4's loopback address (FEC0:4:4) can be seen in RTs IPv6
routing table.
Special Note: To gain the maximum number of points you must remove all incorrect or
unneeded configuration statements related to this issue.
31
32
Answer: Here is the solution below:
After you review the output of the command show ipv6 interface brief, you see that several
IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address.
Based on this information, what do you conclude about these IPv6 addresses?
A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device.
B. The addresses were misconfigured and will not function as intended.
C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast.
D. The IPv6 universal/local flag (bit 7) was flipped.
E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled.
Answer: A
An engineer has configured a router to use EUI-64, and was asked to document the IPv6
address of the router. The router has the following interface parameters:
33

mac address C601.420F.0007
subnet 2001:DB8:0:1::/64
Which IPv6 addresses should the engineer add to the documentation?
A. 2001:DB8:0:1:C601:42FF:FE0F:7
B. 2001:DB8:0:1:FFFF:C601:420F:7
C. 2001:DB8:0:1:FE80:C601:420F:7
D. 2001:DB8:0:1:C601:42FE:800F:7
Answer: A
Scenario:
34
35
36
37
How many times was SPF algorithm executed on R4 for Area 1?
A. 1
B. 5
C. 9
D. 20
E. 54
F. 224
Answer: C
Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le
24?
A. 10.9.1.0/24
B. 10.8.0.0/24
C. 10.8.0.0/16
D. 10.8.0.0/23
Answer: B
38
Scenario:
39
40
41
How old is the Type 4 LSA from Router 3 for area 1 on the router R5 based on the output
you have examined?
A. 1858
B. 1601
C. 600
42

D. 1569
Answer: A
43
44
45
What is the advertised distance for the 192.168.46.0 network on R1?
A. 333056
B. 1938688
C. 1810944
46

D. 307456
Answer: C
47
48
49
Which key chain is being used for authentication of EIGRP adjacency between R4 and R2?
A. CISCO
B. EIGRP
C. key
50

D. MD5
Answer: A
Explanation: R4 and R2 configs are as shown below:
Clearly we see the actual key chain is named CISCO.
A packet capture log indicates that several router solicitation messages were sent from a
local host on the IPv6 segment. What is the expected acknowledgment and its usage?
A. Router acknowledgment messages will be forwarded upstream, where the DHCP server
will allocate addresses to the local host.
B. Routers on the IPv6 segment will respond with an advertisement that provides an
external path from the local subnet, as well as certain data, such as prefix discovery.
C. Duplicate Address Detection will determine if any other local host is using the same IPv6
address for communication with the IPv6 routers on the segment.
D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature,
which is statically defined by the network administrator.
51

Answer: B
Which command only announces the 1.2.3.0/24 network out of FastEthernet 0/0?
A. distribute list 1 out
B. distribute list 1 out FastEthernet0/0
C. distribute list 2 out
D. distribute list 2 out FastEthernet0/0
Answer: D

Route.com is a small IT corporation that is attempting to implement the network shown in
the exhibit. Currently the implementation is partially completed. OSPF has been configured
on routers Chicago and NewYork. The SO/O interface on Chicago and the SO/1 interface
on NewYork are in Area 0. The loopbackO interface on NewYork is in Area 1. However,
they cannot ping from the serial interface of the Seattle router to the loopback interface of
the NewYork router. You have been asked to complete the implementation to allow this
ping.
ROUTE.com's corporate implementation guidelines require:
The OSPF process ID for all routers must be 10.
52

The routing protocol for each interface must be enabled under the routing process.
The routing protocol must be enabled for each interface using the most specific wildcard
mask possible.
The serial link between Seattle and Chicago must be in OSPF area 21.
OSPF area 21 must not receive any inter-area or external routes.
Network Information
Seattle
S0/0 192.168.16.5/30 - Link between Seattle and Chicago
Secret Password: cisco
Chicago
S0/0 192.168.54.9/30 - Link between Chicago and NewYork
S0/1 192.168.16.6/30 - Link between Seattle and Chicago Secre
Password: cisco
NewYork
S0/1 192.168.54.10/30 - Link between Chicago and NewYork
Loopback0 172.16.189.189
Secret Password: cisco
53
54
Answer: Here is the solution below:
55
56
57
58
Traffic from R1 to R61 s Loopback address is load shared between R1-R2-R4-R6 and R1R3-R5-R6 paths. What is the ratio of traffic over each path?
A. 1:1
B. 1:5
C. 6:8
D. 19:80
Answer: D
Scenario:
59
60
61
62
Areas of Router 5 and 6 are not normal areas, inspect their routing tables and determine
which statement is true?
A. R5's Loopback and R6's Loopback are both present in R5's Routing table
B. R5's Loopback and R6's Loopback are both present in R6's Routing table
C. Only R5's loopback is present in R5's Routing table
D. Only R6's loopback is present in R5's Routing table
E. Only R5's loopback is present in R6's Routing table
Answer: A
Topic 4, VPN Technologies
Which encapsulation supports an interface that is configured for an EVN trunk?
A. 802.1Q
B. ISL
C. PPP
D. Frame Relay
E. MPLS
F. HDLC
63

Answer: A
A company has just opened two remote branch offices that need to be connected to the
corporate network. Which interface configuration output can be applied to the corporate
router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Answer: A
Refer to the following output:
Router#show ip nhrp detail
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
TypE. dynamic, Flags: authoritative unique nat registered used
64

NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server.
B. Data packets are process switches for this mapping entry.
C. NHRP mapping is for networks that are local to this router.
D. The mapping entry was created in response to an NHRP registration request.
E. The NHRP mapping entry cannot be overwritten.
Answer: A
Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol,
NHRP, and Cisco Express Forwarding?
A. FlexVPN
B. DMVPN
C. GETVPN
D. Cisco Easy VPN
Answer: B
A network engineer executes the show crypto ipsec sa command. Which three pieces of
information are displayed in the output? (Choose three.)
A. inbound crypto map
B. remaining key lifetime
C. path MTU
D. tagged packets
E. untagged packets
F. invalid identity packets
Answer: A,B,C
65
Which three characteristics are shared by subinterfaces and associated EVNs? (Choose
three.)
A. IP address
B. routing table
C. forwarding table
D. access control lists
E. NetFlow configuration
Answer: A,B,C
A user is having issues accessing file shares on a network. The network engineer advises
the user to open a web browser, input a prescribed IP address, and follow the instructions.
After doing this, the user is able to access company shares. Which type of remote access
did the engineer enable?
A. EZVPN
B. IPsec VPN client access
C. VPDN client access
D. SSL VPN client access
Answer: D
Which common issue causes intermittent DMVPN tunnel flaps?
A. a routing neighbor reachability issue
B. a suboptimal routing table
C. interface bandwidth congestion
D. that the GRE tunnel to hub router is not encrypted
Answer: A
66
Topic 5, Infrastructure Security
Refer to the following command:
router(config)# ip http secure-port 4433
Which statement is true?
A. The router will listen on port 4433 for HTTPS traffic.
B. The router will listen on port 4433 for HTTP traffic.
C. The router will never accept any HTTP and HTTPS traffic.
D. The router will listen to HTTP and HTTP traffic on port 4433.
Answer: A
What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
What does the following access list, which is applied on the external interface FastEthernet
1/0 of the perimeter router, accomplish?
router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
67

router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
router (config)#access-list 101 permit ip any any
router (config)#interface fastEthernet 1/0
router (config-if)#ip access-group 101 in
A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.
B. It prevents the internal network from being used in spoofed denial of service attacks and
logs any exit to the Internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any
intrusion attempts.
D. It prevents private internal addresses to be accessed directly from outside.
Answer: C
A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53,
and 49 to 172.20.14.225. Which command should be applied to the configuration to allow
this?
A. router(config-if)#ip helper-address 172.20.14.225
B. router(config-if)#udp helper-address 172.20.14.225
C. router(config-if)#ip udp helper-address 172.20.14.225
D. router(config-if)#ip helper-address 172.20.14.225 69 53 49
Answer: A
Which address is used by the Unicast Reverse Path Forwarding protocol to validate a
packet against the routing table?
A. source address
B. destination address
68

C. router interface
D. default gateway
Answer: A
Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router
CPU utilization has risen to 99 percent. What is the reason for this?
A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding
switched.
B. A packet that matches access-list with the "log" keyword is fast switched.
C. A packet that matches access-list with the "log" keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.
Answer: C
For troubleshooting purposes, which method can you use in combination with the debug ip
packet command to limit the amount of output data?
A. You can disable the IP route cache globally.
B. You can use the KRON scheduler.
C. You can use an extended access list.
D. You can use an IOS parser.
E. You can use the RITE traffic exporter.
Answer: C
69

Which traffic does the following configuration allow?
ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in
A. all traffic to vty 0 4 from source 2001:DB8:0:4::32
B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all
Answer: C
Topic 6, Infrastructure Services
IPv6 has just been deployed to all of the hosts within a network, but not to the servers.
Which feature allows IPv6 devices to communicate with IPv4 servers?
A. NAT
B. NATng
C. NAT64
D. dual-stack NAT
E. DNS64
Answer: C
What is a function of NPTv6?
A. It interferes with encryption of the full IP payload.
B. It maintains a per-node state.
C. It is checksum-neutral.
D. It rewrites transport layer headers.
70

Answer: C
Which NetFlow component is applied to an interface and collects information about flows?
A. flow monitor
B. flow exporter
C. flow sampler
D. flow collector
Answer: A
A network engineer is configuring a solution to allow failover of HSRP nodes during
maintenance windows, as an alternative to powering down the active router and letting the
network respond accordingly. Which action will allow for manual switching of HSRP nodes?
A. Track the up/down state of a loopback interface and shut down this interface during
maintenance.
B. Adjust the HSRP priority without the use of preemption.
C. Disable and enable all active interfaces on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.
Answer: A
An organization decides to implement NetFlow on its network to monitor the fluctuation of
traffic that is disrupting core services. After reviewing the output of NetFlow, the network
engineer is unable to see OUT traffic on the interfaces. What can you determine based on
this information?
A. Cisco Express Forwarding has not been configured globally.
B. NetFlow output has been filtered by default.
C. Flow Export version 9 is in use.
71

D. The command ip flow-capture fragment-offset has been enabled.
Answer: A
When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?
A. username
B. password
C. community-string
D. encryption-key
Answer: A
A network engineer finds that a core router has crashed without warning. In this situation,
which feature can the engineer use to create a crash collection?
A. secure copy protocol
B. core dumps
C. warm reloads
D. SNMP
E. NetFlow
Answer: B
A network engineer executes the show ip flow export command. Which line in the output
indicates that the send queue is full and export packets are not being sent?
A. output drops
B. enqueuing for the RP
C. fragmentation failures
D. adjacency issues
72

Answer: A
A network engineer is notified that several employees are experiencing network
performance related issues, and bandwidth-intensive applications are identified as the root
cause. In order to identify which specific type of traffic is causing this slowness, information
such as the source/destination IP and Layer 4 port numbers is required. Which feature
should the engineer use to gather the required information?
A. SNMP
B. Cisco IOS EEM
C. NetFlow
D. Syslog
E. WCCP
Answer: C
A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last
things that the engineer does is to configure an access list (access-list 1 permit any) along
with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two
commands serve in this scenario?
A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one"
access for all devices on a defined segment to share a single IP address upon exiting the
external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through
the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one"
access for all devices on a defined segment to share a single IP address upon exiting the
external interface.
Answer: D
73

A network engineer initiates the ip sla responder tcp-connect command in order to gather
statistics for performance gauging. Which type of statistics does the engineer see?
A. connectionless-oriented
B. service-oriented
C. connection-oriented
D. application-oriented
Answer: C
After a recent DoS attack on a network, senior management asks you to implement better
logging functionality on all IOS-based devices. Which two actions can you take to provide
enhanced logging results? (Choose two.)
A. Use the msec option to enable service time stamps.
B. Increase the logging history
.
C. Set the logging severity level to 1.
D. Specify a logging rate limit.
E. Disable event logging on all noncritical items.
Answer: A,B
Which two functions are completely independent when implementing NAT64 over NAT-PT?
(Choose two.)
A. DNS
B. NAT
C. port redirection
D. stateless translation
E. session handling
Answer: A,B
74

What is the result of the command ip flow-export destination 10.10.10.1 5858?
A. It configures the router to export cache flow information to IP 10.10.10.1 on port
UDP/5858.
B. It configures the router to export cache flow information about flows with destination IP
10.10.10.1 and port UDP/5858.
C. It configures the router to receive cache flow information from IP 10.10.10.1 on port
UDP/5858.
D. It configures the router to receive cache flow information about flows with destination IP
10.10.10.1 and port UDP/5858.
Answer: A
A network engineer is trying to implement broadcast-based NTP in a network and executes
the ntp broadcast client command. Assuming that an NTP server is already set up, what is
the result of the command?
A. It enables receiving NTP broadcasts on the interface where the command was
executed.
B. It enables receiving NTP broadcasts on all interfaces globally.
C. It enables a device to be an NTP peer to another device.
D. It enables a device to receive NTP broadcast and unicast packets.
Answer: A
75

Which statement about the output of the show flow-sampler command is true?
A. The sampler matched 10 packets, each packet randomly chosen from every group of
100 packets.
B. The sampler matched 10 packets, one packet every 100 packets.
C. The sampler matched 10 packets, each one randomly chosen from every 100-second
interval.
D. The sampler matched 10 packets, one packet every 100 seconds.
Answer: A
A company's corporate policy has been updated to require that stateless, 1-to-1, and IPv6
to IPv6 translations at the Internet edge are performed. What is the best solution to ensure
compliance with this new policy?
A. NAT64
B. NAT44
C. NATv6
D. NPTv4
E. NPTv6
Answer: E
A network engineer executes the ipv6 flowset command. What is the result?
A. Flow-label marking in 1280-byte or larger packets is enabled.
B. Flow-set marking in 1280-byte or larger packets is enabled.
C. IPv6 PMTU is enabled on the router.
D. IPv6 flow control is enabled on the router.
Answer: A
76

A network engineer is configuring SNMP on network devices to utilize one-way SNMP
notifications. However, the engineer is not concerned with authentication or encryption.
Which command satisfies the requirements of this scenario?
A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO
B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO
Answer: A
A network engineer has left a NetFlow capture enabled over the weekend to gather
information regarding excessive bandwidth utilization. The following command is entered:
switch#show flow exporter Flow_Exporter-1
What is the expected output?
A. configuration of the specified flow exporter
B. current status of the specified flow exporter
C. status and statistics of the specified flow monitor
D. configuration of the specified flow monitor
Answer: B
Which type of traffic does DHCP snooping drop?
A. discover messages
B. DHCP messages where the source MAC and client MAC do not match
C. traffic from a trusted DHCP server to client
D. DHCP messages where the destination MAC and client MAC do not match
Answer: B
77

Which two methods of deployment can you use when implementing NAT64? (Choose two.)
A. stateless
B. stateful
C. manual
D. automatic
E. static
F. functional
G. dynamic
Answer: A,B
Topic 7, Mix Questions
Which PPP authentication method sends authentication information in cleartext?
A. MS CHAP
B. CDPCP
C. CHAP
D. PAP
Answer: D
An engineer is configuring a GRE tunnel interface in the default mode. The engineer has
assigned an IPv4 address on the tunnel and sourced the tunnel from an Ethernet interface.
Which option also is required on the tunnel interface before it is operational?
A. tunnel destination address
B. keepalives
C. IPv6 address
D. tunnel protection
Answer: A
78
Which type of handshake does CHAP authentication use to establish a PPP link?
A. one-way
B. two-way
C. three-way
D. four-way
Answer: C
The following configuration is applied to a router at a branch site:
ipv6 dhcp pool dhcp-pool
dns-server 2001:DB8:1:B::1
dns-server 2001:DB8:3:307C::42
domain-name example.com
!
If IPv6 is configured with default settings on all interfaces on the router, which two dynamic
IPv6 addressing mechanisms could you use on end hosts to provide end-to-end
connectivity? (Choose two.)
A. EUI-64
B. SLAAC
C. DHCPv6
D. BOOTP
Answer: A,B
79

Which two statements about AAA implementation in a Cisco router are true? (Choose two.)
A. RADIUS is more flexible than TACACS+ in router management.
B. RADIUS and TACACS+ allow accounting of commands.
C. RADIUS and TACACS+ encrypt the entire body of the packet.
D. RADIUS and TACACS+ are client/server AAA protocols.
E. Neither RADIUS nor TACACS+ allow for accounting of commands.
Answer: B,D
A router receives a routing advertisement for the same prefix and subnet from four different
routing protocols. Which advertisement is installed in the routing table?
A. RIP
B. OSPF
C. iBGP
D. EIGRP
Answer: D
Which two commands would be used to troubleshoot high memory usage for a process?
(Choose two.)
A. router#show memory allocating-process table
B. router#show memory summary
C. router#show memory dead
D. router#show memory events
E. router#show memory processor statistics
Answer: A,B
80

In IPv6, SLAAC provides the ability to address a host based on a network prefix that is
advertised from a local network router. How is the prefix advertised?
A. routing table
B. router advertisements
C. routing protocol
D. routing type
Answer: B
Which statement describes what this command accomplishes when inside and outside
interfaces are correctly identified for NAT?
ip nat inside source static tcp 192.168.1.50 80 209.165.201.1 8080 extendable
A. It allows host 192.168.1.50 to access external websites using TCP port 8080.
B. It allows external clients coming from public IP 209.165.201.1 to connect to a web server
at 192.168.1.50.
C. It allows external clients to connect to a web server hosted on 192.168.1.50.
D. It represents an incorrect NAT configuration because it uses standard TCP ports.
Answer: C
Refer to the following configuration command.
router (config-line)# ntp master 10
Which statement about this command is true?
A. The router acts as an authoritative NTP clock and allows only 10 NTP client
connections.
B. The router acts as an authoritative NTP clock at stratum 10.
C. The router acts as an authoritative NTP clock with a priority number of 10.
D. The router acts as an authoritative NTP clock for 10 minutes only.
81

Answer: B
Which three benefits does the Cisco Easy Virtual Network provide to an enterprise
network? (Choose three.)
A. simplified Layer 3 network virtualization
B. improved shared services support
C. enhanced management, troubleshooting, and usability
D. reduced configuration and deployment time for dot1q trunking
E. increased network performance and throughput
F. decreased BGP neighbor configurations
Answer: A,B,C
Refer to the exhibit. The network setup is running the RIP routing protocol. Which two
events will occur following link failure between R2 and R3? (Choose two.)
A. R2 will advertise network 192.168.2.0/27 with a hop count of 16 to R1.

B. R2 will not send any advertisements and will remove route 192.168.2.0/27 from its
routing table.
C. R1 will reply to R2 with the advertisement for network 192.168.2.0/27 with a hop count
of 16.
D. After communication fails and after the hold-down timer expires, R1 will remove the
192.168.2.0/27 route from its routing table.
E. R3 will not accept any further updates from R2, due to the split-horizon loop prevention
mechanism.
82

Answer: A,C
Refer to the exhibit. Which statement is true?
A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.

B. The 10.0.0.0/8 network will not be advertised by Router B because the network
statement for the 10.0.0.0/8 network is missing from Router B.
C. The 10.0.0.0/8 network will not be in the routing table on Router B.
D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24
network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8
network.
E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Answer: E
Which outbound access list, applied to the WAN interface of a router, permits all traffic
except for http traffic sourced from the workstation with IP address 10.10.10.1?
A. ip access-list extended 200
deny tcp host 10.10.10.1 eq 80 any
83

permit ip any any
B. ip access-list extended 10
deny tcp host 10.10.10.1 any eq 80
permit ip any any
C. ip access-list extended NO_HTTP
D. ip access-list extended 100
permit ip any any
Answer: D
Refer to the exhibit. Which statement about the command output is true?
A. The router exports flow information to 10.10.10.1 on UDP port 5127.

B. The router receives flow information from 10.10.10.2 on UDP port 5127.
C. The router exports flow information to 10.10.10.1 on TCP port 5127.
D. The router receives flow information from 10.10.10.2 on TCP port 5127.
Answer: A
84

A company has their headquarters located in a large city with a T3 frame relay link that
connects 30 remote locations that each have T1 frame relay connections. Which
technology must be configured to prevent remote sites from getting overwhelmed with
traffic and prevent packet drops from the headquarters?
A. traffic shaping
B. IPsec VPN
C. GRE VPN
D. MPLS
Answer: A
Two aspects of an IP SLA operation can be tracked: state and reachability. Which
statement about state tracking is true?
A. When tracking state, an OK return code means that the track's state is up; any other
return code means that the track's state is down.
B. When tracking state, an OK or over threshold return code means that the track's state is
up; any other return code means that the track's state is down.
C. When tracking state, an OK return code means that the track's state is down; any other
return code means that the track's state is up.
D. When tracking state, an OK or over threshold return code means that the track's state is
down; any other return code means that the track's state is up.
Answer: A

A network engineer is trying to modify an existing active NAT configuration on an IOS
router by using the following command:
(config)# no ip nat pool dynamic-nat-pool 192.1.1.20 192.1.1.254 netmask 255.255.255.0
Upon entering the command on the IOS router, the following message is seen on the
console:
85

%Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot
destroy
What is the least impactful method that the engineer can use to modify the existing IP NAT
configuration?
A. Clear the IP NAT translations using the clear ip nat traffic * " command, then replace the
NAT configuration quickly, before any new NAT entries are populated into the translation
table due to active NAT traffic.
B. Clear the IP NAT translations using the clear ip nat translation * " command, then
replace the NAT configuration quickly, before any new NAT entries are populated into the
translation table due to active NAT traffic.
C. Clear the IP NAT translations using the reload command on the router, then replace the
D. Clear the IP NAT translations using the clear ip nat table * " command, then replace the
Answer: B

Which technology was originally developed for routers to handle fragmentation in the path
between end points?
A. PMTUD
B. MSS
C. windowing
D. TCP
E. global synchronization
Answer: A

In which two ways can NetFlow data be viewed? (Choose two.)
A. CLI
86

B. NetFlow
C. built-in GUI
D. syslog server interface
E. web interface
Answer: A,B

Refer to the exhibit. Which statement about the configuration is true?
A. 20 packets are being sent every 30 seconds.

B. The monitor starts at 12:05:00 a.m.
C. Jitter is being tested with TCP packets to port 65051.
D. The packets that are being sent use DSCP EF.
Answer: A

Refer to the exhibit. The command is executed while configuring a point-to-multipoint
Frame Relay interface. Which type of IPv6 address is portrayed in the exhibit?
A. link-local
B. site-local
87

C. global
D. multicast
Answer: A

How does an IOS router process a packet that should be switched by Cisco Express
Forwarding without an FIB entry?
A. by forwarding the packet
B. by dropping the packet
C. by creating a new FIB entry for the packet
D. by looking in the routing table for an alternate FIB entry
Answer: B

A network engineer is investigating the cause of a service disruption on a network segment
and executes the debug condition interface fastethernet f0/0 command. In which situation
is the debugging output generated?
A. when packets on the interface are received and the interface is operational
B. when packets on the interface are received and logging buffered is enabled
C. when packets on the interface are received and forwarded to a configured syslog server
D. when packets on the interface are received and the interface is shut down
Answer: A

A network engineer has configured a tracking object to monitor the reachability of IP SLA 1.
In order to update the next hop for the interesting traffic, which feature must be used in
conjunction with the newly created tracking object to manipulate the traffic flow as
required?
88

A. SNMP
B. PBR
C. IP SLA
D. SAA
E. ACLs
F. IGP
Answer: B

A network administrator is troubleshooting a DMVPN setup between the hub and the
spoke. Which action should the administrator take before troubleshooting the IPsec
configuration?
A. Verify the GRE tunnels.
B. Verify ISAKMP.
C. Verify NHRP.
D. Verify crypto maps.
Answer: A

Which statement is a restriction for PPPoE configuration?
A. Multiple PPPoE clients can use the same dialer interface.
B. Multiple PPPoE clients can use the same dialer pool.
C. A PPPoE session can be initiated only by the client.
D. A PPPoE session can be initiated only by the access concentrator.
Answer: C

Which three items can you track when you use two time stamps with IP SLAs? (Choose
three.)
89

A. delay
B. jitter
C. packet loss
D. load
E. throughput
F. path
Answer: A,B,C

What are the default timers for RIPng?
A. Update: 30 seconds Expire: 180 seconds Flush: 240 seconds
B. Update: 20 seconds Expire: 120 seconds Flush: 160 seconds
C. Update: 10 seconds Expire: 60 seconds Flush: 80 seconds
D. Update: 5 seconds Expire: 30 seconds Flush: 40 seconds
Answer: A

An engineer is asked to monitor the availability of the next-hop IP address of 172.16.201.25
every 3 seconds using an ICMP echo packet via an ICMP echo probe. Which two
commands accomplish this task? (Choose two.)
A. router(config-ip-sla)#icmp-echo 172.16.201.25 source-interface FastEthernet 0/0
B. router(config-ip-sla-echo)#timeout 3
C. router(config-ip-sla)#icmp-jitter 172.16.201.25 interval 100
D. router(config-ip-sla-echo)#frequency 3
E. router(config-ip-sla)#udp-echo 172.16.201.25 source-port 23
F. router(config-ip-sla-echo)#threshold 3
Answer: A,D

Which IPv6 address type is seen as the next-hop address in the output of the show ipv6 rip
90

RIPng database command?
A. link-local
B. global
C. site-local
D. anycast
E. multicast
Answer: A

The OSPF database of a router shows LSA types 1, 2, 3, and 7 only. Which type of area is
this router connected to?
A. stub area
B. totally stubby area
C. backbone area
D. not-so-stubby area
Answer: D

If the total bandwidth is 64 kbps and the RTT is 3 seconds, what is the bandwidth delay
product?
A. 8,000 bytes
B. 16,000 bytes
C. 24,000 bytes
D. 32,000 bytes
E. 62,000 bytes
Answer: C
91

On which two types of interface is Frame Relay switching supported? (Choose two.)
A. serial interfaces
B. Ethernet interfaces
C. fiber interfaces
D. ISDN interfaces
E. auxiliary interfaces
Answer: A,D

A network engineer is considering enabling load balancing with EIGRP. Which
consideration should be analyzed?
A. EIGRP allows a maximum of four paths across for load balancing traffic.
B. By default, EIGRP uses a default variance of 2 for load balancing.
C. EIGRP unequal path load balancing can result in routing loops.
D. By default, EIGRP performs equal cost load balancing at least across four equal cost
paths.
Answer: D

A network engineer has set up VRF-Lite on two routers where all the interfaces are in the
same VRF. At a later time, a new loopback is added to Router 1, but it cannot ping any of
the existing interfaces. Which two configurations enable the local or remote router to ping
the loopback from any existing interface? (Choose two.)
A. adding a static route for the VRF that points to the global route table
B. adding the loopback to the VRF
C. adding dynamic routing between the two routers and advertising the loopback
D. adding the IP address of the loopback to the export route targets for the VRF
E. adding a static route for the VRF that points to the loopback interface
F. adding all interfaces to the global and VRF routing tables
Answer: A,B
92

Which two routing protocols are supported by Easy Virtual Network? (Choose two.)
A. RIPv2
B. OSPFv2
C. BGP
D. EIGRP
E. IS-IS
Answer: B,D

Which statement is true?
A. RADIUS uses TCP, and TACACS+ uses UDP.
B. RADIUS encrypts the entire body of the packet.
C. TACACS+ encrypts only the password portion of a packet.
D. TACACS+ separates authentication and authorization.
Answer: D

Which Cisco VPN technology uses AAA to implement group policies and authorization and
is also used for the XAUTH authentication method?
A. DMVPN
B. Cisco Easy VPN
C. GETVPN
D. GREVPN
Answer: B
93

Which statement about dual stack is true?
A. Dual stack translates IPv6 addresses to IPv4 addresses.
B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel.
C. Dual stack translates IPv4 addresses to IPv6 addresses.
D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically.
Answer: B

Which option prevents routing updates from being sent to the DHCP router, while still
allowing routing update messages to flow to the Internet router and the distribution
switches?
A. DHCP(config-router)# passive-interface default DHCP(config-router)# no passiveinterface Gi1/0 Internet(config-router)# passive-interface Gi0/1 Internet (config-router)#
passive-interface Gi0/2
B. Core(config-router)# passive-interface Gi0/0 Core(config-router)# passive-interface
Gi3/1 Core(config-router)# passive-interface Gi3/2 DHCP(config-router)# no passiveinterface Gi1/0
94

C. Core(config-router)# passive-interface default Core(config-router)# no passive-interface
Gi0/0 Core(config-router)# no passive-interface Gi3/1 Core(config-router)# no passiveinterface Gi3/2
D. Internet(config-router)# passive-interface default Core(config-router)# passive-interface
default DSW1(config-router)# passive-interface default DSW2(config-router)# passiveinterface default
Answer: C

Which type of BGP AS number is 64591?
A. a private AS number
B. a public AS number
C. a private 4-byte AS number
D. a public 4-byte AS number
Answer: A

Which command allows hosts that are connected to FastEthernet0/2 to access the
95

Internet?
A. ip nat inside source list 10 interface FastEthernet0/1 overload
B. ip nat outside source static 209.165.200.225 10.10.10.0 overload
C. ip nat inside source list 10 interface FastEthernet0/2 overload
D. ip nat outside source list 10 interface FastEthernet0/2 overload
Answer: A

Refer to the exhibit. After configuring GRE between two routers running OSPF that are
connected to each other via a WAN link, a network engineer notices that the two routers
cannot establish the GRE tunnel to begin the exchange of routing updates. What is the
reason for this?
A. Either a firewall between the two routers or an ACL on the router is blocking IP protocol
number 47.
B. Either a firewall between the two routers or an ACL on the router is blocking UDP 57.
C. Either a firewall between the two routers or an ACL on the router is blocking TCP 47.
D. Either a firewall between the two routers or an ACL on the router is blocking IP protocol
number 57.
Answer: A

Which parameter in an SNMPv3 configuration offers authentication and encryption?
96

A. auth
B. noauth
C. priv
D. secret
Answer: C

Which protocol is used in a DMVPN network to map physical IP addresses to logical IP
addresses?
A. BGP
B. LLDP
C. EIGRP
D. NHRP
Answer: D

What is the purpose of the route-target command?
A. It extends the IP address to identify which VRF instance it belongs to.
B. It enables multicast distribution for VRF-Lite setups to enhance IGP routing protocol
capabilities.
C. It manages the import and export of routes between two or more VRF instances.
D. It enables multicast distribution for VRF-Lite setups to enhance EGP routing protocol
capabilities.
Answer: C

A route map uses an ACL, if the required matching is based on which criteria?
A. addressing information
97

B. route types
C. AS paths
D. metrics
Answer: A

To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security
level. What effect does this action have on the SNMP messages?
A. They become unauthenticated and unencrypted.
B. They become authenticated and unencrypted.
C. They become authenticated and encrypted.
D. They become unauthenticated and encrypted.
Answer: B

The enterprise network WAN link has been receiving several denial of service attacks from
both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet
via its header, in order to filter future attacks? (Choose three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
Answer: A,C,D

Which two authentication protocols does PPP support? (Choose two.)
98

A. WAP
B. PAP
C. CHAP
D. EAP
E. RADIUS
Answer: B,C
Question No : 134 DRAG DROP - (Topic 7)

Drag and drop the IPv6 NAT characteristic from the left to the matching IPv6 NAT category
on the right.
Answer:

Drag and drop the BGP states from the left to the matching definitions on the right.
99
Answer:

100

Which technology can be employed to automatically detect a WAN primary link failure and
failover to the secondary link?
A. HSRP
B. VRRP
C. IP SLA
D. multicast
Answer: C

What is the primary service that is provided when you implement Cisco Easy Virtual
Network?
A. It requires and enhances the use of VRF-Lite.
B. It reduces the need for common services separation.
C. It allows for traffic separation and improved network efficiency.
D. It introduces multi-VRF and label-prone network segmentation.
Answer: C

Which two statements indicate a valid association mode for NTP synchronization? (Choose
two.)
A. The client polls NTP servers for time.
B. The client broadcasts NTP requests.
C. The client listens to NTP broadcasts.
D. The client creates a VPN tunnel to an NTP server.
E. The client multicasts NTP requests.
Answer: A,C
101

Drag and drop the Cisco Express Forwarding adjacency types from the left to the correct
type of processing on the right.
Answer:

102

Refer to the exhibit. The DHCP client is unable to receive a DHCP address from the DHCP
server. Consider the following output:
hostname RouterB
!
interface fastethernet 0/0
ip address 172.31.1.1 255.255.255.0
interface serial 0/0
ip address 10.1.1.1 255.255.255.252
!
ip route 172.16.1.0 255.255.255.0 10.1.1.2
Which configuration is required on the Router B fastethernet 0/0 port in order to allow the
DHCP client to successfully receive an IP address from the DHCP server?
A. RouterB(config-if)# ip helper-address 172.16.1.2

B. RouterB(config-if)# ip helper-address 172.16.1.1
C. RouterB(config-if)# ip helper-address 172.31.1.1
D. RouterB(config-if)# ip helper-address 255.255.255.255
Answer: A

103

Various employees in the same department report to the network engineer about slowness
in the network connectivity to the Internet. They are also having latency issues
communicating to the network drives of various departments. Upon monitoring, the
engineer finds traffic flood in the network. Which option is the problem?
A. network outage
B. network switching loop
C. router configuration issue
D. wrong proxy configured
Answer: B

Which option prevents routing updates from being sent to the access layer switches?
A. DWS1(config-router)# passive-interface default DWS2(config-router)# passive-interface
default
B. ALS1(config-router)# passive-interface default ALS2(config-router)# passive-interface
default
C. DWS1(config-router)# passive-interface gi1/1 DWS1(config-router)# passive-interface
104

gi1/2 DWS2(config-router)# passive-interface gi1/1 DWS2(config-router)# passive-interface
gi1/2
D. ALS1(config-router)# passive-interface gi0/1 ALS1(config-router)# passive-interface
gi0/2 ALS2(config-router)# passive-interface gi0/1 ALS2(config-router)# passive-interface
gi0/2
Answer: C

Which option represents the minimal configuration that allows inbound traffic from the
172.16.1.0/24 network to successfully enter router R, while also limiting spoofed 10.0.0.0/8
hosts that could enter router R?
A. (config)#ip cef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx allow-default
B. (config)#ip cef
(config-if)#ip verify unicast source reachable-via rx
C. (config)#no ip cef
(config-if)#ip verify unicast source reachable-via rx
D. (config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via any
Answer: A

105

Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel
interface on the hub, to support multiple connections from multiple spoke devices?
A. DMVPN
B. GETVPN
C. Cisco Easy VPN
D. FlexVPN
Answer: A

Which option is invalid when configuring Unicast Reverse Path Forwarding?
A. allow self ping to router
B. allow default route
C. allow based on ACL match
D. source reachable via both
Answer: D

Which statement about the configuration is true?

A. This configuration is incorrect because the MTU must match the ppp-max-payload that
106

is defined.
B. This configuration is incorrect because the dialer interface number must be the same as
the dialer pool number.
C. This configuration is missing an IP address on the dialer interface.
D. This configuration represents a complete PPPoE client configuration on an Ethernet
connection.
Answer: D

An engineer executes the ip flow ingress command in interface configuration mode. What
is the result of this action?
A. It enables the collection of IP flow samples arriving to the interface.
B. It enables the collection of IP flow samples leaving the interface.
C. It enables IP flow while disabling IP CEF on the interface.
D. It enables IP flow collection on the physical interface and its subinterfaces.
Answer: A

Which statement about the NPTv6 protocol is true?
A. It is used to translate IPv4 prefixes to IPv6 prefixes.
B. It is used to translate an IPv6 address prefix to another IPv6 prefix.
C. It is used to translate IPv6 prefixes to IPv4 subnets with appropriate masks.
D. It is used to translate IPv4 addresses to IPv6 link-local addresses.
Answer: B

Which traffic characteristic is the reason that UDP traffic that carries voice and video is
assigned to the queue only on a link that is at least 768 kbps?
107

A. typically is not fragmented
B. typically is fragmented
C. causes windowing
D. causes excessive delays for video traffic
Answer: A

Refer to the exhibit. When summarizing these routes, which route is the summarized
route?
A. OI 2001:DB8::/48 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0

B. OI 2001:DB8::/24 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
C. OI 2001:DB8::/32 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
D. OI 2001:DB8::/64 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
Answer: A
108

300-101 CCNP Route Exam Questions

Uploaded by

Copyright:

Available Formats

300-101 CCNP Route Exam Questions

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

300-101 CCNP Route Exam Questions

Uploaded by

Copyright:

Available Formats

s@lm@n

[ Total Questions: 150 ]

Cisco 300-101 : Practice Test

Topic 1: Network Principles

Topic 2: Layer 2 Technologies

Topic 3: Layer 3 Technologies

Topic 4: VPN Technologies

Topic 5: Infrastructure Security

Topic 6: Infrastructure Services

Topic 7: Mix Questions

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

Cisco 300-101 : Practice Test

Based on this FIB table, which statement is correct?

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

Topic 2, Layer 2 Technologies

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

Topic 3, Layer 3 Technologies

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

What type of route filtering is occurring on R6

A. Distribute-list using an ACL

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

Which one statement is true?

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

What percent of R1s interfaces bandwidth is EIGRP allowed to use?

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test

A Composite Solution With Just One Click - Certification Guaranteed

Cisco 300-101 : Practice Test