Downloadable of 300 101 route pdf download materials and software for Cisco certification for consumer, Real Success Guaranteed with Updated ccnp routing and switching route 300 101 official cert guide pdf dumps vce Materials. 100% PASS Implementing Cisco IP Routing exam Today!
Q21. Which statement about the use of tunneling to migrate to IPv6 is true?
A. Tunneling is less secure than dual stack or translation.
B. Tunneling is more difficult to configure than dual stack or translation.
C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts.
D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses.
Answer: C
Explanation:
Using the tunneling option, organizations build an overlay network that tunnels one protocol over the other
by encapsulating IPv6 packets within IPv4 packets and IPv4 packets within IPv6 packets. The advantage of this approach is that the new protocol can work without disturbing the old protocol, thus providing connectivity between users of the new protocol. Tunneling has two disadvantages, as discussed in RFC 6144: Users of the new architecture cannot use the services of the underlying infrastructure.
Tunneling does not enable users of the new protocol to communicate with users of the old protocol without
dual-stack hosts, which negates interoperability.
Reference: http://www.cisco.com/c/en/us/products/
collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html
Q22. For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?
A. The traffic filter is blocking all ICMPv6 traffic.
B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.
C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.
D. IPv6 traffic filtering can be implemented only on SVIs.
Answer: C
Explanation:
OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features, so if any IPv6 traffic
filters are implemented be sure to include the link local address so that it is permitted in the filter list.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/unicast/configuration/
guide/l3_cli_nxos/l3_ospfv3.html
Q23. The following configuration is applied to a router at a branch site:
ipv6 dhcp pool dhcp-pool
dns-server 2001:DB8:1:B::1
dns-server 2001:DB8:3:307C::42
domain-name example.com
!
If IPv6 is configured with default settings on all interfaces on the router, which two dynamic IPv6 addressing mechanisms could you use on end hosts to provide end-to-end connectivity? (Choose two.)
A. EUI-64
B. SLAAC
C. DHCPv6
D. BOOTP
Answer: A,B
Explanation:
Q24. How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry?
A. by forwarding the packet
B. by dropping the packet
C. by creating a new FIB entry for the packet
D. by looking in the routing table for an alternate FIB entry
Answer: B
Explanation:
Q25. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?
A. username
B. password
C. community-string
D. encryption-key
Answer: A
Explanation:
The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security
levels exits: "noAuthNoPriv" (no authentiation and no encryption noauth keyword in CLI),
"AuthNoPriv" (messages are authenticated but not encrypted auth keyword in CLI), "AuthPriv" (messages
are authenticated and encrypted priv keyword in CLI). SNMPv1 and SNMPv2 models only support the
"noAuthNoPriv" model since they use plain community string to match the incoming packets. The SNMPv3
implementations could be configured to use either of the models on per-group basis (in case if
"noAuthNoPriv" is configured, username serves as a replacement for community string). Reference: http://
blog.ine.com/2008/07/19/snmpv3-tutorial/
Q26. A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. router-advertisement
C. neighbor-solicitation
D. redirect
Answer: B
Explanation:
Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled
interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin
the process by generating a link-local address for the interface. It is formed by appending the interface
identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of
the link-local prefix. Before the link-local address can be assigned to the interface, the node performs the
Duplicate Address Detection mechanism to see if any other node is using the same link-local address on
the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative"
address and destination address as the solicited-node multicast address corresponding to this tentative
address. If a node responds with a Neighbor Advertisement message with tentative address as the target
address, the address is a duplicate address and must not be used. Hence, manual configuration is
required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local
address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The
autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The
routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.
The next phase involves obtaining Router Advertisements from routers if any routers are present on the
link. If no routers are present, a stateful configuration is required. If routers are present, the Router
Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global
unicast IPv6 address. Reference: https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/
ipv6-stateless- autoconfiguration
Q27. Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.)
A. IP address
B. routing table
C. forwarding table
D. access control lists
E. NetFlow configuration
Answer: A,B,C
Explanation:
A trunk interface can carry traffic for multiple EVNs. To simplify the configuration process, all
the subinterfaces and associated EVNs have the same IP address assigned. In other words, the trunk
interface is identified by the same IP address in different EVN contexts. This is accomplished as a result of
each EVN having a unique routing and forwarding table, thereby enabling support for overlapping IP
addresses across multiple EVNs. Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/evn/
configuration/xe-3sg/evn- overview.pdf
Q28. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q29. A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?
A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP
Answer: D
Explanation:
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on
an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the
remote device. The CHAP packet requests or "challenges" the remote device to respond. The challenge
packet consists of an ID, a random number, and the host name of the local router. When the remote device
receives the challenge packet, it concatenates the ID, the remote device's password, and the random
number, and then encrypts all of it using the remote device's password. The remote device sends the
results back to the access server, along with the name associated with the password used in the
encryption process. When the access server receives the response, it uses the name it received to retrieve
a password stored in its user database. The retrieved password should be the same password the remote
device used in its encryption process. The access server then encrypts the concatenated information with
the newly retrieved password--if the result matches the result sent in the response packet, authentication
succeeds. The benefit of using CHAP authentication is that the remote device's password is never
transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access
to the ISP's network. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/
guide/fsecur_c/scfathen.ht ml
Q30. Refer to the exhibit. The network setup is running the RIP routing protocol. Which two events will occur following link failure between R2 and R3? (Choose two.)
A. R2 will advertise network 192.168.2.0/27 with a hop count of 16 to R1.
B. R2 will not send any advertisements and will remove route 192.168.2.0/27 from its routing table.
C. R1 will reply to R2 with the advertisement for network 192.168.2.0/27 with a hop count of 16.
D. After communication fails and after the hold-down timer expires, R1 will remove the 192.168.2.0/27 route from its routing table.
E. R3 will not accept any further updates from R2, due to the split-horizon loop prevention mechanism.
Answer: A,C
Explanation: