Exam Code: ccnp dumps 300 101 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco IP Routing
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass ccnp routing and switching route 300 101 Exam.
Q17. To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security level. What effect does this action have on the SNMP messages?
A. They become unauthenticated and unencrypted.
B. They become authenticated and unencrypted.
C. They become authenticated and encrypted.
D. They become unauthenticated and encrypted.
Answer: B
Explanation:
Q18. Which common issue causes intermittent DMVPN tunnel flaps?
A. a routing neighbor reachability issue
B. a suboptimal routing table
C. interface bandwidth congestion
D. that the GRE tunnel to hub router is not encrypted
Answer: A
Explanation:
DMVPN Tunnel Flaps Intermittently Problem DMVPN tunnel flaps intermittently. Solution
When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship
formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make
sure the neighborship between the routers is always up. Reference: http://www.cisco.com/c/en/us/support/
docs/security-vpn/ipsec-negotiation-ike- protocols/29240-dcmvpn.html#Prblm1
Q19. A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration?
A. Verify the GRE tunnels.
B. Verify ISAKMP.
C. Verify NHRP.
D. Verify crypto maps.
Answer: A
Explanation:
Q20. Which two methods of deployment can you use when implementing NAT64? (Choose two.)
A. stateless
B. stateful
C. manual
D. automatic
E. static
F. functional
G. dynamic
Answer: A,B
Explanation:
While stateful and stateless NAT64 perform the task of translating IPv4 packets into IPv6 packets and vice
versa, there are important differences. The following
table provides a high-level overview of the most relevant differences.
Table 2. Differences Between Stateless NAT64 and Stateful NAT64
Stateless NAT64 Stateful NAT64
1:1 translation 1:N translation
No conservation of IPv4 address Conserves IPv4 address
Assures end-to-end address Uses address overloading, hence transparency and scalability lacks in endto-
end address transparency
No state or bindings created on the State or bindings are created on every translation unique translation
Requires IPv4-translatable IPv6 No requirement on the nature of IPv6 addresses assignment (mandatory
address assignment requirement)
Requires either manual or DHCPv6 Free to choose any mode of IPv6 based address assignment for IPv6
address assignment viz. Manual, hosts DHCPv6, SLAAC Reference: http://www.cisco.com/c/en/us/
products/collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676277.html
Q21. Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this?
A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched.
B. A packet that matches access-list with the "log" keyword is fast switched.
C. A packet that matches access-list with the "log" keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.
Answer: C
Explanation:
Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the
network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can
negatively affect other functions of the network device. There are two primary factors that contribute to the
CPU load increase from ACL logging: process switching of packets that match log-enabled access control
entries (ACEs) and the generation and transmission of log messages. Reference: http://www.cisco.com/
web/about/security/intelligence/acl-logging.html#4
Q22. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
Areas of Router 5 and 6 are not normal areas, inspect their routing tables and determine which statement is true?
A. R5's Loopback and R6's Loopback are both present in R5's Routing table
B. R5's Loopback and R6's Loopback are both present in R6's Routing table
C. Only R5's loopback is present in R5's Routing table
D. Only R6's loopback is present in R5's Routing table
E. Only R5's loopback is present in R6's Routing table
Answer: A
Explanation:
Topic 4, VPN Technologies
45. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Answer: A
Explanation:
The configuration of mGRE allows a tunnel to have multiple destinations. The configuration of
mGRE on one side of a tunnel does not have any relation to the tunnel properties that might exist tunnel
source Serial0/0 tunnel mode gre multipoint
B. interface fa0/0 bandwidth 1536 ip address 209.165.200.230 255.255.255.224 tunnel mode gre
multipoint
C. interface Tunnel0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source
209.165.201.1 tunnel-mode dynamic
D. interface fa 0/0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source
192.168.161.2 tunnel destination 209.165.201.1 tunnel-mode dynamic
Answer: A Explanation: The configuration of mGRE allows a tunnel to have multiple destinations. The
configuration of mGRE on one side of a tunnel does not have any relation to the tunnel properties that
might exist at the exit points. This means that an mGRE tunnel on the hub may connect to a p2p tunnel on
the branch. Conversely, a p2p GRE tunnel may connect to an mGRE tunnel. The distinguishing feature
between an mGRE interface and a p2p GRE interface is the tunnel destination. An mGRE interface does
not have a configured destination. Instead the GRE tunnel is configured with the command tunnel mode
gre multipoint. This command is used instead of the tunnel destination x.x.x.x found with p2p GRE tunnels.
Besides allowing for multiple destinations, an mGRE tunnel requires NHRP to resolve the tunnel
endpoints. Note, tunnel interfaces by default are point-to-point (p-p) using GRE encapsulation, effectively they have the tunnel mode gre command, which is not seen in the configuration because it is the default.
The mGRE configuration is as follows: ! interface Tunnel0 bandwidth 1536 ip address 10.62.1.10
255.255.255.0 tunnel source Serial0/0 tunnel mode gre multipoint Reference: http://www.cisco.com/c/en/
us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVP N_2_Phase2.html
Q23. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q24. You have been asked to evaluate how EIGRP is functioning in a customer network.
What percent of R1’s interfaces bandwidth is EIGRP allowed to use?
A. 10
B. 20
C. 30
D. 40
Answer: B
Explanation: