Q21. Which two statements are true about unicast RPF? (Choose two.)
A. Unicast RPF requires CEF to be enabled.
B. Unicast RPF strict mode works better with multihomed networks.
C. Unicast RPF strict mode supports symmetric paths.
D. Unicast RPF strict mode supports asymmetric paths.
E. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance.
Answer: A,C
Explanation:
Unicast RPF requires Cisco express forwarding (CEF) to function properly on the router.
Strict Versus Loose Checking Mode
The Unicast RPF in Strict Mode feature filters ingress IPv4 traffic in strict checking mode and forwards packets only if the following conditions are satisfied.
. An IPv4 packet must be received at an interface with the best return path (route) to the packet source (a process called symmetric routing). There must be a route in the Forwarding Information Base (FIB) that matches the route to the receiving interface. Adding a route in the FIB can be done via static route, network statement, or dynamic routing.
. IPv4 source addresses at the receiving interface must match the routing entry for the interface.
References:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf. html
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html
Q22. Refer to the exhibit.
What is the PHB class on this flow?
A. EF
B. none
C. AF21
D. CS4
Answer: D
Explanation:
This command shows the TOS value in hex, which is 80 in this case. The following chart shows some common DSCP/PHB Class values:
Service
DSCP value
TOS value
Juniper Alias
TOS hexadecimal
DSCP - TOS Binary
Premium IP
46
184
ef
B8
101110 - 101110xx
LBE
8
32
cs1
20
001000 - 001000xx
DWS
32
128
cs4
80
100000 - 100000xx
Network control
48
192
cs6
c0
110000 - 110000xx
Network control 2
56
224
cs7
e0
111000 - 111000xx
Reference: http://www.tucny.com/Home/dscp-tos
Q23. Which set of commands conditionally advertises 172.16.0.0/24 as long as 10.10.10.10/32 is in the routing table?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Explanation:
Advertise maps are used for conditional routing to advertise specified prefixes if something which is specified in exist map exists. In our question we need to advertise 172.16.0.0/24 if 10.10.10.10/32 exists in the routing table so we have to use commanD. “neighbor x.x.x.x advertise-map <prefix-list of 172.16.0.0/24> exist-map <prefix-list of 10.10.10.10/32>”. Therefore B is correct.
Q24. DRAG DROP
Drag and drop the BGP attribute on the left to the correct category on the right.
Answer:
Q25. Which BGP aggregate address configuration advertises only the aggregate address, with attributes inherited from the more specific routes?
A. summary-only as-set
B. as-set
C. summary
D. summary-only
Answer: A
Explanation:
Example:
router bgp 300
neighbor 2.2.2.2 remote-as 100
neighbor 3.3.3.3 remote-as 200
neighbor 4.4.4.4 remote-as 400
aggregate-address 160.0.0.0 255.0.0.0 summary-only as-set
!--- With the as-set configuration command, the aggregate
!--- inherits the attributes of the more-specific routes.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5441-aggregation.html
Q26. DRAG DROP
Drag and drop the BGP attribute on the left to the correct category on the right.
Answer:
Q27. Which option is the default point of insertion for the BGP cost community?
A. before best path calculation
B. after best path calculation
C. after the IGP metric comparison
D. after the router ID comparison
Answer: C
Q28. Which two statements about the default router settings for SSH connections are true? (Choose two.)
A. The default timeout value for the SSH negotiation phase is 120 seconds.
B. Data is exchanged in clear text by default unless AAA authentication is enabled on the console.
C. The default number of authentication retries is 3.
D. SSH is enabled by default when you configure the username command.
Answer: A,C
Explanation:
ip ssh {timeout seconds | authentication-retries number}
Configures the SSH control parameters:
. Specify the time-out value in seconds; the default is 120 seconds. The range is 0 to 120 seconds. This parameter applies to the SSH negotiation phase. After the connection is established, the Switch uses the default time-out values of the CLI-based sessions. By default, up to five simultaneous, encrypted SSH connections for multiple CLI-based sessions over the network are available (session 0 to session 4). After the execution shell starts, the CLI-based session time-out value returns to the default of 10 minutes.
. Specify the number of times that a client can re-authenticate to the server. The default is 3; the range is 0 to 5.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/secur ity/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01000.html
Q29. Which three options are three benefits of an MPLS VPN? (Choose three.)
A. It allows IP address space overlap by maintaining customer routes in a private routing table.
B. It offers additional security by preventing intrusions directly into the customer routing table.
C. It offers a transparent virtual network in which all customer sites appear on one LAN.
D. It offers additional security by allowing only dynamic routing protocols between CE and PE routers.
E. It allows IP address space overlap by maintaining customer routes in the global routing table with unique BGP communities.
F. Providers can send only a default route for Internet access into the customer VPN.
Answer: A,B,C
Q30. Which two statements about redistribution are true? (Choose two.)
A. When BGP traffic is redistributed into OSPF, the metric is set to 1 unless the metric is defined.
B. When EIGRP routes on a CE are redistributed through a PE into BGP, the Cost Community POI is set automatically.
C. When OSPF traffic is redistributed into BGP, internal and external routes are redistributed.
D. When BGP traffic is redistributed into OSPF, eBGP and iBGP routes are advertised.
E. iBGP routes automatically redistribute into the IGP if the routes are in the routing table.
F. When EIGRP traffic is redistributed into BGP, a default metric is required.
Answer: A,B