Q251. DRAG DROP
Drag and drop the protocol on the left to the corresponding administrative distance on the right.
Answer:
Q252. Which command correctly configures standby tracking for group 1 using the default decrement priority value?
A. standby 1 track 100
B. standby 1 track 100 decrement 1
C. standby 1 track 100 decrement 5
D. standby 1 track 100 decrement 20
Answer: A
Q253. Which two options are disadvantages of a commingled dual-tier WAN rate-based Ethernet circuit? (Choose two.)
A. It requires the maintenance of separate chassis.
B. It has limited scalability.
C. It requires additional CPU resources at the subscriber end.
D. It is more difficult to secure.
E. It can increase the likelihood of packet drops.
Answer: A,E
Q254. Which two improvements do SIA-Query and SIA-Reply messages add to EIGRP? (Choose two.)
A. Stuck-in-active conditions are solved faster.
B. They prevent a route from going into the stuck-in-active state.
C. They help in the localization of the real failure in the network.
D. The EIGRP adjacency between two neighbors never goes down.
Answer: A,C
Q255. DRAG DROP
Drag each show command on the left to the description of its output on a PE router on the right.
Answer:
Q256. Which problem can result when private AS numbers are included in advertisements that are sent to the global Internet BGP table?
A. The prefixes sent with private AS numbers are always discarded on the Internet.
B. The prefixes sent with private AS numbers are always tagged as invalid on the Internet.
C. The prefixes sent with private AS numbers lack uniqueness, which can lead to a loss of connectivity.
D. The prefixes sent with private AS numbers are sometimes tagged as invalid on the Internet.
Answer: C
Explanation:
Private AS numbers are not meant to be used for global Internet BGP routing, as they are assigned locally and can be used by any organization. They are meant to enable BGP within a enterprise or VPN, but since these numbers can be used by any organization they are not unique and could cause connectivity loss if leaked to the Internet.
Q257. Refer to the exhibit.
What is the meaning of the asterisk (*) in the output?
A. PIM neighbor 10.1.5.6 is the RPF neighbor for the group 232.1.1.1 for the shared tree.
B. PIM neighbor 10.1.5.6 is the one that is seen as the RPF neighbor when performing the command show ip rpf 10.1.4.7.
C. PIM neighbor 10.1.5.6 is the winner of an assert mechanism.
D. The RPF neighbor 10.1.5.6 is invalid.
Answer: C
Explanation:
show ip mroute
Field
Descriptions
Field Description
RPF neighbor or RPF nbr
IP address of the upstream router to the source. Tunneling indicates that this router is sending data to the RP encapsulated in register packets.
The hexadecimal number in parentheses indicates to which RP it is registering. Each bit indicates a different RP if multiple RPs per group are used. If an asterisk (*) appears after the IP address in this field, the RPF neighbor has been learned through an assert.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ipmulti/command/reference/fiprmc_r/1rfmult 3.html
Q258. Which three values can you use to configure an ERSPAN destination session? (Choose three.)
A. VLAN ID
B. source IP address
C. destination IP address
D. ID number
E. VRF
F. session name
Answer: B,D,E
Q259. DRAG DROP
Drag and drop each description of IPv6 transition technology on the left to the matching IPv6 transition technology category on the right.
Answer:
Q260. Which two statements about the ipv6 ospf authentication command are true? (Choose two.)
A. The command is required if you implement the IPsec AH header.
B. The command configures an SPI.
C. The command is required if you implement the IPsec TLV.
D. The command can be used in conjunction with the SPI authentication algorithm.
E. The command must be configured under the OSPFv3 process.
Answer: A,B
Explanation:
OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3. In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3. To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP header, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host. To configure IPsec, you configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, you should configure a different policy on each interface configured with IPsec. If you configure IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to you.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-15-sy-book/ip6-route-ospfv3-auth-ipsec.html