You are on page 1of 108

CCNP TSHOOT IPHelper - September 2018

Number: 300-135
Passing Score: 846
Time Limit: 120 min
File Version: 1.0

300-135 - Troubleshooting and Maintaining Cisco IP Networks (TSHOOT)


Updated - September 2018 by IPHELPER

Multiple Choice Questions / Drag and Drops / Simlet / Simulation Labs ONLY!
(NO TSHOOT TICKETS)
Exam A - MCQs-D&Ds - Nov 2017
Exam B - MCQs-D&Ds - April 2018
Exam C - MCQs-D&Ds - May 2018
Exam D - MCQs-D&Ds - June 2018
Exam E - MCQs-D&Ds - July 2018
Exam F - MCQs-D&Ds - July-August 2018
Exam G - MCQs-D&Ds - September 2018
Exam H - Simlet - HSRP
Exam I - Simulation Labs
MCQs-D&Ds - Nov 2017

QUESTION 1
Drag and Drop - Mandatory and Optional GRE Headers

Which fields are mandatory and optional in a GRE header?

Select and Place:


Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Mandatory: Protocol Type,Reserved0, Version
Optional: Checksum, Key, Sequence Number

QUESTION 2
Drag and Drop - Standard and Extended GRE Tunnel Header

Which one is standard and which one is extended?

Select and Place:


Correct Answer:

Section: (none)
Explanation

Explanation/Reference:
Standard Header: Checksum, Protocol Type, Reserved0, Version
Extended Header: Key, Sequence Number
QUESTION 3
Which three IP header option fields can you modify in an extended ping? (Choose three.)

A. Value
B. Strict
C. Record
D. Timestamp
E. Timeout

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Select valid type of tunnels mode (Choose four.)

A. GRE
B. 6to4
C. ISATAP
D. NHRP
E. IPv6IP
F. mGRE

Correct Answer: ABCE


Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
Drag and Drop - Debug and Show Commands
Associate debug and show commands with what they do. Not all options will be used. (7 options)

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
debug ip mpacket <-> multicast packet
debug standby errors<-> HSRP issues
debug ip packet <-> All IPv4 information
debug ipv6 packet <-> All IPv6 information
debug vlan <-> 802.1q troubleshoot
debug ip cef <-> hardware forwarding

QUESTION 6
Drag and Drop - Extended Traceroute

What extended tracroute troubleshooting functions?

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Probe count <-> limits the number of traceroute
Port Number <-> troubleshoot TCP and UDP port
Source address <-> troubleshoot connections generated from specific interface
Max TTL <-> limits the number of hops a packet travel
Type of Service <-> troubleshoot QoS issues

QUESTION 7
Which three keywords are supported in the IP header option? (Choose three.)
A. Timeout
B. Type of service
C. Validate
D. Timestamp
E. Record
F. Strict

Correct Answer: DEF


Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Drag and Drop - Valid Tunnel Types

Drag and drop the correct tunnel types in the right order. Not all options will be used.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Sequence 1 - 6to4
Sequence 2 - GRE IP
Sequence 3 - IPv6 IP
Sequence 4 - ISATAP
MCQs-D&Ds - April 2018

QUESTION 1
In which troubleshooting approach you start troubleshooting from middle of OSI layer stack and then either go up or down layer for further troubleshooting?

A. Bottom-up
B. Top-down
C. Divide-and-conquer
D. Follow-the-path

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which two things should you check while troubleshooting uRPF? (Choose two)

A. uRPF enabled on interface


B. uRPF enabled global
C. CEF disabled
D. CEF enabled global
E. Strict or loose mode configured global

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Which access-list allows SSH access from network 10.10.15.0/24?
A. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 21
B. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 23
C. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 22
D. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 25

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Drag and Drop

Securing the control plane on R1 connected via SSH to the network 10.10.0.0/16. You should choose the right answers and place them in the right
configuring order. Not all options will be used.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Sequence 1
access-list X permit tcp 10.10.0.0/16 eq 22 any estab
access-list X permit tcp 10.10.0.0/16 any eq 22

Sequence 2
class-map match-all SSH
match access-group X

Sequence 3
Policy Y
Class SSH

Sequence 4
Control plane
service-policy input Y

QUESTION 5
What two statements could be the reason for GRE Tunnel interface in up/down state? (Choose two.)

A. GRE tunnel mode is set to transport mode.


B. Tunnel source is in down state.
C. Route to tunnel destination points to tunnel interface itself.
D. ???
E. ???

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Which two are valid AAA authentications methods? (Choose two.)

A. Line
B. Krb6
C. LDAP
D. Local
E. Blowfish

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Refer to the exhibit. Which two commands are required to setup GRE tunnel between R2 & R3? (Choose two.)

A. R2:
interface tunnel 1
ip address 10.1.1.1 255.255.255.252
tunnel source 192.168.1.1
tunnel destination 192.168.2.3
B. R3:
interface tunnel 1
ip address 10.1.1.2 255.255.255.252
tunnel source 192.168.2.3
tunnel destination 192.168.1.1
C. ???
D. ???
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
QUESTION 8
While troubleshooting you noticed *** as output of traceroute command. What is the reason for that?

A. Probe is timed out.


B. ???
C. ???
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Drag and Drop - MPP

Drag and drop the correct MPP commands in the right configuration order.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Sequence 1:-
access-list 125 permit tcp x x eq 22 established
access-list 125 permit tcp x x eq 22

Sequence 2:-
class-map yyy
match acceess-group 125
Sequence 3:-
policy-map zzzz
class yyy

Sequence 4:-
control-plane
service policy input zzzz

QUESTION 10
Drag and Drop - Valid Debug Commands

Question about four valid debug commands on a switch. Not all options will be used. (Choose four.)

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
=Answer=
1. debug glbp errors
2. debug ip igmp snooping
3. debug ip interface route-cache
4. debug spanning-tree mstp init

QUESTION 11
Drag and Drop - Monitoring GRE Packets

Choose and place in the right order headers when monitoring GRE packet. Not all options will be used.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1. Source tunnel IP header
Step 2. GRE header
Step 3. Original source IP header
Step 4. Data

QUESTION 12
Which two statements could be the reason for GRE tunnel interface in up/down state? (Choose two.)

A. The tunnel mode is defined as transport.


B. The route to the destination is through the tunnel itself.
C. Keepalives are disabled on the interface.
D. The tunnel source is using a loopback interface.
E. The tunnel source interface is down.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Which access-list allows SSH access from network 10.10.15.0/24?

A. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 21


B. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 23
C. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 22
D. access-list 142 permit tcp 10.10.15.0 0.0.0.0 any eq 22

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
MCQs-D&Ds - May 2018

QUESTION 1
Which two statements about GRE are true?

A. It supports the OSPF and EIGRP routing protocols only.


B. It provides a tunnelless VPN technology.
C. It supports multicast and broadcast transmissions.
D. It supports encryption and authentication
E. It can carry broadcast traffic in the tunnel.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which two statements about IPv6 traffic filtering are true? (Choose two.)

A. It performs virtual fragmentation reassembly after checking egress ACLs.


B. It performs virtual fragmentation after checking ingress ACLs.
C. It requires IPv6 neighbor discovery to be enabled on the interface.
D. It requires configuration to be done at the egress interface.
E. It is configured at the interface level.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Virtual Fragmentation Reassembly
When virtual fragmentation reassembly (VFR) is enabled, VFR processing begins after ACL input lists are checked against incoming packets. The incoming
packets are tagged with the appropriate VFR information.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-sec-trfltr-fw.html#GUID-01C01A9C-C68D-47B5-B9B5-
BA44A704383E

QUESTION 3
Question about keepalive in GRE tunnel with two options. (Choose two.)

A. Enabled by default
B. Supports on point-to-point GRE tunnel interface
C. Supports on point to multi-point mGRE
D. 1 option for IPSec
E. Support broadcast
F. Support broadcast multicast

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
GRE Tunnels with IPsec
When GRE is used with IPsec, the keepalives are encrypted like any other traffic. As with user data packets, if the IKE and IPsec security associations are
not already active on the GRE tunnel, the first GRE keepalive packet will trigger IKE/IPsec initialization.

https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sb_gretk.html

QUESTION 4
Drag and Drop - GRE Tunnels (Required and Optional)

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Required Component
- Tunnel Destination Address
- Tunnel IP Address
- Tunnel Source Address
Optional Component
- TCP MSS
- Tunnel Key
- Tunnel Mode

The detail is you remember the configuration in GRE, the required components is necessary to form a GRE tunnel.

QUESTION 5
You are performing a peer review on this implementation script, which is intended to enable AAA on a device. If the script is deployed which two effects does
it have on the device? (Choose two.)

A. Part of the script is rejected.


B. The device authenticates users against the local database first.
C. The device fails to perform AAA because session-id common command is missing.
D. The device authenticates all users except nmops and nmeng against the TACACS+ database.
E. The device fails to perform AAA because the aaa new-model command is missing.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
When you have:
R1#sh run | sec aaa
no aaa new-model
R1(config)#aaa authentication ?
R1(config)#aaa authentication login default local
^
% Invalid input detected at ‘^’ marker.

Also when enabling AAA:


R1#sh run | sec aaa
aaa new-model
aaa authentication login default local
aaa session-id common

QUESTION 6
What is a common protocol for ping and traceroute?

A. ICMP
B. PIM
C. IGMP
D. IP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
When configuring a router or switch, which plane is affected?

A. data
B. management
C. control
D. forward

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
A user is able to log into the switch but cannot enable. What might be the reason?

A. change authorization level


B. change accounting
C. change authentication
D. change username password

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Drag and Drop - Ping and Traceroute

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Validate Reply Data — specify data pattern
Data pattern – ???
DF-Bit - enable do not fragment bit in IP header
TOS - used for QoS troubleshooting
Validate - validate reply data

QUESTION 10
Which troubleshooting method is used when we troubleshoot a spanning tree issue for any VLAN?
A. divide and conquer
B. top-down
C. bottom-up
D. follow-the-path

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
Drag and Drop - Ping

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
data — specify data pattern
df-bit — enable do not fragment bit in IP header
repeat — specify repeat count
size — specify datagram size (MTU)
source — specify source address or name
timeout — specify timeout interval
tos — specify type of service value
validate — validate reply data

QUESTION 12
Question about keepalive in GRE.

A. enabled by default.
B. possible to configure on point-to-point GRE tunnel interface.
C. mGRE
D. ???

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Question about authentication, tacas/local, based on piece of configuration.

AAA and what will be the result with this configuration: it either checks the local database first or it only authenticate 2 listed users.

A. The aaa-new-model command is not there in the script; hence the script will not work.
B. The configuration script will be partially executed (as 2 local username and password are there).
C. ???
D. ???
E. ???

Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:

QUESTION 14
A question about GRE tunnel with the options of it support multicast, broadcast traffic or only broadcast and some other options that we needed to choose 2
correct ones. (Choose two.)

A. GRE supports broadcast and multicast


B. GRE tunnels broadcast traffic
C. GRE is a non-tunneling VPN technology
D. 1 option about IPSec
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
Question about keepalive in GRE tunnel. (Choose two.)

A. Enabled by default.
B. Supports on point-to-point GRE tunnel interface.
C. Supports on point to multi-point mGRE
D. Works with IPsec tunnel protection
E. Works with VRF only if FVRF and IVRF match.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
Drag and Drop - Ping and Traceroute (Mod 2)

(This could be the official version. Been added just in case, even if wording isn't exact.)

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
TOS – something about quality of service
Df-bit – prevent packets from being segmented or broken up
Data Pattern – detect framing errors
Hop Count – verify routing metrics
Reply – verify reachability
MCQs-D&Ds - June 2018

QUESTION 1
A question about DHCP issue. Which troubleshooting method to use?

A. top down
B. bottom up
C. divide and conquer
D. compare configuration

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
A router knows one destination using EIGRP and two OSPF networks. Which will be the best way to determine the path? (Choose two.)

A. show ip eigrp topology


B. show ip ospf topology
C. traceroute
D. ping
E. show ip route

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Which two statements about ping and traceroute are true? (Choose two.)
A. Ping only using ICMP.
B. Only ping have TTL.
C. To determine if a host is reachable, using traceroute is better than ping.
D. Traceroute uses UDP diagram and ICMP.
E. Ping uses TCP and ICMP.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Which two protocols does the management plane protection feature support? (Choose two.)

A. HTTPS
B. ARP
C. DNS
D. TFTP
E. DHCP

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
Which two statements about uRPF are true? (Choose two.)

A. It supports with extended ACL and time based ACL.


B. It is applied to input interface only.
C. It requires Cisco Express Forwarding to populate FIB.
D. It is an output function.
E. It can mitigate asymmetric routing.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
Which two statements about time-based ACLs are true? (Choose two.)

A. It can use the router's clock as the time source.


B. Only extended ACL can use time ranges.
C. It must be defined with an inspect name value.
D. It requires NTP to be configured.
E. Both standard and extended ACLs can use time ranges.

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Which two ACLs use with IPv6 traffic filters? (Choose two.)

A. tagged
B. standard
C. named
D. numbered
E. dynamic

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
A question about GRE tunnel which is up and cannot pass through traffic. (Choose two.)

A. Move R1 to global routing.


B. Put R3 on VRF redistribution.
C. ???
D. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
A GRE tunnel is up but the server or host cannot pass through traffic what are the two things need to be fixed? (Choose two.)

A. Put the R3 tunnel into vrf RED


B. Put the R1 tunnel into global routing
C. Enable tunnel mode GRE
D. Replace source g1/0/1 into an IP
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
You want to reach an endpoint and in between is an EIGRP and a link with OSPF routing. What is the best way to check the route? (Choose two.)

A. ping 10.1.1.1
B. trace 10.1.1.1
C. show ip route 10.1.1.1
D. show ip ospf database 10.1.1.1
E. show eigrp topology

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
A question about ping, traceroute and ICMP. (Choose two.)

A. Ping uses ICMP.


B. Traceroute uses UDP and ICMP.
C. Traceroute uses TCP and ICMP.
D. Ping only uses TCP.
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
Drag and Drop

WAN is 1500 MTU. How do you configure the GRE tunnel where packets doesn't get fragmented? Not all options will be used.

(MAY NEED TO BE MODIFIED - PLEASE CHECK NETWORKTUT IF THIS IS THE CORRECT FORMAT.)
Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
1: tunnel mode gre ip
2: ip mtu 1400
3: ip adjust tcp-mss 1360
QUESTION 13
A question about TACACS+/local authentication based on a piece of configuration.

AAA and what will be the result with this configuration;


- it either checks the local database first or it only authenticate 2 listed users. (Choose two.)

A. It will check TACACS+ authentication but skip for the two users created locally.
B. The aaa-new model is not used and hence poliicy will not be applied.
C. AAA will not be used hence policy will not be applied.
D. Port of the script is rejected.
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
A question about time-based ACLs. (Choose two.)

A. standard
B. extended
C. time source from router
D. NTP sync
E. ???

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
A question about GRE tunnel IPv6 over IPv4. (Choose two.)
A. SRC (source) must be IPv4.
B. IPv6 over IPv4
C. ???
D. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
A question about troubleshooting connection to EIGRP/OSPF enabled device 10.11.1.1. (Choose two.)

A. show ip route 10.11.1.1


B. trace 10.11.1.1
C. show ip ospf data 10.11.1.1
D. show ip eigrp topology
E. ping 10.1.1.1

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
A technician is troubleshooting connectivity problems between two routers that are directly connected through a serial line. The technician notices that the
serial line is up, but cannot see any neighbors displayed in the output of the show cdp neighbors command. In which OSI layer is the problem most likely
occurring?

A. physical
B. data link
C. network
D. transport
E. application

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
A question about something like tunnel path-mtu-discovery and the other choice has something like GRE and IP in the command line with two choices.
(Choose two.)

A. ip mtu 1400
B. ip tcp adjust-mss 1360
C. ???
D. ???
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
MCQs-D&Ds - July 2018

QUESTION 1
GRE with IPsec tunnel are true. (Choose two.)

A. The header overhead is reduced.


B. Using crypto map is 7 only way to encrypt a GRE tunnel.
C. Crypto map required an ACL allow protocol 47.
D. Support hub-and-spoke topologies only.
E. Tunnel is first encapsulated, then just encrypted.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which two can use to protect and secure management plane from unwanted and unauthorized access? (Choose two.)

A. Limit physical access to network devices.


B. Use RADIUS instead of TACACS+ for AAA.
C. Create an ACL to permit Telnet access only.
D. Enable authentication for the routing protection.
E. Use MPP to limit the interfaces on which management traffic can traverse the device.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
A question about pass encrytion in Cisco IOS software is true.
(About pass encryption in CISCO IOS software, which statement is true?)

A. Encrypted user type 7 password indicate hashed with MD5.


B. Encrypted user type 7 password indicate hashed with weak reversible.
C. You can choose to encrypt enable secret pass with weak reversible or MD5.
D. Enable secret is more secure than enable pass because secret store in configuration file type 7.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
A question with one router and a computer (exhibit) 192.168.10.0/24. You receive timed out when you start to SSH the router. Which layer is the first that you
are going to look into this matter?

A. physical
B. datalink
C. network
D. ???

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
How do you make sure AAA will still allow you to login if TACACS+ fails? (Choose two.)

A. aaa authentication login test group local tacacs+


B. aaa authentication login test group tacacs+ local
C. aaa authentication login test group radius local
D. aaa authentication ppp dialins group tacacs+ local
E. ???

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
A question with an image, regardless tunnel 1018 went down.

(Question refering to an exhibit – something with PIM, tunnel flapping and neighboring get rejected, regardless Tunnel 1018 went down.)

A. Tunnel interface is misconfigured.


B. PIM neighbor is misconfigured.
C. Route neighbor 10.111.254.213 was removed.
D. Route flapping and instability.
E. Tunnel destination using tunnel itself.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
When your network experiences Cisco Discovery Protocol and LLDP issues, with which layer of the OSI model must you begin troubleshooting?

A. physical layer
B. datalink layer
C. network layer
D. transport layer
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
If you want to use GRE with IPSec which is compatible with NAT traversal?

A. MD5 mode
B. SHA mode
C. IPsec tunnel mode
D. tunnel transport

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Which two can use to protect and secure management plane from unwanted and unauthorized access? (Choose two.)

A. Limit physical access to network devices.


B. Use RADIUS instead of TACACS+ for AAA.
C. Create an ACL to permit Telnet access only.
D. Enable authentication for the routing protection.
E. Use MPP to limit the interfaces on which management traffic can traverse the device.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
QUESTION 10
Troubleshoot uRPF loose mode at client gateway router for networks that are not in the routing table. (Choose two.)

A. Dynamic routing is configured on the router.


B. CEF is enabled on the router.
C. Allow-default is configured for loose mode.
D. CEF is disabled on the router.
E. Static routing is configured on the router.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
A question about SSH into router, the connection time out. Which layer to troubleshoot first?

A. physical layer
B. network layer
C. ???
D. ???

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
A question about restrict access for devices in management plane.

A. Add __ to management related data (can't remember exactly)


B. Add authentication for routing protocols
C. Restrict physical access
D. Add ACLs for telnet

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
A question with an exhibit with tunnel which flaps.

A. routing through.....
B. static route added
C. not properly configured interfaces...
D. ???

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
A question related to Cisco password security.

A. Enable secret is strongrt than enable password (as I can remember) with 7.
B. Weaker revisable algorithms that are hashed and encrypted related (with 5 and 7).
C. ???
D. ???

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
A question related to VPN.

(VPN related question.)

A. create an ACL for protocol 47


B. ???
C. ???
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
A question related to IPsec security.

(IPSEC security related)

A. create a IPSec with tunnel


B. ???
C. ???
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 17
Which of the two statements are true regarding traceroute?

A. Default DF bit is set to 0.


B. Includes additional header option like verbose.
C. Default it try 3 times for each hop count.
D. ???

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
A question about restrict access for device on management plane? (Choose two.)

A. Enable Cisco Express Forward (CEF) globally.


B. Add authentication for routing protocols.
C. Restrict physical access.
D. Add ACLs for Telnet.
E. ???

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
Which IP header option fields can you modify in an extended ping? (Choose three.)

A. value
B. strict
C. record
D. timestamp
E. timeout

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
Which two statements about traceroute are true? (Choose two.)

A. It supports a variety of IP header options, including verbose.


B. The DF bit is set by default.
C. The TTL value can be set to 0.
D. The default probe count for each TTL level is 3.
E. Extended traceroute operation can use a modified data pattern.

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 21
Which command enables authenticated login if a TACACS+ failure occurs?

A. aaa authentication login test group local tacacs+


B. aaa authentication login test group tacacs+ local
C. aaa authentication login test group radius local
D. aaa authentication ppp dialins group tacacs+ local
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 22
If you want to use GRE with IPSec which is compatible with NAT traversal?

A. MD5 mode
B. SHA mode
C. GRE tunnel mode
D. tunnel transport

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23
You must add encryption to a GRE tunnel. Which IPsec configuration is recommended for a VPN with NAT transversal?

A. Enable SHA on the tunnel


B. Implement IPsec transport mode
C. Enable MD5 on the tunnel
D. Implement IPsec tunnel mode

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 24
A question with an exhibit and is asking why tunnel 1018 went down.

A. Tunnel destination is using tunnel itself to route traffic.


B. Route flapping and instability is occuring within the network.
C. ???
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
MCQs-D&Ds - July-August 2018

QUESTION 1
Which protocol does mGRE use to send packets?

A. DMVPN
B. NHRP
C. OSPF
D. IPsec

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Which protocols are supported with MPP? (Choose three.)

A. HTTP
B. HTTP and HTTPS
C. SSH
D. FTP
E. SFTP
F. TFTP

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Which two topologies are allowed with p2p GRE over IPsec? (Choose two.)
A. Hub and Spoke
B. Partial Mesh
C. Point to Multipoint
D. Bus
E. Star
F. Ring

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Drag and Drop - uRPF Strict Mode / Loose Mode

Drag and drop the correct statements about uRPF strict and loose mode onto the right. Not all options will be used.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Strict
- Can be used on inside internet router interface
- Must have the same path back

Loose
- Can be used on outside internet router interface
- Must have the source IP in routing table
- The allow-default option may be used

QUESTION 5
Drag and Drop - Configuring SSH Sequence

Drag and drop the sequence for configuring SSH in the correct order onto the right.

Select and Place:

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1 - ip ssh version 2
Step 2 - ip domain-name cisco.com
Step 3 - crypto-key generate rsa
Step 4 - line vty 0 4
transport input ssh
Step 5 - transport input telnet

QUESTION 6
Which two keywords can be used with debug condition to filter output? (Choose two.)

A. Host name
B. Interface ID
C. Port number
D. Protocol
E. Packet size

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Refer to the exhibit. Output of show access-list, what can you do to correct SSH?

A. Change access-class 100 in with access-class 150 in


B. Change transport input ssh with change transport input telnet
C. Change access-class 100 in with access-class 100 out
D. Change access-class 100 in with access-class 175 in

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Which IPsec mode with least overhead?

(A question about IPsec mode encrypted with least overhead.)

A. transport
B. dynamic
C. transparent
D. tunnel

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
A question about OSPF fails to establish a neighbor adjacency and how to debug. (Choose two.)

A. debug ip ospf adjacency


B. Subnet mask must be the same on both routers.
C. ???
D. ???
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
Which keywords can be used with debug condition to filter output? (Choose two.)

A. Port Number
B. Interface ID
C. Protocol
D. User Name
E. Packet Size

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
Drag and Drop - Sequence of Configuring SSH

Drag and drop the correct sequence for configuring SSH in the correct order onto the right. Not all options will be used.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Step 1: ip domain-name cisco.com
Step 2: crypto-key generate rsa
Step 3: ip ssh version 2
Step 4: line vty 0 4
transport input ssh

QUESTION 12
An output of ‘show ip eigrp’ was given and we need to find out the error and troubleshoot based on given scenario. (Choose two.)
A. Hello timer mismatched
B. Process ID mismatched
C. Metric calculations mismatched
D. Router ID mismatched
E. Authentication mismatched

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
Drag and Drop - How do you configure uRPF Strict and Loose mode

Drag and drop the correct statements about uRPF strict and loose mode onto the right. Not all options will be used.

Select and Place:


Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Strict Mode
- An IPv4 source address at the receiving end must match routing entry for the interface
- Can be used to configure on the inside interface of the Internet router
- Supports symmetric routing feature
Loose Mode
- Can be used to configure on the outside interface of the Internet router
- IPv4 source IP address must be the part of the routing table

QUESTION 14
How will you troubleshoot OSPF adjacency issue? (Choose two.)

A. Using debug ospf adjacency command on a router


B. Process ID on the routers should match
C. Router IDs should match
D. Using debug ospf nsf command
E. ???

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
What IP header option fields can you modify in an extended ping? (Choose three.)

A. Value
B. Strict
C. Record
D. Timestamp
E. Timeout

Correct Answer: BCD


Section: (none)
Explanation

Explanation/Reference:
MCQs-D&Ds - September 2018

QUESTION 1
Given show version, check why SSH is not successful?

A. need to upgrade the router IOS


B. ???
C. ???
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
A question about enable secret and enable password. (Choose two.)

A. Both can be configured the same time.


B. Enable secret is difficult to decipher.
C. Enable secret is more preferable than enable password.
D. ???
E. ???

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
A question about logging console critical. Which three types of logs will be displayed? (Choose three.)
A. alert
B. critical
C. emergency
D. ???
E. ???

Correct Answer: ABC


Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
A question about extended traceroute. (Choose two.)

A. TTL can be modified.


B. Can use the strict IP header options.
C. IP header options verbose allow you to specify the hops you want the packet to go through.
D. ???
E. ???

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
A question with a configuration snippet. Which purpose is to allow Telnet using port 3033. Why the configuration shown is not working?

A. add rotary 33
B. remove authentication login TTC
C. remove authorization exec TTC
D. remove transport input telnet
E. using access-lists

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
A question about how to use timed-based ACL to allow telnet from 6pm-6am.

A. time-range NOC-access
periodic daily 18:00 to 06:00
B. time-range NOC-access
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
C. ???
D. ???

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
Which system architect allow GRE and IPSec perform routing separately?

A. server-client
B. peer-to-peer
C. headend
D. ???

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
Which two VPN technologies allow unicast, multicast and private addressing? (Choose two.)

A. GRE
B. IPSec VPN
C. GET VPN
D. DMVPN
E. ???

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Which two routing protocols support TLVs and Fast Reroute? (Choose two.)

A. EIGRP
B. RIPv2
C. IS-IS
D. OSPF
E. ???

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:
QUESTION 10
A question with a show version output snippet. The register was 2102.

A. IOS update
B. less memory
C. configuration register is wrong
D. need new boot ROM
E. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
A question with output of show version. SSH and configuration is not loaded. What is the issue?

A. IOS upgrade
B. ROM memory upgrade
C. configuration register
D. ???

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
Which two protocols must use route protocol for using TLV and fast-reroute? (Choose two.)

A. ISIS
B. OSPF
C. EIGRP
D. RIP
E. RIPv2

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 13
A question about tunnels that support routing and multicasting.

A. DMVPN
B. GRE
C. IPSec
D. ???

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
A question about a system architecture that seperates point to point and crypto function seperately for seperate routing processes.

A. backend
B. headend
C. peer to peer
D. client server
E. ???
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 15
A question about a user is supposed to access between 6:00 PM to 6:00 AM, however denied by midnight what needs to be changed.

A. time-range NOC_ACCESS
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
B. time-range SWITCH_ACCESS
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
C. time-range NOC_ACCESS
periodic daily 06:01 to 23:59
D. time-range SWITCH_ACCESS
periodic daily 06:01 to 23:59

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 16
A question about dynamic routing and encryption.

A. Easy VPN
B. GET VPN
C. DMVPN
D. ???

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 17
A question about extended traceroute. (Choose two.)

A. verbose mode
B. strict mode
C. changing TTL
D. changing IP Header option
E. ???

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 18
Which tunnel/technology support routing, multicasting and private IP address?

A. GRE
B. DMVPN
C. MPLS VPN
D. IPsec

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 19
Which two statements about enable secret and enable password are true? (Choose two.)

(Question about enable secret and enable password.)

A. enable secret and enable password can not be configured same time.
B. enable password is easy to decipher.
C. enable secret is easy to decipher.
D. enable password is more preferable than enable secret.
E. enable secret is more preferable than enable password.

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:
Simlet - HSRP

QUESTION 1
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason
causing the issue.

NOTE: Only show commands can be used to troubleshoot the ticket.

A. HSRP group priority misconfiguration.


B. There is an HSRP authentication misconfiguration.
C. There is an HSRP group number mismatch.
D. This is not an HSRP issue: this is DHCP issue.
E. The ACL applied to interface is blocking HSRP hello packet exchange.

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1
has not failed over to the standby router for group 1. You are required to troubleshoot and identify the issue.

A. There is an HSRP group track command misconfiguration.


B. There is an HSRP group priority misconfiguration.
C. There is an HSRP authentication misconfiguration.
D. There is an HSRP group number mismatch.
E. This is not an HSRP issue; this is routing issue.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?

A. HSRP issue between R5 and R4


B. There is an OSPF issue between R5 and R4.
C. There is a DHCP issue between R5 and R4.
D. The distribute-list configured on R5 is blocking route entries.
E. The ACL configured on R5 is blocking traffic for the subnets advertised from R4.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 4
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?

HINT: A DHCP issue has been set!

A. HSRP issue between R5 and R4


B. There is an OSPF issue between R5 and R4.
C. There is a DHCP issue between R5 and R4.
D. The distribute-list configured on R5 is blocking route entries.
E. The ACL configured on R5 is blocking traffic for the subnets advertised from R4.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
From: lunch March 16th, 2018 - Networktut

Note: Correct answer is DHCP issue between R5 & R4. Not OSPF issue in R5 & R4.

R5 configuration :-

int gig0/0
ip address dhcp

This interface not getting dhcp ip address from R4. So even though OSPF configuration was like 0.0.0.0 0.0.0.0 area 0 , because this interface does not get
correct ip address from DHCP it can’t participate in OSPF.

R4 configuration :-

ip dhcp exlude address


ip dhcp pool ine
network x.x.x.x x.x.x.x
i think default router command was missing here . not sure

but

Int gig0/0
ip address dhcp .
This interface on R4 should have ip address configured on it instead of ” ip address dhcp ” . Hence its not able to provide dhcp lease address to R5.
R4 also had ospf configured as network 0.0.0.0 0.0.0.0 area 0. So all interface can participate if they are up and if they have ip address.

But because R5 interface connected to R4 could not obtail correct dhcp ip address from R4 due to DHCP issue they wont form ospf neighborship.

So correct answer is DHCP issue between R5 & R4. & I have got full marks in this section so you can count on me on this HSRP SIM.

QUESTION 5
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R4. The routing table shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which of the following is the issue
preventing route entries being installed on R4 routing table?

A. HSRP issue between R4 and R2.


B. This is an OSPF issue between R4 and R2.
C. This is a DHCP issue between R4 and R2.
D. The distribute-list configured on R4 is blocking route entries.
E. The ACL configured on R4 is blocking inbound traffic on the interface connected to R2.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Simulation Labs

QUESTION 1
LAB SIMULATION - BGP Sim (Cisco Official)

You work as Network Engineer for RADO Network Ltd company. Your colleague has setup POC lab simulating customer network to study about the
behavior of BGP protocol when routes are exchanged between two different autonomous systems.

Review the topology. You need to identify and fix iBGP and EBGP issues on R1 router.

Topology Details

AS64520
R1, R2 and R3 are three routers on AS 64520 and OSPF is IGP routing protocol configured between them.
IBGP configured between R1, R2 and R3 routers using peer group.
Loopback0 is used for IBGP peering, Loopback0 address configured on R1, R2 and R3 are advertised into BGP domain on AS64525.

AS64525
RA and RB are two routers on AS 64525 and EIGRP is IGP routing protocol configured between them.
Loopback0 address is used for IBGP peering, Loopback0 address configured on RA and RB advertised into BGP domain on AS64525.
R1 and RA form EBGP neighbor relationship using physical interface address.
R2 and RB form EBGP neighbor relationship using physical interface address.

Simulation Requirements
Identify and fix EBGP neighbor relationship issue between R1 and RA routers.
Identift and fix IBGP neighbor relationship issue between R1 and R2, R1 and R3.
You are allowed to remove any misconfiguration or incorrect configuration to only fix the issue and other initial configurations that not impacting the issues
should not be changed.
The final BGP table after fixing two issues on R1 router should display as shown below.

Special Note: To gain the maximum number of points you must fix IBGP and EBGP neighbor issues on router R1.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Configurations on R1:
This lab is for BGP only so we only need to check BGP section.

R1#show running-config
—-output omitted—-
router bgp 64520
network 172.16.1.1 mask 255.255.255.255
neighbor IBGP peer-group
neighbor IBGP remote-as 64550
neighbor IBGP update-source loopback0
neighbor 172.16.2.2 peer-group IBGP
neighbor 172.16.3.3 peer-group IBGP
neighbor 209.165.200.2 remote-as 64525

—-output omitted—-

Solution - We see there are two issues here (two commands in bold), the first one is IBGP issue and the second one is EBGP issue.

R1> enable
R1# configure terminal
R1(config)# router bgp 64520
R1(config-router)# neighbor IBGP remote-as 64520
R1(config-router)# no neighbor 209.165.200.2 remote-as 64525
R1(config-router)# neighbor 209.165.201.2 remote-as 64525
R1(config-router)# end
R1# copy running-config startup-config <<NOTE: If this doesn't work, ignore it

To verify the configuration


R1# show ip bgp

Note:
In the second statement we fix the IBGP group to “remote-as 64520” without removing the wrongly configured IBGP group (“neighbor IBGP remote-as
64550”) because if we remove this statement, other related statements of IBGP (three statements “neighbor IBGP update-source Loopback0”, “neighbor
172.16.2.2 peer-group IBGP”, “neighbor 172.16.3.3 peer-group IBGP”) will be removed automatically because IBGP group no longer exists.
Also in statement 2 the “IBGP” group must be written in capital. You will receive an error if writing it in lowercase.
The IP addresses in the exam are different but the concept is still the same so please read the question carefully

After solving the problem don’t forget to verify with the “show ip bgp” command. You must see all the Loopback interfaces of other routers. Otherwise please
check your commands again.

QUESTION 2
LAB SIMULATION - BGP Sim (Networktut)

Loopback0 is used for IBGP peering while physical interface address is used for EBGP. Identify the IBGP issues on R1 to R2, R3 and EBGP issues to RA
and fix them so that the “show ip bgp” command on R1 will display all loopback interfaces of other routers.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Configurations on R1:

This lab is for BGP only so we only need to check BGP section.

R1#show running-config
—-output omitted—-
router bgp 64520
network 172.16.1.1 mask 255.255.255.255
neighbor IBGP peer-group
neighbor IBGP remote-as 64550
neighbor IBGP update-source loopback0
neighbor 172.16.2.2 peer-group IBGP
neighbor 172.16.3.3 peer-group IBGP
neighbor 209.165.200.2 remote-as 64525

—-output omitted—-

Solution - We see there are two issues here (two commands in bold), the first one is IBGP issue and the second one is EBGP issue.

R1> enable
R1# configure terminal
R1(config)# router bgp 64520
R1(config-router)# neighbor IBGP remote-as 64520
R1(config-router)# no neighbor 209.165.200.2 remote-as 64525
R1(config-router)# neighbor 209.165.201.2 remote-as 64525
R1(config-router)# end
R1# copy running-config startup-config <<NOTE: If this doesn't work, ignore it

To verify the configuration


R1# show ip bgp

Note:
In the second statement we fix the IBGP group to “remote-as 64520” without removing the wrongly configured IBGP group (“neighbor IBGP remote-as
64550”) because if we remove this statement, other related statements of IBGP (three statements “neighbor IBGP update-source Loopback0”, “neighbor
172.16.2.2 peer-group IBGP”, “neighbor 172.16.3.3 peer-group IBGP”) will be removed automatically because IBGP group no longer exists.
Also in statement 2 the “IBGP” group must be written in capital. You will receive an error if writing it in lowercase.
The IP addresses in the exam are different but the concept is still the same so please read the question carefully

After solving the problem don’t forget to verify with the “show ip bgp” command. You must see all the Loopback interfaces of other routers. Otherwise please
check your commands again.