Professional Documents
Culture Documents
Answer: A
Explanation: in the output you can see a * next to the ip address that is the primary NTP server.
Also the 377 that means everything was received and processed. Negotiation done.
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-
110/15171-ntpassoc.html
2. Which next hop is going to be used for 172.17.1.0/24
A. 10.0.0.1
B. 192.168.1.2
C. 10.0.0.2
D. 192.168.3.2
Answer: A
Explanation: This response is obviously they are asking the next hop for 172.17.1.0/24 and that
network only has one next hop.
https://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp
5.html#wp1156281
3. Q: What Authentication does EIGRP use? (2 choices)
A. TKIP
B. MD5
C. Plain Text
D. WPA
Answer: B –C
Explanation: They ask for 2 options. The one that we know MD5 and the must lose to the reality is
plain text. However I didn´t find and official article that mentioned plain Text.
If the service password-encryption command is not used when implementing IGRP authentication,
the key-string will be stored as plain text in the router configuration.
if-needed – Does not authenticate if the user has already been authenticated on a Vty line.
krb5 – Uses Kerberos 5 for authentication (can be used only for Password Authentication Protocol
[PAP] authentication)
group radius – Uses the list of all RADIUS servers for authentication.
group tacacs+ – Uses the list of all TACACS+ servers for authentication.
group group-name – Uses a subset of RADIUS or TACACS+ servers for authentication as defined by
the aaa group server radius or aaa group server tacacs+ command.
BRIEF SUMMARY:
The primary use of Kerberos is to verify that users and the network services they use are really
who and what they claim to be. To accomplish this, a trusted Kerberos server issues tickets to
users. These tickets, which have a limited lifespan, are stored in a user's credential cache and can
be used in place of the standard username-and-password authentication mechanism.
The following network services are supported by the Kerberos authentication capabilities in
Cisco IOS software:
• Telnet
• rlogin
• rsh
• rcp
LOCAL:
Purpose
This procedure configures local authentication using Cisco IOS
commands.
Tools/Equipment
None
Prerequisite
None
Procedures
Required/As Needed
As needed
Onsite/Remote
Onsite or remote
Security Level
Provisioning or higher
Router> enable
Router# configure terminal
Router(config)# aaa new-model
Router(config-if)# aaa authentication login default local
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# end
RADIUS AUTHENTICATION:
the Remote Authentication Dial-In User Service (RADIUS) security system, defines its operation,
and identifies appropriate and inappropriate network environments for using RADIUS technology.
The “RADIUS Configuration Task List” section describes how to configure RADIUS with the
authentication, authorization, and accounting (AAA) command set.
Operation:
2. The username and encrypted password are sent over the network to the RADIUS server.
3. The user receives one of the following responses from the RADIUS server:
a. ACCEPT—The user is authenticated.
b. REJECT—The user is not authenticated and is prompted to reenter the username and
password, or access is denied.
c. CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional data
from the user.
d. CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select a new
password.
The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network
authorization. You must first complete RADIUS authentication before using RADIUS authorization.
The additional data included with the ACCEPT or REJECT packets consists of the following:
Services that the user can access, including Telnet, rlogin, or local-area transport (LAT)
connections, and PPP, Serial Line Internet Protocol (SLIP), or EXEC services.
Connection parameters, including the host or client IP address, access list, and user timeouts.
line 1 16
autoselect ppp
autoselect during-login
modem ri-is-cd
interface group-async 1
encaps ppp
GROUP TACACS +
TACACS+, which provides detailed accounting information and flexible administrative control over
authentication and authorization processes. TACACS+ is facilitated through AAA and can be
enabled only through AAA commands.
For a complete description of the TACACS+ commands used in this chapter, refer to the chapter
"TACACS+ Commands" in the Cisco IOS Security Command Reference. To locate documentation of
other commands that appear in this chapter, use the command reference master index or search
online.
dynamic –telnet …
Drag each (EMPTY SPACE) line, to the right place in the configuration (i don’t remember the last
option. You had 5 blocks to fill and 7 possible answers)
bandwidth 56
no shutdown
shutdown
Example: http://www.ciscopress.com/articles/article.asp?p=100603&seqNum=3
Atlanta(config)#interface serial0
Atlanta(config-if)#encapsulation frame-relay
Atlanta(config-if)#interface serial 0.1 point-to-point
Atlanta(config-subif)#ip address 140.1.1.1 255.255.255.0
Atlanta(config-subif)#frame-relay interface-dlci 52
Do you have to enable DHCPv6 relay in the global configuration mode/VLAN interface?
No answer for this since the question is not clear however checks the config example.
Perform this task to configure an interface to use as the source when relaying messages.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ipv6 dhcp relay source-interface interface-type interface-number
5. end
If the configured interface is shut down, or if all of its IPv6 addresses are removed, the relay will
revert to its standard behavior.
The command line interface (CLI) will report an error if the user attempts to specify an interface
that has no IPv6 addresses configured.
The interface configuration takes precedence over the global configuration if both have been
configured.
C. …
Console logging:By default, the router sends all log messages to its console port. Hence only the
users that are physically connected to the router console port can view these messages.
Level name
Router messages
Each logging level also enables the logging level below it, so logging console 7 or logging console
debug will enable all log messages.
9. Question EIGRP
router eigrp 1
auto-summary
redistribute eigrp 1
Q: what will happen to the redistributed network from EIGRP to OSPF? (Phrasing was different)
Notice: The author could mean that the question is different from previous question or he just
don´t remember the full question.
ORIGINAL QUESTION:
Refer to the exhibit. Which option describes why the EIGRP neighbors of this router are not
learning routes that are received from OSPF?
Router eigrp 1
redistribute ospf 100
network 10.10.10.0 0.0.0.255
auto-summary
!
router ospf 100
network 172.16.0.0 0.0.255.255 area 100
redistribute eigrp 1
Answer: B
10. QUESTION
Running with EIGRP 100 on both routers and what command you will implement so that you will
see the loopback IP of R2 to be advertised at H1
Explanation: B because R2 is the router that has to advertise the loopback to his neighbors but if it
is only receiving routes (no stub receive-only) It cannot advertise his loopback.
"eigrp stub recieve-only" will restrict the router from sharing any of its routes, meaning:
connected, summary, redistributed or static routes to any other router in the EIGRP AS. Learned
eigrp routes will never be shared as that would defeat the whole purpose of STUB.
There are other stub options that can be configured. The list looks like this:
– receive-only
– connected
– static
– summary
– redistribute
If you configure the receive-only option, you can’t include any of the other options on the above
list. If you just configure the router as a stub and don’t specify any option, the default behavior is
to share connected and summary routes. Some other caveats also arise when using these
options. For instance, if you configure the static option, you still must allow EIGRP to share the
static routes by issuing the redistribute static command in the config-router context, or the router
won’t share the routes. The same goes for the connected option. If a network statement does
not include the connected routes you want to share, then you must issue the redistribute
connected command. One last aspect which may seem counterintuitive is that if you use
the redistribute option, you are permitting the router to share redistributed routes, but you still
must actually redistribute the routes for them to be shared. If you choose the summaryoption,
don’t forget to either manually create summary routes or enable auto-summary.
AAA DND
if-needed:
The if-needed keyword means that if the user has already authenticated by going through the
ASCII login procedure, then PPP is not necessary and can be skipped.
KRB5:
Remote users logging in to the network are prompted for a username. PAP authentication.
Local Case:
Use the local username database for authentication. Case-Sensitive
None: No authentication
Group Radius:
Security Server is used for Authorization defined by associating attributes-value pairs with a users
assigned rights.
Group Tacacs+:
Security Daemon is used for Authorization defined by associating attributes-value pairs with a
users assigned rights.
Group group-name:
Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server
radius or aaa group server tacacs+ command.
9TUBER comment:
1. I had 5 DnD.
DND:
Authentication, Accounting and Authorization.
GRE – IPsec, keepalive, mgre, mss, tunnel key
Frame Relay – Dlci, fcn, lmi, pvc and svc
assymetric routing, out of order packet, tcp starvation, latency
The New DHCP DnD
Only 1 Eval Simlet: EIGRP Eval
I had two Sims: Policy Based Routing and EIGRP Stub
Some Q’s I remember having. I added some notes to them.
Pay attention, MANY of the questions we’ve compiled on here are on the exam but they’re
formatted or phrased different. So just research the questions.
The Neighbor Discovery Protocol in ipv6 is replaced with which discovery protocol in ipv4?
A. ARP
B. ICMP
C. UDP
D. TCP
E. RFC
Correct Answer: A
Which two protocols can cause TCP starvation? (Choose two)
A. TFTP
B. SNMP
C. SMTP
D. HTTPS
E. FTP
Correct Answer: AB
What is the default value of TCP maximum segment size?
A. 536
B. 1492
C. 1500
D. 1508
Correct Answer: A
Frame Relay LMI autosense. Which statements are true? (Choose two.)
!!!!!The choices were a little different.
A. Line should be up and protocol should be down
B. Protocol must be up
C. It only works on DTEs
D. It only works on DCEs
Correct Answer: AC
What configurations does PPPoE allow? (Choose two)
A. Client can be installed on the same network devices as server
B. 8 clients can be configured on 1 CPE
C. Clients can connect to multiple hosts over DMVPN
D. Client connecting over ATM PVC
E. Client installed on native IPv6 network
Correct Answer: BC
In which two ways can split horizon issues be overcome in a Frame Relay network environment?
(choose two.)
A. Configuring one physical serial interface with Frame Relay to various remote sites.
B. Configure a loopback interface with Frame Relay to various remote sites
C. Configuring multiple sub interfaces on a single physical interface to various remote sites.
D. Enabling split horizon.
E. Disabling split horizon.
Correct Answer: CE
A network engineer enables OSPF on a Frame Relay WAN connection to various remote sites,
but no OSPF adjacencies come up.
Which two actions are possible solutions for this issue? (Choose Two)
A. Change the network type to point-to-multipoint under WAN interface.
B. Enable virtual links.
C. Change the network type to nonbroadcast multipoint access.
D. Configure the neighbor command under OSPF process for each remote site.
E. Ensure that the OSPF process number matches among all remote sites
Correct Answer: AD
In a point-to-multipoint Frame Relay topology, which two methods ensure that all routing
updates are received !!! one of the options was enable split horizon. So pay attention. by all
EIGRP routers within the Frame Relay network? (Choose Two)
A. Use statically defined EIGRP neighbors on the hub site.
B. Create separate address families.
C. Disable split horizon.
D. Use subinterfaces.
E. Disable EIGRP auto summary.
Correct Answer: CD
Which option to the command service timestamps debug enables the logging server to capture
the greatest amount of information from the router?
A. uptime
B. show-timezone
C. year
D. msec
Correct Answer: D
A. authPriv
B. authNoPriv
C. noAuthNoPriv
Correct Answer: C
Q:A network engineer is modifying RIPng timer configuration. Which configuration mode should
the engineer use?
A. router(config-rtr)#
B. router(config-ripng)#
C. router(config-if)#
D. router(config)#
If you type “show ip route” you will see “Gateway of last resort it not set”.
If you type show ip route vrf blue” you will see “192.168.1.1 as gateway of last resort”.
Global routing table does not overlap with VRF routing tables.
I can remember that the last NTP associations on my test have * but i can’t remember the
stratum and reach values.
Q:A network engineer is modifying RIPng timer configuration. Which configuration mode should
the engineer use?
A. router(config-rtr)#
B. router(config-ripng)#
C. router(config-if)#
D. router(config)#
Correct Answer: A
QUESTION 11
Which three statements about SNMP are true? (Choose Three)
A. The manager configures and send traps to the agent.
B. The manager sends GET and SET messages.
C. SNMPv3 supports authentication and encryption.
D. The manager polls the agent using UDP port 161
E. The MIB database can be altered only by the SNMP agent.
F. The agent is the monitoring device.
Correct Answer: BCD
In a point-to-multipoint Frame Relay topology, which two methods ensure that all routing
updates are received by all EIGRP routers within the Frame Relay network? (Choose Two)
A. Use statically defined EIGRP neighbors on the hub site.
B. Create separate address families.
C. Disable split horizon.
D. Use sub interfaces.
E. Disable EIGRP auto summary.
Correct Answer: CD
Which statement describes what this command accomplishes when inside and outside
interfaces are correctly identified for NAT? ip nat inside source static tcp 192.168.1.50 80
209.165.201.1 8080 extendable
A. It allows host 192.168.1.50 to access external websites using TCP port 8080.
B. It allows external clients coming from public IP 209.165.201.1 to connect to a web server at
192.168.1.50.
C. It allows external clients to connect to a web server hosted on 192.168.1.50.
D. It represents an incorrect NAT configuration because it uses standard TCP ports.
Correct Answer: C
What command allows permit or deny IPv6 traffic? (they edited it)
A. traffic-filter access-list-name
B. access-list
C. access-list ipv6
D. access-group
Correct Answer: A
What are 2 protocols used for user with authentication on network device?
A. CHAP
B. Radius
C. 802.1x
D. PAP
E. TACACS+
Correct Answer: B-E
Q:After reviewing the EVN configuration, a network administrator notices that a predefined
EVN, which is known
as “vnet global” was configured. What is the purpose of this EVN? (OR)
What is the purpose of ‘vnet global”?
A. It defines the routing scope for each particular EVN edge interface.
B. It aggregates and carries all dot1q tagged traffic.
C. It refers to the global routing context and corresponds to the default RIB.
D. It safeguards the virtual network that is preconfigured to avoid mismatched routing instances.
Correct Answer: C
A. 802.1Q
B. ISL
C. PPP
D. Frame Relay
E. MPLS
F. HDLC
Correct Answer: A
Q:IPv6 access list and need to apply it to block traffic INBOUND SSH and interface (Choose
two)
Answer: there are 5 choices 2 inbound 3 outbound so we have to choose 2 inbound choices
only (the answer had something with "access-filter in” and the other one with “access-class”)
Q:Which command instruct a PPPoE client to obtain its IP address from the PPPoe server?
B. ip address negotiated
C. pppoe enable
D. Ip address DHCP
E. Ip address dynamic
Correct Aswer: B
Answer: A,E
Q: Which three elements can you use to identify an IPv6 packet via its header, in order to filter
future attacks?
(Choose three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
Explanation:
The Concept
IPv6 is using two distinct types of headers: Main/Regular IPv6 Header and IPv6 Extension Headers.
The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are
the result of lessons learned from operating IPv4. Figure 1 presents the IPv4 and IPv6 main
headers.
The Concept
IPv6 is using two distinct types of headers: Main/Regular IPv6 Header and IPv6 Extension Headers.
The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are
the result of lessons learned from operating IPv4. Figure 1 presents the IPv4 and IPv6 main
headers.
http://www.infosectoday.com/Articles/Basic_IPv6_Security_Considerations.htm
NOTE FROM THE AUTHOR:
Okay so thankfully I passed with 9XX marked, which is very surprising to me.
I’m sorry I couln’t remember more from what was in the exam even though I really tried.
-New DnD dhcp relay – where to configure and a lot of them were dhcp relay information options,
so I didn’t know how to answer it (one option I remeber had in the end subscriber ID or something
like that, one of the right option was configured globally, one on the left dhcp relay information
replace – or something like that) below on this document you will find the question.
- almost all of the new answers taht has been covered in the last pages waren’t in my exam,
means that the new poll is much bigger then what we thought.
- a diagram of bgp config between 3 routers R1-R2-R3, which showed the config on R2, the
question was what command is missing.- they were trying to make adj between the routers on the
loopback address.
b. ebpg-multihope 1
d. no synchronize
Easy quiestion, very basic bgp lab config. (know how to form adj with neighbors)
- A diagram that we used to have in one of the old questions with the infrastructure of the DHCP
server and the core router has been changed to ACLs, and since I got 100% in that section the
answer would be
– Pay attention to where is the config is been configure, half of the option were config-router sub-
option which doesn’t make sense so watch out.
-a diagram that I was thinking a lot of was between 3 router R1-R2-R3 (sound kind of similar to a
new question that has been posted over here) which Eigrp 100 is configured on all of them.
The router in the middle (R2) has his loopback put in shut and the router on the right is a stub (R3).
Who would get the query message for that loopback that has been put in shut
-a. The feasible successors’ routers would get the query — that’s what I choosen
Not sure exactly how it went but it was something like that
Alot of question about snmp – just learn how to configure snmp v3 and v2c
What is it means?
a. a community sting
-…
b. community string
-some of the new questions about DHCP and ipv6 (that has been covered in the last pages)
- one I remember was something about communication between ipv6 to ipv4 – very easy
question choose 2
a. Layer 2 switch
b. layer 3 switch
c. ipv4 address — XX
d ipv6 addresses — XX
What is true about many – to – one question (ipv4 to ipv6 communication) – just answered as
the question was one – to – many
Didn’t get any of the npt question except the old one ones And not the bgp question that we have
discussed earlier
– new question about statfull ipv6 question- if you covered all of the old question you’ll know
this one
Stateless autoconfiguration of IPv6 allows the client device to self configure it's IPv6
addreess and routing based on the router advertisements.
A network can use both stateful and stateless autoconfiguration at the same time, they
are not mutually exclusive.
If you are interested, for more detailed information I would highly recommend you
read RFC4862.
a. ipv6 nat
b. ipv6 nat-pt
Correct answer: ??? I tried to reply but it doesn´t make sense for me.
FOR ME THE QUESTION IS :
QUESTION 333
What is the command to enable NAT-PT?
A. ipv6 nat
B. ipv6 nat enable
C. ipv6 nat-pt
D. ipv6 nat-pt enable
Correct Answer: A
Ohh another diagram that I have been thinking about was between 2 routers and they had a eigrp
protocol running between- the question was that they can ping between them with no problem
but when they are trying through the vrf connection it doesn’t work, what’s wrong? Which
command to put on both routers to make it work?
A rd 1:100 both
d. don’t remember
Correct Answer: C
– there was one with the nhrp authentication vpn endpoint answer that has been posted over
here.
-questions about which port snmp uses or another protocol don’t really remember…
the question was – when something tries to communicate with a router what port does the fw
needs to open in order for the communication to work. (it’s one of the protocols that we use in
most of the questions for sure)
- question about configuring dhcp server (WTF?)- that wants to give more features to a Microsoft
windows server host- what would you configure in order for that to happen –
a. scopes
QUESTION 477
Choose best IP SLA deployment cycle that reduce deployment ( Choose Three)
A. Baseline Network performance,
B. Understand Quality results
C. Fine tune and simplify
D. Quality results.
A. Authpriv – choosed
B. authnoprive
C. noauthnoprive
D. authmemeber
Correct Answer: B
learn dekster but understand the answers and you’ll be good plus learn all of the new questions
that has been covered in the last pages, most of the questions are just old question that got
rephrase with a different scenerio but if you understand the fundamentals you’ll be good –
dhcpv6, ipv6 (statefull, stateless),ipv4 to ipv6, snmp, learn how to configure and overall.
So, I got a new VCE (don’t ask how I got it), which is included some of the new question until the
8 of feb, but it doesn’t include all of the questions that has been covered over here (ntp, bgp),
but have some + has the new FMI extension !! have no idea how they got it it’s a Chinese site
so use translation to found the download button lol
https://pan.baidu .com/s/1dWuMi6
Q:What is the NHRP role in DMVPN? (Choose 2)
Correct Answer: AD
A. 802.1Q
B. ISL
C. PPP
D. Frame Relay
E. MPLS
F. HDLC
Correct Answer: A
–> there were different possible answers then in Dexter.I cant remember.
While stateful and stateless NAT64 perform the task of translating IPv4 packets into IPv6 packets
and vice versa, there are important differences. The following table provides a high-level overview
of the most relevant differences.
Table 2. Differences Between Stateless NAT64 and Stateful NAT64
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-
solution/
A. authPriv
B. authNoPriv
C. NoAuthNoPriv
D. NoAuthNoEgress
Correct answer: A
Which value does GRE tunnel use to identify the end points or destination
A. IP ADDRESS
B. MAC ADDRESS
C. DLCI
D. TUNNEL
Correct Answer: A
There was a scenario hub and two spokes.EIGRP 100.The question was what happens if the split
horizont will be disabled on hub?
A. routing loop
B. spoke1 and spoke2 will receive updates from each others about connected networks
Which two commands would be used to troubleshoot high memory usage for a process?(Choose
two.)
Correct Answer: AB
Which three items can you track when you use two time stamps with IP SLAs? (Choose three.)
A. delay
B. jitter
C. packet loss
D. load
E. throughput
F. path
A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same
VRF. At later time, a new loopback is added to Router 1, but it cannot ping any of the existing
interfaces. Which two configurations enable the local or remote router to ping the loopback from
any existing interface? (Choose two.)
A. adding a static route for the VRF that points to the global route table
C. adding dynamic routing between the two routers and advertising the loopback
D. adding the IP address of the loopback to the export route targets for the VRF
E. adding a static route for the VRF that points to the loopback interface
B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel.
D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically
Correct Answer: B
Which option prevents routing updates from being sent to the DHCP router, while still allowing
routing update messages to flow to the Internet router and the distribution switches?
QUESTION 111
Refer to the exhibit. After configuring GRE between two routers running OSPF that are
connected to each other via a WAN link, a network engineer notices that the two routers cannot
establish the GRE tunnel to begin the exchange of routing updates. What is the reason for this?
QUESTION 147
Which three IP SLA performance metrics can you use to monitor enterprise-class networks?
(Choose three.)
A. Packet loss
B. Delay
C. bandwidth
D. Connectivity
E. Reliability
F. traps
An engineer is using a network sniffer to troubleshoot DHCPv6 between a router and hosts on the
LAN with the following configuration:
Interface Ethernet0
A. reply
B. request
C. advertise
D. acknowledge
E. solicit
F. accept
Correct Answer: AE
QUESTION 191
Correct Answer: AC
A network engineer enables OSPF on a Frame Relay WAN connection to various remote sites,
but no OSPF adjacencies come up. Which two actions are possible solutions for this issue?
(Choose two.)
D. Configure the neighbor command under OSPF process for each remote site.
E. Ensure that the OSPF process number matches among all remote sites.
Correct Answer: AD
Refer to Exhibit. Which two reasons for IP SLA tracking failure are likely true? (Choose Two.)
Which two phases of DMPVN allow the spoke site to create dynamic tunnels to one other
(Choose two)?
A. Phase 1
B. Phase 2
C. Phase 3
D. Phase 4
E. Phase 5
Correct Answer: BC
QUESTION 205
Which two different configurations can you apply to a device incoming SSH access? (Choose
two)
line vty 0 15
line vty 0 15
interface Ethernet0/0
interface Ethernet0/0
Correct Answer: CD
DHCPv6 can obtain configuration parameters from a server though rapid two-way message
exchange. Which two steps are involved in this process? (choose two)
A. advertise
B. solicit
C. reply
D. request
E. auth
Correct Answer: BC
QUESTION 209
A network engineer executes the show ip cache flow command. Wich two types of information
are displayed in the report that is generated? (Choose two)
A. top talkers
E. IP packet distribution
Correct Answer: CE
QUESTION 221
A network engineer enables OSPF on a Frame Relay WAN connecton to various remote stes, but
no OSPF adiacencies come up Which two actions are possible solutions for thisissue? (Choose
Two)
D. Configure the neighbor command under OSPF process for each remote site
E. Ensure that the OSPF process number matches among all remote stes
Correct Answer: AD
QUESTION 230 —
DND AAA
QUESTION 251
A. Server
B. client
C. approver
D. requester
E. requester
F. ACK
G. relay
QUESTION 289
Which two statements about EVN are true? (Choose two) — the answers were changed
Explanation/Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/evn/configuration/xe-3s/evn-xe-3s-
book/evnoverview.htgml
Virtual Network Tag
Each VPN and associated EVN has a tag value that you assign during configuration. The tag value
is global, meaning that on each router, the same EVN must be assigned the same numerical tag
value. Tag values range from 2 to 4094. An EVN is allowed on any interface that supports 802.1q
encapsulation, such as Fast Ethernet, Gigabit Ethernet, and port channels. To allow for backward
compatibility with the VRF-Lite solution, the vLAN ID field in the 802.1q frame is used to carry the
virtual network tag.
“The tag value is global, meaning that on each router, the same EVN must be assigned the same
numerical tag value”
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/evn/configuration/xe-3s/evn-xe-3s-
book/evnoverview.html#GUID-F46F2A10-3CAD-43D5-95FE-2D8A079AE4B5
The VNET tag is a global value and thus VNs on each EVN device should be provisioned with the
same tag value. The valid tag value range is from 2 to 4094. EVN is supported on any interface that
supports 802.1q encapsulation, for example, an Ethernet interface
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/layer-3-vpns-l3vpn/whitepaper
QUESTION 305
_c11-638769.html
QUESTION 301
which two statement about GRE tunnel interface are true?(choose two) –> answers
reformulated
What are two protocols used for user with authentication on network device?
(OR)
What are two options for authenticating a user who is attempting to access a network
device?(Choose two)
A. CHAP
B. Radius
C. 802.1x
D. PAP
E. TACACS+
Correct Answer: BE
A. 536
B. 1492
C. 1500
D. 1508
Correct Answer: A
QUESTION 333
A. ipv6 nat
C. ipv6 nat-pt
Correct Answer: A
QUESTION 384
A. TFTP
B. SNMP
C. SMTP
D. HTTPS
E. FTP
Correct Answer: AB
QUESTION 400
Correct Answer: C
QUESTION 408
A. They support wildcard masks to limit the address bits to which entries are applied
C. IP access list without at least one deny statement permit all traffic by default
QUESTION 412
Frame Relay LMI autosense. What is is true? (Choose two) –> other formulation of answers
B. Protocol must be up
Correct Answer: AC
Correct Answer: AE
Server Configuration
4. dns-server
5. domain-name
6. exit
1. ipv6 address
1. enable
2. configure terminal
3. ipv6 unicast-routing
2. ipv6 enable
3. exit
1. ipv6 address
1. enable
2. configure terminal
3. ipv6 unicast-routing
4. ipv6 nd route-owner
2. ipv6 enable
5. exit
Question 1
A. Global addressing
C. Multicasting
Answer: A B C
One long question something like router get IPv6 information from ISP. Now it have to distribute
name server and other options to hosts (how do routers distribute prefixes obtained from
A. PPPv6
B. DHCP
C. Stateful Natv6
D. NPTv6
E. IPv4
Question 9
A. HMAC-MD5
B. HMAC-SHA
C. CBC-DES
D. Community strings
Answer: D
Question 10
Answer:
NHRP – … protocol …
Question 13
Which two statements about NHRP in a DMVPN environment are true? (Choose two)
Answer: D E
Question 14
+ Global addressing – Enables Frame Relay to identify interfaces in same manner as LAN
+ Multicasting – Provides most efficient transmission of routing protocol messages and support
address resolution
+ Simple flow control – Supports devices that are unable to use congestion notification
Question 15
Which two commands do you need to implement on the CALLING router to support the PPPoE
client? (choose two)
B. mtu
C. bba-group pppoe
E. pppoe-client dialer-pool-number
Answer: B E
Question 16
Which option to the command service timestamps debug enables the logging server to capture
the greatest amount of information from the router?
A. uptime
B. show-timezone
C. year
D. msec
Answer: D
Question 17
Answer: inside local, this list will be translated to this subnet (which is pool)
Question 18
Which value does GRE tunnel use to identify the end points or destination?
A. IP address
B. MAC address
C. DLCI
Answer: A
Explanation
For Frame Relay the answer would be DLCI but here it is asking about GRE tunnel so the best
choice here is “IP address”.
Question 19
A topology with eigrp, a hub and two spokes, where the loopback of the spokes are not seeing
each others.
Question 20
If you run the command auto-cost reference-bandwidth 10000 on one of the router in the
network, what will happen?
Answer: C
Explanation
This command affects all the OSPF costs on the local router as all links are recalculated with
formula: cost = reference-bandwidth (in Mbps) / interface bandwidth
Therefore in this case the command “auto-cost reference-bandwidth 10000” allows the local
router to calculate the link up to 10Gbps.
Question 21
Question with network topology, it is OSPF network is redistributing RIP. Question is how to
summarize those route.
Question 22
Answer: DUAL
Question 23
Which two protocols are used to deploy a single Hub-DMVPN supporting Spoke-to Spoke tunnels?
(Choose two)
A. MPLS
B. RSVP
C. NHRP
D. BFB
E. Multipoint GRE
Answer: C E
DND DHCP
DHCP >there was a new one Perform this task to enable an ISP to add a unique id,and assign
specific actions (for example, assignment of host IPaddress,subnet mask, and domain name
system DNS), and to trigger accounting.
ip dhcp relay information check —–> Validate relay information in BOOTREPLY (global
configuration command) If an invalid message is received, the relay agent drops it
ip dhcp relay information policy {drop | keep | replace} —-> Define forwarding rules
ip dhcp relay information Trust-all —> Trust-all Received DHCP packets may contain realy info
option with zero giaddr
DHCP
– ip dhcp relay information option subscriber-id — Perform this task to enable an ISP to add a
unique id,and assign specific actions (for example, assignment of host IPaddress,subnet mask, and
domain name system DNS), and to trigger accounting.
– ip dhcp relay information check —–> Validate relay information in BOOTREPLY (global
configuration command) If an invalid message is received, the relay agent drops it
– ip dhcp relay information policy {drop | keep | replace} —-> Define forwarding rules
– ip dhcp relay information Trust-all —> Trust-all Received DHCP packets may contain realy info
option with zero giaddr
ttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3s/ip6b-xe-3s-
book/ip6-add-basic-conn-xe.html
Here are the new questions i got on my test Other questions are already covered in the comments
before:
5-ipv6 eigrp uses only the configured ipv6 global addresses for communication
1-the first answer i dont remember but is really easy to figure out —>correct
4-other option
1-MPLS
2-BGP
3-other option
4-other option
4.Which BGP option is required when load sharing over multiple equal-bandwidth parallel
links from a single CE router to a single ISP router over eBGP? Select the best response.
B. eBGP Multihop
C. BGP Synchronization
D. Public AS numbers
* This question is in Dexter but answer is B,i got full mark in that section
so answer A is correct
4-Question 127 form Dexter, Refer to the exhibit. Which option prevents routing updates from
beingsent to the DHCP router, while still allowing routing update messages to flow to the
Internet router and the distribution switches?
2-the ACL should be applied at the core router not the DHCP router
as the question says “prevent it from *being sent*”
5- question with a 3 router figure, the loop back on the middle router is shut down what
happens: (R3 configured as stub)
R1-R2-R3 –> i got 100% in that section so i am sure of the correct answer
1-R1 Will get the query about the lost route from R2 –>correct answer
4-other option
2-other options
3-other options
4-other options
3-other option
4-other option
8-one statement is coorect about syslog
2-other options
3-other options
4-other options
9-There was one one more question with a missing command on EIGRP vrf configuration:
2-other options
3-other options
4-other options
ip dhcp relay information option –>automatically add the circuit identifier suboption and the
remote ID suboption
ip dhcp relay information check –>check that the relay agent information option in forwarded
BOOTREPLY messages is valid
ip dhcp relay information policy–>Configures the reforwarding policy for a DHCP relay agent
ip dhcp relay information–> configured in global configuration mode applies to all interfaces
Q.Which of these can be used for IPv4 to IPv6 communication?(choose two)
A. NAT-PT
B. ISATAP
D. …(MPLS maybe)
Answer: A,B
router eigrp 1
auto-summary
redistribute eigrp 1
D. …
E. …
-dnd Frame realy, configure in your lab interface and sub interface, ease.
51.51.51.51 (90/12569)
What to configure to use route 51.51.51.51. Answer I have tested home, is under router eigrp,
distance 90 51.51.51.51 0.0.0.255
for Eigrp eval sim use the “show ip eigrp “as” topology since show ip eigrp topology don’t work.
for OSPF Eval sim it’s weird that I didn’t get the exact Summary net link state as in the choices so I
choose the closest answer.