1.

Router#show ntp associations

Address ref clock st when poll reach delay offset disp

~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6

+~192.168.13.33 192.168.1.111 4 69 128 377 4.1 3.48 2.3

*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6

* Master (synced), # master (unsynced), + selected, – candidate, ~ configured

Q: Which of the following is true?

A. Master is syncing and exchanging NTP packets successfully

B. Master is not syncing but exchanging NTP packets successfully

C. Master is not syncing and not exchanging NTP packets

Answer: A

Explanation: in the output you can see a * next to the ip address that is the primary NTP server.
Also the 377 that means everything was received and processed. Negotiation done.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-
110/15171-ntpassoc.html
 2. Which next hop is going to be used for 172.17.1.0/24

Router(config-if)#do show ip bgp

BGP table version is 4, local router ID is 156.12.1.6

Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,

r RIB-failure, S Stale Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*>i 10.1.1.0/24 192.168.1.2 00 0 10000 i

*>i 10.2.2.0/24 192.168.3.2 000 10000 i

*>i 172.17.1.0/24 10.0.0.1 000 32768 i

A. 10.0.0.1

B. 192.168.1.2

C. 10.0.0.2

D. 192.168.3.2

Answer: A

Explanation: This response is obviously they are asking the next hop for 172.17.1.0/24 and that
network only has one next hop.

https://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp
5.html#wp1156281
3. Q: What Authentication does EIGRP use? (2 choices)

A. TKIP

B. MD5

C. Plain Text

D. WPA

Answer: B –C

Explanation: They ask for 2 options. The one that we know MD5 and the must lose to the reality is
plain text. However I didn´t find and official article that mentioned plain Text.

The router uses two types of authentication:

• Simple password authentication (also called plain text authentication)—Supported by Integrated

System-Integrated System (IS-IS), Open Shortest Path First (OSPF), and Routing Information
Protocol Version 2 (RIPv2)

• MD5 authentication—Supported by OSPF, RIPv2, BGP, and EIGRP

If the service password-encryption command is not used when implementing IGRP authentication,
the key-string will be stored as plain text in the router configuration.

IMPORTANT NOTE FROM THE AUTHOR:

Study this part

if-needed – Does not authenticate if the user has already been authenticated on a Vty line.

krb5 – Uses Kerberos 5 for authentication (can be used only for Password Authentication Protocol
[PAP] authentication)

local – Uses the local username database for authentication.

none- Uses no authentication.

group radius – Uses the list of all RADIUS servers for authentication.

group tacacs+ – Uses the list of all TACACS+ servers for authentication.

group group-name – Uses a subset of RADIUS or TACACS+ servers for authentication as defined by
the aaa group server radius or aaa group server tacacs+ command.
 BRIEF SUMMARY:

krb5: Kerberos is a secret-key network authentication protocol, developed at the Massachusetts

Institute of Technology (MIT), that uses the Data Encryption Standard (DES) cryptographic
algorithm for encryption and authentication.

The primary use of Kerberos is to verify that users and the network services they use are really
who and what they claim to be. To accomplish this, a trusted Kerberos server issues tickets to
users. These tickets, which have a limited lifespan, are stored in a user's credential cache and can
be used in place of the standard username-and-password authentication mechanism.

The following network services are supported by the Kerberos authentication capabilities in
Cisco IOS software:

• Telnet

• rlogin

• rsh

• rcp

LOCAL:

Purpose
This procedure configures local authentication using Cisco IOS
commands.
Tools/Equipment
None
Prerequisite
None
Procedures
Required/As Needed
As needed
Onsite/Remote
Onsite or remote
Security Level
Provisioning or higher

The only supported login authentication method in CPT is local authentication.

Router> enable
Router# configure terminal
Router(config)# aaa new-model
Router(config-if)# aaa authentication login default local
Router(config)# line vty 0 4
 Router(config-line)# login authentication default
Router(config-line)# end

RADIUS AUTHENTICATION:

the Remote Authentication Dial-In User Service (RADIUS) security system, defines its operation,
and identifies appropriate and inappropriate network environments for using RADIUS technology.
The “RADIUS Configuration Task List” section describes how to configure RADIUS with the
authentication, authorization, and accounting (AAA) command set.

Operation:

1. The user is prompted for and enters a username and password.

2. The username and encrypted password are sent over the network to the RADIUS server.
3. The user receives one of the following responses from the RADIUS server:
a. ACCEPT—The user is authenticated.
b. REJECT—The user is not authenticated and is prompted to reenter the username and
password, or access is denied.
c. CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional data
from the user.
d. CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select a new
password.
The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network
authorization. You must first complete RADIUS authentication before using RADIUS authorization.
The additional data included with the ACCEPT or REJECT packets consists of the following:
 Services that the user can access, including Telnet, rlogin, or local-area transport (LAT)
connections, and PPP, Serial Line Internet Protocol (SLIP), or EXEC services.
 Connection parameters, including the host or client IP address, access list, and user timeouts.

radius-server host 123.45.1.2

radius-server key myRaDiUSpassWoRd

username root password ALongPassword

aaa authentication ppp dialins group radius local

aaa authorization network default group radius local

aaa accounting network default start-stop group radius

aaa authentication login admins local

aaa authorization exec default local

line 1 16

autoselect ppp

autoselect during-login

login authentication admins

modem ri-is-cd

interface group-async 1

encaps ppp

ppp authentication pap dialins

GROUP TACACS +

TACACS+, which provides detailed accounting information and flexible administrative control over
authentication and authorization processes. TACACS+ is facilitated through AAA and can be
enabled only through AAA commands.

For a complete description of the TACACS+ commands used in this chapter, refer to the chapter
"TACACS+ Commands" in the Cisco IOS Security Command Reference. To locate documentation of
other commands that appear in this chapter, use the command reference master index or search
online.

Drag and Drop

4. **Frame Relay components**

+ SVC: A circuit that provides temporary on-demand connections between DTEs

+ LMI: A signaling mechanism for Frame Relay devices

+ DLCI: A locally significant ID

+FECN: An indicator of congestion on the network

+ PVC: A logical connection comprising two endpoints and a CIR

 5. **ACL**

reflexive – must be named

standard – range 1300-1399

extended – closest to device

time-based – access to device at certain times

dynamic –telnet …

6. **Frame relay config**

Drag each (EMPTY SPACE) line, to the right place in the configuration (i don’t remember the last
option. You had 5 blocks to fill and 7 possible answers)

interface —–Space Blank —— Serial0/3/1

bandwidth 56

space Blank —encapsulation frame-relay

no shutdown

Space BlanK —interface Serial0/3/1.2 point-to-point

Space BlanK –ip address 10.17.0.1 255.255.255.0

Space BlanK –frame-relay interface-dlci 100

clock rate 2000000

shutdown

Example: http://www.ciscopress.com/articles/article.asp?p=100603&seqNum=3

Atlanta(config)#interface serial0
Atlanta(config-if)#encapsulation frame-relay
 Atlanta(config-if)#interface serial 0.1 point-to-point
Atlanta(config-subif)#ip address 140.1.1.1 255.255.255.0
Atlanta(config-subif)#frame-relay interface-dlci 52

Atlanta(config-fr-dlci)#interface serial 0.2 point-to-point

Atlanta(config-subif)#ip address 140.1.2.1 255.255.255.0
Atlanta(config-subif)#frame-relay interface-dlci 53

Atlanta(config-fr-dlci)#interface serial 0.3 point-to-point

Atlanta(config-subif)#ip address 140.1.3.1 255.255.255.0
Atlanta(config-subif)#frame-relay interface-dlci 54

7. Q: Where to configure the DHCPv6 relay IP address for a VLAN

Do you have to enable DHCPv6 relay in the global configuration mode/VLAN interface?

Do you have to configure something on the VLAN interface/global configuration?

No answer for this since the question is not clear however checks the config example.

Configuring a DHCPv6 Relay Source on an Interface

Perform this task to configure an interface to use as the source when relaying messages.
SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number
4. ipv6 dhcp relay source-interface interface-type interface-number
5. end

Configuring a DHCPv6 Relay Source Globally

SUMMARY STEPS
 1. enable
2. configure terminal
3. ipv6 dhcp-relay source-interface interface-type interface-number
4. end

Restrictions for Configuring a DHCPv6 Relay Source

 If the configured interface is shut down, or if all of its IPv6 addresses are removed, the relay will
revert to its standard behavior.
 The command line interface (CLI) will report an error if the user attempts to specify an interface
that has no IPv6 addresses configured.
 The interface configuration takes precedence over the global configuration if both have been
configured.

8. Q: logging console 7. Which is true ?

A. you can see debug if you’re connected in SSH

B. High CPU utilization

C. …

Question is no clear but take into account following explanation:

Console logging:By default, the router sends all log messages to its console port. Hence only the
users that are physically connected to the router console port can view these messages.

Level name

Router messages

0 Emergencies System shutting down due to missing fan tray

1 Alerts Temperature limit exceeded
2 Critical Memory allocation failures
3 Errors Interface Up/Down messages
4 Warnings Configuration file written to server, via SNMP request
5 Notifications Line protocol Up/Down
6 Information Access-list violation logging
7 Debugging Debug messages

Each logging level also enables the logging level below it, so logging console 7 or logging console
debug will enable all log messages.

9. Question EIGRP

router eigrp 1

redistribute ospf 100

network 10.10.10.0 0.0.0.255

auto-summary

router ospf 100

network 172.16.0.0 0.0.255.255 area 10

redistribute eigrp 1

Q: what will happen to the redistributed network from EIGRP to OSPF? (Phrasing was different)

Notice: The author could mean that the question is different from previous question or he just
don´t remember the full question.

ORIGINAL QUESTION:

Refer to the exhibit. Which option describes why the EIGRP neighbors of this router are not
learning routes that are received from OSPF?
Router eigrp 1
redistribute ospf 100
network 10.10.10.0 0.0.0.255
auto-summary
!
router ospf 100
network 172.16.0.0 0.0.255.255 area 100
redistribute eigrp 1

A. The subnet defined in OSPF is not part of area 0

B. Default metrics are not configured under EIGRP
C. There is no overlap in the subnets advertised
D. The routing protocols do not have the same AS number

Answer: B

10. QUESTION

A diagram with 3 routers:

+ H1 (with IPv6 IP and Loopback 1.1.1.1)

+ R1 (with IP IPv6 and Loopback 2.2.2.2)

+ R2 (with IP IPv6 and Loopback 3.3.3.3)

Running with EIGRP 100 on both routers and what command you will implement so that you will
see the loopback IP of R2 to be advertised at H1

A. H1(config t)#router eigrp 100

H1(config t)#no stub only

B. R2(config t)#router eigrp 100

R2(config t)#no stub receive only

C. H1(config t)#ipv6 router eigrp 100

H1(config t)#no stub only

D. R2(config t)#ipv6 router eigrp 100

R2(config t)#no stub only

Answer: B (no stub receive-only)

Explanation: B because R2 is the router that has to advertise the loopback to his neighbors but if it
is only receiving routes (no stub receive-only) It cannot advertise his loopback.

"eigrp stub recieve-only" will restrict the router from sharing any of its routes, meaning:
connected, summary, redistributed or static routes to any other router in the EIGRP AS. Learned
eigrp routes will never be shared as that would defeat the whole purpose of STUB.
There are other stub options that can be configured. The list looks like this:

– receive-only

– connected

– static

– summary

– redistribute

If you configure the receive-only option, you can’t include any of the other options on the above
list. If you just configure the router as a stub and don’t specify any option, the default behavior is
to share connected and summary routes. Some other caveats also arise when using these
options. For instance, if you configure the static option, you still must allow EIGRP to share the
static routes by issuing the redistribute static command in the config-router context, or the router
won’t share the routes. The same goes for the connected option. If a network statement does
not include the connected routes you want to share, then you must issue the redistribute
connected command. One last aspect which may seem counterintuitive is that if you use
the redistribute option, you are permitting the router to share redistributed routes, but you still
must actually redistribute the routes for them to be shared. If you choose the summaryoption,
don’t forget to either manually create summary routes or enable auto-summary.

AAA DND
if-needed:
The if-needed keyword means that if the user has already authenticated by going through the
ASCII login procedure, then PPP is not necessary and can be skipped.
KRB5:
Remote users logging in to the network are prompted for a username. PAP authentication.
Local Case:
Use the local username database for authentication. Case-Sensitive
None: No authentication
Group Radius:
Security Server is used for Authorization defined by associating attributes-value pairs with a users
assigned rights.
Group Tacacs+:
Security Daemon is used for Authorization defined by associating attributes-value pairs with a
users assigned rights.
 Group group-name:
Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server
radius or aaa group server tacacs+ command.

DHCP >there was a new one<

ip dhcp relay information option???
ip dhcp relay information check cheking key words???
ip dhcp relay information policy policy key words???
ip dhcp relay information trusted-sources???

9TUBER comment:
1. I had 5 DnD.
DND:
Authentication, Accounting and Authorization.
GRE – IPsec, keepalive, mgre, mss, tunnel key
Frame Relay – Dlci, fcn, lmi, pvc and svc
assymetric routing, out of order packet, tcp starvation, latency
The New DHCP DnD
Only 1 Eval Simlet: EIGRP Eval
I had two Sims: Policy Based Routing and EIGRP Stub
Some Q’s I remember having. I added some notes to them.
Pay attention, MANY of the questions we’ve compiled on here are on the exam but they’re
formatted or phrased different. So just research the questions.
The Neighbor Discovery Protocol in ipv6 is replaced with which discovery protocol in ipv4?
A. ARP
B. ICMP
C. UDP
D. TCP
E. RFC
Correct Answer: A
Which two protocols can cause TCP starvation? (Choose two)
A. TFTP
B. SNMP
C. SMTP
D. HTTPS
E. FTP
Correct Answer: AB
What is the default value of TCP maximum segment size?
A. 536
B. 1492
C. 1500
D. 1508
Correct Answer: A
Frame Relay LMI autosense. Which statements are true? (Choose two.)
!!!!!The choices were a little different.
A. Line should be up and protocol should be down
B. Protocol must be up
C. It only works on DTEs
D. It only works on DCEs
Correct Answer: AC
What configurations does PPPoE allow? (Choose two)
A. Client can be installed on the same network devices as server
B. 8 clients can be configured on 1 CPE
C. Clients can connect to multiple hosts over DMVPN
D. Client connecting over ATM PVC
E. Client installed on native IPv6 network
Correct Answer: BC
In which two ways can split horizon issues be overcome in a Frame Relay network environment?
(choose two.)
A. Configuring one physical serial interface with Frame Relay to various remote sites.
B. Configure a loopback interface with Frame Relay to various remote sites
C. Configuring multiple sub interfaces on a single physical interface to various remote sites.
D. Enabling split horizon.
E. Disabling split horizon.
Correct Answer: CE
A network engineer enables OSPF on a Frame Relay WAN connection to various remote sites,
but no OSPF adjacencies come up.
Which two actions are possible solutions for this issue? (Choose Two)
A. Change the network type to point-to-multipoint under WAN interface.
B. Enable virtual links.
C. Change the network type to nonbroadcast multipoint access.
D. Configure the neighbor command under OSPF process for each remote site.
E. Ensure that the OSPF process number matches among all remote sites
Correct Answer: AD
In a point-to-multipoint Frame Relay topology, which two methods ensure that all routing
updates are received !!! one of the options was enable split horizon. So pay attention. by all
EIGRP routers within the Frame Relay network? (Choose Two)
A. Use statically defined EIGRP neighbors on the hub site.
B. Create separate address families.
C. Disable split horizon.
D. Use subinterfaces.
E. Disable EIGRP auto summary.
Correct Answer: CD

Which option to the command service timestamps debug enables the logging server to capture
the greatest amount of information from the router?
A. uptime
B. show-timezone
C. year
D. msec
Correct Answer: D

Which security level is supported throughout all SNMP versions?

A. authPriv
B. authNoPriv
C. noAuthNoPriv
Correct Answer: C

Q:A network engineer is modifying RIPng timer configuration. Which configuration mode should
the engineer use?
A. router(config-rtr)#
B. router(config-ripng)#
C. router(config-if)#
D. router(config)#

Whats the gateway en the global configuration

Router(config)#ip route vrf blue 0.0.0.0 0.0.0.0 192.168.1.1
Router(config)#ip route vrf red 0.0.0.0 0.0.0.0 192.168.1.2

If you type “show ip route” you will see “Gateway of last resort it not set”.
If you type show ip route vrf blue” you will see “192.168.1.1 as gateway of last resort”.
Global routing table does not overlap with VRF routing tables.

For the question:

How can you mitigate fragmentation issues between endpoints separated by a GRE tunnel? <
(they changed it, they added GRE)
A. PMTUD ## OK
B. TCP MSS
C. windowing
D. ICMP DF bit (this was a new answer)
Correct Answer: A ( please confirm first that PMTUD has the “D” at the end) if not other
possible solution is B.

Which cisco Express Forwarding component(s) contain forwarding information? (forwarding

information, they changed it)
A. FIB, adjacency table ## OK
B. adjacency table.
C. FIB, RIB , Adjanceny table
D. FIB
E. RIB
Correct Answer: A

which scenario can asymmetric routing occur?

A. active/active firewall setup
B. single path in and out of the network.
C. active/standby firewall setup
D. redundant routers running VRRP ## OK
Correct Answer: D
Q:Which of these can be used for IPv4 to IPv6 communication? (new question, not sure of the
exact phrasing)
A. NAT-PT ###
B. ISATAP
C. L2 to L3 VPN
D. IPSec
Correct Answer: A

I can remember that the last NTP associations on my test have * but i can’t remember the
stratum and reach values.

Q:Features of Netflow version 9? (CHOOSE TWO)

A. Cisco proprietary
B. IEEE standard
C. IETF
D. ingress/egress
E. ingress
F. egress
Correct Answer: C-D
How to set up IP SLA to monitor jitter between the certain limits? <= (it’s jitter now, not
bandwidth)
A. Timeout (not timer)
B. Frequency
C. Threshold
D. Queue-limit
Correct Answer: c

Q:A network engineer is modifying RIPng timer configuration. Which configuration mode should
the engineer use?
A. router(config-rtr)#
B. router(config-ripng)#
C. router(config-if)#
D. router(config)#

Correct Answer: A
QUESTION 11
Which three statements about SNMP are true? (Choose Three)
A. The manager configures and send traps to the agent.
B. The manager sends GET and SET messages.
C. SNMPv3 supports authentication and encryption.
D. The manager polls the agent using UDP port 161
E. The MIB database can be altered only by the SNMP agent.
F. The agent is the monitoring device.
Correct Answer: BCD
In a point-to-multipoint Frame Relay topology, which two methods ensure that all routing
updates are received by all EIGRP routers within the Frame Relay network? (Choose Two)
A. Use statically defined EIGRP neighbors on the hub site.
B. Create separate address families.
C. Disable split horizon.
D. Use sub interfaces.
E. Disable EIGRP auto summary.
Correct Answer: CD

Refer to the following configuration command.

router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
Which statement about the command is true?
A. Any packet that is received in the inside interface with a source IP port address of
172.16.10.8:80 is translated to 172.16.10.8:8080.
B. Any packet that is received in the inside interface with a source IP port address of
172.16.10.8:8080 is translated to 172.16.10.8:80.
C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8
D. Any packet that is received in the inside interfaces with a source IP address of 172.16.10.8 is
redirected to port 8080 or port 80.
Correct Answer: B

Which statement describes what this command accomplishes when inside and outside
interfaces are correctly identified for NAT? ip nat inside source static tcp 192.168.1.50 80
209.165.201.1 8080 extendable
A. It allows host 192.168.1.50 to access external websites using TCP port 8080.
B. It allows external clients coming from public IP 209.165.201.1 to connect to a web server at
192.168.1.50.
C. It allows external clients to connect to a web server hosted on 192.168.1.50.
D. It represents an incorrect NAT configuration because it uses standard TCP ports.
Correct Answer: C
What command allows permit or deny IPv6 traffic? (they edited it)
A. traffic-filter access-list-name
B. access-list
C. access-list ipv6
D. access-group
Correct Answer: A
What are 2 protocols used for user with authentication on network device?
A. CHAP
B. Radius
C. 802.1x
D. PAP
E. TACACS+
Correct Answer: B-E

During which DMVPN phase is spoke-to-spoke communication enabled?

A. Phase 1
B. Phase 6
C. Phase 5
D. Phase 2
E. Phase 4
Correct Answer: D
Which two phases of DMVPN allow to spoke sites to create dynamic tunnels to one another?
(Choose Two)
A. Phase 1
B. Phase 2
C. Phase 3
D. Phase 4
E. Phase 5
Correct Answer: B-C

Q:After reviewing the EVN configuration, a network administrator notices that a predefined
EVN, which is known
as “vnet global” was configured. What is the purpose of this EVN? (OR)
What is the purpose of ‘vnet global”?
A. It defines the routing scope for each particular EVN edge interface.
B. It aggregates and carries all dot1q tagged traffic.
C. It refers to the global routing context and corresponds to the default RIB.
D. It safeguards the virtual network that is preconfigured to avoid mismatched routing instances.
Correct Answer: C

Q:Which encapsulation supports an interface that is configured for an EVN trunk?

A. 802.1Q

B. ISL

C. PPP

D. Frame Relay

E. MPLS

F. HDLC

Correct Answer: A

NOTE FROM THE AUTHOR

Q:IPv6 access list and need to apply it to block traffic INBOUND SSH and interface (Choose

two)
Answer: there are 5 choices 2 inbound 3 outbound so we have to choose 2 inbound choices

only (the answer had something with "access-filter in” and the other one with “access-class”)

down in this document you will find the complete question.

Q:Which command instruct a PPPoE client to obtain its IP address from the PPPoe server?

A. ip address negotiated auto

B. ip address negotiated

C. pppoe enable

D. Ip address DHCP

E. Ip address dynamic

Correct Aswer: B

Q: What configurations does PPPoE allow? (Choose two)

A. Clients can connect to multiple hosts over DMVPN

B. Client installed on native IPV6 network

C. Client connecting over ATM PVC

D. Client can be installed on the same network device as server

E. 8 Clients can be configured on 1 CPE

Answer: A,E

Q: Which three elements can you use to identify an IPv6 packet via its header, in order to filter
future attacks?

(Choose three.)

A. Traffic Class

B. Source address

C. Flow Label

D. Hop Limit
E. Destination Address

F. Fragment Offset

Correct Answer: BCE

Explanation:

The Concept

IPv6 is using two distinct types of headers: Main/Regular IPv6 Header and IPv6 Extension Headers.
The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are
the result of lessons learned from operating IPv4. Figure 1 presents the IPv4 and IPv6 main
headers.

Figure 1. IPv4 and IPv6 Headers

The Concept

IPv6 is using two distinct types of headers: Main/Regular IPv6 Header and IPv6 Extension Headers.
The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are
the result of lessons learned from operating IPv4. Figure 1 presents the IPv4 and IPv6 main
headers.

Figure 1. IPv4 and IPv6 Headers

http://www.infosectoday.com/Articles/Basic_IPv6_Security_Considerations.htm
NOTE FROM THE AUTHOR:

Okay so thankfully I passed with 9XX marked, which is very surprising to me.

I’m sorry I couln’t remember more from what was in the exam even though I really tried.

-New DnD dhcp relay – where to configure and a lot of them were dhcp relay information options,
so I didn’t know how to answer it (one option I remeber had in the end subscriber ID or something
like that, one of the right option was configured globally, one on the left dhcp relay information
replace – or something like that) below on this document you will find the question.

- dekster is 50% valid which is enough for you to pass.

- almost all of the new answers taht has been covered in the last pages waren’t in my exam,
means that the new poll is much bigger then what we thought.

- couple of things that I remember

- a diagram of bgp config between 3 routers R1-R2-R3, which showed the config on R2, the
question was what command is missing.- they were trying to make adj between the routers on the
loopback address.

a. update source X — this is what I chosen.

b. ebpg-multihope 1

c. load balancing something.

d. no synchronize

Easy quiestion, very basic bgp lab config. (know how to form adj with neighbors)

- A diagram that we used to have in one of the old questions with the infrastructure of the DHCP
server and the core router has been changed to ACLs, and since I got 100% in that section the
answer would be

-interface out on the core routers side.

– Pay attention to where is the config is been configure, half of the option were config-router sub-
option which doesn’t make sense so watch out.
-a diagram that I was thinking a lot of was between 3 router R1-R2-R3 (sound kind of similar to a
new question that has been posted over here) which Eigrp 100 is configured on all of them.

The router in the middle (R2) has his loopback put in shut and the router on the right is a stub (R3).

The Question was :

Who would get the query message for that loopback that has been put in shut

-a. The feasible successors’ routers would get the query — that’s what I choosen

- R1 would request the query

- R1 and R3 would request the query

- R3 would request the query

Not sure exactly how it went but it was something like that

Alot of question about snmp – just learn how to configure snmp v3 and v2c

– had a question about trap x.x.x.x snmp 2c public

What is it means?

a. a community sting

b. a private community between the router and the host

-…

trap Snmp 2c 10 and then something

question was- what does that 10 means?

a. ACL that is applied

b. community string

c. It would be public (Don’t remember exactly)

-some of the new questions about DHCP and ipv6 (that has been covered in the last pages)
- one I remember was something about communication between ipv6 to ipv4 – very easy
question choose 2

a. Layer 2 switch

b. layer 3 switch

c. ipv4 address — XX

d ipv6 addresses — XX

What is true about many – to – one question (ipv4 to ipv6 communication) – just answered as
the question was one – to – many

Didn’t get any of the npt question except the old one ones And not the bgp question that we have
discussed earlier

– new question about statfull ipv6 question- if you covered all of the old question you’ll know
this one

Stateful autoconfiguration of IPv6 is the equivalent to the use of DHCP in IPv4. It

requires a DHCPv6 service to provide the IPv6 address to the client device and that
both client device and server maintain the "state" of that address (i.e. lease time, etc).

Stateless autoconfiguration of IPv6 allows the client device to self configure it's IPv6
addreess and routing based on the router advertisements.

A network can use both stateful and stateless autoconfiguration at the same time, they
are not mutually exclusive.

If you are interested, for more detailed information I would highly recommend you
read RFC4862.

– how to turn on ipv6 eigrp on

a. ipv6 nat

b. ipv6 nat-pt

c. ipv6 eigrp nat

d. ipv6 eigrp nat-pt

Correct answer: ??? I tried to reply but it doesn´t make sense for me.
FOR ME THE QUESTION IS :

QUESTION 333
What is the command to enable NAT-PT?
A. ipv6 nat
B. ipv6 nat enable
C. ipv6 nat-pt
D. ipv6 nat-pt enable

Correct Answer: A

Ohh another diagram that I have been thinking about was between 2 routers and they had a eigrp
protocol running between- the question was that they can ping between them with no problem
but when they are trying through the vrf connection it doesn’t work, what’s wrong? Which
command to put on both routers to make it work?

A rd 1:100 both

b. Network with a 255.255.240.0

c. autonomous-system 100 – that’s what I chosen

d. don’t remember

Correct Answer: C

–All of the dmvpn and nhrp new questions or old lol

– there was one with the nhrp authentication vpn endpoint answer that has been posted over
here.

-questions about which port snmp uses or another protocol don’t really remember…

the question was – when something tries to communicate with a router what port does the fw
needs to open in order for the communication to work. (it’s one of the protocols that we use in
most of the questions for sure)

- question about configuring dhcp server (WTF?)- that wants to give more features to a Microsoft
windows server host- what would you configure in order for that to happen –

a. scopes

b. options – chose this

The new SLA question wasn’t there which is Wierd (with the quality, baseline, understand…etc)

FOR ME THIS IS THE QUESTION:

QUESTION 477
Choose best IP SLA deployment cycle that reduce deployment ( Choose Three)
A. Baseline Network performance,
B. Understand Quality results
C. Fine tune and simplify
D. Quality results.

Correct Answer: ACD

What would you configure on snmpv3 to allow authentication

A. Authpriv – choosed

B. authnoprive

C. noauthnoprive

D. authmemeber

Correct Answer: B

I assumed a is right since they didn’t say only authentication

I think that was most of the problematic questions ones I had.

learn dekster but understand the answers and you’ll be good plus learn all of the new questions
that has been covered in the last pages, most of the questions are just old question that got
rephrase with a different scenerio but if you understand the fundamentals you’ll be good –
dhcpv6, ipv6 (statefull, stateless),ipv4 to ipv6, snmp, learn how to configure and overall.

So, I got a new VCE (don’t ask how I got it), which is included some of the new question until the
8 of feb, but it doesn’t include all of the questions that has been covered over here (ntp, bgp),
but have some + has the new FMI extension !! have no idea how they got it it’s a Chinese site
so use translation to found the download button lol

https://pan.baidu .com/s/1dWuMi6
Q:What is the NHRP role in DMVPN? (Choose 2)

A. Obtains the next-hop to be used for routing

B. routes the packet through the tunnel

C. identifies the PIM-SM RP used to route the packet

D. It can authenticate VPN endpoints

E. It requires each tunnel endpoint to have an unique network ID

Correct Answer: AD

Which encapsulation supports an interface that is configured for an EVN trunk?

A. 802.1Q

B. ISL

C. PPP

D. Frame Relay

E. MPLS

F. HDLC

Correct Answer: A

Which two functionalities are specific to stateless NAT64? (Choose two.)

–> there were different possible answers then in Dexter.I cant remember.

IT IS NOT CLEAR BUT CONSIDER THE FOLLOWING INFO

While stateful and stateless NAT64 perform the task of translating IPv4 packets into IPv6 packets
and vice versa, there are important differences. The following table provides a high-level overview
of the most relevant differences.
Table 2. Differences Between Stateless NAT64 and Stateful NAT64
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-
solution/

Which of these provides encryption?(or something like)

A. authPriv

B. authNoPriv

C. NoAuthNoPriv

D. NoAuthNoEgress

Correct answer: A

Which value does GRE tunnel use to identify the end points or destination

A. IP ADDRESS

B. MAC ADDRESS

C. DLCI

D. TUNNEL

Correct Answer: A

There was a scenario hub and two spokes.EIGRP 100.The question was what happens if the split
horizont will be disabled on hub?

A. routing loop

B. spoke1 and spoke2 will receive updates from each others about connected networks
Which two commands would be used to troubleshoot high memory usage for a process?(Choose
two.)

A. router#show memory allocating-process table

B. router#show memory summary

C. router#show memory dead

D. router#show memory events

E. router#show memory processor statistics

Correct Answer: AB

Which three items can you track when you use two time stamps with IP SLAs? (Choose three.)

A. delay

B. jitter

C. packet loss

D. load

E. throughput

F. path

Correct Answer: ABC

A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same
VRF. At later time, a new loopback is added to Router 1, but it cannot ping any of the existing
interfaces. Which two configurations enable the local or remote router to ping the loopback from
any existing interface? (Choose two.)

A. adding a static route for the VRF that points to the global route table

B. adding the loopback to the VRF

C. adding dynamic routing between the two routers and advertising the loopback

D. adding the IP address of the loopback to the export route targets for the VRF

E. adding a static route for the VRF that points to the loopback interface

F. adding all interfaces to the global and VRF routing tables

Correct Answer: AB

Which statement about dual stack is true?

A. Dual stack translates IPv6 addresses to IPv4 addresses

B. Dual stack means that devices are able to run IPv4 and IPv6 in parallel.

C. Dual stack translates IPv4 addresses to IPv6 addresses

D. Dual stack changes the IP addresses on hosts from IPv4 to IPv6 automatically

Correct Answer: B

Which option prevents routing updates from being sent to the DHCP router, while still allowing
routing update messages to flow to the Internet router and the distribution switches?

A. DHCP(config-router)# passive-interface default

DHCP(config-router)# no passiveinterface Gi1/0

Internet(config-router)# passive-interface Gi0/1

Internet (config-router)#passive-interface Gi0/2

B. Core(config-router)# passive-interface Gi0/0

Core(config-router)# passive-interface Gi3/1

Core(config-router)# passive-interface Gi3/2

DHCP(config-router)# no passiveinterface Gi1/0

C. Core(config-router)# passive-interface default

Core(config-router)# no passive-interface Gi0/0

Core(config-router)# no passive-interface Gi3/1

Core(config-router)# no passiveinterface Gi3/2

D. Internet(config-router)# passive-interface default

Core(config-router)# passive-interface default

DSW1(config-router)# passive-interface default

DSW2(config-router)# passiveinterface default

THE POTENTIAL ANSWERS WERE CHANGED!!! They used ACLs and ipv6 traffic filter instead of
passive interface commands.

QUESTION 111

Refer to the exhibit. After configuring GRE between two routers running OSPF that are
connected to each other via a WAN link, a network engineer notices that the two routers cannot
establish the GRE tunnel to begin the exchange of routing updates. What is the reason for this?

POTENTIAL ANSWERS CHANGED

QUESTION 147

Which three IP SLA performance metrics can you use to monitor enterprise-class networks?
(Choose three.)

A. Packet loss

B. Delay

C. bandwidth

D. Connectivity

E. Reliability

F. traps

Correct Answer: ABD

QUESTION 159

An engineer is using a network sniffer to troubleshoot DHCPv6 between a router and hosts on the
LAN with the following configuration:

Interface Ethernet0

Ipv6 dhcp server DHCPSERVERPOOL rapid-commit

Which two DHCPv6 messages will appear in the snifer logs?

A. reply

B. request

C. advertise

D. acknowledge

E. solicit

F. accept

Correct Answer: AE

QUESTION 191

A. The source-interface is configured incorrectly.

B. The destination must be 172.30.30.2 for icmp-echo.

C. A route back to the R1 LAN network is missing in R2.

D. The default route has wrong next hop IP address.

E. The threshold value is wrong.

Correct Answer: AC

A network engineer enables OSPF on a Frame Relay WAN connection to various remote sites,
but no OSPF adjacencies come up. Which two actions are possible solutions for this issue?
(Choose two.)

A. Change the network type to point-to-multipoint under WAN interface.

B. Enable virtual links.

C. Change the network type to nonbroadcast multipoint access.

D. Configure the neighbor command under OSPF process for each remote site.

E. Ensure that the OSPF process number matches among all remote sites.

Correct Answer: AD

Refer to Exhibit. Which two reasons for IP SLA tracking failure are likely true? (Choose Two.)

Which two phases of DMPVN allow the spoke site to create dynamic tunnels to one other

(Choose two)?

A. Phase 1

B. Phase 2

C. Phase 3

D. Phase 4

E. Phase 5

Correct Answer: BC

QUESTION 205

Which two different configurations can you apply to a device incoming SSH access? (Choose
two)

A. ipv6 access-list VTY-ACCESS-IN

secuence 10 deny tcp any any eq 22

sequence 20 permit ipv6 any any

line vty 0 15

ipv6 access-list VTY-ACCESS-IN out

B. ipv6 access-list VTY-ACCESS-IN

secuence 10 deny tcp any any eq 22

sequence 20 permit ipv6 any any

interface Ethernet0/0

ip traffic-filter VTY-ACCESS-IN out

C. ipv6 access-list VTY-ACCESS-IN

secuence 10 deny tcp any any eq 22

sequence 20 permit ipv6 any any

line vty 0 15

ipv6 access-class VTY-ACCESS-IN in

D. ipv6 access-list VTY-ACCESS-IN

secuence 10 deny tcp any any eq 22

sequence 20 permit ipv6 any any

interface Ethernet0/0

ipv6 traffic-filter VTY-ACCESS-IN in

E. ipv6 access-list VTY-ACCESS-IN

secuence 10 deny tcp any any eq 22

sequence 20 permit ipv6 any any

interface Ethernet0/0

ipv6 traffic-filter VTY-ACCESS-IN out

Correct Answer: CD

DHCPv6 can obtain configuration parameters from a server though rapid two-way message
exchange. Which two steps are involved in this process? (choose two)

A. advertise

B. solicit

C. reply

D. request

E. auth

Correct Answer: BC
QUESTION 209

A network engineer executes the show ip cache flow command. Wich two types of information
are displayed in the report that is generated? (Choose two)

A. top talkers

B. flow export statistics

C. flow sample for specific protocols

D. MLS flow traffic

E. IP packet distribution

Correct Answer: CE

QUESTION 221

A network engineer enables OSPF on a Frame Relay WAN connecton to various remote stes, but
no OSPF adiacencies come up Which two actions are possible solutions for thisissue? (Choose
Two)

A. Change the network type to point-to-mupltipoint under WAN interface

B. Enable virtual Inks

C. Change the networktype to nonbroadcast mutpoint access

D. Configure the neighbor command under OSPF process for each remote site

E. Ensure that the OSPF process number matches among all remote stes

Correct Answer: AD

QUESTION 230 —

DND AAA
QUESTION 251

Which three options are valid DHCPv6 functions? (Choose three.)

A. Server

B. client

C. approver

D. requester

E. requester

F. ACK

G. relay

Correct Answer: ABG

QUESTION 289

Which two statements about EVN are true? (Choose two) — the answers were changed

Explanation/Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/evn/configuration/xe-3s/evn-xe-3s-
book/evnoverview.htgml
Virtual Network Tag
Each VPN and associated EVN has a tag value that you assign during configuration. The tag value
is global, meaning that on each router, the same EVN must be assigned the same numerical tag
value. Tag values range from 2 to 4094. An EVN is allowed on any interface that supports 802.1q
encapsulation, such as Fast Ethernet, Gigabit Ethernet, and port channels. To allow for backward
compatibility with the VRF-Lite solution, the vLAN ID field in the 802.1q frame is used to carry the
virtual network tag.
“The tag value is global, meaning that on each router, the same EVN must be assigned the same
numerical tag value”
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/evn/configuration/xe-3s/evn-xe-3s-
book/evnoverview.html#GUID-F46F2A10-3CAD-43D5-95FE-2D8A079AE4B5

The VNET tag is a global value and thus VNs on each EVN device should be provisioned with the
same tag value. The valid tag value range is from 2 to 4094. EVN is supported on any interface that
supports 802.1q encapsulation, for example, an Ethernet interface
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/layer-3-vpns-l3vpn/whitepaper
QUESTION 305
_c11-638769.html

QUESTION 300 -DND

QUESTION 301

which two statement about GRE tunnel interface are true?(choose two) –> answers
reformulated

QUESTION 303 -DND

What are two protocols used for user with authentication on network device?

(OR)

What are two options for authenticating a user who is attempting to access a network
device?(Choose two)

A. CHAP

B. Radius

C. 802.1x

D. PAP

E. TACACS+

Correct Answer: BE

What is the default value of TCP maximum segment size?

A. 536

B. 1492

C. 1500

D. 1508

Correct Answer: A
QUESTION 333

What is the command to enable NAT-PT?

A. ipv6 nat

B. ipv6 nat enable

C. ipv6 nat-pt

D. ipv6 nat-pt enable

Correct Answer: A

QUESTION 384

Which two protocols can cause TCP starvation?(choose two)

A. TFTP

B. SNMP

C. SMTP

D. HTTPS

E. FTP

Correct Answer: AB

QUESTION 400

Refer to the Exhibit. Which effect of this configuration is true?

A. R1 synchronizes with systems that include authentication key 5 in their packets.

B. R1 acts as an authoritative clock with a priority ID of 1.

C. R1 acts as an authoritative clock at stratum

D. R1 is the NTP client for a stratum 1 server.

Correct Answer: C
QUESTION 408

which two statements about ip access lists are true?(choose two)

A. They support wildcard masks to limit the address bits to which entries are applied

B. Extended access lists must include port numbers

C. IP access list without at least one deny statement permit all traffic by default

QUESTION 412

Frame Relay LMI autosense. What is is true? (Choose two) –> other formulation of answers

A. Line should be up and protocol should be down

B. Protocol must be up

C. It only works on DTEs

D. It only works on DCEs

Correct Answer: AC

QUESTION 484 –> DND

QUESTION 487–> DND

D. They end with an implicit permit

E. Entries are applied to traffic in the order in which they appear

Correct Answer: AE

Server Configuration

In Global Configuration Mode

1. ipv6 unciast-routing

2. ipv6 dhcp pool

3. address prefix lifetime

4. dns-server

5. domain-name

6. exit

In Interface Configuration Mode

1. ipv6 address

2. ipv6 dhcp server rapid-commit

Relay Agent Configuration

In Global Configuration Mode

1. enable

2. configure terminal

3. ipv6 unicast-routing

In Interface Configuration Mode

In DHCPv6 server Facing Interface:

1. ipv6 address autoconfig

2. ipv6 enable

3. exit

In Clients Facing Interface

1. ipv6 address

2. ipv6 dhcp relay destination

Note: Specify a destination address to which client packets are forwarded and enables DHCPv6
relay service on the interface. Client Configuration

In Global Configuration Mode

1. enable

2. configure terminal

3. ipv6 unicast-routing

4. ipv6 nd route-owner

In Interface Configuration Mode

1. ipv6 address dhcp rapid commit

2. ipv6 enable

3. ipv6 nd autoconfig prefix

4. ipv6 nd autoconfig default-route

5. exit

Question 1

What are three of Frame Relay LMI extensions? (Choose three)

A. Global addressing

B. Virtual circuit status messages

C. Multicasting

Answer: A B C
One long question something like router get IPv6 information from ISP. Now it have to distribute
name server and other options to hosts (how do routers distribute prefixes obtained from

ISPs using DHCPv6)

A. PPPv6

B. DHCP

C. Stateful Natv6

D. NPTv6

E. IPv4

Question 9

Which of the following SNMPv2 uses for authentication?

A. HMAC-MD5

B. HMAC-SHA

C. CBC-DES

D. Community strings

Answer: D

Question 10

Drag drop about DMVPN components.

Answer:

Hub – …. next-hop server

Spoke – … device …. dynamic address

mGRE – … multi tunnel endpoint …

NHRP – … protocol …

Question 13

Which two statements about NHRP in a DMVPN environment are true? (Choose two)

A. It requires each endpoint to have a unique network ID

B. It routes traffic through the tunnel

C. It can identify PIM-SM RPs over a tunnel

D. It can authenticate VPN endpoints

E. It provides address resolution to route traffic

Answer: D E

Question 14

Drag drop question about LMI

+ Address registration – allows neighboring Cisco devices to exchange the management ip

addresses

+ Global addressing – Enables Frame Relay to identify interfaces in same manner as LAN
+ Multicasting – Provides most efficient transmission of routing protocol messages and support
address resolution

+ Simple flow control – Supports devices that are unable to use congestion notification

+ Virtual circuit – Prevents data from being transmitted in black hole

Question 15

Which two commands do you need to implement on the CALLING router to support the PPPoE
client? (choose two)

A. peer default ip address pool

B. mtu

C. bba-group pppoe

D. pppoe enable group

E. pppoe-client dialer-pool-number

Answer: B E

Question 16

Which option to the command service timestamps debug enables the logging server to capture
the greatest amount of information from the router?

A. uptime

B. show-timezone
C. year

D. msec

Answer: D

Question 17

choose correct statement about Dynamic NAT.

Answer: inside local, this list will be translated to this subnet (which is pool)

Question 18

Which value does GRE tunnel use to identify the end points or destination?

A. IP address

B. MAC address

C. DLCI

Answer: A

Explanation
For Frame Relay the answer would be DLCI but here it is asking about GRE tunnel so the best
choice here is “IP address”.

Question 19

A topology with eigrp, a hub and two spokes, where the loopback of the spokes are not seeing
each others.

Answer: Disable split horizon on the hub

Question 20

If you run the command auto-cost reference-bandwidth 10000 on one of the router in the
network, what will happen?

A. It will make 10Gbps on all of them

B. It will make 1 Gbps on all of them

C. It will make 10Gbps on this router only

Answer: C

Explanation
This command affects all the OSPF costs on the local router as all links are recalculated with
formula: cost = reference-bandwidth (in Mbps) / interface bandwidth

Therefore in this case the command “auto-cost reference-bandwidth 10000” allows the local
router to calculate the link up to 10Gbps.

Question 21

Question with network topology, it is OSPF network is redistributing RIP. Question is how to
summarize those route.

Answer: Summary-address (not sure)

Question 22

What algorithm is used in EIGRP?

Answer: DUAL

Question 23

Which two protocols are used to deploy a single Hub-DMVPN supporting Spoke-to Spoke tunnels?
(Choose two)

A. MPLS

B. RSVP

C. NHRP
D. BFB

E. Multipoint GRE

Answer: C E

DND DHCP

DHCP >there was a new one Perform this task to enable an ISP to add a unique id,and assign
specific actions (for example, assignment of host IPaddress,subnet mask, and domain name
system DNS), and to trigger accounting.

ip dhcp relay information check —–> Validate relay information in BOOTREPLY (global
configuration command) If an invalid message is received, the relay agent drops it

ip dhcp relay information policy {drop | keep | replace} —-> Define forwarding rules

ip dhcp relay information Trust-all —> Trust-all Received DHCP packets may contain realy info
option with zero giaddr

ip dhcp relay global interface – not remember

ip dhcp relay information option – Insert relay information in BOOTREQUEST

show ip dhcp relay information trusted-sources — ??

DHCP

– ip dhcp relay information option subscriber-id — Perform this task to enable an ISP to add a
unique id,and assign specific actions (for example, assignment of host IPaddress,subnet mask, and
domain name system DNS), and to trigger accounting.
– ip dhcp relay information check —–> Validate relay information in BOOTREPLY (global
configuration command) If an invalid message is received, the relay agent drops it

– ip dhcp relay information policy {drop | keep | replace} —-> Define forwarding rules

– ip dhcp relay information Trust-all —> Trust-all Received DHCP packets may contain realy info
option with zero giaddr

– ip dhcp relay global interface – not remember

– ip dhcp relay information option – Insert relay information in BOOTREQUEST

– show ip dhcp relay information trusted-sources — ??

ttps://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3s/ip6b-xe-3s-
book/ip6-add-basic-conn-xe.html

NOTES FOR THE EXAM

Here are the new questions i got on my test Other questions are already covered in the comments
before:

1.question about ipv6 EIGRP configuration

1-route advertisements are configured at the router global configuration

2-route advertisments are configured at the interface configuration–>chose

3-an ipv6 router ID

 4-uses link-local ip address for route advertisments–>chose

5-ipv6 eigrp uses only the configured ipv6 global addresses for communication

6-…other wrong option

2.question about uRPF configuration (2 answers)

1-the first answer i dont remember but is really easy to figure out —>correct

2-configured at the interface level —>correct

3-configured at global configuration

4-other option

3.Technology used with EVN

1-MPLS

2-BGP

3-other option

4-other option

NOT CLEAR but consider the following information:

Restrictions for EVN

 An EVN trunk is allowed on any interface that supports 802.1q encapsulation, such as Fast
Ethernet, Gigabit Ethernet, and port channels.
 There are additional platform and line-card restrictions for an EVN trunk. Check Cisco Feature
Navigator, www.cisco.com/go/cfn for supported platforms and line cards.
 A single IP infrastructure can be virtualized to provide up to 32 virtual networks end-to-end.
 If an EVN trunk is configured on an interface, you cannot configure VRF-Lite on the same
interface.
 OSPFv3 is not supported; OSPFv2 is supported.
 The following are not supported by EVN:
 IS-IS
 RIP
 Route replication is not supported with BGP
 Certain SNMP set operations
 The following are not supported on an EVN trunk:
 Access control lists (ACLs)
 BGP interface commands are not inherited
 IPv6, except on vnet global
 Network address translation (NAT)
 NetFlow
 Web Cache Communication Protocol (WCCP)

4.Which BGP option is required when load sharing over multiple equal-bandwidth parallel

links from a single CE router to a single ISP router over eBGP? Select the best response.

A. eBGP Multipath –>chose

B. eBGP Multihop

C. BGP Synchronization

D. Public AS numbers

* This question is in Dexter but answer is B,i got full mark in that section

so answer A is correct

4-Question 127 form Dexter, Refer to the exhibit. Which option prevents routing updates from
beingsent to the DHCP router, while still allowing routing update messages to flow to the
Internet router and the distribution switches?

The answers used access-list not passive interfaces

The 2 tricks about the question are:

1-some options have the AL configured

at the router configuration not the interface,

2-the ACL should be applied at the core router not the DHCP router
as the question says “prevent it from *being sent*”

5- question with a 3 router figure, the loop back on the middle router is shut down what
happens: (R3 configured as stub)

R1-R2-R3 –> i got 100% in that section so i am sure of the correct answer

1-R1 Will get the query about the lost route from R2 –>correct answer

2-R1 and R3 will get the query

3-query will be sent to the Feasible successors

4-other option

6- what does the command show ip vrf purple TOPOLOGY shows:

1- shows the feasible successors for a specific route table–>chose

2-other options

3-other options

4-other options

7-the command show ip flow export shows:

1-sent states and statistics

2-local states and statistics–>chose

3-other option

4-other option
8-one statement is coorect about syslog

1-uses udp port 514

2-other options

3-other options

4-other options

9-There was one one more question with a missing command on EIGRP vrf configuration:

1-configure autonomous system 100 on both routers

2-other options

3-other options

4-other options

10-The question regarding the new DHCP DnD:

ip dhcp relay information option –>automatically add the circuit identifier suboption and the
remote ID suboption

ip dhcp relay information check –>check that the relay agent information option in forwarded
BOOTREPLY messages is valid

ip dhcp relay information policy–>Configures the reforwarding policy for a DHCP relay agent

ip dhcp relay information subscriber-id–>enable an ISP to add a unique identifier

ip dhcp relay information trusted-sources–>configures interfaces on a router as trusted sources

ip dhcp relay information–> configured in global configuration mode applies to all interfaces
Q.Which of these can be used for IPv4 to IPv6 communication?(choose two)

A. NAT-PT

B. ISATAP

C. …(something with VPN)

D. …(MPLS maybe)

Answer: A,B

Q.redistribution from eigrp to ospf (choose two correct)

router eigrp 1

redistribute ospf 100

network 10.10.10.0 0.0.0.255

auto-summary

router ospf 100

network 172.16.0.0 0.0.255.255 area 10

redistribute eigrp 1

A.will redistribute only clasfull routes

B.routes will be redistributed as E2

C.routes will be redistributed as N2

D. …

E. …

Answer: A (missing 'subnets' in the command), B (default E2)

Satax# is related to the passive interface where to configure, ease.

-dnd Frame realy, configure in your lab interface and sub interface, ease.

-10.10.10.10 52.52.52.52 (90/12569)

51.51.51.51 (90/12569)

What to configure to use route 51.51.51.51. Answer I have tested home, is under router eigrp,
distance 90 51.51.51.51 0.0.0.255

-ip dhcp dnd https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-

sy/dhcp-15-sy-book/dhcp-relay-agent.html#GUID-F2F3913C-D710-4377-AC5D-DFF39E165644

use this link to learn about it.

for Eigrp eval sim use the “show ip eigrp “as” topology since show ip eigrp topology don’t work.

for OSPF Eval sim it’s weird that I didn’t get the exact Summary net link state as in the choices so I
choose the closest answer.

This is my way on giving back on the community.

Thank you for those who help me on my route journey

Thanks to Dexter and to those who actively contribute on this forum