300-410 Sham

Question #1Topic 1
Refer to the exhibit. Users in the branch network of 2001:db8:0:4::/64 report that they cannot access the
Internet. Which command is issued in IPv6 router EIGRP 100 configuration mode to solve this issue?
 A. Issue the eigrp stub command on R1.

 B. Issue the no eigrp stub command on R1.
 C. Issue the eigrp stub command on R2.
 D. Issue the no eigrp stub command on R2.
Hide Solution Discussion 20

Correct Answer: B 🗳️
Community vote distribution

B (100%)
Question #2Topic 1
Refer to the exhibit. Which configuration configures a policy on R1 to forward any traffic that is sourced
from the 192.168.130.0/24 network to R2?
A.
B.
C.
D.

Correct Answer: D
Question #3Topic 1
R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:
What is the result when the route-map OUT command is applied toward an eBGP neighbor R1 (1.1.1.1)
by using the neighbor 1.1.1.1 route-map OUT out command?
 A. R1 sees 192.168.130.0/24 as two AS hops away instead of one AS hop away.
 B. R1 does not accept any routes other than 192.168.130.0/24
 C. R1 does not forward traffic that is destined for 192.168.30.0/24
 D. Network 192.168.130.0/24 is not allowed in the R1 table

Correct Answer: A 🗳️

A (100%)
Question #4Topic 1
Which method changes the forwarding decision that a router makes without first changing the
routing table or influencing the IP data plane?
 A. nonbroadcast multiaccess
 B. packet switching
 C. policy-based routing Most Voted
 D. forwarding information base

Correct Answer: C 🗳️

C (86%)
14%
Question #5Topic 1
Refer to the exhibits. The output of the trace route from R5 shows a loop in the network.
Which configuration prevents this loop?
A.
B.
C.
D.

Correct Answer: A
Question #6Topic 1
Refer to the exhibit. An engineer configures a static route on a router, but when the engineer
checks the route to the destination, a different next hop is chosen. What is the reason for this?
 A. Dynamic routing protocols always have priority over static routes.

 B. The metric of the OSPF route is lower than the metric of the static route.
 C. The configured AD for the static route is higher than the AD of OSPF.
 D. The syntax of the static route is not valid, so the route is not considered.


C (100%)
Question #7Topic 1
Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network
10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary
route missing?
 A. The summary-address command is used only for summarizing prefixes between areas.
 B. The summary route is visible only in the OSPF database, not in the routing table.
 C. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated.
 D. The summary route is not visible on this router, but it is visible on other OSPF routers in the
same area.


C (100%)
Question #8Topic 1
Refer to the exhibit. An engineer is trying to block the route to 192.168.2.2 from the routing table
by using the configuration that is shown. The route is still present in the routing table as an
OSPF route. Which action blocks the route?
 A. Use an extended access list instead of a standard access list.

 B. Change sequence 10 in the route-map command from permit to deny.
 C. Use a prefix list instead of an access list in the route map.
 D. Add this statement to the route map: route-map RM-OSPF-DL deny 20.
Reveal Solution Discussion 58

B (83%)
C (17%)
Question #9Topic 1
What is a prerequisite for configuring BFD?
 A. Jumbo frame support must be configured on the router that is using BFD.
 B. All routers in the path between two BFD endpoints must have BFD enabled.
 C. Cisco Express Forwarding must be enabled on all participating BFD endpoints.
 D. To use BFD with BGP, the timers 3 9 command must first be configured in the BGP routing
process.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1043332
C (100%)
Question #10Topic 1
DRAG DROP -
Drag and drop the OSPF adjacency states from the left onto the correct descriptions on the
right.
Select and Place:

Correct
Answer:
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13685-13.html
Question #11Topic 1
Refer to the exhibit. R2 is a route reflector, and R1 and R3 are route reflector clients. The route
reflector learns the route to 172.16.25.0/24 from R1, but it does not advertise to R3. What is the
reason the route is not advertised?
 A. R2 does not have a route to the next hop, so R2 does not advertise the prefix to other clients.
 B. Route reflector setup requires full IBGP mesh between the routers.
 C. In route reflector setup, only classful prefixes are advertised to other clients.
 D. In route reflector setups, prefixes are not advertised from one client to another.


A (100%)
Question #12Topic 1
Refer to the exhibit. An engineer is trying to redistribute OSPF to BGP, but not all of the routes
are redistributed. What is the reason for this issue?
 A. By default, only internal routes and external type 1 routes are redistributed into BGP
 B. Only classful networks are redistributed from OSPF to BGP
 C. BGP convergence is slow, so the route will eventually be present in the BGP table
 D. By default, only internal OSPF routes are redistributed into BGP

Correct Answer: D 🗳️

D (100%)
Question #13Topic 1
Refer to the exhibit. In which circumstance does the BGP neighbor remain in the idle condition?
 A. if prefixes are not received from the BGP peer

 B. if prefixes reach the maximum limit
 C. if a prefix list is applied on the inbound direction
 D. if prefixes exceed the maximum limit


D (100%)
Question #14Topic 1
Which attribute eliminates LFAs that belong to protected paths in situations where links in a
network are connected through a common fiber?
 A. shared risk link group-disjoint

 B. linecard-disjoint
 C. lowest-repair-path-metric
 D. interface-disjoint

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/asr1000/ire-xe-3s-asr1000/ire-ipfrr.html
A (100%)
Question #15Topic 1
Refer to the exhibit. An engineer is troubleshooting BGP on a device but discovers that the
clock on the device does not correspond to the time stamp of the log entries. Which action
ensures consistency between the two times?
 A. Configure the service timestamps log uptime command in global configuration mode.
 B. Configure the logging clock synchronize command in global configuration mode.
 C. Configure the service timestamps log datetime localtime command in global configuration
mode. Most Voted
 D. Make sure that the clock on the device is synchronized with an NTP server.


C (92%)
8%
Question #16Topic 1
Refer to the exhibit. What is the result of applying this configuration?
 A. The router can form BGP neighborships with any other device.
 B. The router cannot form BGP neighborships with any other device.
 C. The router cannot form BGP neighborships with any device that is matched by the access list
named “BGP”.
 D. The router can form BGP neighborships with any device that is matched by the access list
named “BGP”.


C (100%)
Question #17Topic 1
Which command displays the IP routing table information that is associated with VRF-Lite?
 A. show ip vrf
 B. show ip route vrf
 C. show run vrf
 D. show ip protocols vrf

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/vrf.html#wp1045708

B (100%)
Question #18Topic 1
Refer to the exhibit. Which subnet is redistributed from EIGRP to OSPF routing protocols?
 A. 10.2.2.0/24
 B. 10.1.4.0/26
 C. 10.1.2.0/24
 D. 10.2.3.0/26


A (100%)
Question #19Topic 1
Which configuration adds an IPv4 interface to an OSPFv3 process in OSPFv3 address family
configuration?
 A. router ospfv3 1 address-family ipv4

 B. Router(config-router)#ospfv3 1 ipv4 area 0
 C. Router(config-if)#ospfv3 1 ipv4 area 0
 D. router ospfv3 1 address-family ipv4 unicast

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-xe-3s-book/ip6-route-ospfv3-add-fam-xe.html
C (100%)
Question #20Topic 1
Refer to the exhibit. Which statement about R1 is true?
 A. OSPF redistributes RIP routes only if they have a tag of one.

 B. RIP learned routes are distributed to OSPF with a tag value of one.
 C. R1 adds one to the metric for RIP learned routes before redistributing to OSPF.
 D. RIP routes are redistributed to OSPF without any changes.


B (100%)
Question #21Topic 1
Refer to the exhibit. An IP SLA was configured on router R1 that allows the default route to be
modified in the event that Fa0/0 loses reachability with the router R3 Fa0/0 interface. The route
has changed to flow through router R2. Which debug command is used to troubleshoot this
issue?
 A. debug ip flow
 B. debug ip sla error
 C. debug ip routing
 D. debug ip packet


C (100%)
Question #22Topic 1
Which configuration enables the VRF that is labeled `Inet` on FastEthernet0/0?
 A. R1(config)# ip vrf Inet R1(config-vrf)#ip vrf FastEthernet0/0

 B. R1(config)#ip vrf Inet FastEthernet0/0
 C. R1(config)# ip vrf Inet R1(config-vrf)#interface FastEthernet0/0 R1(config-if)#ip vrf forwarding
Inet
 D. R1(config)#router ospf 1 vrf Inet R1(config-router)#ip vrf forwarding FastEthernet0/0


C (100%)
Question #23Topic 1
Refer to the exhibit. After redistribution is enabled between the routing protocols; PC2, PC3, and
PC4 cannot reach PC1. Which action can the engineer take to solve the issue so that all the
PCs are reachable?
 A. Set the administrative distance 100 under the RIP process on R2.
 B. Filter the prefix 10.1.1.0/24 when redistributed from OSPF to EIGRP.
 C. Filter the prefix 10.1.1.0/24 when redistributed from RIP to EIGRP.
 D. Redistribute the directly connected interfaces on R2.


A (89%)
11%
Question #24Topic 1
Refer to the exhibit. A router is receiving BGP routing updates from multiple neighbors for routes
in AS 690. What is the reason that the router still sends traffic that is destined to AS 690 to a
neighbor other than 10.222.1.1?
 A. The local preference value in another neighbor statement is higher than 250.
 B. The local preference value should be set to the same value as the weight in the route map.
 C. The route map is applied in the wrong direction.
 D. The weight value in another neighbor statement is higher than 200. Most Voted

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3se/3850/irg-xe-3se-3850-book/irg-prefix-filter.html
D (100%)
Question #25Topic 1
Refer to the exhibit. R1 and R2 cannot establish an EIGRP adjacency. Which action establishes
EIGRP adjacency?
 A. Remove the current autonomous system number on one of the routers and change to a
different value.
 B. Add the passive-interface command to the R1 configuration so that it matches the R2
configuration.
 C. Remove the passive-interface command from the R2 configuration so that it matches the R1
configuration.
 D. Add the no auto-summary command to the R2 configuration so that it matches the R1
configuration.


C (100%)
Question #26Topic 1
An engineer configured policy-based routing for a destination IP address that does not exist in
the routing table. How is the packet treated through the policy for configuring the set ip default
next-hop command?
 A. Packets are not forwarded to the specific next hop.

 B. Packets are forwarded based on the routing table.
 C. Packets are forwarded based on a static route.
 D. Packets are forwarded to the specific next hop.


D (100%)
Question #27Topic 1
Refer to the exhibit. The administrator configured route advertisement to a remote low
resources router to use only the default route to reach any network but failed.
Which action resolves this issue?
 A. Remove the prefix keyword from the distribute-list command.

 B. Remove the line with the sequence number 10 from the prefix list.
 C. Change the direction of the distribute-list command from out to in.
 D. Remove the line with the sequence number 5 from the prefix list.


D (100%)
Question #28Topic 1
Refer to the exhibit. The network administrator configured the branch router for IPv6 on the E
0/0 interface. The neighboring router is fully configured to meet requirements, but the neighbor
relationship is not coming up. Which action fixes the problem on the branch router to bring the
IPv6 neighbors up?
 A. Disable OSPF for IPv4 using the no ospfv3 4 area 0 ipv4 command under the E 0/0 interface.
 B. Enable the IPv4 address family under the router ospfv3 4 process by using the address-
family ipv4 unicast command.
 C. Disable IPv6 on the E 0/0 interface using the no ipv6 enable command.
 D. Enable the IPv4 address family under the E 0/0 interface by using the address-family ipv4
unicast command.


B (100%)
Question #29Topic 1
Refer to the exhibit. The network administrator has configured the Customer Edge router (AS
64511) to send only summarized routes toward ISP-1 (AS 100) and ISP-2 (AS 200).
After this configuration, ISP-1 and ISP-2 continue to receive the specific routes and the
summary route. Which configuration resolves the issue?
A.
B.
C.
D.

Correct Answer: A
Question #30Topic 1
Refer to the exhibit. R2 has two paths to reach 192.168.13.0/24, but traffic is sent only through
R3. Which action allows traffic to use both paths?
 A. Configure the variance 4 command under the EIGRP process on R2. Most Voted
 B. Configure the bandwidth 2000 command under interface FastEthernet0/0 on R2.
 C. Configure the delay 1 command under interface FastEthernet0/0 on R2.
 D. Configure the variance 2 command under the EIGRP process on R2.


A (100%)
Question #31Topic 1
Refer to the exhibit. The OSPF neighbor relationship is not coming up. What must be configured
to restore OSPF neighbor adjacency?
 A. matching hello timers

 B. OSPF on the remote router
 C. use router ID
 D. matching mtu values

D (100%)
Question #32Topic 1
An engineer configured two routers connected to two different service providers using BGP with
default attributes. One of the links is presenting high delay, which causes slowness in the
network. Which BGP attribute must the engineer configure to avoid using the high-delay ISP link
if the second ISP link is up?
 A. AS-PATH
 B. WEIGHT
 C. MED
 D. LOCAL_PREF

D (100%)
Question #33Topic 1
Refer to the exhibit. A network administrator redistributed the default static route into OSPF
toward all internal routers to reach to Internet. Which set of commands restores reachability to
the Internet by internal routers?
 A. router ospf 1 redistribute static subnets

 B. router ospf 1 network 0.0.0.0 0.0.0.0 area 0
 C. router ospf 1 redistribute connected 0.0.0.0
 D. router ospf 1 default-information originate

Question #34Topic 1
Refer to the exhibit. The Math and Science departments connect through the corporate IT
router, but users in the Math department must not be able to reach the Science department and
vice versa. Which configuration accomplishes this task?
 A. vrf definition Science address-family ipv4 ! interface E 0/2 ip address 192.168.1.1

255.255.255.0 no shut ! interface E 0/3 ip address 192.168.2.1 255.255.255.0 no shut
 B. vrf definition Science address-family ipv4 ! interface E 0/2 vrf forwarding Science ip address
192.168.1.1 255.255.255.0 no shut ! interface E 0/3 vrf forwarding Science ip address
192.168.2.1 255.255.255.0 no shut
 C. vrf definition Science address-family ipv4 ! interface E 0/2 ip address 192.168.1.1
255.255.255.0 vrf forwarding Science no shut ! interface E 0/3 ip address 192.168.2.1
255.255.255.0 vrf forwarding Science no shut
 D. vrf definition Science ! interface E 0/2 ip address 192.168.1.1 255.255.255.0 no shut !
interface E 0/3 ip address 192.168.2.1 255.255.255.0 no shut

Question #35Topic 1
Refer to the exhibit. The neighbor relationship is not coming up. Which two configurations bring
the adjacency up? (Choose two.)
 A. LA interface E 0/0 ip ospf authentication-key Cisco123

 B. NY interface E 0/0 no ip ospf message-digest-key 1 md5 Cisco123 ip ospf authentication-key
Cisco123
 C. LA interface E 0/0 ip ospf message-digest-key 1 md5 Cisco123
 D. LA router ospf 1 area 0 authentication message-digest
 E. NY router ospf 1 area 0 authentication message-digest

Correct Answer: CD 🗳️
Question #36Topic 1
Refer to the exhibit. The network administrator configured redistribution on an ASBR to reach to
all WAN networks but failed. Which action resolves the issue?
 A. The route map EIGRP->OSPF must have the 10.0.106.0/24 entry to exist in one of the three
prefix lists to pass
 B. EIGRP must redistribute the 10.0.106.0/24 route instead of using the network statement
 C. The OSPF process must have a metric when redistributing prefixes from EIGRP
 D. The route map must have the keyword prefix-list to evaluate the prefix list entries

Question #37Topic 1
Refer to the exhibit. An engineer configured R2 and R5 as route reflectors and noticed that not
all routes are sent to R1 to advertise to the eBGP peers. Which iBGP routers must be
configured as route reflectors to advertise all routes to restore reachability across all networks?
 A. R1 and R4
 B. R1 and R5
 C. R4 and R5
 D. R2 and R5

Question #38Topic 1
Refer to the exhibits. San Francisco and Boston routers are choosing slower links to reach each
other despite the direct links being up. Which configuration fixes the issue?
 A. All Routers router ospf 1 auto-cost reference-bandwidth 100

 B. San Francisco Router router ospf 1 auto-cost reference-bandwidth 1000
 C. Boston Router router ospf 1 auto-cost reference-bandwidth 1000
 D. All Routers router ospf 1 auto-cost reference-bandwidth 1000

Question #39Topic 1
Refer to the exhibit. Troubleshoot and ensure that branch B only ever uses the MPLS B network
to reach HQ. Which action achieves this requirement?
 A. Introduce AS path prepending on the branch A MPLS B network connection so that any HQ
advertisements from branch A toward the MPLS B network are prepended three times
 B. Modify the weight of all HQ prefixes received at branch B from the MPLS B network to be
higher than the weights used on the MPLS A network
 C. Increase the local preference for all HQ prefixes received at branch B from the MPLS B
network to be higher than the local preferences used on the MPLS A network
 D. Introduce an AS path filter on branch A routers so that only local prefixes are advertised into
BGP

D (100%)
Question #40Topic 1
Refer to the exhibit. The OSPF routing protocol is redistributed into the BGP routing protocol,
but not all the OSPF routes are distributed into BGP. Which action resolves the issue?
 A. Include the word external in the redistribute command Most Voted

 B. Use a route-map command to redistribute OSPF external routes defined in an access list
 C. Include the word internal external in the redistribute command Most Voted
 D. Use a route-map command to redistribute OSPF external routes defined in a prefix list

C (55%)
A (45%)
Question #41Topic 1
Refer to the exhibit. Routing protocols are mutually redistributed on R3 and R1. Users report
intermittent connectivity to services hosted on the 10.1.1.0/24 prefix. Significant routing update
changes are noticed on R3 when the show ip route profile command is run. How must the
services be stabilized?
 A. The routing loop must be fixed by reducing the admin distance of OSPF from 110 to 80 on
R3
 B. The routing loop must be fixed by reducing the admin distance of iBGP from 200 to 100 on
R3
 C. The issue with using BGP must be resolved by using another protocol and redistributing it
into EIGRP on R3
 D. The issue with using iBGP must be fixed by running eBGP between R3 and R4

Question #42Topic 1
When determining if a system is capable of support, what is the minimum time spacing required
for a BFD control packet to receive once a control packet is arrived?
 A. Desired Min TX Interval

 B. Detect Mult
 C. Required Min RX Interval Most Voted
 D. Required Min Echo RX Interval

C (100%)
Question #43Topic 1
An engineer is configuring a network and needs packets to be forwarded to an interface for any
destination address that is not in the routing table. What should be configured to accomplish this
task?
 A. set ip next-hop
 B. set ip default next-hop
 C. set ip next-hop recursive
 D. set ip next-hop verify-availability

B (100%)
Question #44Topic 1
What is an advantage of using BFD?
 A. It detects local link failure at layer 1 and updates the routing table.
 B. It detects local link failure at layer 3 and updates the routing protocols.
 C. It has sub-second failure detection for layer 1 and layer 3 problems.
 D. It has sub-second failure detection for layer 1 and layer 2 problems. Most Voted

D (71%)
B (29%)
Question #45Topic 1
An engineer needs dynamic routing between two routers and is unable to establish OSPF
adjacency. The output of the show ip ospf neighbor command shows that the neighbor state is
EXSTART/EXCHANGE. Which action should be taken to resolve this issue?
 A. match the passwords

 B. match the hello timers
 C. match the MTUs
 D. match the network types

Reference:
Question #46Topic 1
Refer to the exhibit. R1 is connected with R2 via GigabitEthernet0/0, and R2 cannot ping R1.
What action will fix the issue?
 A. Fix route dampening configured on the router.

 B. Replace the SFP module because it is not supported.
 C. Fix IP Event Dampening configured on the interface.
 D. Correct the IP SLA probe that failed.

Question #47Topic 1
Refer to the exhibits. A user on the 192.168.1.0/24 network can successfully ping 192.168.3.1,
but the administrator cannot ping 192.168.3.1 from the LA router. Which set of configurations
fixes the issue?
A.
B.
C.
D.
Correct Answer: D
Question #48Topic 1
Refer to the exhibit. A network administrator configured mutual redistribution on R1 and R2

routers, which caused instability in the network. Which action resolves the issue?
 A. Set a tag in the route map when redistributing EIGRP into OSPF on R1, and match the same
tag on R2 to deny when redistributing OSPF into EIGRP.
 B. Set a tag in the route map when redistributing EIGRP into OSPF on R1, and match the same
tag on R2 to allow when redistributing OSPF into EIGRP.
 C. Apply a prefix list of EIGRP network routes in OSPF domain on R1 to propagate back into
the EIGRP routing domain.
 D. Advertise summary routes of EIGRP to OSPF and deny specific EIGRP routes when
redistributing into OSPF.

A (100%)
Question #49Topic 1
Refer to the exhibit. A network engineer for AS64512 must remove the inbound and outbound
traffic from link A during maintenance without closing the BGP session so that there is still a
backup link over link A toward the ASN. Which BGP configuration on R1 accomplishes this
goal?
A.
B.
C.
D.
Correct Answer: C
Question #50Topic 1
An engineer configured access list NON-CISCO in a policy to influence routes.
What are the two effects of this route map configuration? (Choose two.)
 A. Packets are forwarded using normal route lookup.

 B. Packets are forwarded to the default gateway.
 C. Packets are dropped by the access list.
 D. Packets are evaluated by sequence 10.
 E. Packets are not evaluated by sequence 10.

Correct Answer: AD 🗳️
AD (60%)
AE (40%)
Question #51Topic 1
Refer to the exhibits. To provide reachability to network 10.1.1.0/24 from R5, the network
administrator redistributes EIGRP into OSPF on R3 but notices that R4 is now taking a
suboptimal path through R5 to reach 10.1.1.0/24 network. Which action fixes the issue while
keeping the reachability from R5 to 10.1.1.0/24 network?
 A. Change the administrative distance of the external EIGRP to 90.

 B. Apply the outbound distribution list on R5 toward R4 in OSPF.
 C. Change the administrative distance of OSPF to 200 on R5.
 D. Redistribute OSPF into EIGRP on R4.

A (100%)
Question #52Topic 1
Refer to the exhibits. All the serial links between R1, R2, and R3 have the same bandwidth.
Users on the 192.168.1.0/24 network report slow response times while they access resources
on network 192.168.3.0/24. When a traceroute is run on the path, it shows that the packet is
getting forwarded via R2 to R3 although the link between R1 and R3 is still up. What must the
network administrator do to fix the slowness?
 A. Add a static route on R1 using the next hop of R3.

 B. Remove the static route on R1.
 C. Change the Administrative Distance of EIGRP to 5.
 D. Redistribute the R1 static route to EIGRP.

B (100%)
Question #53Topic 1
Refer to the exhibit. The R1 and R2 configurations are:
The neighbor relationship is not coming up.

Which two sets of configurations bring the neighbors up? (Choose two.)
A.
B.
C.
D.
E.
Correct Answer: DE
Question #54Topic 1
Refer to the exhibit. The network administrator must mutually redistribute routes at the Chicago
router to the LA and NewYork routers. The configuration of the Chicago router is this:
After the configuration, the LA router receives all the NewYork routes, but the NewYork router
does not receive any LA routes. Which set of configurations fixes the problem on the Chicago
router?
A.
B.
C.
D.
Correct Answer: B
Question #55Topic 1
DRAG DROP -
Drag and drop the actions from the left into the correct order on the right to configure a policy to
avoid following packet forwarding based on the normal routing path.
Select and Place:
Correct
Answer:
Reference:
https://community.cisco.com/t5/networking-documents/how-to-configure-pbr/ta-p/3122774
Question #56Topic 1
Refer to the exhibit. An engineer wanted to set a tag of 30 to route 10.1.80.65/32 but it failed.
How is the issue fixed?
 A. Modify route-map ospf-to-eigrp permit10 and match prefix-list ccnp2.

 B. Modify prefix-list ccnp3 to add 10.1.64.0/20 ge 32.
 C. Modify prefix-list ccnp3 to add 10.1.64.0/20 le 24.
 D. Modify route-map ospf-to-eigrp permit 30 and match prefix-list ccnp2.

A (100%)
Question #57Topic 1
Refer to the exhibits. A company with autonomous system number AS65401 has obtained IP
address block 209.165.200.224/27 from ARIN. The company needed more IP addresses and
was assigned block 209.165.202.128/27 from ISP2. An engineer in ISP1 reports that they are
receiving ISP2 routes from AS65401.
Which configuration on R1 resolves the issue?
A.
B.
C.
D.
Correct Answer: A
Question #58Topic 1
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used
as a transit AS router for several service providers. Which configuration ensures that the branch
router in AS 45123 advertises only the local networks to all SP neighbors?
A.
B.
C.
D.
Correct Answer: C
Question #59Topic 1
A network administrator is troubleshooting a high utilization issue on the route processor of a

router that was reported by NMS. The administrator logged into the router to check the control
plane policing and observed that the BGP process is dropping a high number of routing packets
and causing thousands of routes to recalculate frequently. Which solution resolves this issue?
 A. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action set-frde-transmit.
 B. Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp-transmit.
 C. Shape the cir for BGP, conform-action transmit, and exceed action transmit.
 D. Police the cir for BGP, conform-action transmit, and exceed action transmit.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-xe-3s-book/qos-plcshp-plcr-mact.html
Question #60Topic 1
Which mechanism must be chosen to optimize the reconvergence time for OSPF at company
location 408817202 that is less CPU-intensive than reducing the hello and dead timers?
 A. sso
 B. BFD
 C. Dead Peer Detection keepalives
 D. OSPF demand circuit

Reference:
https://forum.networklessons.com/t/ospf-hello-and-dead-interval/1255
Question #61Topic 1
Refer to the exhibit.
An engineer configured BGP between routers R1 and R3. The BGP peers cannot establish
neighbor adjacency to be able to exchange routes. Which configuration resolves this issue?
 A. R1 router bgp 6501 address-family ipv6 neighbor AB01:2011:7:100::3 activate

 B. R3 router bgp 6502 address-family ipv6 neighbor AB01:2011:7:100::1 activate Most Voted
 C. R1 router bgp 6501 neighbor AB01:2011:7:100::3 ebgp-multihop 255
 D. R3 router bgp 6502 neighbor AB01:2011:7:100::1 ebgp-multihop 255

B (100%)
Question #62Topic 1
Which action resolves the adjacency issue?
 A. Configure the same autonomous system numbers.

 B. Match the hello interval timers.
 C. Match the authentication keys.
 D. Configure the same EIGRP process IDs.

Reference:
https://www.ciscopress.com/articles/article.asp?p=2999383&seqNum=2
Question #63Topic 1
BGP and EIGRP are mutually redistributed on R3, and EIGRP and OSPF are mutually
redistributed on R1. Users report packet loss and interruption of service to applications hosted
on the 10.1.1.0/24 prefix. An engineer tested the link from R3 to R4 with no packet loss present
but has noticed frequent routing changes on R3 when running the debug ip route command.
Which action stabilizes the service?
 A. Reduce frequent OSPF SPF calculations on R3 that cause a high CPU and packet loss on
traffic traversing R3.
 B. Tag the 10.1.1.0/24 prefix and deny the prefix from being redistributed into OSPF on R1.
 C. Place an OSPF distribute-list outbound on R3 to block the 10.1.1.0/24 prefix from being
advertised back to R3.
 D. Repeat the test from R4 using ICMP ping on the local 10.1.1.0/24 prefix, and fix any Layer 2
errors on the host or switch side of the subnet.

Question #64Topic 1
Refer to the exhibit. An engineer has configured policy-based routing and applied the
configuration to the correct interface. How is the configuration applied to the traffic that matches
the access list?
 A. It is forwarded using the routing table lookup.

 B. It is sent to 209.165.202.129.
 C. It is dropped.
 D. It is sent to 209.165.202.131. Most Voted

The first next hop IP is down, so the second one will be used.
D (100%)
Question #65Topic 1
A network administrator reviews the branch router console log to troubleshoot the OSPF
adjacency issue with the DR router. Which action resolves this issue?
 A. Stabilize the DR site flapping link to establish OSPF adjacency.

 B. Advertise the branch WAN interface matching subnet for the DR site. Most Voted
 C. Configure the WAN interface for DR site in the related OSPF area.
 D. Configure matching hello and dead intervals between sites.

Reference:
B (89%)
Question #66Topic 1
When the FastEthernet0/1 goes down, the route to 172.29.0.0/16 via 192.168.253.2 is not
installed in the RIB. Which action resolves the issue?
 A. Configure feasible distance greater than the reported distance.

 B. Configure feasible distance greater than the successor's feasible distance.
 C. Configure reported distance greater than the successor's feasible distance.
 D. Configure reported distance greater than the feasible distance.

Reference:
https://www.practicalnetworking.net/stand-alone/eigrp-feasibility-condition/
A (67%)
B (33%)
Question #67Topic 1
AS111 is receiving its own routes from AS200 causing a loop in the network. Which
configuration provides loop prevention?
 A. router bgp 111 neighbor 195.1.1.1 as-override no neighbor 195.1.2.2 allowas-in

 B. router bgp 111 no neighbor 195.1.1.1 allowas-in no neighbor 195.1.2.2 allowas-in
 C. router bgp 111 neighbor 195.1.2.2 as-override no neighbor 195.1.1.1 allowas-in
 D. router bgp 111 neighbor 195.1.1.1 as-override neighbor 195.1.2.2 as-override

Reference:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236-allowas-in-bgp-config-example.html
B (100%)
Question #68Topic 1
AS65510 iBGP is configured for directly connected neighbors. R4 cannot ping or traceroute
network 192.168.100.0/24. Which action resolves this issue?
 A. Configure R1 as a route reflector server and configure R2 and R3 as route reflector clients.
 B. Configure R4 as a route reflector server and configure R2 and R3 as route reflector
clients. Most Voted
 C. Configure R4 as a route reflector server and configure R1 as a route reflector client.
 D. Configure R1 as a route reflector server and configure R4 as a route reflector client. Most
Voted

D (41%)
B (41%)
C (18%)
Question #69Topic 1
Users report issues with reachability between areas as soon as an engineer configured
summary routes between areas in a multiple area OSPF autonomous system. Which action
resolves the issue?
 A. Configure the area range command on the ASBR.

 B. Configure the summary-address command on the ASBR.
 C. Configure the summary-address command on the ABR.
 D. Configure the area range command on the ABR.

D (100%)
Question #70Topic 1
Which set of commands restore reachability to loopback0?
 A. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf network point-to-point

 B. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf interface area 10
 C. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf network broadcast
 D. interface loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf interface type network

Reference:
https://networkengineering.stackexchange.com/questions/13099/why-do-we-use-ospf-point-to-point-networks-for-loopbacks
A (100%)
Question #71Topic 1
AS 111 wanted to use AS 200 as the preferred path for 172.20.5.0/24 and AS 100 as the backup. After
the configuration, AS 100 is not used for any other routes. Which configuration resolves the issue?
 A. route-map SETLP permit 10 match ip address prefix-list PLIST1 set local-preference 99 route-map
SETLP permit 20 Most Voted
 B. router bgp 111 no neighbor 192.168.10.1 route-map SETLP in neighbor 192.168.20.2 route-map
SETLP in
 C. route-map SETLP permit 10 match ip address prefix-list PLIST1 set local-preference 110 route-map
SETLP permit 20
 D. router bgp 111 no neighbor 192.168.10.1 route-map SETLP in neighbor 192.168.10.1 route-map
SETLP out

There is an implicit deny all at the end of any route-map so all other traffic that does not match 172.20.5.0/24 would
be dropped. Therefore, we have to add a permit sequence at the end of the route-map to allow other traffic.
The default value of Local Preference is 100 and higher value is preferred so we have to set the local preference of
AS100 lower than that of AS200.
Question #72Topic 1
Refer to the exhibit. The ISP router is fully configured for customer A and customer B using the
VRF-Lite feature. What is the minimum configuration required for customer A to communicate
between routers A1 and A2?
 A. A1 interface fa0/0 description To->ISP ip add 172.31.100.1 255.255.255.0 no shut ! router
ospf 100 net 172.31.100.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip add
172.31.200.1 255.255.255.0 no shut ! router ospf 100 net 172.31.200.1 0.0.0.255 area 0 Most
Voted
 B. A1 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0
no shut ! router ospf 100 vrf A net 172.31.200.1 0.0.0.255 area 0 A2 interface fa0/0 description
To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0 no shut ! router ospf 100 vrf A
net 172.31.200.1 0.0.0.255 area 0
 C. A1 interface fa0/0 description To->ISP ip vrf forwarding A ip add 172.31.100.1 255.255.255.0
no shut ! router ospf 100 net 172.31.100.1 0.0.0.255 area 0 A2 interface fa0/0 description To-
>ISP ip vrf forwarding A ip add 172.31.200.1 255.255.255.0 no shut ! router ospf 100 net
172.31.200.1 0.0.0.255 area 0
 D. A1 interface fa0/0 description To->ISP ip add 172.31.200.1 255.255.255.0 no shut ! router
ospf 100 net 172.31.200.1 0.0.0.255 area 0 A2 interface fa0/0 description To->ISP ip add
172.31.100.1 255.255.255.0 no shut ! router ospf 100 net 172.31.100.1 0.0.0.255 area 0

A (71%)
B (24%)
6%
Question #73Topic 1
An engineer is implementing a coordinated change with a server team. As part of the change,
the engineer must configure interface GigabitEthernet2 in an existing VRF "RED" then move the
interface to an existing VRF "BLUE" when the server team is ready. The engineer configured
interface GigabitEthernet2 in VRF "RED":
interface GigabitEthernet2
description Migration ID: B410A82D0935G35
vrf forwarding RED
ip address 10.0.0.0 255.255.255.254
negotiation auto
Which configuration completes the change?
 A. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE ip address 10.0.0.0
255.255.255.254
 B. interface GigabitEthernet2 no ip address vrf forwarding BLUE
 C. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE
 D. interface GigabitEthernet2 no ip address ip address 10.0.0.0 255.255.255.254 vrf forwarding
BLUE

A (100%)
Question #74Topic 1
Refer to the exhibit. R5 should not receive any routes originated in the EIGRP domain. Which
set of configuration changes removes the EIGRP routes from the R5 routing table to fix the
issue?
 A. R4 route-map O2R deny 10 match tag 111 route-map O2R permit 20 ! router rip redistribute
ospf 1 route-map O2R metric 1
 B. R2 route-map E20 deny 20 R4 route-map O2R deny 10 match tag 111 ! router rip redistribute
 C. R4 route-map O2R permit 10 match tag 111 route-map O2R deny 20 ! router rip redistribute
 D. R4 route-map O2R deny 10 match tag 111 ! router rip redistribute ospf 1 route-map O2R
metric 1

Question #75Topic 1
Refer to the exhibit. The network administrator configured the network to connect two disjointed
networks and all the connectivity is up except the virtual link, which causes area 250 to be
unreachable. Which two configurations resolve this issue? (Choose two.)
 A. R2 router ospf 1 no area 234 virtual-link 10.34.34.4 area 234 virtual-link 0.0.0.44 Most Voted
 B. R2 router ospf 1 no area 234 virtual-link 10.34.34.4 area 0 virtual-link 0.0.0.44
 C. R4 router ospf 1 no area 234 virtual-link 10.23.23.2 area 0 virtual-link 0.0.0.22
 D. R2 router ospf 1 router-id 10.23.23.2
 E. R4 router ospf 1 no area 234 virtual-link 10.23.23.2 area 234 virtual-link 0.0.0.22 Most Voted

Correct Answer: AE 🗳️
Reference:
Question #76Topic 1
Refer to the exhibit. A network administrator sets up an OSPF routing protocol for a DMVPN
network on the hub router. Which configuration command is required to establish a DMVPN
tunnel with multiple spokes?
 A. ip ospf network point-to-point on the hub router

 B. ip ospf network point-to-multipoint on one spoke router
 C. ip ospf network point-to-multipoint on both spoke routers
 D. ip ospf network point-to-point on both spoke routers

D (50%)
C (50%)
Question #77Topic 1
Refer to the exhibit. The Internet traffic should always prefer Site-A ISP-1 if the link and BGP
connection are up; otherwise, all Internet traffic should go to ISP-2. Redistribution is configured
between BGP and OSPF routing protocols, and it is not working as expected. What action
resolves the issue?
 A. Set OSPF Cost 200 at Site-A RTR1, and set OSPF Cost 100 at Site-B RTR2.
 B. Set metric-type 2 at Site-A RTR1, and set metric-type 1 at Site-B RTR2.
 C. Set metric-type 1 at Site-A RTR1, and set metric-type 2 at Site-B RTR2. Most Voted
 D. Set OSPF Cost 100 at Site-A RTR1, and set OSPF Cost 200 at Site-B RTR2.

C (100%)
Question #78Topic 1
Refer to the exhibit. An engineer has configured R1 as EIGRP stub router. After the
configuration, router R3 failed to reach to R2 loopback address. Which action advertises R2
loopback back into the R3 routing table?
 A. Add a static route for R2 loopback address in R1 and redistribute it to advertise to R3.
 B. Use a leak map on R1 that matches the required prefix and apply it with the distribute list
command toward R3. Most Voted
 C. Use a leak map on R3 that matches the required prefix and apply it with the EIGRP stub
feature.
 D. Add a static null route for R2 loopback address in R1 and redistribute it to advertise to R3.

B (88%)
13%
Question #79Topic 1
Refer to the exhibit. The branch router is configured with a default route toward the Internet and
has no routes configured for the HQ site that is connected through interface G2/0. The HQ
router is fully configured and does not require changes. Which configuration on the branch
router makes the intranet website (TCP port 80) available to the branch office users?
 A. access-list 101 permit tcp any any eq 80 access-list 102 permit tcp any host intranet-
webserver-ip ! route-map pbr permit 10 match ip address 101 set ip next-hop 192.168.2.2 route-
map pbr permit 20 match ip address 102 set ip next-hop 192.168.2.2 ! interface G2/0 ip policy
route-map pbr
 B. access-list 100 permit tcp host intranet-webserver-ip eq 80 any ! route-map pbr permit 10
match ip address 100 set ip next-hop 192.168.2.2 ! interface G1/0 ip policy route-map pbr
 C. access-list 100 permit tcp any host intranet-webserver-ip eq 80 ! route-map pbr permit 10
match ip address 100 set ip next-hop 192.168.2.2 ! interface G2/0 ip policy route-map pbr
 D. access-list 101 permit tcp any any eq 80 access-list 102 permit tcp any host intranet-
webserver-ip ! route-map pbr permit 10 match ip address 101 102 set ip next-hop 192.168.2.2 !
interface G1/0 ip policy route-map pbr Most Voted

D (63%)
C (38%)
Question #80Topic 1
R1 and R2 are configured as eBGP neighbors. R1 is in AS100 and R2 is in AS200. R2 is

advertising these networks to R1:
172.16.16.0/20
172.16.3.0/24
172.16.4.0/24
192.168.1.0/24
192.168.2.0/24
172.16.0.0/16
The network administrator on R1 must improve convergence by blocking all subnets of
172.16.0.0/16 major network with a mask lower than 23 from coming in. Which set of
configurations accomplishes the task on R1?
 A. ip prefix-list PL-1 deny 172.16.0.0/16 ge 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 ! router
bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
 B. ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32 ! router
bgp 100 neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
 C. ip prefix-list PL-1 deny 172.16.0.0/16 ip prefix-list PL-1 permit 0.0.0.0/0 ! router bgp 100
neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
 D. access-list 1 deny 172.16.0.0 0.0.254.255 access-list 1 permit any ! router bgp 100 neighbor
192.168.100.2 remote-as 200 neighbor 192.168.100.2 distribute-list 1 in
Question #81Topic 1
Refer to the exhibit. An engineer configures the router 10.1.100.10 for EIGRP auto-summarization so that
R1 should receive the summary route of 10.0.0.0/8. However, R1 receives more specific /24 routes.
 A. Router R1 should configure ip summary address eigrp (AS number) 10.0.0.0 255.0.0.0 for the R1 Fast
Ethernet 0/0 connected interface.
 B. Router R1 should configure ip route 10.0.0.0 255.0.0.0 null 0 for the routes that are received on R1.
 C. Router 10.1.100.10 should configure ip route 10.0.0.0 255.0.0.0 null 0 for the routes that are
summarized toward R1.
 D. Router 10.1.100.10 should configure ip summary address eigrp (AS number) 10.0.0.0 255.0.0.0 for the
R1 Fast Ethernet 0/0 connected interface.

Question #82Topic 1
Refer to the exhibit. Which command must be configured to make VRF CCNP work?
 A. interface Loopback0 ip address 10.1.1.1 255.255.255.0 vrf forwarding CCNP

 B. interface Loopback0 ip address 10.1.1.1 255.255.255.0
 C. interface Loopback0 vrf forwarding CCNP
 D. interface Loopback0 ip address 10.1.1.1 255.255.255.0 ip vrf forwarding CCNP

Reference:
https://community.cisco.com/t5/mpls/interface-ip-removed-after-apply-the-ip-vrf-forwarding/td-p/487122
Question #83Topic 1
Refer to the exhibits. An engineer investigates a routing issue on R1 and finds that traffic destined to
5.5.5.0/24 does not take all of the paths. Which action resolves the issue?
 A. Increase the variance value in EIGRP.

 B. Decrease the variance value in EIGRP.
 C. Remove the adjacency of R3 from EIGRP.
 D. Stop advertising 192.168.13.0/24 in EIGRP.

Reference:
https://community.cisco.com/t5/networking-documents/troubleshooting-eigrp-variance-command/tap/3129662#:~:text=EIGRP
%20provides%20a%20mechanism%20to,means%20equal%2Dcost%20load%20balancing
Question #84Topic 1
DRAG DROP -
Drag and drop the MPLS VPN concepts from the left onto the correct descriptions on the right.
Select and Place:
Correct
Answer:
Question #85Topic 1
Refer to the exhibits. Phase-3 tunnels cannot be established between spoke-to-spoke in

DMVPN. Which two commands are missing? (Choose two.)
 A. The ip nhrp redirect command is missing on the spoke routers.

 B. The ip nhrp shortcut command is missing on the spoke routers.
 C. The ip nhrp redirect command is missing on the hub router.
 D. The ip nhrp shortcut command is missing on the hub router.
 E. The ip nhrp map command is missing on the hub router.

Correct Answer: BC 🗳️
Question #86Topic 1
Which protocol is used to determine the NBMA address on the other end of a tunnel when
mGRE is used?
 A. NHRP
 B. IPsec
 C. MP-BGP
 D. OSPF

Question #87Topic 1
A DMVPN single hub topology is using IPsec + mGRE with OSPF.

What should be configured on the hub to ensure it will be the designated router?
 A. route map to set the metrics of learned routes to 110

 B. tunnel interface of the hub with ip nhrp ospf dr
 C. OSPF priority to 0
 D. OSPF priority greater than 1

Question #88Topic 1
What are two purposes of using IPv4 and VPNv4 address-family configurations in a Layer 3 MPLS VPN?
(Choose two.)
 A. RD is prepended to the IPv4 route to make it unique.

 B. The VPNv4 address consists of a 64-bit route distinguisher that is prepended to the IPv4 prefix.
 C. MP-BGP is used to allow overlapping IPv4 addresses between customers to advertise through the
network.
 D. The IPv4 address is needed to tag the MPLS label.
 E. The VPNv4 address is used to advertise the MPLS VPN label.

Correct Answer: AB 🗳️
Question #89Topic 1
What are two functions of MPLS Layer 3 VPNs? (Choose two.)
 A. It is used for transparent point-to-multipoint connectivity between Ethernet links/sites.

 B. A packet with node segment ID is forwarded along with shortest path to destination.
 C. Customer traffic is encapsulated in a VPN label when it is forwarded in MPLS network.
 D. BGP is used for signaling customer VPNv4 routes between PE nodes.
 E. LDP and BGP can be used for Pseudowire signaling.

Question #90Topic 1
What are two MPLS label characteristics? (Choose two.)
 A. The label edge router swaps labels on the received packets.

 B. Labels are imposed in packets after the Layer 3 header.
 C. LDP uses TCP for reliable delivery of information.
 D. An MPLS label is a short identifier that identifies a forwarding equivalence class.
 E. A maximum of two labels can be imposed on an MPLS packet.

CD (100%)
Question #91Topic 1
Which command allows traffic to load-balance in an MPLS Layer 3 VPN configuration?
 A. multi-paths eibgp 2
 B. maximum-paths 2
 C. maximum-paths ibgp 2
 D. multi-paths 2

Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/mpls/configuration/guide/mpls_cg/mp_vpn_multipath.html
C (29%)
B (29%)
A (29%)
14%
Question #92Topic 1
Refer to the exhibit. After applying IPsec, the engineer observed that the DMVPN tunnel went down, and
both spoke-to-spoke and hub were not establishing. Which two actions resolve the issue? (Choose two.)
 A. Change the mode from mode tunnel to mode transport on R3.

 B. Remove the crypto isakmp key cisco address 10.1.1.1 on R2 and R3.
 C. Configure the crypto isakmp key cisco address 192.1.1.1 on R2 and R3.
 D. Configure the crypto isakmp key cisco address 0.0.0.0 on R2 and R3.
 E. Change the mode from mode transport to mode tunnel on R2.

AD (50%)
BD (50%)
Question #93Topic 1
Which statement about route distinguishers in an MPLS network is true?
 A. Route distinguishers allow multiple instances of a routing table to coexist within the edge router.
 B. Route distinguishers are used for label bindings.
 C. Route distinguishers make a unique VPNv4 address across the MPLS network.
 D. Route distinguishers define which prefixes are imported and exported on the edge router.

Question #94Topic 1
Which statement about MPLS LDP router ID is true?
 A. If not configured, the operational physical interface is chosen as the router ID even if a loopback is
configured.
 B. The loopback with the highest IP address is selected as the router ID.
 C. The MPLS LDP router ID must match the IGP router ID.
 D. The force keyword changes the router ID to the specified address without causing any impact.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/12-4m/mp-ldp-12-4m-book.pdf
Question #95Topic 1
Refer to the exhibit. Which interface configuration must be configured on the spoke A router to enable a
dynamic DMVPN tunnel with the spoke B router?
A.
B.
C.
D.
Correct Answer: B
Question #96Topic 1
Which list defines the contents of an MPLS label?
 A. 20-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
 B. 32-bit label; 3-bit traffic class; 1-bit bottom stack; 8-bit TTL
 C. 20-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit
 D. 32-bit label; 3-bit flow label; 1-bit bottom stack; 8-bit hop limit

Reference:
https://tools.ietf.org/html/rfc5462
A (100%)
Question #97Topic 1
Refer to the exhibit. What does the imp-null tag represent in the MPLS VPN cloud?
 A. Pop the label

 B. Impose the label
 C. Include the EXP bit
 D. Exclude the EXP bit

A (100%)
Question #98Topic 1
DRAG DROP -
Drag and drop the MPLS terms from the left onto the correct definitions on the right.
Select and Place:
Correct
Answer:
Question #99Topic 1
Which transport layer protocol is used to form LDP sessions?
 A. UDP
 B. SCTP
 C. TCP
 D. RDP

C (100%)
Question #100Topic 1
Refer to the exhibits. Which configuration allows spoke-to-spoke communication using loopback
as a tunnel source?
 A. Configure crypto isakmp key cisco address 0.0.0.0 on the hub

 B. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the hub
 C. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the spokes
 D. Configure crypto isakmp key cisco address 0.0.0.0 on the spokes
How does an MPLS Layer 3 VPN function?
 A. multiple customer sites interconnect through service provider network to create secure
tunnels between customer edge devices
 B. multiple customer sites interconnect through a service provider network using customer edge
to provider edge connectivity
 C. set of sites interconnect privately over the Internet for security
 D. set of sites use multiprotocol BGP at the customer site for aggregation

DRAG DROP -
Drag and drop the LDP features from the left onto the descriptions on the right.
Select and Place:
Hide Solution Discussion
Correct
Answer:
Which two protocols work in the control plane of P routers across the MPLS cloud? (Choose
two.)
 A. ECMP
 B. LDP
 C. RSVP
 D. MPLS OAM
 E. LSP

Refer to the exhibit. An engineer has configured DMVPN on a spoke router.

What is the WAN IP address of another spoke router within the DMVPN network?
 A. 172.18.46.2
 B. 172.18.16.2
 C. 192.168.1.1
 D. 192.168.1.4

What are two functions of LDP? (Choose two.)
 A. It advertises labels per Forwarding Equivalence Class.

 B. It uses Forwarding Equivalence Class.
 C. It is defined in RFC 3038 and 3039.
 D. It requires MPLS Traffic Engineering.
 E. It must use Resource Reservation Protocol.

DRAG DROP -
Drag and drop the operations from the left onto the locations where the operations are
performed on the right.
Select and Place:
Correct
Answer:
Which protocol does MPLS use to support traffic engineering?
 A. TDP
 B. RSVP
 C. LDP
 D. BGP

An engineer configured a company's multiple area OSPF Head Office router and Site A Cisco
routers with VRF lite. Each site router is connected to a PE router of an MPLS backbone:
Head Office & Site A -

ip cef
ip vrf abc
rd 101:101
!
interface FastEthernet0/0
ip vrf forwarding abc
ip address 172.16.16.X 255.255.255.252
!
router ospf 1 vrf abc
log-adjacency-changes
network 172.16.16.0 0.0.0.255 area 1
After finishing both site router configurations, none of the LSA 3, 4, 5, and 7 are installed at Site
A router. Which configuration resolves this issue?
 A. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf abc
 B. configure capability vrf-lite on both PE routers connected to Head Office and Site A routers
under router ospf 1 vrf abc
 C. configure capability vrf-lite on Head Office and its connected PE router under router ospf 1
abc
 D. configure capability vrf-lite on Head Office and Site A routers under router ospf 1 vrf
abc Most Voted

Refer to the exhibit. The Los Angeles and New York routers are receiving routers from Chicago
but not from each other. Which configuration fixes the issue?
 A. interface Tunnel1 no ip split-horizon eigrp 111

 B. interface Tunnel1 ip next-hop-self eigrp 111
 C. interface Tunnel1 tunnel mode ipsec ipv4
 D. interface Tunnel1 tunnel protection ipsec profile IPSec-PROFILE

DRAG DROP -
Drag and drop the MPLS VPN device types from the left onto the definitions on the right.
Select and Place:
Correct
Answer:
Refer to the exhibit. The network administrator configured VRF lite for customer A. The technician at the
remote site misconfigured VRF on the router. Which configuration will resolve connectivity for both sites of
customer_a?
A.
B.
C.
D.
Correct Answer: D
What does the PE router convert the IPv4 prefix to within an MPLS VPN?
 A. eBGP path association between the PE and CE sessions

 B. prefix that combines the ASN, PE router-id, and IP prefix
 C. 48-bit route combining the IP and PE router-id
 D. VPN-IPv4 prefix combined with the 64-bit route distinguisher

Refer to the exhibit. Which interface configuration must be configured on the HUB router to
enable MVPN with mGRE mode?
 A. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.1.0.1 255.255.255.0 ip nhrp map
multicast dynamic ip nhrp network-id 1 tunnel source 172.17.0.1 ip nhrp map 10.0.0.11 172.17.0.2 ip nhrp
map 10.0.0.12 172.17.0.3 tunnel mode gre
 B. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map
multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel mode gre multipoint
 C. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp
network-id 1 tunnel source 172.17.0.1 tunnel mode gre multipoint
 D. interface Tunnel0 description mGRE - DMVPN Tunnel ip address 10.0.0.1 255.255.255.0 ip nhrp map
multicast dynamic ip nhrp network-id 1 tunnel source 10.0.0.1 tunnel destination 172.17.0.2 tunnel mode
gre multipoint

C (100%)
How are MPLS Layer 3 VPN services deployed?
 A. The RD and RT values must match under the VRF.

 B. The import and export RT values under a VRF must always be the same.
 C. The label switch path must be available between the local and remote PE routers.
 D. The RD and RT values under a VRF must match on the remote PE router.

C (100%)
Which IGPs are supported by the MPLS LDP autoconfiguration feature?
 A. IS-IS and RIPv2

 B. RIPv2 and OSPF
 C. OSPF and EIGRP
 D. OSPF and IS-IS

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/15-s/mp-ldp-15-s-book/mp-ldp-autoconfig.pdf
An engineer must establish multipoint GRE tunnels between hub router R6 and branch routers
R1, R2, and R3. Which configuration accomplishes this task on R1?
 A. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre
multipoint ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.1 ip nhrp map 192.168.1.2
192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3
 B. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/1 tunnel mode gre
multipoint ip nhrp nhs 192.168.1.6 ip nhrp map 192. 168.1.6 192.1.10.6
 C. interface Tunnel 1 ip address 192.168.1.1 255.255.255.0 tunnel source e0/0 tunnel mode gre
multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.6
 D. interface Tunnel 1 ip address 192.168.1.1 255. 255.255.0 tunnel source e0/1 tunnel mode
gre multipoint ip nhrp network-id 1 ip nhrp nhs 192.168.1.6 ip nhrp map 192.168.1.6 192.1.10.1
ip nhrp map 192.168.1.2 192.1.20.2 ip nhrp map 192.168.1.3 192.1.30.3

How is VPN routing information distributed in an MPLS network?
 A. The top level of the customer data packet directs it to the correct CE device.
 B. It is established using VPN IPsec peers.
 C. It is controlled through the use of RD.
 D. It is controlled using of VPN target communities.

Reference:
https://www.ccexpert.us/mpls-design/chapter-5-packetbased-mpls-vpns.html
IPv6 is enabled in the infrastructure to support customers with an IPv6 network over WAN and
to connect the head office to branch offices in the local network. One of the customers is
already running IPv6 and wants to enable IPv6 over the DMVPN network infrastructure between
the headend and branch sites. Which configuration command must be applied to establish an
mGRE IPv6 tunnel neighborship?
 A. ipv6 nhrp holdtime 30

 B. tunnel mode gre multipoint ipv6
 C. ipv6 unicast-routing
 D. tunnel protection mode ipv6

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/configuration/xe-16/ir-xe-16-book/ip6-mgre-tunls.pdf
What is a characteristic of Layer 3 MPLS VPNs?
 A. Traffic engineering capabilities provide QoS and SLAs.

 B. Traffic engineering supports multiple IGP instances.
 C. LSP signaling requires the use of unnumbered IP links for traffic engineering.
 D. Authentication is performed by using digital certificates or preshared keys.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_te_diffserv/configuration/15-mt/mp-te-diffserv-15-mt-book/mp-te-diffserv-
aw.html
How does an MPLS Layer 3 VPN differentiate the IP address space used between each VPN?
 A. by RT
 B. by address family
 C. by RD
 D. by MP-BGP
Which OSI model is used to insert an MPLS label?
 A. between Layer 2 and Layer 3

 B. between Layer 5 and Layer 6
 C. between Layer 1 and Layer 2
 D. between Layer 3 and Layer 4

Which function does LDP provide in an MPLS topology?
 A. It enables a MPLS topology to connect multiple VPNs to P routers.

 B. It provides hop-by-hop forwarding in an MPLS topology for LSRs.
 C. It exchanges routes for MPLS VPNs across different VRFs.
 D. It provides a means for LSRs to exchange IP routes.

Which mechanism provides traffic segmentation within a DMVPN network?
 A. BGP
 B. IPsec
 C. MPLS
 D. RSVP

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from
198A:0:200C::1/64?
A.
B.
C.
D.
Correct Answer: A
Refer to the exhibit. During troubleshooting it was discovered that the device is not reachable
using a secure web browser. What is needed to fix the problem?
 A. permit tcp port 443

 B. permit udp port 465
 C. permit tcp port 465
 D. permit tcp port 22

DRAG DROP -
Drag and drop the packet types from the left onto the correct descriptions on the right.
Select and Place:
Correct
Answer:
DRAG DROP -
Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right.
Select and Place:
Correct
Answer:
Refer to the exhibit. An engineer is trying to configure local authentication on the console line,
but the device is trying to authenticate using TACACS+. Which action produces the desired
configuration?
 A. Add the aaa authentication login default none command to the global configuration.
 B. Replace the capital “C” with a lowercase “c” in the aaa authentication login Console local
command.
 C. Add the aaa authentication login default group tacacs+ local-case command to the global
configuration.
 D. Add the login authentication Console command to the line configuration

D (100%)
Refer to the exhibit. An engineer is trying to connect to a device with SSH but cannot connect.
The engineer connects by using the console and finds the displayed output when
troubleshooting. Which command must be used in configuration mode to enable SSH on the
device?
 A. no ip ssh disable

 B. ip ssh enable
 C. ip ssh version 2
 D. crypto key generate rsa

D (67%)
C (33%)
Which statement about IPv6 ND inspection is true?
 A. It learns and secures bindings for stateless autoconfiguration addresses in Layer 3 neighbor tables.
 B. It learns and secures bindings for stateless autoconfiguration addresses in Layer 2 neighbor tables.
 C. It learns and secures bindings for stateful autoconfiguration addresses in Layer 3 neighbor tables.
 D. It learns and secures bindings for stateful autoconfiguration addresses in Layer 2 neighbor tables.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6f-15-s-book/ip6-snooping.pdf
While troubleshooting connectivity issues to a router, these details are noticed:

✑ Standard pings to all router interfaces, including loopbacks, are successful.
✑ Data traffic is unaffected.
✑ SNMP connectivity is intermittent.
✑ SSH is either slow or disconnects frequently.
Which command must be configured first to troubleshoot this issue?
 A. show policy-map control-plane

 B. show policy-map
 C. show interface | inc drop
 D. show ip route

Refer to the exhibit. Why is user authentication being rejected?
 A. The TACACS+ server expects ‫ג‬€user‫ג‬€, but the NT client sends ‫ג‬€domain/user‫ג‬€.
 B. The TACACS+ server refuses the user because the user is set up for CHAP.
 C. The TACACS+ server is down, and the user is in the local database.
 D. The TACACS+ server is down, and the user is not in the local database.

Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13864-tacacs-
pppdebug.html
Refer to the exhibit. Which control plane policy limits BGP traffic that is destined to the CPU to 1
Mbps and ignores BGP traffic that is sent at higher rate?
 A. policy-map SHAPE_BGP
 B. policy-map LIMIT_BGP
 C. policy-map POLICE_BGP
 D. policy-map COPP

D (50%)
C (50%)
Which statement about IPv6 RA Guard is true?
 A. It does not offer protection in environments where IPv6 traffic is tunneled.
 B. It cannot be configured on a switch port interface in the ingress direction.
 C. Packets that are dropped by IPv6 RA Guard cannot be spanned.
 D. It is not supported in hardware when TCAM is programmed.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ip6-ra-guard.pdf
An engineer must configure a Cisco router to initiate secure connections from the router to other
devices in the network but kept failing. Which two actions resolve the issue? (Choose two.)
 A. Configure transport input ssh command on the console.

 B. Configure a domain name.
 C. Configure a crypto key to be generated.
 D. Configure a source port for the SSH connection to initiate.
 E. Configure a TACACS+ server and enable it.

BC (100%)
When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer
observes that the configured routing protocols start flapping on that device. Which action in the Control
Plane Policy prevents this problem in a production environment while achieving the security objective?
 A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and
apply the Control Plane Policy in the output direction.
 B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and
apply the Control Plane Policy in the input direction.
 C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and
apply the Control Plane Policy in the input direction.
 D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and
apply the Control Plane Policy in the output direction.

In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)
 A. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
 B. by various IPv6 guard features to validate the data link layer address
 C. by the recovery mechanism to recover the binding table in the event of a device reboot
 D. by IPv6 routing protocols to securely build neighborships without the need of authentication
 E. by storing hashed keys for IPsec tunnels for the built-in IPsec features

Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but
could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1. Which configuration
allows Router2 to establish a Telnet connection to Router1?
 A. ipv6 unicast-routing
 B. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
 C. permit ip any any on access list EGRESS2 on Router1
 D. IPv6 address on GigabitEthernet0/0

D (38%)
C (38%)
B (23%)
An engineer configured Reverse Path Forwarding on an interface and noticed that the routes
are dropped when a route lookup fails on that interface for a prefix that is available in the routing
table. Which interface configuration resolves the issue?
 A. ip verify unicast source reachable-via l2-src

 B. ip verify unicast source reachable-via allow-default
 C. ip verify unicast source reachable-via any
 D. ip verify unicast source reachable-via rx

Refer to the exhibit. When monitoring an IPv6 access list, an engineer notices that the ACL
does not have any hits and is causing unnecessary traffic through the interface. Which
command must be configured to resolve the issue?
 A. ip access-group INTERNET in

 B. ipv6 traffic-filter INTERNET in
 C. ipv6 access-class INTERNET in
 D. access-class INTERNET in

Reference:
https://www.cisco.com/c/en/us/support/docs/ip/ip-version-6/113126-ipv6-acl-00.html
B (83%)
C (17%)
Which configuration feature should be used to block rogue router advertisements instead of using the
IPv6 Router Advertisement Guard feature?
 A. VACL blocking broadcast frames from nonauthorized hosts

 B. PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
 C. PVLANs with community ports associated to route advertisements and isolated ports for nodes
 D. IPv4 ACL blocking route advertisements from nonauthorized hosts

B (50%)
D (50%)
Refer to the exhibit. Which action resolves the failed authentication attempt to the router?
 A. Configure aaa authorization console global command

 B. Configure aaa authorization console command on line vty 0 4
 C. Configure aaa authorization login command on line console 0
 D. Configure aaa authorization login command on line vty 0 4

Reference:
https://community.cisco.com/t5/network-access-control/console-authorization-issue/td-p/2492619
Refer to the exhibit. A network administrator logs into the router using TACACS+ username and
password credentials, but the administrator cannot run any privileged commands. Which action
resolves the issue?
 A. Configure the username from a local database

 B. Configure TACACS+ synchronization with the Active Directory admin group
 C. Configure an authorized IP address for this user to access this router
 D. Configure full access for the username from TACACS+ server

Refer to the exhibit. AAA server 10.1.1.1 is configured with the default authentication and
accounting settings, but the switch cannot communicate with the server. Which action resolves
this issue?
 A. Correct the timeout value.

 B. Match the authentication port.
 C. Correct the shared secret.
 D. Match the accounting port.

Refer to the exhibit. R1 is being monitored using SNMP and monitoring devices are getting only
partial information. What action should be taken to resolve this issue?
 A. Modify the CoPP policy to increase the configured exceeded limit for SNMP.
 B. Modify the access list to include snmptrap.
 C. Modify the CoPP policy to increase the configured CIR limit for SNMP.
 D. Modify the access list to add a second line to allow udp any any eq snmp.

B (80%)
C (20%)
Refer to the exhibit. A client is concerned that passwords are visible when running this show archive log
config all. Which router configuration is needed to resolve this issue?
 A. MASS-RTR(config)#aaa authentication arap

 B. MASS-RTR(config-archive-log-cfg)#password encryption aes
 C. MASS-RTR(config)#service password-encryption
 D. MASS-RTR(config-archive-log-cfg)#hidekeys

Refer to the exhibit. BGP is flapping after the CoPP policy is applied. What are the two solutions to fix the
issue? (Choose two.)
 A. Configure a higher value for CIR under the Class COPP-CRITICAL-7600.

 B. Configure a higher value for CIR under the default class to allow more packets during peak traffic.
 C. Configure BGP in the COPP-CRITICAL-7600 ACL.
 D. Configure IP CEF for CoPP policy and BGP to work.
 E. Configure a three-color policer instead of two-color policer under Class COPP-CRITICAL-7600.

BC (67%)
AC (33%)
Refer to the exhibit. A network administrator configured an IPv6 access list to allow TCP return
traffic only, but it is not working as expected. Which changes resolve this issue?
A.
B.
C.
D.
Correct Answer: A
What are two functions of IPv6 Source Guard? (Choose two.)
 A. It works independent from IPv6 neighbor discovery.

 B. It denies traffic from unknown sources or unallocated addresses.
 C. It uses the populated binding table to allow legitimate traffic.
 D. It denies traffic by inspecting neighbor discovery packets for specific patterns.
 E. It blocks certain traffic by inspecting DHCP packets for specific sources.

50 permit ip any any (1 match)

R1# show running-config | section line vty
line vty 0 4
login
transport input telnet ssh
transport output telnet ssh
Refer to the exhibit. Which two actions restrict access to router R1 by SSH? (Choose two.)
 A. Remove class-map ANY from service-policy CoPP. Most Voted

 B. Configure transport output ssh on line vty and remove sequence 20 from access list 100.
 C. Configure transport input ssh on line vty and remove sequence 30 from access list 100. Most Voted
 D. Remove sequence 10 from access list 100 and add sequence 20 deny tcp any any eq telnet to access
list 199.
 E. Configure transport output ssh on line vty and remove sequence 10 from access list 199.
Correct Answer: AC 🗳️
AC (73%)
BC (27%)
Refer to the exhibit. Which action resolves intermittent connectivity observed with the SNMP
trap rackets?
 A. Decrease the committed burst size of the mgmt class map.

 B. Increase the CIR of the mgmt class map.
 C. Add one new entry in the ACL 120 to permit the UDP port 161.
 D. Add a new class map to match TCP traffic.

DRAG DROP -
Refer to the exhibit. Drag and drop the credentials from the left onto the remote login
information on the right to resolve a failed login attempt to vtys. Not all credentials are used.
Select and Place:
Correct Answer:
Refer to the exhibit. A network administrator wants to block all traffic toward the Internet after business
hours and on weekends. When the administrator applies an access list on interface Gi0/1, all traffic is
blocked and there is no access to the Internet at any time. Which action resolves the issue?
 A. Add the permit ip any any time-range no-conn statement after the deny udp any any time-range no-
conn command in the access list.
 B. Add the permit ip any any statement after the deny icmp any any time-range no-conn command in the
access list.
 C. Add the permit allowed time-range no-conn statement after the deny icmp any any time-range no-conn
command in the access list.
 D. Add the permit ip any any time-range no-conn statement after the deny icmp any any time-range no-
conn command in the access list.

B (100%)
Refer to the exhibit. An IPv6 network was newly deployed in the environment, and the help desk
reports that R3 cannot SSH to the R2s Loopback interface. Which action resolves the issue?
 A. Modify line 10 of the access list to permit instead of deny.

 B. Remove line 60 from the access list.
 C. Modify line 30 of the access list to permit instead of deny.
 D. Remove line 70 from the access list.

C (100%)
Refer to the exhibit. An IT staff member comes into the office during normal office hours and
cannot access devices through SSH. Which action should be taken to resolve this issue?
 A. Modify the access list to use the correct IP address.

 B. Configure the correct time range.
 C. Modify the access list to correct the subnet mask.
 D. Configure the access list in the outbound direction.

C (50%)
A (50%)
A network administrator is trying to access a branch router using TACACS+ username and
password credentials, but the administrator cannot log in to the router because the WAN
connectivity is down. The branch router has following AAA configuration:
aaa new-model
aaa authorization commands 15 default group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
tacacs-server host 10.100.50.99
tacacs-server key Ci$co123
Which command will resolve this problem when WAN connectivity is down?
 A. aaa authentication login console group tacacs+ enable

 B. aaa authentication login default group tacacs+ local Most Voted
 C. aaa authentication login default group tacacs+ enable
 D. aaa authentication login default group tacacs+ console

Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/200606-aaa-
authentication-login- default-local.html
B (100%)
An engineer is troubleshooting failed access by contractors to the business application server via Telnet
or HTTP during the weekend. Which configuration resolves the issue?
 A. R1 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor
 B. R1 time-range Contractor no periodic weekdays 8:00 to 16:30 periodic daily 8:00 to 16:30
 C. R4 time-range Contractor no periodic weekdays 17:00 to 23:59 periodic daily 8:00 to 16:30
 D. R4 no access-list 101 permit tcp 10.3.3.0 0.0.0.255 host 10.1.1.3 eq telnet time-range Contractor

What are two characteristics of IPv6 Source Guard? (Choose two.)
 A. requires the user to configure a static binding

 B. used in service provider deployments to protect DDoS attacks
 C. requires that validate prefix be enabled
 D. requires IPv6 snooping on Layer 2 access or trunk ports
 E. recovers missing binding table entries

Correct Answer: CE 🗳️
CE (50%)
CD (50%)
DRAG DROP -
Drag and drop the IPv6 first hop security device roles from the left onto the corresponding
descriptions on the right.
Select and Place:
Correct
Answer:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7x/security/configuration/guide/
b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/
b_Cisco_Nexus_9000_Series_NXOS_Security_Configuration_Guide_7x_chapter_011011.pdf
The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is
policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32.
The administrator has configured this:
access-list 101 permit tcp host 10.1.1.1 any eq 23

access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results. Which set of configurations resolves this
issue?
 A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host
172.16.1.1 any eq 23 access-list 101 permit ip any any
 B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
 C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host
172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
 D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP
Refer to the exhibit. A network administrator successfully logs in to a switch using SSH from a RADIUS
server. When the network administrator uses a console port to access the switch, the RADIUS server
returns shell:priv-lvl=15" and the switch asks to enter the enable command. When the command is
entered, it gets rejected. Which command set is used to troubleshoot and resolve this issue?
 A. line con 0 aaa authorization console privl5 ! line vty 0 4 authorization exec
 B. line con 0 aaa authorization console ! line vty 0 4 authorization exec
 C. line con 0 aaa authorization console authorization priv15 ! line vty 0 4 transport input ssh
 D. line con 0 aaa authorization console authorization exec ! line vty 0 4 transport input ssh

Reference:
https://flylib.com/books/en/1.233.1.74/1/
Refer to the exhibit. An engineer is troubleshooting a TACACS problem. Which action resolves the issue?
 A. Configure a matching TACACS server IP.

 B. Configure a matching preshared key.
 C. Generate authentication from a relative source interface.
 D. Apply a configured AAA profile to the VTY.

Reference:
https://community.cisco.com/t5/network-access-control/issues-with-tacacs-authentication/td-p/3412001
The network administrator configured CoPP so that all HTTP and HTTPS traffic from the administrator
device located at 172.16 1.99 toward the router CPU is limited to 500 kbps. Any traffic that exceeds this
limit must be dropped.
access-list 100 permit ip host 172.16.1.99 any

!
class-map CM-ADMIN
!
policy-map PM-COPP
class CM-ADMIN
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
CoPP failed to capture the desired traffic and the CPU load is getting higher. Which two configurations
resolve the issue? (Choose two.)
 A. interface E0/0 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP

 B. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-
action transmit ! control-plane service-policy input PM-COPP
 C. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80
 D. no access-list 100 access-list 100 permit tcp host 172.16.1.99 any eq 80 access-list 100 permit tcp
host 172.16.1.99 any eq 443
 E. policy-map PM-COPP class CM-ADMIN no police 500000 conform-action transmit police 500 conform-
action transmit

Refer to the exhibit. While monitoring VTY access to a router, an engineer notices that the
router does not have any filter and anyone can access the router with username and password
even though an ACL is configured. Which command resolves this issue?
 A. access-class INTERNET in
 B. ip access-group INTERNET in
 C. ipv6 traffic-filter INTERNET in
 D. ipv6 access-class INTERNET in Most Voted

Refer to the exhibit. An engineer is trying to connect to R1 via Telnet with no success. Which
configuration resolves the issue?
 A. tacacs server prod address ipv4 10.221.10.10 exit

 B. ip route 10.221.10.10 255.255.255.255 ethernet 0/1
 C. ip route 10.221.0.11 255.255.255.255 ethernet 0/1
 D. tacacs server prod address ipv4 10.221.10.11 exit

An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two.)
 A. Copy the file to the destination router with the copy tftp: flash: command
 B. Enable the TFTP server on the source router with the tftp-server flash: <filename> command
 C. TFTP is not supported in recent IOS versions, so an alternative method must be used
 D. Configure a user on the source router with the username tftp password tftp command
 E. Configure the TFTP authentication on the source router with the tftp-server authentication
local command

Refer to the exhibit. Users report that IP addresses cannot be acquired from the DHCP server. The DHCP
server is configured as shown. About 300 total nonconcurrent users are using this DHCP server, but none
of them are active for more than two hours per day. Which action fixes the issue within the current
resources?
 A. Modify the subnet mask to the network 192.168.1.0 255.255.254.0 command in the DHCP pool
 B. Configure the DHCP lease time to a smaller value
 C. Configure the DHCP lease time to a bigger value
 D. Add the network 192.168.2.0 255.255.255.0 command to the DHCP pool

Refer to the exhibit. ISP 1 and ISP 2 directly connect to the Internet. A customer is tracking both
ISP links to achieve redundancy and cannot see the Cisco IOS IP SLA tracking output on the
router console. Which command is missing from the IP SLA configuration?
 A. Start-time 00:00
 B. Start-time 0
 C. Start-time immediately
 D. Start-time now

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_icmp_echo.html
Refer to the exhibit. An administrator noticed that after a change was made on R1, the
timestamps on the system logs did not match the clock. What is the reason for this error?
 A. An authentication error with the NTP server results in an incorrect timestamp.
 B. The keyword localtime is not defined on the timestamp service command. Most Voted
 C. The NTP server is in a different time zone.
 D. The system clock is set incorrectly to summer-time hours.

DRAG DROP -
Drag and drop the DHCP messages from the left onto the correct uses on the right.
Select and Place:
Correct
Answer:
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html
A network engineer is investigating a flapping (up/down) interface issue on a core switch that is
synchronized to an NTP server. Log output currently does not show the time of the flap. Which
command allows the logging on the switch to show the time of the flap according to the clock on
the device?
 A. service timestamps log uptime

 B. clock summer-time mst recurring 2 Sunday mar 2:00 1 Sunday nov 2:00
 C. service timestamps log datetime localtime show-timezone
 D. clock calendar-valid

When provisioning a device in Cisco DNA Center, the engineer sees the error message `Cannot
select the device. Not compatible with template`. What is the reason for the error?
 A. The template has an incorrect configuration.

 B. The software version of the template is different from the software version of the device.
 C. The changes to the template were not committed.
 D. The tag that was used to filter the templates does not match the device tag.

Reference:
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-10/
user_guide/ b_cisco_dna_center_ug_1_2_10/b_dnac_ug_1_2_10_chapter_0111.html
While working with software images, an engineer observes that Cisco DNA Center cannot
upload its software image directly from the device. Why is the image not uploading?
 A. The device must be resynced to Cisco DNA Center.

 B. The software image for the device is in install mode.
 C. The device has lost connectivity to Cisco DNA Center.
 D. The software image for the device is in bundle mode

Reference:
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2-10/
user_guide/ b_cisco_dna_center_ug_1_2_10/b_dnac_ug_1_2_10_chapter_0100.html
An engineer configured the wrong default gateway for the Cisco DNA Center enterprise
interface during the install. Which command must the engineer run to correct the configuration?
 A. sudo maglev-config update

 B. sudo maglev install config update
 C. sudo maglev reinstall
 D. sudo update config install

DRAG DROP -
Drag and drop the SNMP attributes in Cisco IOS devices from the left onto the correct
SNMPv2c or SNMPv3 categories on the right.
Select and Place:
Correct
Answer:
Refer to the exhibit. An administrator that is connected to the console does not see debug messages
when remote users log in. Which action ensures that debug messages are displayed for remote logins?
 A. Enter the transport input ssh configuration command.

 B. Enter the terminal monitor exec command.
 C. Enter the logging console debugging configuration command.
 D. Enter the aaa new-model configuration command.

D (100%)
Refer to the exhibit. Network operations cannot read or write any configuration on the device
with this configuration from the operations subnet. Which two configurations fix the issue?
(Choose two.)
 A. Configure SNMP rw permission in addition to community ciscotest.

 B. Modify access list 1 and allow operations subnet in the access list. Most Voted
 C. Modify access list 1 and allow SNMP in the access list.
 D. Configure SNMP rw permission in addition to version 1.
 E. Configure SNMP rw permission in addition to community ciscotest 1. Most Voted

BE (88%)
13%
Refer to the exhibit. Why is the remote NetFlow server failing to receive the NetFlow data?
 A. The flow exporter is configured but is not used.

 B. The flow monitor is applied in the wrong direction.
 C. The flow monitor is applied to the wrong interface.
 D. The destination of the flow exporter is not reachable.

A (100%)
Refer to the exhibit. An engineer has successfully set up a floating static route from the
BRANCH router to the HQ network using HQ_R1 as the primary default gateway. When the
g0/0 goes down on HQ_R1, the branch network cannot reach the HQ network 192.168.20.0/24.
Which configuration resolves the issue?
 A. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.1

 B. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.2
 C. HQ_R3(config)# ip sla responder HQ_R3(config)# ip sla responder icmp-echo 172.16.35.5
 D. BRANCH(config)# ip sla 1 BRANCH(config-ip-sla)# icmp-echo 192.168.100.1

An engineer configured a DHCP server for Cisco IP phones to download its configuration from a
TFTP server, but the IP phones failed to load the configuration. What must be configured to
resolve the issue?
 A. BOOTP port 67
 B. DHCP option 66
 C. BOOTP port 68
 D. DHCP option 69
Refer to the exhibit. The remote server is failing to receive the NetFlow data. Which action
resolves the issue?
 A. Modify the flow transport command transport udp 2055 to move under flow monitor profile.
 B. Modify the interface command to ip flow monitor FLOW-MONITOR-1 input.
 C. Modify the udp port under flow exporter profile to ip transport udp 4739.
 D. Modify the flow record command record v4_r1 to move under flow exporter profile.

B (100%)
Refer to the exhibit. A network administrator configured NTP on a Cisco router to get
synchronized time for system and logs from a unified time source. The configuration did not
work as desired. Which service must be enabled to resolve the issue?
 A. Enter the service timestamps log datetime clock-period global command.

 B. Enter the service timestamps log datetime synchronize global command.
 C. Enter the service timestamps log datetime console global command.
 D. Enter the service timestamps log datetime localtime global command.

D (100%)
Refer to the exhibits. An engineer filtered messages based on severity to minimize log
messages. After applying the filter, the engineer noticed that it filtered required messages as
well. Which action must the engineer take to resolve the issue?
 A. Configure syslog level 2.

 B. Configure syslog level 3.
 C. Configure syslog level 4.
 D. Configure syslog level 5.

D (100%)
An engineer is troubleshooting on the console session of a router and turns on multiple debug
commands. The console screen is filled with scrolling debug messages that none of the
commands can be verified if entered correctly or display any output. Which action allows the
engineer to see entered console commands while still continuing the analysis of the debug
messages?
 A. Configure the term no mon command globally.

 B. Configure the logging synchronous level all command.
 C. Configure the logging synchronous command.
 D. Configure the no logging console debugging command globally.

C (100%)
Refer to the exhibit. The DHCP client is unable to receive an IP address from the DHCP server.
RouterB is configured as follows:
Which command is required on the fastethernet 0/0 interface of RouterB to resolve this issue?
 A. RouterB(config-if)#ip helper-address 172.16.1.1

 B. RouterB(config-if)#ip helper-address 255.255.255.255
 C. RouterB(config-if)#ip helper-address 172.16.1.2
 D. RouterB(config-if)#ip helper-address 172.31.1.1

Refer to the exhibit. A network administrator added one router in the Cisco DNA Center and
checked its discovery and health from the Network Health Dashboard. The network
administrator observed that the router is still showing up as unmonitored. What must be
configured on the router to mount it in the Cisco DNA Center?
 A. Configure router with SNMPv2c or SNMPv3 traps

 B. Configure router with the telemetry data
 C. Configure router with routing to reach Cisco DNA Center
 D. Configure router with NetFlow data

Refer to the exhibit. NTP is configured across the network infrastructure and Cisco DNA Center.
An NTP issue was reported on the Cisco DNA Center at 17:15. Which action resolves the
issue?
 A. Reset the NTP server to resolve any synchronization issues for all devices
 B. Check and resolve reachability between Cisco DNA Center and the NTP server
 C. Check and resolve reachability between the WLC and the NTP server
 D. Check and configure NTP on the WLC and synchronize with Cisco DNA Center

C (86%)
14%
Refer to the exhibit. PC-2 failed to establish a Telnet connection to the terminal server.
 A. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence

25 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
 B. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#no
sequence 20 Gateway-Router(config-ipv6-acl)#sequence 5 permit tcp host 2018:DB1:A:B::2 host
2018:DB1:A:C::1 eq telnet
 C. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#permit tcp
host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet
 D. Gateway-Router(config)#ipv6 access-list Default_Access Gateway-Router(config-ipv6-acl)#sequence
15 permit tcp host 2018:DB1:A:B::2 host 2018:DB1:A:C::1 eq telnet

Refer to the exhibit. A network administrator enables DHCP snooping on the Cisco Catalyst
3750-X switch and configures the uplink port (Port-channel2) as a trusted port. Clients are not
receiving an IP address, but when DHCP snooping is disabled, clients start receiving IP
addresses. Which global command resolves the issue?
 A. ip dhcp relay information trust portchannel2

 B. ip dhcp snooping
 C. ip dhcp snooping trust
 D. no ip dhcp snooping information option

Reference:
https://community.cisco.com/t5/switching/dhcp-snooping-clients-not-getting-ip-address/td-p/1749969
A customer reports to the support desk that they cannot print from their PC to the local printer
id:123456789. Which tool must be used to diagnose the issue using Cisco DNA Center
Assurance?
 A. device trace
 B. ACL trace
 C. path trace
 D. application trace
An engineer configured SNMP notifications sent to the management server using authentication and
encrypting data with DES. An error in the response PDU is received as "UNKNOWNUSERNAME,
WRONGDIGEST". Which action resolves the issue?
 A. Configure the correct authentication password using SNMPv3 authNoPriv.

 B. Configure correct authentication and privacy passwords using SNMPv3 authPriv.
 C. Configure correct authentication and privacy passwords using SNMPv3 authNoPriv.
 D. Configure the correct authentication password using SNMPv3 authPriv.

B (100%)
Refer to the exhibit. A network administrator is discovering a Cisco Catalyst 9300 and a Cisco WLC 3504
in Cisco DNA Center. The Catalyst 9300 is added successfully. However, the WLC is showing the error
"uncontactable" when the administrator tries to add it in Cisco DNA Center. Which action discovers WLC
in Cisco DNA Center successfully?
 A. Delete the WLC 3504 from Cisco DNA Center and add it to Cisco DNA Center again.
 B. Add the WLC 3504 under the hierarchy of the Catalyst 9300 connected devices.
 C. Copy the .cert file from the Cisco DNA Center on the USB and upload it to the WLC 3504.
 D. Copy the .pem file from the Cisco DNA Center on the USB and upload it to the WLC 3504.

Refer to the exhibit. A user cannot SSH to the router. What action must be taken to resolve this
issue?
 A. Configure transport input ssh

 B. Configure transport output ssh
 C. Configure ip ssh version 2
 D. Configure ip ssh source-interface loopback0

A (50%)
C (50%)
An engineer configured a Cisco router to send reliable and encrypted notifications for any
events to the management server. It was noticed that the notification messages are reliable but
not encrypted. Which action resolves the issue?
 A. Configure all devices for SNMPv3 informs with auth.

 B. Configure all devices for SNMPv3 informs with priv. Most Voted
 C. Configure all devices for SNMPv3 traps with auth.
 D. Configure all devices for SNMPv3 traps with priv.

B (100%)
Refer to the exhibit. An engineer is monitoring reachability of the configured default routes to
ISP1 and ISP2. The default route from ISP1 is preferred if available. How is this issue resolved?
 A. Use the icmp-echo command to track both default routes.

 B. Use the same AD for both default routes.
 C. Start IP SLA by matching numbers for track and ip sla commands.
 D. Start IP SLA by defining frequency and scheduling it.

D (100%)
Refer to the exhibits. An engineer identified a Layer 2 loop using DNAC. Which command fixes
the problem in the SF-D9300-1 switch?
 A. spanning-tree portfast bpduguard

 B. no spanning-tree uplinkfast
 C. spanning-tree backbonefast
 D. spanning-tree loopguard default

D (67%)
A (33%)
Refer to the exhibit. An engineer receives this error message when trying to access another router in-
band from the serial interface connected to the console of R1. Which configuration is needed on R1 to
resolve this issue?
 A. R1(config)#line vty 0 R1(config-line)# transport output ssh

 B. R1(config)#line console 0 R1(config-line)# transport output ssh
 C. R1(config)#line console 0 R1(config-line)# transport preferred ssh
 D. R1(config)#line vty 0 R1(config-line)# transport output ssh R1(config-line)# transport preferred ssh

B (89%)
11%
Refer to the exhibit. The server for the finance department is not reachable consistently on the
200.30.40.0/24 network and after every second month it gets a new IP address. What two
actions must be taken to resolve this issue? (Choose two.)
 A. Configure the server to use DHCP on the network with default gateway 200.30.40.100.
 B. Configure the server with a static IP address and default gateway.
 C. Configure the router to exclude a server IP address.
 D. Configure the server to use DHCP on the network with default gateway 200.30.30.100.
 E. Configure the router to exclude a server IP address and default gateway.

BC (67%)
BE (33%)
Refer to the exhibit. A user has set up an IP SLA probe to test if a non SLA host web server on IP
address 10.1.1.1 accepts HTTP sessions prior to deployment. The probe is failing. Which action should
the network administrator recommend for the probe to succeed?
 A. Re-issue the ip sla schedule command.

 B. Add the control disable option to the tcp connect.
 C. Modify the ip sla schedule frequency to forever.
 D. Add icmp-echo command for the host.

B (100%)
Refer to the exhibit. A network administrator is using the DNA Assurance Dashboard panel to
troubleshoot an OSPF adjacency that failed between Edge_NYC Interface GigabitEthernet1/3 with
Neighbor Edge_SNJ. The administrator observes that the neighborship is stuck in the exstart state. How
does the administrator fix this issue?
 A. Configure to match the OSPF interface network types on both routers.

 B. Configure to match the OSPF interface speed and duplex settings on both routers.
 C. Configure to match the OSPF interface MTU settings on both routers.
 D. Configure to match the OSPF interface unique IP address and subnet mask on both routers.
Refer to the exhibit. A network administrator is troubleshooting OSPF adjacency issue by going
through the console logs in the router, but due to an overwhelming log messages stream, it is
impossible to capture the problem. Which two commands reduce console log messages to
relevant OSPF neighbor problem details so that the issue can be resolved? (Choose two.)
 A. debug condition ospf neighbor

 B. debug condition interface
 C. debug condition session-id ADJCHG
 D. debug condition all

BC (88%)
13%
A network is under a cyberattack. A network engineer connected to R1 by SSH and enabled the
terminal monitor via SSH session to find the source and destination of the attack. The session
was flooded with messages, which made it impossible for the engineer to troubleshoot the
issue. Which command resolves this issue on R1?
 A. (config)#terminal no monitor
 B. (config)#no terminal monitor
 C. #no terminal monitor
 D. #terminal no monitor

Reference:
https://www.oreilly.com/library/view/cisco-ios-in/0596008694/re826.html
D (100%)
A network administrator has developed a Python script on the local Linux machine and is trying
to transfer it to the router. However, the transfer fails. Which action resolves this issue?
 A. The Python interpreter must first be enabled with the guestshell enable command.
 B. The SSH access must be allowed on the VTY lines using the transport input ssh command.
 C. The SSH service must be enabled with the crypto key generate rsa command.
 D. The SCP service must be enabled with the ip scp server enable command.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/sec-usr-ssh-xe-3s-book/sec-usr-ssh-sec-
copy.pdf
D (100%)
An engineer configured SNMP communities on the Core_Sw1, but the SNMP server cannot
obtain information from Core_Sw1. Which configuration resolves this issue?
 A. access-list 20 permit 10.221.10.11

 B. snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 22
 C. snmp-server group NETVIEW v2c priv read NETVIEW access 20
 D. access-list 20 permit 10.221.10.12

The SNMP server configuration ties ACL 20 to the list of allowed SNMP servers that can pull data from the switch. The IP address
of the NMS server needs to be added to this ACL.
Which two commands provide the administrator with the information needed to resolve the
issue? (Choose two.)
 A. debug snmpv3 engine-id

 B. show snmp user
 C. debug snmp packet
 D. debug snmp engine-id
 E. show snmpv3 user

Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/command/snmp-xe-3se-3850-cr-book/snmp-xe-3se-3850-cr-
book_chapter_0110.html
The network administrator can see the DHCP discovery packet in R1, but R2 is not replying to
the DHCP request. The R1 related interface is configured with the DHCP helper address. If the
PC is directly connected to the Fa0/1 interface on R2, the DHCP server assigns as IP address
from the DHCP pool to the PC. Which two commands resolve this issue? (Choose two.)
 A. service dhcp-relay command on R1

 B. ip dhcp relay information enable command on R1
 C. ip dhcp option 82 command on R2
 D. service dhcp command on R1
 E. ip dhcp relay information trust-all command on R2

Correct Answer: DE 🗳️
A network administrator performed a Compact Flash Memory upgrade on a Cisco Catalyst 6509
Switch. Everything is functioning normally except SNMP, which was configured to monitor the
bandwidth of key interfaces but the interface indexes are changed. Which global configuration
resolves the issue?
 A. snmp-server ifindex persist Most Voted

 B. snmp-server ifindex permanent
 C. snmp ifindex persist
 D. snmp ifindex permanent

Reference:
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/ifindx.pdf
Refer to the exhibit. R1 is configured with IP SLA to check the availability of the server behind
R6 but it kept failing. Which configuration resolves the issue?
 A. R6(config)#ip sla responder udp-echo ip address 10.10.10.1 port 5000

 B. R6(config)#ip access-list extended DDOS R6(config-ext-nacl)#5 permit icmp host 10.10.10.1
host 10.66.66.66
 C. R6(config)#ip sla responder
 D. R6(config)#ip access-list extended DDOS R6(config-ext-nacl)#5 permit icmp host
10.66.66.66 host 10.10.10.1

Refer to the exhibit. An engineer configured IP SLA on R1 to avoid the ISP link flapping
problem, but it is not working as designed. IP SLA should wait 30 seconds before switching
traffic to a secondary connection and then revert to the primary link after waiting 20 seconds,
when the primary link is available and stabilized. Which configuration resolves the issue?
 A. R1(config)#track 700 ip sla 700 R1 (config-track)#delay down 30 up 20

 B. R1 (config)#ip sla 700 R1(config-ip-sla)#delay down 30 up 20
 C. R1 (config)#ip sla 700 R1(config-ip-sla)#delay down 20 up 30
 D. R1(config)#track 700 ip sla 700 R1(config-track)#delay down 20 up 30

Refer to the exhibit. An engineer must block access to the console ports for all corporate remote
Cisco devices based on the recent corporate security policy but the security team still can
connect through the console port. Which configuration on the console port resolves the issue?
 A. login and password

 B. exec 0 0
 C. transport input telnet
 D. no exec
Refer to the exhibit. A network administrator is troubleshooting IPv6 address assignment for a
DHCP client that is not getting an IPv6 address from the server. Which configuration retrieves
the client IPv6 address from the DHCP server?
 A. ipv6 address autoconfig command on the interface

 B. ipv6 dhcp server automatic command on DHCP server
 C. ipv6 dhcp relay-agent command on the interface
 D. service dhcp command on DHCP server

A (100%)
Refer to the exhibit. A junior engineer configured SNMP to network devices. Malicious users have
uploaded different configurations to the network devices using SNMP and TFTP servers. Which
configuration prevents changes from unauthorized NMS and TFTP servers?
 A. access-list 20 permit 10.221.10.11 access-list 20 deny any log ! snmp-server group NETVIEW v3 priv
read NETVIEW access 20 snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN
access 20 snmp-server community Cisc0Us3r RO 20 snmp-server community Cisc0wrus3r RW 20 snmp-
server tftp-server-list 20
 B. access-list 20 permit 10.221.10.11 access-list 20 deny any log ! snmp-server group NETVIEW v3 priv
read NETVIEW access 20 snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN
access 20 snmp-server community Cisc0wrus3r RO 20 snmp-server community Cisc0Us3r RW 20 snmp-
server tftp-server-list 20
 C. access-list 20 permit 10.221.10.11 access-list 20 deny any log
 D. access-list 20 permit 10.221.10.11

An engineer creates a Cisco DNA Center cluster with three nodes, but all the services are running on one
host node. Which action resolves this issue?
 A. Restore the link on the switch interface that is connected to a cluster link on the Cisco DNA Center.
 B. Click system updates, and upgrade to the latest version of Cisco DNA Center.
 C. Enable service distribution from the Systems 360 page.
 D. Click the master host node with all the services and select services to be moved to other hosts.

C (100%)
Refer to the exhibit. The AP status from Cisco DNA Center Assurance Dashboard shows some
physical connectivity issues from access switch interface G1/0/14. Which command generates
the diagnostic data to resolve the physical connectivity issues?
 A. check cable-diagnostics tdr interface GigabitEthernet1/0/14

 B. verify cable-diagnostics tdr interface GigabitEthernet1/0/14
 C. show cable-diagnostics tdr interface GigabitEthernet1/0/14
 D. test cable-diagnostics tdr interface GigabitEthernet1/0/14

D (100%)
Refer to the exhibit. An engineer configured NetFlow on R1, but the NMS server cannot see the
flow from R1. Which configuration resolves the issue?
 A. interface Ethernet0/1 flow-destination 10.221.10.11

 B. interface Ethernet0/0 flow-destination 10.221.10.11
 C. flow exporter FlowAnalyzer1 destination 10.221.10.11
 D. flow monitor Flowmonitor1 destination 10.221.10.11

Refer to the exhibit. An engineer cannot copy the IOS.bin file from the FTP server to the switch.
Which action resolves the issue?
 A. Allow file permissions to download the file from the FTP server.
 B. Add the IOS.bin file, which does not exist on FTP server.
 C. Make memory space on the switch flash or USB drive to download the file.
 D. Use the copy flash:/ ftp://[email protected]/IOS.bin command.

Refer to the exhibit. After reloading the router, an administrator discovered that the interface utilization
graphs displayed inconsistencies with their previous history in the NMS. Which action prevents this issue
from occurring after another router reload in the future?
 A. Configure SNMP interface index persistence on the router.

 B. Save the router configuration to startup-config before reloading the router.
 C. Rediscover all the router interfaces through SNMP after the router is reloaded.
 D. Configure SNMP to use static OIDs referring to individual router interfaces.

Reference:
https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/ifindx.pdf
Refer to the exhibit. In an attempt to increase the network security, the administrator applied the Gi3-in
ACL to the Gi3 interface. After the ACL was applied, clients in the network connected to Gi3 lost their
ability to obtain IP settings from DHCP. Which two configuration commands must be added to the Gi3-in
ACL to reinstate the DHCP service for the clients? (Choose two.)
 A. 74 permit udp 192.168.30.0 0.0.0.255 eq bootpc host 192.168.255.3 eq bootps

 B. 71 permit udp host 0.0.0.0 eq bootps host 255.255.255.255 eq bootpc
 C. 73 permit udp host 0.0.0.0 eq bootpc host 192.168.255.3 eq bootps
 D. 72 permit udp host 192.168.255.3 eq bootps 192.168.30.0 0.0.0.255 eq bootpc
 E. 75 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps

Correct Answer: AE 🗳️
Reference:
https://community.spiceworks.com/topic/1982739-help-with-access-list-to-permit-dhcp-requests-and-renews
Refer to the exhibit. Router DHCP is configured to lease IPv4 and IPv6 addresses to clients on ALS1 and
ALS2. Clients on ALS2 receive IPv4 and IPv6 addresses. Clients on ALS1 receive IPv4 addresses. Which
configuration on DSW1 allows clients on ALS1 to receive IPv6 addresses?
 A. DSW1(config-if)# ipv6 dhcp relay destination 2002:404:404::404:404 GigabitEthernet1/2

 B. DSW1(config-if)# ipv6 helper address 2002:404:404::404:404
 C. DSW1(config)# ipv6 route 2002:404:404::404:404/128 FastEthernet1/0
 D. DSW1(dhcp-config)# default-router 2002:A04:A01::A04:A01

Specifies a destination address to which client packets are forwarded and enables DHCPv6 relay service on the interface. ipv6 dhcp
relay destination ipv6-address[interface-type interface-number]
Example:
Router(config-if) ipv6 dhcp relay destination FE80::250:A2FF:FEBF:A056 ethernet 4/3
Refer to the exhibit. Router R2 should be learning the route for 10.123.187.0/24 via EIGRP.
Which action resolves the issue without introducing more issues?
 A. Redistribute the route in EIGRP with metric, delay, and reliability.

 B. Use distribute-list to modify the route as an internal EIGRP route.
 C. Use distribute-list to filter the external routes in OSPF.
 D. Remove route redistribution in R2 for this route in OSPF.

Refer to the exhibit. The control plane is heavily impacted after the CoPP configuration is
applied to the router. Which command removal lessens the impact on the control plane?
 A. access-list 120 permit tcp any gt 1024 eq bgp log

 B. access-list 120 permit ospf any
 C. access-list 120 permit udp any any eq pim-auto-rp
 D. access-list 120 permit eigrp any host 224.0.0.10
C (75%)
Actual exam question from Cisco's 300-410
Question #: 223
Topic #: 1
[All 300-410 Questions]
Refer to the exhibit. A loop occurs between R1, R2, and R3 while EIGRP is run with poison
reverse enabled. Which action prevents the loop between R1, R2, and
R3?
 A. Enable split horizon.

 B. Configure R3 as stub receive-only.
 C. Configure route tagging.
 D. Configure route filtering.
Hide Answer
Suggested Answer: A 🗳️
Question #: 224
Topic #: 1
Refer to the exhibit. An error message "an OSPF-4-FLOOD_WAR" is received on SW2 from SW1. SW2
is repeatedly receiving its own link-state advertisement and flushes it from the network. Which action
resolves the issue?
 A. Change area 5 to a normal area from a nonstub area.

 B. Resolve different subnet mask issue on the link.
 C. Configure Layer 3 port channel on interfaces between switches.
 D. Resolve duplicate IP address issue in the network.
Hide Answer
Suggested Answer: D 🗳️
Question #: 225
Topic #: 1
Which two components are required for MPLS Layer 3 VPN configuration? (Choose two.)
 A. Use LDP for customer routes.

 B. Use pseudowire for Layer 2 routes.
 C. Use a unique RD per customer VRF.
 D. Use OSPF between PE and CE.
 E. Use MP-BGP for customer routes.
Hide Answer
Suggested Answer: CE 🗳️
CE (100%)
Question #: 226
Topic #: 1
Refer to the exhibit. Which configuration resolves the IP SLA issue from R1 to the server?
 A. R6(config)#ip sla responder

 B. R6(config)#ip sla 650 R6(config-ip-sla)#udp-jitter 10.60.60.6
 C. R6(config)#ip sla responder udp-echo ipaddress 10.60.60.6 po 5000
 D. R6(config)#ip sla schedule 10 life forever start-time now
Hide Answer
A (100%)
Question #: 227
Topic #: 1
A network administrator added a new spoke site with dynamic IP on the DMVPN network.
Which configuration command passes traffic on the DMVPN tunnel from the spoke router?
 A. ip nhrp registration no-registration

 B. ip nhrp registration dynamic
 C. ip nhrp registration no-unique
 D. ip nhrp registration ignore
Hide Answer
Suggested Answer: C 🗳️
Question #: 228
Topic #: 1
Refer to the exhibit. Which configuration enables OSPF for area 0 interfaces to establish adjacency with a
neighboring router with the same VRF?
 A. router ospf 1 vrf CCNP network 10.1.1.1 0.0.0.0 area 0 network 10.2.2.2 0.0.0.0 area 0
 B. router ospf 1 interface Ethernet1 ip ospf 1 area 0.0.0.0 interface Ethernet2 ip ospf 1 area 0.0.0.0
 C. router ospf 1 vrf CCNP interface Ethernet1 ip ospf 1 area 0.0.0.0 interface Ethernet2 ip ospf 1 area
0.0.0.0
 D. router ospf 1 vrf CCNP network 10.0.0.0 0.0.255.255 area 0
Hide Answer
A (100%)
Question #: 229
Topic #: 1
Refer to the exhibit. TCP traffic should be reaching host 10.10.10.10/24 via R2. Which action resolves the
issue?
 A. Allow TCP in the access list with no changes to the route map.
 B. Add a permit 20 statement in the route map to allow TCP traffic.
 C. TCP traffic will reach the destination via R2 without any changes.
 D. Set IP next-hop to 10.10.12.2 under the route-map permit 10 to allow TCP traffic.
Hide Answer
Question #: 231
Topic #: 1
Refer to the exhibit. During ISP router maintenance, the network produced many alerts because of the
flapping interface. Which configuration on R1 resolves the issue?
 A. ip verify drop-rate notify hold-down 60

 B. snmp trap link-status down
 C. snmp trap ip verify drop-rate
 D. no snmp trap link-status
Hide Answer
Question #: 232
Topic #: 1
Refer to the exhibit. Reachability between servers in a network deployed with DHCPv6 is unstable. Which
command must be removed from the configuration to make DHCPv6 function?
 A. ipv6 nd ra suppress
 B. address prefix 2001:0:1:4::/64 lifetime infinite infinite
 C. ipv6 dhcp server DHCP POOL
 D. ipv6 address 2001:0:1:4::1/64
Hide Answer
A (100%)
Question #: 233
Topic #: 1
A customer requested a GRE tunnel through the provider network between two customer sites using
loopback to hide internal networks. Which configuration on R2 establishes the tunnel with R1?
 A. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu

1400 R2(config-if)#ip tcp adjust-mss 1360 R2(config-if)#tunnel source 192.168.20.1 R2(config-if)#tunnel
destination 192.168.10.1
 B. R2(config)#interface Tunnel1 R2(config-if#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu
 C. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu
 D. R2(config)#interface Tunnel1 R2(config-if)#ip address 172.20.1.2 255.255.255.0 R2(config-if)#ip mtu
Hide Answer
Suggested Answer: B 🗳️
D (75%)
B (25%)
Question #: 234
Topic #: 1
Refer to the exhibit. R1 and R2 are configured for EIGRP peering using authentication and the neighbors
failed to come up. Which action resolves the issue?
 A. Configure a matching lowest key-id on both routers.

 B. Configure a matching authentication type on both routers.
 C. Configure a matching key-id number on both routers.
 D. Configure a matching key-chain name on both routers
Hide Answer
C (75%)
A (25%)
Question #: 235
Topic #: 1
Refer to the exhibit. Mutual redistribution is enabled between RIP and EIGRP on R2 and R5. Which
configuration resolves the routing loop for the 192.168.1.0/24 network?
 A. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip
network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192.168.1.0 access-list 1 permit any
R5: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip
 B. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s0 ! router rip
 C. R2: router eigrp 10 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip
network 178.1.0.0 redistribute eigrp 10 metric 2 ! access-list 1 deny 192. 168.1.0 access-list 1 permit any
 D. R2: router eigrp 7 network 181.16.0.0 redistribute rip metric 1 1 1 1 1 distribute-list 1 in s1 ! router rip
Hide Answer
Question #: 237
Topic #: 1
Refer to the exhibit. R4 is experiencing packet drop when trying to reach 172.16.2.7 behind R2. Which
action resolves the issue?
 A. Insert a /24 floating static route on R2 toward R3 with metric 254.

 B. Disable auto summarization on R2.
 C. Enable auto summarization on all three routers R1, R2, and R3.
 D. Insert a /16 floating static route on R2 toward R3 with metric 254.
Hide Answer
Question #: 238
Topic #: 1
Refer to the exhibit. An engineer must advertise routes into IPv6 MP-BGP and failed. Which configuration
resolves the issue on R1?
 A. router bgp 64900 no bgp default ipv4-unicast address-family ipv6 unicast redistribute ospf network
2001:DB9::/64
 B. router bgp 64900 no bgp default ipv4-unicast address-family ipv6 multicast neighbor 2001:DB8:7000::2
translate-update ipv6 multicast
 C. router bgp 65000 no bgp default ipv4-unicast address-family ipv6 unicast network 2001:DB8::/64
 D. router bgp 65000 no bgp default ipv4-unicast address-family ipv6 multicast network 2001:DB8::/64
Hide Answer
Which two protocols can cause TCP starvation? (Choose two)
 A. TFTP
 B. SNMP
 C. SMTP
 D. HTTPS
 E. FTP AB

TFTP (69) and SNMP (161) are UDP protocols
Question #: 240
Topic #: 1
Refer to the exhibit. A network engineer applied a filter for ISA traffic on OSPFv3 inter area routes on the
area 5 ABR to protect advertising the internal routes of area 5 to the business partner network. All other
areas should receive the area 5 internal routes. After the respective route filtering configuration is applied
on the ABR, area 5 routes are not visible on any of the areas. How must the filter list be applied on the
ABR to resolve this issue?
 A. in the "in" direction for area 5 on router R1

 B. in the "in" direction for area 20 on router R2
 C. in the "out" direction for area 20 on router R2
 D. in the "out" direction for area 5 on router R1
Hide Answer
C (100%)
Question #: 241
Topic #: 1
Refer to the exhibit. The R2 loopback interface is advertised with RIP and EIGRP using default values.
Which configuration changes make R1 reach the R2 loopback using RIP?
 A. R1(config)#router rip R1(config-router)#distance 90

 B. R1(config)#router eigrp 1 R1(config-router)#distance eigrp 130 120
 C. R1(config)#router rip R1(config-router)#distance 100
 D. R1(config)#router eigrp 1 R1(config-router)#distance eigrp 120 120
Hide Answer
B (100%)
Question #: 243
Topic #: 1
Refer to the exhibit. R6 should reach R1 via R5>R2>R1. Which action resolves the issue?
 A. Decrease the cost to 2 between R6-R5-R2.

 B. Increase the cost to 61 between R2-R3-R1.
 C. Increase the cost to 61 between R2 and R3.
 D. Decrease the cost to 41 between R2 and R1.
Hide Answer
Question #: 244
Topic #: 1
An engineer failed to run diagnostic commands on devices using Cisco DNA Center. Which action in
Cisco DNA Center resolves the issue?
 A. Enable Secure Shell.

 B. Enable APIs.
 C. Enable CDP.
 D. Enable Command Runner.
Hide Answer
Question #: 245
Topic #: 1
Refer to the exhibit. The static route is not present in the routing table of an adjacent OSPF neighbor
router. Which action resolves the issue?
 A. Configure a permit 20 statement to the route map to redistribute the static route.
 B. Configure the next-hop interface at the end of the static route for it to get redistributed.
 C. Configure the next hop of 10.20.20.1 in the prefix list DMZ-STATIC.
 D. Configure the subnets keyword in the redistribution command.
Hide Answer
Question #: 246
Topic #: 1
Refer to the exhibit. Packets arriving from source 209.165.200.215 must be sent with the precedence bit
set to 1, and packets arriving from source 209.165.200.216 must be sent with the precedence bit set to 5.
 A. set ip precedence critical in route-map Texas permit 20

 B. set ip precedence critical in route-map Texas permit 10
 C. set ip precedence priority in route-map Texas permit 20
 D. set ip precedence immediate in route-map Texas permit 10
Hide Answer
A (100%)
IP Precedence
000 (0) Routine or Best Effort
001 (1) Priority
010 (2) Immediate
011 (3) Flash - mainly used for Voice Signaling or for Video.
100 (4) Flash Override
101 (5) Critical -mainly used for Voice RTP.
110 (6) Internet
111 (7) Network
Question #: 247
Topic #: 1
Refer to the exhibit. An engineer must redistribute networks 192.168.10.0/24 and 192.168.20.0/24 into
OSPF from EIGRP, where the metric must be added when traversing through multiple hops to start an
external route of 20. The engineer notices that the external metric is fixed and does not add at each hop.
 A. R2(config)#access-list 10 permit 192.168.10.0 0.0.0.255

R2(config)#access-list 10 permit 192.168.20.0 0.0.0.255 !
R2(config)#route-map RD permit 10 R2(config-route-map)#match ip address 10
R2(config-route-map)#set metric 20
R2(config-route-map)#set metric-type type-2 !
R2(config)#router ospf 10
R2(confjg-router)#redistribute eigrp 10 subnets route-map RD
 B. R2(config)#access-list 10 permit 192.168.10.0 0.0.0.255
R2(config)#route-map RD permit 10
R2(config-route-map)#match ip address 10
R2(config-router)#redistribute eigrp 10 subnets route-map RD
 C. R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255
R1(config)#route-map RD permit 10 R1(config-route-map)#match ip address 10
 D. R1(config)#access-list 10 permit 192.168.10.0 0.0.0.255
R1(config)#route-map RD permit 10
R1(config-route-map)#match ip address 10
Hide Answer
Question #: 249
Topic #: 1
Which feature minimizes DoS attacks on an IPv6 network?
 A. IPv6 Binding Security Table

 B. IPv6 Router Advertisement Guard
 C. IPv6 Prefix Guard
 D. IPv6 Destination Guard
Hide Answer
Suggested Answer: D
Question #: 250
Topic #: 1
Refer to the exhibit. A network administrator must block ping from user 3 to the App Server only. An
inbound standard access list is applied to R1 interface G0/0 to block ping. The network administrator was
notified that user 3 cannot even ping user 9 anymore. Where must the access list be applied in the
outgoing direction to resolve the issue?
 A. R2 interface G0/0

 B. SW1 interface G1/10
 C. R2 interface G1/0
 D. SW1 interface G2/21
Hide Answer
C (100%)
Question #: 252
Topic #: 1
Refer to the exhibit. An engineer configured BGP and wants to select the path from 10.77.255.57 as the
best path instead of current best path. Which action resolves the issue?
 A. Configure higher MED to select as the best path.

 B. Configure AS_PATH prepend for the current best path.
 C. Configure AS_PATH prepend for the desired best path.
 D. Configure lower LOCAL_PREF to select as the best path.
Hide Answer
Question #: 253
Topic #: 1
What is a function of IPv6 Source Guard?
 A. It inspects ND and DHCP packets to build an address binding table.

 B. It works with address glean or ND to find existing addresses.
 C. It notifies the ND protocol to inform hosts if the traffic is denied by it.
 D. It denies traffic from known sources and allocated addresses.
Hide Answer
B (67%)
A (33%)
Question #: 256
Topic #: 1
Refer to the exhibit. An administrator configures a router to stop using a particular default route if the DNS
server 8.8.8.8 is not reachable through that route. However, this configuration did not work as desired and
the default route still works even if the DNS server 8.8.8.8 is unreachable. Which two configuration
changes resolve the issue? (Choose two.)
 A. Use a separate track object to reference the existing IP SLA 1 probe for every static route.
 B. Use a separate IP SLA probe and track object for every static route.
 C. Associate every IP SLA probe with the proper WAN address of the router.
 D. Reference the proper exit interfaces along with the next hops in both static default routes.
 E. Configure two static routes for the 8.8.8.8/32 destination to match the IP SLA probe for each ISP.
Hide Answer
Suggested Answer: BC 🗳️
BC (100%)
Question #: 257
Topic #: 1
Refer to the exhibit. The network administrator configured the Chicago router to mutually redistribute the
LA and NewYork routes with OSPF routes to be summarized as a single route in EIGRP using the longest
summary mask:
router eigrp 100 redistribute ospf 1 metric 10 10 10 10 10

router ospf 1 redistribute eigrp 100 subnets
!
interface E 0/0
ip summary-address eigrp 100 172.16.0.0 255.255.0.0
After the configuration, the New York router receives all the specific LA routes but the summary route.
Which set of configurations resolves the issue on theChicago router?
 A. router eigrp 100 summary-address 172.16.8.0 255.255.252.0

 B. interface E 0/1 ip summary-address eigrp 100 172.16.8.0 255.255.252.0
 C. router eigrp 100 summary-address 172.16.0.0 255.255.0.0
 D. interface E 0/1 ip summary-address eigrp 100 172.16.0.0 255.255.0.0
Suggested Answer: B
Question #: 258
Topic #: 1
Refer to the exhibit. An engineer must configure PBR on R1 to reach to 10.2.2.0/24 via R3 AS64513 as
the primary path and a backup route through default route via R2 AS64513. All BGP routes are in the
routing table of R1, but a static default route overrides BGP routes. Which PBR configuration achieves the
objective?
 A. access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ! route-map PBR permit 10 match ip
address 100 set ip next-hop recursive 10.3.3.1
 B. access-list 100 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0 ! route-map PBR permit 10
match ip address 100 set ip next-hop recursive 10.3.3.1
 C. access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ! route-map PBR permit 10 match ip
address 100 set ip next-hop 10.3.3.1
 D. access-list 100 permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0 ! route-map PBR permit 10
match ip address 100 set ip next-hop 10.3.3.1
Hide Answer
Question #: 260
Topic #: 1
Refer to the exhibit. When an FTP client attempts to use passive FTP to connect to the FTP server, the
file transfers fail. Which action resolves the issue?
 A. Modify traffic filter FTP-SERVER in to the outbound direction.

 B. Configure active FTP traffic.
 C. Configure to permit TCP ports higher than 1023.
 D. Modify FTP-SERVER access list to remove established at the end.
Hide Answer
C (100%)
Question #: 261
Topic #: 1
Refer to the exhibit. An administrator configured a Cisco router for TACACS authentication, but the router
is using the local enable password instead. Which action resolves the issue?
 A. Configure the aaa authentication login default group admin local if-authenticated command instead.
 B. Configure the aaa authentication login admin group tacacs+ local enable none command instead.
 C. Configure the aaa authentication login admin group tacacs+ local if-authenticated command instead.
 D. Configure the aaa authentication login admin group admin local enable command instead.
Hide Answer
Reference:
https://community.cisco.com/t5/network-access-control/problem-setting-7606-router-for-tacacs-authentication/td-p/2316903
Question #: 262
Topic #: 1
An administrator attempts to download the .pack NBAR2 file using TFTP from the CPE router to another
device over the Gi0/0 interface. The CPE is configured as below:
hostname CPE
!
ip access-list extended WAN
<`¦>
remark => All UDP rules below for WAN ID: S421T18E58F90
permit udp any eq domain any
permit udp any any eq tftp
deny udp any any
!
interface GigabitEthernet0/0
<`¦>
ip access-group WAN in
<`¦>
!
tftp-server flash:pp-adv-csr1000v-1612.1a-37-53.0.0.pack
The transfer fails. Which action resolves this issue?
 A. Make the permit udp any eq tftp any entry the last entry in the WAN ACL
 B. Shorten the file name to the 8+3 naming convention
 C. Change the WAN ACL to permit the entire UDP destination port range
 D. Change the WAN ACL to permit the UDP port 69 to allow TFTP
Hide Answer
C (100%)
Question #: 264
Topic #: 1
In a DMVPN network, the Spoke1 user observed that the voice traffic is coming to Spoke2 users via the
hub router. Which command is required on both spoke routers to communicate directly to one another?
 A. ip nhrp nhs multicast

 B. ip nhrp shortcut
 C. ip nhrp map dynamic
 D. ip nhrp redirect
Hide Answer
B (67%)
A (33%)
Question #: 269
Topic #: 1
Refer to the exhibit. An engineer implemented CoPP to limit Telnet traffic to protect the router CPU. It was
noticed that the Telnet traffic did not pass through CoPP. Which configuration resolves the issue?
 A. ip access-list extended TELNET permit tcp host 10.2.2.1 host 10.2.2.4 eq telnet permit tcp host
10.1.1.1 host 10.1.1.3 eq telnet
 B. policy-map COPP class TELNET police 8000 conform-action transmit exceed-action transmit
 C. ip access-list extended TELNET permit tcp host 10.2.2.4 host 10.2.2.1 eq telnet permit tcp host
10.1.1.3 host 10.1.1.1 eq telnet
 D. policy-map COPP class TELNET police 8000 conform-action transmit exceed-action transmit violate-
action drop
Hide Answer
C (50%)
D (50%)
Question #: 270
Topic #: 1
Refer to the exhibit. After configuring OSPF in R1, some external destinations in the network became
unreachable. Which action resolves the issue?
 A. Disconnect the router with the OSPF router ID 0.0.0 0 from the network.
 B. Increase the SPF delay interval on R1 to synchronize routes.
 C. Change the R1 router ID from 10.255.255.1 to a unique value and clear the process.
 D. Clear the OSPF process on R1 to flush stale LSAs sent by other routers.
Hide Answer
Reference:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/118880-technote-ospf-00.html
Question #: 271
Topic #: 1
Refer to the exhibit. A network engineer receives a report that Spoke 1 users can perform bank
transactions with the server located at the Center site, but Spoke 2 users cannot. Which action resolves
the issue?
 A. Configure the Spoke 2 users IP on the router B OSPF domain

 B. Configure IPv6 on the routers B and C interfaces
 C. Configure OSPFv2 on the routers B and C interfaces
 D. Configure encapsulation dot1q 78 on the router C interface
Hide Answer
Question #: 272
Topic #: 1
What is an MPLS LDP targeted session?
 A. LDP session established by exchanging multicast hello packets

 B. LDP session established between LSRs by exchanging TCP hello packets
 C. session between neighbors that are connected no more than one hop away
 D. label distribution session between non-directly connected neighbors
Hide Answer
D (100%)
Question #: 273
Topic #: 1
Refer to the exhibit. An engineer configures DMVPN and receives the hub location prefix of 10.1.1.0/24
on R2 and R3. The R3 prefix of 10.1.3.0/24 is not received on R2, and the R2 prefix 10.1.2.0/24 is not
received on R3. Which action resolves the issue?
 A. Split horizon prevents the routes from being advertised between spoke routers. It should be disabled
with the no ip split-horizon eigrp 10 command on the Gi0/0 interface of R1.
 B. There is no spoke-to-spoke connection. DMVPN configuration should be modified with a manual
neighbor relationship configured between R2 and R3 and confirmed by use of the show ip eigrp neighbor
command.
 C. There is no spoke-to-spoke connection. DMVPN configuration should be modified to enable a tunnel
connection between R2 and R3 and neighbor relationship confirmed by use of the show ip eigrp neighbor
command.
 D. Split horizon prevents the routes from being advertised between spoke routers. It should be disabled
with the command no ip split-horizon eigrp 10 on the tunnel interface of R1.
Hide Answer
Question #: 275
Refer to the exhibit. The IT router has been configured with the Science VRF and the interfaces have
been assigned to the VRF. Which set of configurations advertises Science-1 and Science-2 routes using
EIGRP AS 111?
 A. router eigrp 111 address-family ipv4 vrf Science autonomous-system 1 network 192.168.1.0 network
192.168.2.0
 B. router eigrp 111 address-family ipv4 vrf Science network 192.168.1.0 network 192.168.2.0
 C. router eigrp 111 network 192.168.1.0 network 192.168.2.0
 D. router eigrp 1 address-family ipv4 vrf Science autonomous-system 111 network 192.168.1.0 network
192.168.2.0
Hide Answer
Question #: 276
Topic #: 1
An engineer must override the normal routing behavior of a router for Telnet traffic that is destined to
10.10.10.10 from 10.10.1.0/24 via a next hop of 10.4.4.4, which is directly connected to the router that is
connected to the 10.1.1.0/24 subnet. Which configuration reroutes traffic according to this requirement?
 A. access-list 100 deny tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 !

route-map POLICY permit 10
match ip address 100
set ip next-hop 10.4.4.4
 B. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 !
 C. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 !
set ip next-hop recursive 10.4.4.4
 D. access-list 100 permit tcp 10.10.1.0 0.0.0.255 host 10.10.10.10 eq 23 !
set ip next-hop recursive 10.4.4.4
Hide Answer
D (56%)
B (44%)
Question #: 278
Topic #: 1
Refer to the exhibit. An engineer implemented CoPP but did not see OSPF traffic going through it. Which
configuration resolves the issue?
 A. control-plane service-policy input COPP

 B. policy-map COPP class OSFP police 8000 conform-action transmit exceed-action transmit violate-
action drop
 C. ip access-list extended OSFP permit ospf any any
 D. class-map match-all OSFP match access-group name OSFP
Hide Answer
C (57%)
A (43%)
Question #: 280
Topic #: 1
Refer to the exhibit. R1 and R2 use IGP protocol to route traffic between AS 100 and AS 200 despite
being configured to use BGP. Which action resolves the issue and ensures the use of BGP?
 A. Configure distance to 100 under the OSPF process of R1 and R2

 B. Remove distance commands under BGP AS 100
 C. Remove distance commands under BGP AS 100 and AS 200.
 D. Configure distance to 100 under the EIGRP process of R1 and R2
Hide Answer
C (100%)
Question #: 282
Topic #: 1
Which table is used to map the packets in an MPLS LSP that exit from the same interface, via the same
next hop, and have the same queuing policies?
 A. LDP
 B. FEC
 C. CEF
 D. RIB
Hide Answer
B (100%)
Question #: 301
Topic #: 1
What TCP port is used by LDP to provide for reliable transport connections?
 A. 646
 B. 648
 C. 752
 D. 712
Hide Answer
Question #: 309
Topic #: 1
Which of the following statements is true regarding the e IPv6 RA Guard feature?
 A. This feature is support on LAG bundles interfaces

 B. This feature is supported on private VLANs
 C. Packets dropped by the IPv6 RA Guard feature cannot be spanned.
 D. This feature offers protection in networks where IPv6 traffic is tunneled.
Hide Answer
B (100%)
Question #: 342
Topic #: 1
Refer to the exhibit. A network engineer is provisioning end-to-end traffic service for two different
enterprise networks with these requirements:
• The OSPF process must differ between customers on HQ and Branch office routers, and adjacencies
should come up instantly.
• The enterprise networks are connected with overtapping networks between HQ and a Branch office.
Which configuration meets the requirements for a customer site?
 A. ISP(config-if)#int f1/0 -
ISP(config-if)#ip vrf forwarding EA
ISP(config-if)#description TO->EA2_Branch
ISP(config-if)#ip add 172.16.200.2 255.255.255.0
ISP(config-if)#no shut -
 B. ISP(config-vrf)#int f0/0 -
ISP(config-if)#ip vrf forwarding EB
ISP(config-if)#description TO->EB1_Branch
ISP(config-if)#ip add 172.16.100.2 255.255.255.0
 C. ISP(config)#int f2/0 -
ISP(config-if)#description TO->EA1_HQ
ISP(config-if)#ip address 172.16.100.2 255.255.255.0
 D. ISP(config-if)#int f3/0 -
ISP(config-if)#description TO->EA2_Branch
ISP(config-if)#ip address 172.16.200.2 255.255.255.0
ISP(config-if)#no shut
Show Suggested Answer
Question #: 345
Topic #: 1
What is the minimum time gap required by the local system before putting a BFD control packet on the
wire?
 A. Desired Min TX Interval

 B. Detect Mult
 C. Required Min RX Interval
 D. Required Min Echo RX Interval
Hide Answer
A (50%)
C (50%)
Question #: 349
Topic #: 1
What does the MP-BGP OPEN message contain?
 A. the version number and the AS number to which the router belongs
 B. IP routing information and the AS number to which the router belongs
 C. NLRI, path attributes, and IP addresses of the sending and receiving routers
 D. MPLS labels and the IP address of the router that receives the message
Hide Answer
A (100%)
Question #: 350
Topic #: 1
Refer to the exhibit. An engineer applies a prefix-list filter that filters most of the network 10 prefixes
instead of allowing them. Which action resolves the issue?
 A. Modify the ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 command.

 B. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 le 9 command.
 C. Modify the ip prefix-list EIGRP seq 20 permit 0.0.0.0/0 le 32 command.
 D. Modify the ip prefix-list EIGRP seq 10 permit 10.0.0.0/8 le 32 command.
Hide Answer
Question #: 351
Topic #: 1
How is a preshared key “Test” for all the remote VPN routers configured in a DMVPN using GRE over
IPsec set up?
 A. authentication pre-share Test address 0.0.0.0 0.0.0.0

 B. set pre-share Test address 0.0.0.0 0.0.0.0
 C. crypto ipsec key Test address 0.0.0.0 0.0.0.0
 D. crypto isakmp key Test address 0.0.0.0 0.0.0.0
D (100%)
Question #: 353
Topic #: 1
What is a characteristic of IPv6 RA Guard?
 A. It filters rogue RA broadcasts from connected hosts.

 B. It is supported on the egress direction of the switch.
 C. RA messages are allowed from the host port to the switch.
 D. It is unable to protect tunneled traffic.
Hide Answer
D (100%)
Question #: 355
Topic #: 1
Which two solutions are used to overcome a flapping link that causes a frequent label binding exchange
between MPLS routers? (Choose two.)
 A. Increase input queue on links to protect the session.

 B. Increase a hold-timer to protect the session.
 C. Increase a session delay to protect the session.
 D. Create link dampening on links to protect the session.
 E. Create targeted hellos to protect the session.
Hide Answer
Suggested Answer: DE 🗳️
DE (100%)
Question #: 358
Topic #: 1
The network administrator configured R1 to authenticate Telnet connections based on Cisco ISE using
TACACS+. ISE has been configured with an IP address of 192.168.1.5 and with a network device
pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.
The administrator has configured this on R1:
aaa new-model
!
tacacs server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ TAC-SERV
server name ISE1
!
aaa authentication login telnet group TAC-SERV
The network administrator cannot authenticate to R1 based on ISE. Which configuration fixes the issue?
 A. line vty 0 4
login authentication TAC-SERV
 B. tacacs-server host 192.168.1.5 key Cisco123
 C. ip tacacs-server host 192.168.1.5 key Cisco123
 D. line vty 0 4
login authentication telnet
Hide Answer
D (100%)
Question #: 359
Topic #: 1
The network administrator must configure R1 to authenticate Telnet connections based on Cisco ISE
using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a network device
pointing toward R1 (192.168.1.1) with a shared secret password of Cisco123.
The administrator has configured this on R1:
aaa new-model
!
radius server ISE1
address ipv4 192.168.1.5
key Cisco123
!
aaa group server tacacs+ RAD-SERV
server name ISE1
!
aaa authentication login default group RAD-SERV
The network administrator cannot authenticate to access R1 based on ISE. Which set of configurations
fixes the issue?
 A. line vty 0 4
login authentication RAD-SERV
 B. aaa group server tacacs+ ISE1
server name RAD-SERV
 C. aaa group server radius RAD-SERV
server name ISE1
 D. line vty 0 4
login authentication default
Hide Answer
C (100%)
Question #: 364
Topic #: 1
DRAG DROP
-
Drag and drop the ICMPv6 neighbor discovery messages from the left onto the correct packet types on
the right.
Hide Answer
Suggested Answer:
Type 133 - Router Solicitation

Type 134 - Router Advertisement
Type 135 - Neighbor Solicitation
Type 136 - Neighbor Advertisement
Type 137 - Redirect Message
Question #: 369
Topic #: 1
Refer to the exhibit. An engineer noticed that the router log messages do not have any information about
when the event occurred. Which action should the engineer take when enabling service time stamps to
improve the logging functionality at a granular level?
 A. Configure the debug uptime option.

 B. Configure the msec option.
 C. Configure the timezone option.
 D. Configure the log uptime option.
B (100%)
Question #: 375
Topic #: 1
Refer to the exhibit. A network administrator is tasked to permit http and https traffic only toward the
internet from the User1 laptop to adhere to company’s security policy. The administrator can still ping to
www.cisco.com. Which interface should the access list 101 be applied to resolve this issue?
 A. Interface G0/0 in the outgoing direction.

 B. Interface G0/0 in the incoming direction.
 C. Interface S1/0 in the outgoing direction.
 D. Interface G0/48 in the incoming direction.
Hide Answer
Question #: 379
Topic #: 1
Network operations report issues with receiving too many external routes, which caused CPU spike on
routers with smaller memories. Which action resolves the issue?
 A. Configure the area range command when redistributing on ASBR.

 B. Configure the summary-address command when redistributing on ABR.
 C. Configure the area range command when redistributing on ABR.
 D. Configure the summary-address command when redistributing on ASBR.
Hide Answer
D (100%)
Question #: 383
Topic #: 1
Refer to the exhibits. London must reach Rome using a faster path via EIGRP if all the links are up, but it
failed to take this path. Which action resolves the issue?
 A. Change the administrative distance of RIP to 150.

 B. Increase the bandwidth of the link between London and Barcelona.
 C. Use the network statement on London to inject the 172.16.X.0/24 networks into EIGRP.
 D. Use the network statement on Rome to inject the 172.16.X.0/24 networks into EIGRP.
Hide Answer
Question #: 392
Topic #: 1
Refer to the exhibit. The administrator noticed that the connection was flapping between the two ISPs
instead of switching to ISP2 when the ISP1 failed. Which action resolves the issue?
 A. Include a valid source-interface keyword in the icmp-echo statement.

 B. Reference the track object 1 on the default route through ISP2 instead of ISP1.
 C. Modify the static routes to refer both to the next hop and the outgoing interface.
 D. Modify the threshold to match the administrative distance of the ISP2 route.
Hide Answer
A (100%)
Question #: 394
Topic #: 1
Which MPLS value is combined with the IP prefix to convert to a VPNv4 prefix?
 A. 8-byte Route Distinguisher

 B. 8-byte Route Target
 C. 16-byte Route Target
 D. 16-byte Route Distinguisher
Hide Answer
A (100%)
Question #: 397
Topic #: 1
Refer to the exhibit. AS 111 must not be used as a transit AS, but ISP-1 is getting ISP-2 routes from AS
111. Which configuration stops Customer AS from being used as a transit path on ISP-1?
 A. ip as-path access-list 1 permit.*

 B. ip as-path access-list 1 permit_111_
 C. ip as-path access-list 1 permit ^$
 D. ip as-path access-list 1 permit ^111$
Hide Answer
D (100%)
Question #: 399
Topic #: 1
Refer to the exhibit. R2 can access content on the server successfully. A network engineer finds packet
drops on PC1 for traffic destined to network 2.2.2.2/32. Which action resolves the issue?
 A. Redistribute the connected metric in EIGRP.

 B. Add the eigrp stub connected static command.
 C. Redistribute the static metric in EIGRP.
 D. Remove the eigrp stub connected command.
Hide Answer
D (60%)
C (40%)
Question #: 405
Topic #: 1
Refer to the exhibit. An administrator must upload the packages.conf file to an FTP server. However, the
FTP server rejected anonymous service and required users to authenticate. What are the two ways to
resolve the issue? (Choose two.)
 A. Use the copy flash:packages.conf scp: command instead, and enter the FTP server credentials when
prompted.
 B. Use the copy flash:packages.conf ftp: command instead, and enter the FTP server credentials when
prompted.
 C. Enter the FTP server credentials directly in the FTP URL using the
ftp://username:[email protected]/ syntax.
 D. Create a user on the router matching the username and password on the FTP server and log in before
attempting the copy.
 E. Use ip ftp username and ip ftp password configuration commands to specify valid FTP server
credentials.
Suggested Answer: CE 🗳️
CE (100%)
Question #: 427
Topic #: 1
What is a function of the IPv6 DHCP Guard feature for DHCP messages?
 A. If the device is configured as a DHCP server, no message is switched.

 B. All client messages are always switched regardless of the device role.
 C. It blocks only DHCP request messages.
 D. Only access lists are supported for matching traffic.
Hide Answer
B (100%)
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sys-image-mgmt/configuration/xe-3s/asr903/sysimgmgmt-xe-3s-asr903-book/
sysimgmgmt-ftp.html
Question #: 423
Topic #: 1
An engineer creates a default static route on a router with a next hop of 10.1.1.1. On inspection, the
engineer finds the router has two VRFs, Red and Blue. The next hop is valid for both VRFs and exists in
each assigned VRF. Which configuration achieves connectivity?
 A. ip route vrf Red 0.0.0.0 0.0.0.0 10.1.1.1

ip route vrf Blue 0.0.0.0 0.0.0.0 10.1.1.1
 B. ip route vrf BLUE 0.0.0.0 255.255.255.255 10.1.1.1
ip route vrf RED 0.0.0.0 255.255.255.255 10.1.1.1
 C. ip route vrf Red 0.0.0.0 255.255.255.255 10.1.1.1
 D. ip route vrf Blue 0.0.0.0 255.255
Hide Answer
Question #: 425
Topic #: 1
Refer to the exhibit. An engineer configured route exchange between two different companies for a
migration project. EIGRP routes were learned in router C, but no OSPF routes were learned in router A.
Which configuration allows router A to receive OSPF routes?
 A. (config-router-af-topology)#no redistribute ospf 10 match external 1 external 2 metric 1000000 10 255

1 1500
 B. (config-router-af)#redistribute ospf 10 1000000 10 255 1 1500
 C. (config-router-af-topology)#redistribute connected
 D. (config-router-af-topology)#redistribute ospf 10 metric 1000000 10 255 1 1500
Hide Answer
Question #: 428
Topic #: 1
Refer to the exhibit. An administrator is troubleshooting a time synchronization problem for the router's
time to another Cisco IOS XE-based device that has recently undergone security hardening. Which action
resolves the issue?
 A. NTP service is disabled and must be enabled on 10.1.255.40.

 B. Ensure that the CPE router has a valid route to 10.1.255.40 for NTP and rectify if not reachable.
 C. Allow NTP in the ingress ACL on 10.1.255.40 by permitting UDP destined to port 123.
 D. Allow NTP in the ingress ACL on 10.1.255.40 by permitting TCP destined to port 123.
Hide Answer
A (100%)
Question #: 432
Topic #: 1
Which protocol must be secured with MD-5 authentication across the MPLS cloud to prevent hackers
from introducing bogus routers?
 A. RSVP
 B. ALSO
 C. LDP
 D. MP-BGP
Hide Answer
C (100%)
Question #: 434
Topic #: 1
A customer is running an mGRE DMVPN tunnel over WAN infrastructure between hub and spoke sites.
The existing configuration allows NHRP to add spoke routers automatically to the multicast NHRP
mappings. The customer is migrating the network from IPv4 to the IPv6 addressing scheme for those
spokes' routers that support IPv6 and can run DMVPN tunnel over the IPv6 network. Which configuration
must be applied to support IPv4 and IPv6 DMVPN tunnels on spoke routers?
 A. tunnel mode ipv6ip 6to4

 B. tunnel mode ipv6ip auto-tunnel
 C. tunnel mode ipv6ip 6rd
 D. tunnel mode ipv6ip isatap
Hide Answer
B (100%)
Question #: 435
Topic #: 1
Refer to the exhibit. Which action ensures that 10.10.10.0/24 reaches 10.10.20.0/24 through the direct
link between R1 and R2?
 A. Configure R1 and R2 LAN links as nonpassive.

 B. Configure R1 and R2 links under area 1.
 C. Configure OSPF link cost to 1 between R1 and R2.
 D. Configure OSPF path cost to 3 between R1 and R2.
B (100%)
Question #: 439
Topic #: 1
Refer to the exhibit. A bank ATM site has difficulty connecting with the bank server. A network engineer
troubleshoots the issue and finds that R4 has no active route to the bank ATM site. Which action resolves
the issue?
 A. EIGRP peering between R1 and R2 to be fixed.

 B. Advertise 10.10.30.0/24 subnet in R3 EIGRP AS.
 C. Advertise 10.10.30.0/24 subnet in R1 EIGRP AS.
 D. EIGRP peering between R3 and R4 to be fixed.
Show Suggested Answer

Question #: 442
Topic #: 1
Which command is used to check IP SLA when an interface is suspected to receive lots of traffic with
options?
 A. Show track
 B. Show threshold
 C. Show timer
 D. Show delay A
Hide Answer
A (100%)
Which SNMP verification command shows the encryption and authentication protocols that are used in
SNMPV3?
 A. Show snmp group

 B. Show snmp user
 C. Show snmp
 D. Show snmp view
Which statement about redistribution from BGP into OSPF process 10 is true?
 A. Network 172.16.1.0/24 is not redistributed into OSPF.

 B. Network 172.16.1.0/24 is redistributed with administrative distance of 1.
 C. Network 10.10.10.0/24 is not redistributed into OSPF.
 D. Network 10.10.10.0/24 is redistributed with administrative distance of 20.
Question #: 626
Topic #: 1
Which two components are needed for a service provider to utilize the LVPN MPLS application? (Choose
two.)
 A. The P routers must be configured for MP-iBGP toward the PE routers

 B. The P routers must be configured with RSVP.
 C. The PE routers must be configured for MP-iBGP with other PE routers
 D. The PE routers must be configured for MP-eBGP to connect to CEs
 E. The P and PE routers must be configured with LDP or RSVP
Suggested Answer: C, E
Question #642 Topic 1
Drag and Drop the IPv6 First-Hop Security features from the left onto the definitions on the right.
HIDE ANSWER
Answer:
Question #: 762
Topic #: 1
Users were moved from the local DHCP server to the remote corporate DHCP server. After the move,
none of the users were able to use the network. Which two issues will prevent this setup from working
properly? (Choose two.)
 A. The route to the new DHCP server is missing.

 B. The broadcast domain is too large for proper DHCP propagation.
 C. 802.1X is blocking DHCP traffic.
 D. Auto-QoS is blocking DHCP traffic.
 E. The DHCP server IP address configuration is missing locally.
Hide Answer
Suggested Answer: AE 🗳️
AE (100%)
Actual exam question for Cisco's 300-410 exam
Question #: 35
Topic #: 11
While troubleshooting an EIGRP neighbor adjacency problem, the network engineer notices that the
interface connected to the neighboring router is not participating in the EIGRP process. Which action
resolves the issues?
A. Configure the network command to network 172.16.0.1 0.0.0.0

B. Configure the network command under EIGRP address family vrf CLIENT1
C. Configure EIGRP metrics on interface FastEthernet0/3
D. Configure the network command under EIGRP address family ipv4
Suggested Answer: B
Question #: 71
Topic #: 7
The administrator has successfully logged into R1 but is unable to access privileged mode commands.
Which configuration is causing the problem?
 A. The aaa authorization reverse-access command is missing.

 B. The username command uses password, not secret.
 C. Enable secret or enable password must be configured.
 D. The password on the VTY does not match the username password.
Hide Answer
C (100%)
Question #: 25
Topic #: 14
What are two characteristics of VRF instance? (Choose two.)
 A. All VRFs share customers routing and CEF tables .

 B. An interface must be associated to one VRF.
 C. Each VRF has a different set of routing and CEF tables
 D. It is defined by the VPN membership of a customer site attached to a P device.
 E. A customer site can be associated to different VRFs
Suggested Answer: B, C
What is LDP label binding?
A. neighboring router with label

B. source prefix with label
C. destination prefix with label
D. two routers with label distribution session
Suggested Answer: C
An engineer notices that R1 does not hold enough log messages to identify the root cause during
troubleshooting. Which command resolves this issue?
 A. Option A
 B. Option B
 C. Option C
 D. Option D
Suggested Answer: B
Refer to the exhibit. An engineer implemented an access list on R1 to allow anyone to Telnet except R2
Loopback0 to R1 Loopback4. How must sequence 20 be replaced on the R1 access list to resolve the
issue?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: C
Refer to the exhibit. Site1 must perform unequal cost load balancing toward the segments behind Site2
and Site3. Some of the routes are getting load balanced but others are not. Which configuration allows
Site1 to load balance toward all the LAN segments of the remote routers?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: D
A network engineer must establish communication between three different customer sites with these
requirements:
Site-A: must be restricted to access to any users at Site-B or Site-C.
Site-B and Site-C must be able to communicate between sites and share routes using OSPF.
Which configuration meets the requirements?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: C
What is the function of BFD?
A. It provides uniform failure detection regardless of media type.

B. It creates high CPU utilization on hardware deployments.
C. It negotiates to the highest version if the neighbor version differs.
D. It provides uniform failure detection on the same media type.
Suggested Answer: A
A network administrator must optimize the segment size of the TCP packet on the DMVPN IPsec
protected tunnel interface, which carries application traffic from the head office to a designated branch.
The TCP segment size must not overwhelm the MTU of the outbound link. Which configuration must be
applied to the router to improve the application performance?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Drag and drop the MPLS concepts from the left onto the descriptions on the right.
Select and Place:
HIDE ANSWERS
Correct Answer:
Which IPv6 first hop security feature controls the traffic necessary for proper discovery of neighbor device
operation and performance?
A. RA Throttling
B. Source or Destination Guard
C. ND Multicast Suppression
D. IPv6 Snooping
Hide Answer
Suggested Answer: D
While troubleshooting a BGP route reflector configuration, an engineer notices that reflected routes are
missing from neighboring routers. Which two BGP configurations are needed to resolve the issue?
(Choose two)
A. neighbor 10.1.1.14 route-reflector-client

B. neighbor R2 route-reflector-client
C. neighbor 10.1.1.2 allowas-in
D. neighbor R4 route-reflector-client
E. neighbor 10.1.1.2 route-reflector-client
Hide Answer
Suggested Answer: A, E
An engineer configured a router with this configuration
ip access-list DENY TELNET

10 deny tcp any any eq 23 log-input
The router console starts receiving log message :%SEC-6-IPACCESSLOGP: list DENY_TELNET denied
tcp 192.168.1.10(1022)(FastEthernet1/0 D508.89gb.003f) ->192.168.2.20(23), 1 packet"
Which action stops messages on the console while still denying Telnet?
A. Configure a 20 permit ip any any command

B. Remove log-Input keyword from the access list.
C. Replace log-input keyword with the log keyword in the access list.
D. Configure a 20 permit ip any any log-input command.
Hide Answer
Suggested Answer: B
What are the two goals of micro BFD sessions? (Choose two.)
A. The high bandwidth member link of a link aggregation group must run BFD
B. Run the BFD session with 3×3 ms hello timer
C. Continuity for each member link of a link aggregation group must be verified
D. Any member link on a link aggregation group must run BFD
E. Each member link of a link aggregation group must run BFD.
Suggested Answer: CE
A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command. Which
configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU over GRE?
A. ip tcp adjust-mss 1360 crypto ipsec fragmentation after-encryption

B. ip tcp adjust-mtu 1360 crypto ipsec fragmentation after-encryption
C. ip tcp adjust-mss 1360 crypto ipsec fragmentation mtu-discovery
D. ip tcp adjust-mtu 1360 crypto ipsec fragmentation mtu-discovery
Suggested Answer: A
A customer reports that traffic is not passing on an EIGRP enabled multipoint interface on a router
configured as below:
interface Serial0/0
no ip address interface Server0/0/0.9 multipoint
ip address 10.1.1.1 255.255.255.248
ip split-horizon eigrp 1
A. Enable poison reverse

B. Enable split horizon
C. Disable poison reverse
D. Disable split horizon
Suggested Answer: D
Which action restores OSPF adjacency between R1 and R2?
A. Change the IP MTU of R1 Fa1/0 to 1300

B. Change the IP MTU of R2 Fa0/0 to 1300
C. Change the IP MTU of R1 Fa1/0 to 1500
D. Change the IP MTU of R2 Fa0/0 to 1500
Suggested Answer: D
An engineer is trying to add an encrypted user password that should not be visible in the router
configuration. Which two configuration commands resolve the issue? (Choose two)
A. password encryption aes

B. username Admin password Cisco@maedeh motamedi
C. username Admin password 5 Cisco@maedeh motamedi
D. username Admin secret Cisco@maedeh motamedi
E. no service password-encryption
F. service password-encryption
Suggested Answer: DF
Which method provides failure detection in BFD?
A. short duration, high overhead

B. short duration, low overhead
C. long duration, high overhead
D. long duration, low overhead
Suggested Answer: B
The administrator is trying to overwrite an existing file on the TFTP server that was previously uploaded
by another router. However, the attempt to update the file fails. Which action resolves this issue?
A. Make the packages.conf file executable by all on the TFTP server

B. Make the packages.conf file writable by all on the TFTP server
C. Make sure to run the TFTP service on the TFTP server
D. Make the TFTP folder writable by all on the TFTP server
Suggested Answer: B
A network administrator notices these console messages from host 10.11.110.12 originating from
interface E1/0. The administrator considers this an unauthorized attempt to access SNMP on R1. Which
action prevents the attempts to reach R1 E1/0?
A. Configure IOS control plane protection using ACL 90 on interface E1/0

B. Configure IOS management plane protection using ACL 90 on interface E1/0
C. Create an inbound ACL on interface E1/0 to deny SNMP from host 10.11.110.12
D. Add a permit statement including the host 10.11.110.12 into ACL 90
Suggested Answer: B
Which IPv6 feature enables a device to reject traffic when it is originated from an address that is not
stored in the device binding table?
A. IPv6 Snooping
B. IPv6 Source Guard
C. IPv6 DAD Proxy
D. IPv6 RA Guard
Suggested Answer: B
What is a function of an end device configured with DHCPv6 guard?
A. If it is configured as a server, only prefix assignments are permitted.

B. If it is configured as a relay agent, only prefix assignments are permitted.
C. If it is configured as a client, messages are switched regardless of the assigned role.
D. If it is configured as a client, only DHCP requests are permitted.
Suggested Answer: C
An engineer must configure a LAN-to-LAN IPsec VPN between R1 and the remote router. Which IPsec
Phase 1 configuration must the engineer use for the local router?
A. crypto isakmp policy 5

authentication pre-share
encryption 3des
hash sha
group 2
!
crypto isakmp key cisco123 address 200.1.1.3
B. crypto isakmp policy 5

encryption 3des
hash md5
group 2
!
C. crypto isakmp policy 5

encryption 3des
hash md5
group 2
!
D. crypto isakmp policy 5

encryption 3des
hash md5
group 2
!
crypto isakmp key cisco123! address 199.1.1.1
Suggested Answer: A
An administrator is configuring a GRE tunnel to establish an EIGRP neighbor to a remote router. The
other tunnel endpoint is already configured. After applying the configuration as shown, the tunnel started
flapping. Which action resolves the issue?
A. Modify the network command to use the Tunnel0 interface netmask

B. Advertise the Loopback0 interface from R2 across the tunnel
C. Stop sending a route matching the tunnel destination across the tunnel
D. Readdress the IP network on the Tunnel0 on both routers using the /31 netmask
Suggested Answer: C
A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321 router.
However, the SSH response from the router is abnormal and stuck during the high link utilization. The
problem is identified as SSH traffic does not match in the ACL. Which action resolves the issue?
A. Rate-limit SSH traffic to ensure dedicated bandwidth.

B. Apply CoPP on the control plane interface.
C. Increase the IP precedence value of SSH traffic to 6.
D. Apply CoPP on the WAN interface inbound direction.
Suggested Answer: B
Refer to Exhibit.
PC2 is directly connected to R1. A user at PC2 cannot Telnet to 2001:db8:a:b::10. The user can ping
2001:db8:a:b::10 and receive DHCP-related information from the DHCP server. Which action resolves the
issue?
A. Remove sequence 10 and put it back as sequence 25.

B. Remove sequence 20 and put it back as sequence 45.
C. Remove sequence 30 and put it back as sequence 5.
D. Remove sequence 40 and put it back as sequence 15.
Suggested Answer: A
The network administrator configured the router for Control Plane Policing to limit OSPF traffic to be
policed to 1 Mbps. Any traffic that exceeds this limit must also be allowed at this point for traffic analysis.
The router configuration is:
access-list 100 permit ospf any any

!
class-map CM-OSPF
!
policy-map PM-COPP
class CM-OSPF
!
control-plane
service-policy output PM-COPP
The Control Plane Policing failed to monitor and police OSPF traffic. Which configuration resolves this
issue?
A. policy-map PM-COPP
class CM-OSPF
no police 1000000 conform-action transmit
exceed-action transmit
!
control-plane
no service-policy output PM-COPP
B. policy-map PM-COPP
class CM-OSPF
exceed-action transmit
C. control-plane
D. no access-list 100
access-list 100 deny ospf any any
access-list 100 permit ip any any
!
policy-map PM-COPP
class CM-OSPF
exceed-action drop
!
control-plane
Suggested Answer: A
The network engineer configured the summarization of the RIP routes into the OSPF domain on R5 but
still sees four different 172.16.0.0/24 networks on R4. Which action resolves the issue?
A. R5(config)#router ospf 1
R5(config-router)#no area
R5(config-router)#summary-address 172.16.0.0 255.255.252.0
B. R4(config)#router ospf 99
R4(config-router)#network 172.16.0.0 0.255.255.255 area 56
R4(config-router)#area 56 range 172.16.0.0 255.255.255.0
C. R4(config)#router ospf 1
R4(config-router)#no area
R4(config-router)#summary-address 172.16.0.0 255.255.252.0
D. R5(config)#router ospf 99
R5(config-router)#network 172.16.0.0 0.255.255.255 area 56
R5(config-router)#area 56 range 172.16.0.0 255.255.255.0
Suggested Answer: A
What are the two prerequisites to enable BFD on Cisco routers? (Choose two)
A. A supported IP routing protocol must be configured on the participating routers.

B. OSPF Demand Circuit must run BFD on all participating routers.
C. ICMP must be allowed on all participating routers.
D. UDP port 1985 must be allowed on all participating routers.
E. Cisco Express Forwarding and IP Routing must be enabled on all participating routers.
An engineer must establish a point-to-point GRE VPN between R1 and the remote site. Which
configuration accomplishes the task for the remote site?
A. Interface Tunnel1
tunnel source 199.1.1.1
tunnel destination 200.1.1.3
ip address 192.168.1.3 255.255.255.0
B. Interface Tunnel1
ip address 192.168.1.1.255.255.255.0
C. Interface Tunnel1
ip address 192.168.1.3.255.255.255.0
D. Interface Tunnel
ip address 192.168.1.1.255.255.255.0
Suggested Answer: C
A prefix list is created to filter routes inbound to an EIGRP process except for network 10 prefixes. After
the prefix list is applied no network 10 prefixes are visible in the routing table from EIGRP.
A. ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9.

B. ip prefix-list EIGRP seq 10 permit 0.0.0.0/0 le 32
C. ip prefix-list EIGRP seq 5 permit 10.0.0.0/8 ge 9 no ip prefix-list EIGRP seq 20 permit 10.0.0.0/8
D. ip prefix-list EIGRP seq 20 permit 10.0.0.0/8 ge 9 ip prefix-list EIGRP seq 10 permit 0.0.0.0/0 le 32
Suggested Answer: C
Although summarization is configured for R1 to receive 10.0.0.0/8, more specific routes are received by
R1. How should the 10.0.0.0/8 summary route be received from the neighbor, attached to R1 via Fast
Ethernet0/0 interface?
A. R1 should configure the ip summary-address eigrp 10.0.0.0 255.0.0.0 command under the Fast
Ethernet 0/0 interface.
B. The summarization condition is not met Router 10 1 100.10 requires a route for 10 0.0.0/8 that points
to null 0
C. The summarization condition is not met. The network 10.1.100.0/24 should be changed to
172.16.0.0/24.
D. R1 should configure the ip summary-address eigrp 10.0.0.0 0.0.0.255 command under the Fast
Ethernet 0/0 interface.
Suggested Answer: A
What is the purpose of the DHCPv6 Guard?
A. It messages between a DHCPv6 server and a DHCPv6 client (or relay agent).
B. It shows that clients of a DHCPv5 server are affected.
C. It blocks DHCPv6 messages from relay agents to a DHCPv6 server.
D. It allows DHCPv6 replay and advertisements from (rouge) DHCPv6 servers.
Suggested Answer: A
What is an advantage of implementing BFD?
A. BFD provides faster updates for any flapping route.

B. BFD provides millisecond failure detection
C. BFD is deployed without the need to run any routing protocol
D. BFD provides better capabilities to maintain the routing table
Suggested Answer: B
A company is expanding business by opening 35 branches over the Internet. A network engineer must
configure DMVPN at the branch routers to connect with the hub router and allow NHRP to add spoke
routers securely to the multicast NHRP mappings automatically. Which configuration meets this
requirement at the hub router?
A.
B.
C.
D.
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: C
The administrator configured the network devise for end-to-end reachability, but the ASBRs are not
propagation routes to each other. Which set of configuration resolves this issue?
A.
router bgp 100
neighbor 10.1.1.1 route-reflector-client
B.
router bgp 100
neighbor 10.1.1.1 next-hop-self
C.
router bgp 100
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.2.2 update-source Loopback0
neighbor 10.1 3.3 update-source Loopback0
D.
router bgp 100
neighbor 10.1.1.1 ebgp-multihop
neighbor 1021.2.2 ebgp-multihop
neighbor 10.1.3.3 ebgp-multihop
Suggested Answer: A
After a security audit, the administrator implemented an ACL in the route reflector. The RR became
unreachable from any router in the network. Which two actions resolve the issue? (Choose two.)
A. Enable the ND proxy feature on the default gateway.

B. Configure a link-local address on the Ethernet0/1 interface.
C. Permit ICMPv6 neighbor discovery traffic in the ACL.
D. Remove the ACL entry 80.
E. Change the next hop of the default route to the link-local address of the default gateway
Suggested Answer: CD
An engineer is troubleshooting a failed Telnet session from PC to the DHCP server. Which action
resolves the issue?
A. Remove sequence 30 and add it back to the IPv6 traffic filter as sequence 5.
B. Remove sequence 20 and add it back to the IPv6 traffic filter as sequence 5.
C. Remove sequence 10 to add the PC source IP address and add it back as sequence 10.
D. Remove sequence 20 for sequence 40 in the access list to allow Telnet.
Suggested Answer: B
An OSPF neighbor relationship between R2 and R3 is showing stuck in EXCHANGE/EXSTART state.

The neighbor is established between R1 and R2. The network engineer can ping from R2 to R3 and vice
versa, but the neighbor is still down. Which action resolves the issue?
A. Restore the Layer 2/Layer 3 conectivity issue in the ISP network.

B. Match MTU on both routers interfaces or ignore MTU.
C. Administrative “shut then no shut” both router interfaces.
D. Enable OSPF on the interface, which is required
Suggested Answer: B
An engineer configured NetFlow on R1, but the NMS server cannot see the flow from ethernet 0/0 of R1.
A. flow monitor Flowmonitor1 source Ethernet0/0
B. interface Ethernet0/1
ip flow monitor Flowmonitor1 input
ip flow monitor Flowmonitor1 output
C. interface Ethernet0/0
ip flow monitor Flowmonitor1 input
ip flow monitor Flowmonitor1 output
D. flow exporter FlowAnalyzer1 source Ethernet0/0
Suggested Answer: C
R1 is configured with uRPF, and ping to R1 is failing from a source present in the R1 routing table via the
GigatxtEthernet 0/0 interface. Which action resolves the issue?
A. Remove the access list from the interface GigabrtEthernet 0/0

B. Modify the uRPF mode from strict to loose
C. Enable Cisco Express Forwarding to ensure that uRPF is functioning correctly
D. Add a floating static route to the source on R1 to the GigabitEthernet 0/1 interface
Suggested Answer: B
Exhibit:
Which action resolves the authentication problem?
A. Configure the user name on the TACACS+ server

B. Configure the UDP port 1812 to be allowed on the TACACS+ server
C. Configure the TCP port 49 to be reachable by the router
D. Configure the same password between the TACACS+ server and router.
Suggested Answer: D
Exhibit:
Bangkok is using ECMP to reach to the 192.168.5.0/24 network. The administrator must configure
Bangkok in such a way that Telnet traffic from 192.168.3.0/24 and192.168.4.0/24 networks uses the
HongKong router as the preferred router. Which set of configurations accomplishes this task?
A. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
! route-map PBR1 permit 10
interface Ethernet0/3 ip policy route-map PBR1
B. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23

access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
interface Ethernet0/1 ip policy route-map PBR1
C. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23

access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
!interface Ethernet0/3 ip policy route-map PBR1
D. access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
set ip next-hop 172.18.1.2 !i nterface
Ethernet0/1 ip policy route-map PBR1
Suggested Answer: C
Refer to the exhibit. Which action restores the routes from neighbors while still filtering 1.1.1.0/24?
A. Add a second line in the access list to permit any.

B. Modify the route map to permit the access list instead of deny it
C. Modify the access list to deny instead of permit it.
D. Add a second sequence in the route map permit 20
Suggested Answer: D
An engineer sets up a DMVPN connection to connect branch 1 and branch 2 to HQ. Branch 1 and branch
2 cannot communicate with each other. Which change must be made to resolve this issue?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: D
Refer to Exhibit.
Which two configurations allow clients to get dynamic ip addresses assigned?
A. Configure access-list 100 permit udp any any eq 61 as the first line
B. Configure access-list 100 permit udp any any eq 86 as the first line
C. Configure access-list 100 permit udp any any eq 68 as the first line
D. Configure access-list 100 permit udp any any eq 69 as the first line
E. Configure access-list 100 permit udp any any eq 67 as the first line
Refer to Exhibit.
Traffic from the branch network should route through HQ R1 unless the path is unavailable. An engineer
tests this functionality by shutting down interface on the BRANCH router toward HQ_R1 router but
192.168.20.0/24 is no longer reachable from the branch router. Which set of configurations resolves the
issue?
A. HQ_R1(config)# ip sla responder

HQ_R1(config)# ip sla responder icmp-echo 172.16.35.2
B. BRANCH(config)# ip sla 1
BRANCH(config-ip-sla)# icmp-echo 172.16.35.1
C. HQ_R2(config)# ip sla responder

HQ_R2(config)# ip sla responder icmp-echo 172.16.35.5
D. BRANCH(config)# ip sla 1
BRANCH(config-ip-sla)# icmp-echo 172.16.35.2
Suggested Answer: D
The administrator can see the traps for the failed login attempts, but cannot see the traps of successful
login attempts. What command is needed to resolve the issue?
A. Configure logging history 2

B. Configure logging history 3
C. Configure logging history 4
D. Configure logging history 5
Suggested Answer: D
Which feature drops packets if the source address is not found in the snooping table?
A. IPv6 Source Guard

B. IPv6 Destination Guard
C. IPv6 Prefix Guard
D. Binding Table Recovery
Suggested Answer: A
Which two actions should be taken to access the server? (Choose two.)
A. Modify the access list to add a second line of permit ip any

B. Modify the access list to deny the route to 192.168.2.2.
C. Modify distribute list seq 10 to permit the route to 192.168.2.2.
D. Add a sequence 20 in the route map to permit access list 1.
E. Add a floating static route to reach to 192.168.2.2 with administrative distance higher than OSPF
What does IPv6 Source Guard utilize to determine if IPv6 source addresses should be forwarded?
A. ACE
B. ACLS
C. DHCP
D. Binding Table
Suggested Answer: D
What is the output of the following command: show ip vrf
A. Show’s default RD values

B. Displays IP routing table information associated with a VRF
C. Show’s routing protocol information associated with a VRF.
D. Displays the ARP table (static and dynamic entries) in the specified VRF
Suggested Answer: A
Which two statements about redistributing EIGRP into OSPF are true? (Choose two)
A. The redistributed EIGRP routes appear as type 3 LSAs in the OSPF database
B. The redistributed EIGRP routes appear as type 5 LSAs in the OSPF database
C. The administrative distance of the redistributed routes is 170
D. The redistributed EIGRP routes appear as OSPF external type 1
E. The redistributed EIGRP routes as placed into an OSPF area whose area ID matches the EIGRP
autonomous system number
F. The redistributed EIGRP routes appear as OSPF external type 2 routes in the routing table
Suggested Answer: BF
Which routes from OSPF process 5 are redistributed into EIGRP?
A. E1 and E2 subnets matching access list TO-OSPF

B. E1 and E2 subnets matching prefix list TO-OSPF
C. only E2 subnets matching access list TO-OSPF
D. only E1 subnets matching prefix listTO-OS1
Suggested Answer: A
Which protocol does VRF-Lite support?
A. IS-IS
B. ODR
C. EIGRP
D. IGRP
Suggested Answer: C
Which two statements about VRF-Lite configurations are true? (Choose two.)
A. They support the exchange of MPLS labels

B. Different customers can have overlapping IP addresses on different VPNs
C. They support a maximum of 512.000 routes
D. Each customer has its own dedicated TCAM resources
E. Each customer has its own private routing table.
F. They support IS-IS
Suggested Answer: BE
Refer to the following output:
Router#show ip nhrp detail

10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
TypE. dynamic, Flags: authoritative unique nat registered used
NBMA address: 10.12.1.2
What does the authoritative flag mean in regards to the NHRP information?
A. It was obtained directly from the next-hop server.

B. Data packets are process switches for this mapping entry.
C. NHRP mapping is for networks that are local to this router.
D. The mapping entry was created in response to an NHRP registration request.
E. The NHRP mapping entry cannot be overwritten.
Suggested Answer: A
What is the role of a route distinguisher via a VRF-Lite setup implementation?
A. It extends the IP address to identify which VFP instance it belongs to.

B. It manages the import and export of routes between two or more VRF instances
C. It enables multicast distribution for VRF-Lite setups to enhance EGP routing protocol capabilities
D. It enables multicast distribution for VRF-Lite setups to enhance IGP routing protocol capabilities
Suggested Answer: A
Which option is the best for protecting CPU utilization on a device?
A. fragmentation
B. COPP
C. ICMP redirects
D. ICMP unreachable messages
Suggested Answer: B
Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel interface on the
hub, to support multiple connections from multiple spoke devices?
A. DMVPN
B. GETVPN
C. Cisco Easy VPN
D. FlexVPN
Suggested Answer: A
Which protocol is used in a DMVPN network to map physical IP addresses to logical IP addresses?
A. BGP
B. LLDP
C. EIGRP
D. NHRP
Suggested Answer: D
Which two methods use IPsec to provide secure connectivity from the branch office to the headquarters
office? (Choose two.)
A. DMVPN
B. MPLS VPN
C. Virtual Tunnel Interface (VTI)
D. SSL VPN
E. PPPoE
Suggested Answer: AC
Which security feature can protect DMVPN tunnels?
A. IPsec
B. TACACS+
C. RTBH
D. RADIUS
Suggested Answer: A
The ACL is placed on the inbound Gigabit 0/1 interface of the router. Host 192.168.10.10 cannot SSH to
host 192.168.100.10 even though the flow is permitted. Which action resolves the issue without opening
full access to this router?
A. Move the SSH entry to the beginning of the ACL

B. Temporarily move the permit ip any any line to the beginning of the ACL to see if the flow works
C. Temporarily remove the ACL from the interface to see if the flow works
D. Run the show access-list FILTER command to view if the SSH entry has any hit statistic associated
with it
Suggested Answer: A
During the maintenance window an administrator accidentally deleted the Telnet-related configuration that
permits a Telnet connection from the inside network (Eth0/0) to the outside of the networking between
Friday – Sunday night hours only. Which configuration resolves the issue?
A.
B.
C.
D.
Suggested Answer: C
Which component of MPLS VPNs is used to extend the IP address so that an engineer is able to identify
to which VPN it belongs?
A. VPNv4 address family

B. RD
C. RT
D. LDP
Suggested Answer: B
A company is evaluating multiple network management system tools. Trending graphs generated by
SNMP data are returned by the NMS and appear to have multiple gaps. While troubleshooting the issue,
an engineer noticed the relevant output. What solves the gaps in the graphs?
A. Remove the exceed-rate command in the class map.

B. Remove the class map NMS from being part of control plane policing.
C. Configure the CIR rate to a lower value that accommodates all the NMS tools
D. Separate the NMS class map in multiple class maps based on the specific protocols with appropriate
CoPP actions
Suggested Answer: D
Redistribution is enabled between the routing protocols, and now PC2, PC3, and PC4 cannot reach PC1.
What are the two solutions to fix the problem? (Choose two.)
A. Filter RIP routes back into RIP when redistributing into RIP in R2
B. Filter OSPF routes into RIP FROM EIGRP when redistributing into RIP in R2.
C. Filter all routes except RIP routes when redistributing into EIGRP in R2.
D. Filter RIP AND OSPF routes back into OSPF from EIGRP when redistributing into OSPF in R2
E. Filter all routes except EIGRP routes when redistributing into OSPF in R3.
Suggested Answer: AC
Question #: 2
Topic #: 8
The implementations group has been using the test bed to do a "˜proof-of-concept' that requires both
Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network
addressing, routing scheme, DHCP services, NTP services, and FHRP services, a trouble ticket has been
opened indicating that Client 1 cannot ping the 209.65.200.241 address. Use the supported commands to
isolated the cause of this fault and answer the following questions. The fault condition is related to which
technology?
 A. NTP
 B. Switch-to-Switch Connectivity
 C. Access Vlans
 D. Port Security
 E. VLAN ACL / Port ACL
 F. Switch Virtual Interface B
Hide Answer
Since the Clients are getting an APIPA we know that DHCP is not working. However, upon closer examination of the ASW1
configuration we can see that the problem is not with DHCP, but the fact that the trunks on the port channels are only allowing
VLANs 1-9, when the clients belong to VLAN 10. VLAN 10 is not traversing the trunk on ASW1, so the problem is with switch to
switch connectivity, specifically the trunk configuration on ASW1.
Question #: 1
Topic #: 20
The implementations group has been using the test bed to do a "˜proof-of-concept' that requires both
Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network
addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and
device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241
address. Use the supported commands to isolated the cause of this fault and answer the following
questions. On which device is the fault condition located?
 A. R1
 B. R2
 C. R3
 D. R4
 E. DSW1
 F. DSW2
 G. ASW1
Hide Answer
On R1, we need to permit IP 209.65.200.222/30 under the access list.
Refer to the exhibit. The network administrator configured the network to establish connectivity between
all devices and notices that the ASBRs do not have routes for each other. Which set of configurations
resolves this issue?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: D
A network administrator cannot connect to a device via SSH. The line vty configuration is as follows:

A. Increase the session timeout
B. Change the stopbits to 10.
C. Configure the transport input SSH
D. initialize the SSH key
Suggested Answer: D
Refer to the exhibit. The company implemented uRPF to address an antispoofing attack. A network
engineer received a call from the IT security department that the regional data center is under an IP
attack. Which configuration must be implemented on R1 to resolve this issue?
A. Option A
B. Option B
C. Option C
D. Option D
Suggested Answer: B
LAB SIMULATION
A network is configured with CoPP to protect the CORE router route processor for stability and DDoS
protection. As a company policy, a class named class-default is preconfigured and must not be modified
or deleted. Troubleshoot CoPP to resolve the issues introduced during the maintenance window to
ensure that:
WAN
CORE
MGMT
Correct Answer:
CORE
policy-map CoPP
class CoPP-CRITICAL
police 1000000 50000 50000 conform-action transmit exceed-action transmit
CORE# Copy run start
TESTING: -
CORE
MGMT

300-410 Sham

Uploaded by

Copyright:

Available Formats

300-410 Sham

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

300-410 Sham

Uploaded by

Copyright:

Available Formats

Question #1Topic 1

 A. Issue the eigrp stub command on R1.

Hide Solution Discussion 20

Community vote distribution

Hide Solution Discussion 13

R2 has a locally originated prefix 192.168.130.0/24 and has these configurations:

Hide Solution Discussion 15

Community vote distribution

Hide Solution Discussion 19

Community vote distribution

Hide Solution Discussion 45

 A. Dynamic routing protocols always have priority over static routes.

Hide Solution Discussion 10

Community vote distribution

Hide Solution Discussion 8

Community vote distribution

 A. Use an extended access list instead of a standard access list.

Reveal Solution Discussion 58

Community vote distribution

Hide Solution Discussion 9

Hide Solution Discussion 16

Hide Solution Discussion 22

Community vote distribution

Hide Solution Discussion 16

Community vote distribution

 A. if prefixes are not received from the BGP peer

Hide Solution Discussion 9

Community vote distribution

 A. shared risk link group-disjoint

Hide Solution Discussion 26

Hide Solution Discussion 29

Community vote distribution

Hide Solution Discussion 30

Community vote distribution

Hide Solution Discussion 4

Community vote distribution

Hide Solution Discussion 16

Community vote distribution

 A. router ospfv3 1 address-family ipv4

Hide Solution Discussion 45

Refer to the exhibit. Which statement about R1 is true?

 A. OSPF redistributes RIP routes only if they have a tag of one.

Hide Solution Discussion 8

Community vote distribution

Hide Solution Discussion 19

Community vote distribution

 A. R1(config)# ip vrf Inet R1(config-vrf)#ip vrf FastEthernet0/0

Hide Solution Discussion 5

Community vote distribution

Hide Solution Discussion 45

Community vote distribution

Hide Solution Discussion 45

Hide Solution Discussion 5

Community vote distribution

 A. Packets are not forwarded to the specific next hop.

Hide Solution Discussion 39

Community vote distribution

 A. Remove the prefix keyword from the distribute-list command.

Hide Solution Discussion 8

Community vote distribution