PassLeader 300-101 Exam Dumps (1-30)

Download as pdf or txt
Download as pdf or txt
You are on page 1of 14

New VCE and PDF Exam Dumps from PassLeader

➢ Vendor: Cisco

➢ Exam Code: 300-101

➢ Exam Name: Implementing Cisco IP Routing (ROUTE)

➢ Question 1 – Question 30

Visit PassLeader and Download Full Version 300-101 Exam Dumps

QUESTION 1
A network engineer has been asked to ensure that the PPPoE connection is established and
authenticated using an encrypted password. Which technology, in combination with PPPoE, can
be used for authentication in this manner?

A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP

Answer: D
Explanation:
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on an
interface and a remote device attempts to connect to it, the access server sends a CHAP packet
to the remote device. The CHAP packet requests or "challenges" the remote device to respond.
The challenge packet consists of an ID, a random number, and the host name of the local router.
When the remote device receives the challenge packet, it concatenates the ID, the remote device's
password, and the random number, and then encrypts all of it using the remote device's password.
The remote device sends the results back to the access server, along with the name associated
with the password used in the encryption process. When the access server receives the response,
it uses the name it received to retrieve a password stored in its user database. The retrieved
password should be the same password the remote device used in its encryption process. The
access server then encrypts the concatenated information with the newly retrieved password--if the
result matches the result sent in the response packet, authentication succeeds. The benefit of using
CHAP authentication is that the remote device's password is never transmitted in clear text
(encrypted). This prevents other devices from stealing it and gaining illegal access to the ISP's
network.
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathen.html

QUESTION 2
A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even
if no interesting traffic exists. Which feature can be used to accomplish this task?

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
A. TCP Adjust
B. Dialer Persistent
C. PPPoE Groups
D. half-bridging
E. Peer Neighbor Route

Answer: B
Explanation:
A new interface configuration command, dialer persistent, allows a dial-on-demand routing (DDR)
dialer profile connection to be brought up without being triggered by interesting traffic. When
configured, the dialer persistent command starts a timer when the dialer interface starts up and
starts the connection when the timer expires. If interesting traffic arrives before the timer expires,
the connection is still brought up and set as persistent. The command provides a default timer
interval, or you can set a custom timer interval.

QUESTION 3
Which encapsulation supports an interface that is configured for an EVN trunk?

A. 802.1Q
B. ISL
C. PPP
D. Frame Relay
E. MPLS
F. HDLC

Answer: A
Explanation:
Restrictions for EVN
An EVN trunk is allowed on any interface that supports 802.1q encapsulation, such as Fast
Ethernet, Gigabit Ethernet, and port channels. A single IP infrastructure can be virtualized to
provide up to 32 virtual networks end-to-end. If an EVN trunk is configured on an interface, you
cannot configure VRF-Lite on the same interface. OSPFv3 is not supported; OSPFv2 is supported.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/evn/configuration/xe-3s/evn-xe-3s-book/evn-
overview.pdf

QUESTION 4
Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.)

A. IP address
B. routing table
C. forwarding table
D. access control lists
E. NetFlow configuration

Answer: ABC
Explanation:
runk interface can carry traffic for multiple EVNs. To simplify the configuration process, all the
subinterfaces and associated EVNs have the same IP address assigned. In other words, the trunk
interface is identified by the same IP address in different EVN contexts. This is accomplished as a
result of each EVN having a unique routing and forwarding table, thereby enabling support for
overlapping IP addresses across multiple EVNs.
http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3sg/evn-overview.pdf

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader

QUESTION 5
Which traffic does the following configuration allow?
ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in

A. all traffic to vty 0 4 from source 2001:DB8:0:4::32


B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all

Answer: C
Explanation:
Here we see that the Ipv6 access list called "cisco" is being applied to incoming VTY connections
to the router. Ipv6 access list has just one entry, which allows only the single Ipv6 IP address of
2001:DB8:0:4::32 to connect using SSH only.

QUESTION 6
For troubleshooting purposes, which method can you use in combination with the debug ip packet
command to limit the amount of output data?

A. You can disable the IP route cache globally.


B. You can use the KRON scheduler.
C. You can use an extended access list.
D. You can use an IOS parser.
E. You can use the RITE traffic exporter.

Answer: C
Explanation:
The "debug ip packet" command generates a substantial amount of output and uses a substantial
amount of system resources. This command should be used with caution in production networks.
Always use with the access-list command to apply an extended ACL to the debug output.
http://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-
dmvpn-troubleshoot-00.html

QUESTION 7
Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router CPU
utilization has risen to 99 percent. What is the reason for this?

A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched.
B. A packet that matches access-list with the "log" keyword is fast switched.
C. A packet that matches access-list with the "log" keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.

Answer: C
Explanation:
ging-enabled access control lists (ACLs) provide insight into traffic as it traverses the network or is
dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can negatively
affect other functions of the network device. There are two primary factors that contribute to the

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
CPU load increase from ACL logging: process switching of packets that match log-enabled access
control entries (ACEs) and the generation and transmission of log messages.
http://www.cisco.com/web/about/security/intelligence/acl-logging.html#4

QUESTION 8
Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet
against the routing table?

A. source address
B. destination address
C. router interface
D. default gateway

Answer: A
Explanation:
The Unicast RPF feature helps to mitigate problems that are caused by the introduction of
malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that
lack a verifiable IP source address. For example, a number of common types of denial-of-service
(DoS) attacks, including Smurf and Tribal Flood Network (TFN), can take advantage of forged or
rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the
attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such
attacks by forwarding only packets that have source addresses that are valid and consistent with
the IP routing table. This action protects the network of the ISP, its customer, and the rest of the
Internet.
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrpf.html

QUESTION 9
What are the three modes of Unicast Reverse Path Forwarding?

A. strict mode, loose mode, and VRF mode


B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode

Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the
malicious traffic on an enterprise network. This security feature works by enabling a router to verify
the reachability of the source address in packets being forwarded. This capability can limit the
appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is
discarded. Unicast RPF works in one of three different modes: strict mode, loose mode, or VRF
mode. Note that not all network devices support all three modes of operation. Unicast RPF in VRF
mode will not be covered in this document.
When administrators use Unicast RPF in strict mode, the packet must be received on the interface
that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending
return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present
in the network.
When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows
the use of the default route in the source verification process. Additionally, a packet that contains
a source address for which the return route points to the Null 0 interface will be dropped. An access
list may also be specified that permits or denies certain source addresses in Unicast RPF loose

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
mode.
Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured
during the deployment of this feature because it can drop legitimate traffic. Although asymmetric
traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable
option for networks that contain asymmetric routing paths.
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

QUESTION 10
What does the following access list, which is applied on the external interface FastEthernet 1/0 of
the perimeter router, accomplish?
router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
router (config)#access-list 101 permit ip any any
router (config)#interface fastEthernet 1/0
router (config-if)#ip access-group 101 in

A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-


172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.
B. It prevents the internal network from being used in spoofed denial of service attacks and logs any
exit to the Internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion
attempts.
D. It prevents private internal addresses to be accessed directly from outside.

Answer: C
Explanation:
The private IP address ranges defined in RFC 1918 are as follows:
10.0.0.0 -- 10.255.255.255
172.16.0.0 -- 172.31.255.255
192.168.0.0 -- 192.168.255.255
These IP addresses should never be allowed from external networks into a corporate network as
they would only be able to reach the network from the outside via routing problems or if the IP
addresses were spoofed. This ACL is used to prevent all packets with a spoofed reserved private
source IP address to enter the network. The log keyword also enables logging of this intrusion
attempt.

QUESTION 11
Refer to the following command:
router(config)# ip http secure-port 4433
Which statement is true?

A. The router will listen on port 4433 for HTTPS traffic.


B. The router will listen on port 4433 for HTTP traffic.
C. The router will never accept any HTTP and HTTPS traffic.
D. The router will listen to HTTP and HTTP traffic on port 4433.

Answer: A
Explanation:
To set the secure HTTP (HTTPS) server port number for listening, use the ip http secure-port
command in global configuration mode. To return the HTTPS server port number to the default,
use the no form of this command.
Ip http secure-port port-number
no ip http secure-port
300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
Syntax Description
port-number
Integer in the range of 0 to 65535 is accepted, but the port number must be higher than 1024 unless
the default is used. The default is 443.
http://www.cisco.com/en/US/docs/ios-xml/ios/https/command/nm-https-cr-cl-
sh.html#wp3612805529

QUESTION 12
A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications.
However, the engineer is not concerned with authentication or encryption. Which command
satisfies the requirements of this scenario?

A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO


B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO

Answer: A
Explanation:
Most network admins and engineers are familiar with SNMPv2c which has become the dominant
SNMP version of the past decade. It's simple to configure on both the router/switch-side and just
as easy on the network monitoring server. The problem of course is that the SNMP statistical
payload is not encrypted and authentication is passed in cleartext. Most companies have decided
that the information being transmitted isn't valuable enough to be worth the extra effort in upgrading
to SNMPv3, but I would suggest otherwise. Like IPv4 to Ipv6, there are some major changes under
the hood. SNMP version 2 uses community strings (think cleartext passwords, no encryption) to
authenticate polling and trap delivery. SNMP version 3 moves away from the community string
approach in favor of user-based authentication and view-based access control. The users are not
actual local user accounts, rather they are simply a means to determine who can authenticate to
the device. The view is used to define what the user account may access on the IOS device. Finally,
each user is added to a group, which determines the access policy for its users. Users, groups,
views.
http://www.ccnpguide.com/snmp-version-3/

QUESTION 13
When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?

A. username
B. password
C. community-string
D. encryption-key

Answer: A
Explanation:
The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security levels
exits: "noAuthNoPriv" (no authentiation and no encryption ?noauth keyword in CLI),
"AuthNoPriv109thernet109ationre authenticated but not encrypted ?auth keyword in CLI),
"AuthPriv" (messages are authenticated and encrypted ?priv keyword in CLI). SNMPv1 and
SNMPv2 models only support the "noAuthNoPriv" model since they use plain community string to
match the incoming packets. The SNMPv3 implementations could be configured to use either of
the models on per-group basis (in case if "noAuthNoPriv" is configured, username serves as a
replacement for community string).
http://blog.ine.com/2008/07/19/snmpv3-tutorial/

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader

QUESTION 14
After a recent DoS attack on a network, senior management asks you to implement better logging
functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging
results? (Choose two.)

A. Use the msec option to enable service time stamps.


B. Increase the logging history.
C. Set the logging severity level to 1.
D. Specify a logging rate limit.
E. Disable event logging on all noncritical items.

Answer: AB
Explanation:
The optional msec keyword specifies the date/time format should include milliseconds. This can
aid in pinpointing the exact time of events, or to correlate the order that the events happened. To
limit syslog messages sent to the router's history table and to an SNMP network management
station based on severity, use the logging history command in global configuration mode. By default,
Cisco devices Log error messages of severity levels 0 through 4 (emergency, alert, critical, error,
and warning levels); in other words, "saving level warnings or higher." By increasing the severity
level, more granular monitoring can occur, and SNMP messages will be sent by the less sever (5-
7) messages.

QUESTION 15
A network engineer finds that a core router has crashed without warning. In this situation, which
feature can the engineer use to create a crash collection?

A. secure copy protocol


B. core dumps
C. warm reloads
D. SNMP
E. NetFlow

Answer: B
Explanation:
When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a
core dump) to identify the cause of the crash. Core dumps are generally very useful to your
technical support representative. Four basic ways exist for setting up the router to generate a core
dump:
Using Trivial File Transfer Protocol (TFTP)
Using File Transfer Protocol (FTP)
Using remote copy protocol (rcp)
Using a Flash disk
http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr19aa.html

QUESTION 16
A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp
broadcast client command. Assuming that an NTP server is already set up, what is the result of the
command?

A. It enables receiving NTP broadcasts on the interface where the command was executed.
B. It enables receiving NTP broadcasts on all interfaces globally.
C. It enables a device to be an NTP peer to another device.

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
D. It enables a device to receive NTP broadcast and unicast packets.

Answer: A
Explanation:
The NTP service can be activated by entering any ntp command. When you use the ntp broadcast
client command, the NTP service is activated (if it has not already been activated) and the device
is configured to receive NTP broadcast packets on a specified interface simultaneously.
Command
Description
ntp broadcast client
Allows the system to receive NTP broadcast packets on an interface.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850-cr-book/bsm-
xe-3se-3850-cr-book_chapter_00.html

QUESTION 17
Which three TCP enhancements can be used with TCP selective acknowledgments? (Choose
three.)

A. header compression
B. explicit congestion notification
C. keepalive
D. time stamps
E. TCP path discovery
F. MTU window

Answer: BCD
Explanation:
TCP Selective Acknowledgment
The TCP Selective Acknowledgment feature improves performance if multiple packets are lost from
one TCP window of data.
Prior to this feature, because of limited information available from cumulative acknowledgments, a
TCP sender could learn about only one lost packet per-round-trip time. An aggressive sender could
choose to resend packets early, but such re-sent segments might have already been successfully
received.
The TCP selective acknowledgment mechanism helps improve performance. The receiving TCP
host returns selective acknowledgment packets to the sender, informing the sender of data that
has been received. In other words, the receiver can acknowledge packets received out of order.
The sender can then resend only missing data segments (instead of everything since the first
missing packet).
Prior to selective acknowledgment, if TCP lost packets 4 and 7 out of an 8-packet window, TCP
would receive acknowledgment of only packets 1, 2, and 3. Packets 4 through 8 would need to be
re-sent. With selective acknowledgment, TCP receives acknowledgment of packets 1, 2, 3, 5, 6,
and 8. Only packets 4 and 7 must be re-sent.
TCP selective acknowledgment is used only when multiple packets are dropped within one TCP
window. There is no performance impact when the feature is enabled but not used. Use the ip tcp
selective-ack command in global configuration mode to enable TCP selective acknowledgment.
Refer to RFC 2018 for more details about TCP selective acknowledgment.
TCP Time Stamp
The TCP time-stamp option provides improved TCP round-trip time measurements. Because the
time stamps are always sent and echoed in both directions and the time-stamp value in the header
is always changing, TCP header compression will not compress the outgoing packet. To allow TCP
header compression over a serial link, the TCP time-stamp option is disabled. Use the ip tcp
timestamp command to enable the TCP time-stamp option.
TCP Explicit Congestion Notification

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
The TCP Explicit Congestion Notification (ECN) feature allows an intermediate router to notify end
hosts of impending network congestion. It also provides enhanced support for TCP sessions
associated with applications, such as Telnet, web browsing, and transfer of audio and video data
that are sensitive to delay or packet loss. The benefit of this feature is the reduction of delay and
packet loss in data transmissions. Use the ip tcp ecn command in global configuration mode to
enable TCP ECN.
TCP Keepalive Timer
The TCP Keepalive Timer feature provides a mechanism to identify dead connections. When a
TCP connection on a routing device is idle for too long, the device sends a TCP keepalive packet
to the peer with only the Acknowledgment (ACK) flag turned on. If a response packet (a TCP ACK
packet) is not received after the device sends a specific number of probes, the connection is
considered dead and the device initiating the probes frees resources used by the TCP connection.

QUESTION 18
A network administrator uses IP SLA to measure UDP performance and notices that packets on
one router have a higher one-way delay compared to the opposite direction. Which UDP
characteristic does this scenario describe?

A. latency
B. starvation
C. connectionless communication
D. nonsequencing unordered packets
E. jitter

Answer: A
Explanation:
Cisco IOS IP SLAs provides a proactive notification feature with an SNMP trap. Each measurement
operation can monitor against a pre-set performance threshold. Cisco IOS IP SLAs generates an
SNMP trap to alert management applications if this threshold is crossed. Several SNMP traps are
available: round trip time, average jitter, one-way latency, jitter, packet loss, MOS, and connectivity
tests. Here is a partial sample output from the IP SLA statistics that can be seen:
router#show ip sla statistics 1
Round Trip Time (RTT) for Index 55
Latest RTT: 1 ms
Latest operation start time: *23:43:31.845 UTC Thu Feb 3 2005 Latest operation return code: OK
RTT Values:
Number Of RTT: 10 RTT Min/Avg/Max: 1/1/1 milliseconds Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds Destination to Source
Latency one way Min/Avg/Max: 0/0/0 milliseconds
http://www.cisco.com/en/US/technologies/tk648/tk362/tk920/technologies_white_paper09186a00
802d5efe.html

QUESTION 19
Under which condition does UDP dominance occur?

A. when TCP traffic is in the same class as UDP


B. when UDP flows are assigned a lower priority queue
C. when WRED is enabled
D. when ACLs are in place to block TCP traffic

Answer: A
Explanation:

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
Mixing TCP with UDP
It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially
Streaming-Video) within a single service-provider class because of the behaviors of these protocols
during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are
detected. Although some UDP applications have application-level windowing, flow control, and
retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus,
never lower transmission rates because of dropping. When TCP flows are combined with UDP
flows within a single service-provider class and the class experiences congestion, TCP flows
continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that
are oblivious to drops. This effect is called TCP starvation/UDP dominance.
TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to
the same service-provider class as (UDP-based) Streaming-Video and the class experiences
sustained congestion. Even if WRED is enabled on the service-provider class, the same behavior
would be observed because WRED (for the most part) manages congestion only on TCP-based
flows.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-
SRND-Book/VPNQoS.html

QUESTION 20
PPPoE is composed of which two phases?

A. Active Authentication Phase and PPP Session Phase


B. Passive Discovery Phase and PPP Session Phase
C. Active Authorization Phase and PPP Session Phase
D. Active Discovery Phase and PPP Session Phase

Answer: D

QUESTION 21
Which statement is true about the PPP Session Phase of PPPoE?

A. PPP options are negotiated and authentication is not performed.


Once the link setup is completed, PPPoE functions as a Layer 3 encapsulation method that allows
data to be transferred over the PPP link within PPPoE headers.
B. PPP options are not negotiated and authentication is performed.
Once the link setup is completed, PPPoE functions as a Layer 4 encapsulation method that allows
data to be transferred over the PPP link within PPPoE headers.
C. PPP options are automatically enabled and authorization is performed.
Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows
data to be encrypted over the PPP link within PPPoE headers.
D. PPP options are negotiated and authentication is performed.
Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows
data to be transferred over the PPP link within PPPoE headers.

Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-
pppoe.html

QUESTION 22
Which type of traffic does DHCP snooping drop?

A. discover messages

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
B. DHCP messages where the source MAC and client MAC do not match
C. traffic from a trusted DHCP server to client
D. DHCP messages where the destination MAC and client MAC do not match

Answer: B
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-
2SX/configuration/guide/book/snoodhcp.html

QUESTION 23
Refer to the exhibit. Which command only announces the 1.2.3.0/24 network out of FastEthernet
0/0?

A. distribute list 1 out


B. distribute list 1 out FastEthernet0/0
C. distribute list 2 out
D. distribute list 2 out FastEthernet0/0

Answer: D
Explanation:
Access list 2 is more specific, allowing only 1.2.3.0/24, whereas access list 1 permits all 1.0.0.0/8
networks. This question also asks us to apply this distribute list only to the outbound direction of
the fast Ethernet 0/0 interface, so the correct command is "distribute list 2 out FastEthernet0/0."

QUESTION 24
Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?

A. 10.9.1.0/24
B. 10.8.0.0/24
C. 10.8.0.0/16
D. 10.8.0.0/23

Answer: B
Explanation:
With prefix lists, the ge 24 term means greater than or equal to a /24 and the le 24 means less than
or equal to /24, so only a /24 is both greater than or equal to 24 and less than or equal to 24. This
translates to any prefix in the 10.8.x.0/24 network, where X is any value in the 0-255 range. Only
the choice of 10.8.0.0.24 matches this.

QUESTION 25
Router A and Router B are configured with IPv6 addressing and basic routing capabilities using
OSPFv3. The networks that are advertised from Router A do not show up in Router B's routing
table. After debugging IPv6 packets, the message "not a router" is found in the output. Why is the
routing information not being learned by Router B?

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader

A. OSPFv3 timers were adjusted for fast convergence.


B. The networks were not advertised properly under the OSPFv3 process.
C. An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is
connected to Router A.
D. IPv6 unicast routing is not enabled on Router A or Router B.

Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_16.html

QUESTION 26
After you review the output of the command show ipv6 interface brief, you see that several IPv6
addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this
information, what do you conclude about these IPv6 addresses?

A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device.
B. The addresses were misconfigured and will not function as intended.
C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast.
D. The IPv6 universal/local flag (bit 7) was flipped.
E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled.

Answer: A
Explanation:
Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-Bit IP
Version 6 interface identify them EUI-64). This feature is a key benefit over IPv4 as it eliminates
the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address
is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits,
with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-
bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has
chosen FFFE as a reserved value which can only appear in EUI-64 generated from the EUI-48
MAC address.
https://supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit-address

QUESTION 27
A packet capture log indicates that several router solicitation messages were sent from a local host
on the IPv6 segment. What is the expected acknowledgment and its usage?

A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will
allocate addresses to the local host.
B. Routers on the IPv6 segment will respond with an advertisement that provides an external path
from the local subnet, as well as certain data, such as prefix discovery.
C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address
for communication with the IPv6 routers on the segment.
D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is
statically defined by the network administrator.

Answer: B
Explanation:
Router Advertisements (RA) are sent in response to router solicitation messages. Router
solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are
sent by hosts at system startup so that the host can immediately autoconfigure without needing to
wait for the next scheduled RA message. Given that router solicitation messages are usually sent

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
by hosts at system startup (the host does not have a configured unicast address), the source
address in router solicitation messages is usually the unspecified Ipv6 address (0:0:0:0:0:0:0:0). If
the host has a configured unicast address, the unicast address of the interface sending the router
solicitation message is used as the source address in the message. The destination address in
router solicitation messages is the all-routers multicast address with a scope of the link. When an
RA is sent in response to a router solicitation, the destination address in the RA message is the
unicast address of the source of the router solicitation message. RA messages typically include the
following information:
One or more onlink Ipv6 prefixes that nodes on the local link can use to automatically configure
their Ipv6 addresses
Lifetime information for each prefix included in the advertisement
Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed
Default router information (whether the router sending the advertisement should be used as a
default router and, if so, the amount of time (in seconds) the router should be used as a default
router)
Additional information for hosts, such as the hop limit and MTU a host should use in packets that it
originates
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6-
addrg_bsc_con.html

QUESTION 28
A user is having issues accessing file shares on a network. The network engineer advises the user
to open a web browser, input a prescribed IP address, and follow the instructions. After doing this,
the user is able to access company shares. Which type of remote access did the engineer enable?

A. EZVPN
B. IPsec VPN client access
C. VPDN client access
D. SSL VPN client access

Answer: D
Explanation:
The Cisco AnyConnect VPN Client provides secure SSL connections to the security appliance for
remote users. Without a previously installed client, remote users enter the IP address in their
browser of an interface configured to accept SSL VPN connections. Unless the security appliance
is configured to redirect http:// requests to https://, users must enter the URL in the form
https://<address>.
After entering the URL, the browser connects to that interface and displays the login screen. If the
user satisfies the login and authentication, and the security appliance identifies the user as requiring
the client, it downloads the client that matches the operating system of the remote computer. After
downloading, the client installs and configures itself, establishes a secure SSL connection and
either remains or uninstalls itself (depending on the security appliance configuration) when the
connection terminates.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-
firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

QUESTION 29
Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and
Cisco Express Forwarding?

A. FlexVPN
B. DMVPN
C. GETVPN

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html
New VCE and PDF Exam Dumps from PassLeader
D. Cisco Easy VPN

Answer: B
Explanation:
Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private
network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on
the standard protocols, GRE, NHRP and Ipsec. This DMVPN provides the capability for creating a
dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point
peers, including Ipsec (Internet Protocol Security) and ISAKMP (Internet Security Association and
Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke
network by statically configuring the hubs (VPN headends) on the spokes, no change in the
configuration on the hub is required to accept new spokes. Using this initial hub- and-spoke network,
tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional
configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load
on the hub to route data between the spoke networks.
DMVPN is combination of the following technologies:
http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network

QUESTION 30
A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance
windows, as an alternative to powering down the active router and letting the network respond
accordingly. Which action will allow for manual switching of HSRP nodes?

A. Track the up/down state of a loopback interface and shut down this interface during maintenance.
B. Adjust the HSRP priority without the use of preemption.
C. Disable and enable all active interfaces on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.

Answer: A
Explanation:
The standby track command allows you to specify another interface on the router for the HSRP
process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the
specified interface goes down, the HSRP priority is reduced. This means that another HSRP router
with higher priority can become the active router if that router has standby preempt enabled.
Loopback interfaces can be tracked, so when this interface is shut down the HSRP priority for that
router will be lowered and the other HSRP router will then become the active one.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13780-6.html

Visit PassLeader and Download Full Version 300-101 Exam Dumps

300-101 Exam Dumps 300-101 Exam Questions 300-101 PDF Dumps 300-101 VCE Dumps
http://www.passleader.com/300-101.html

You might also like