Q21. To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security level. What effect does this action have on the SNMP messages? 

A. They become unauthenticated and unencrypted. 

B. They become authenticated and unencrypted. 

C. They become authenticated and encrypted. 

D. They become unauthenticated and encrypted. 

Answer:

Explanation: 


Q22. A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration? 

A. Verify the GRE tunnels. 

B. Verify ISAKMP. 

C. Verify NHRP. 

D. Verify crypto maps. 

Answer:

Explanation: 


Q23. How does an IOS router process a packet that should be switched by Cisco Express Forwarding without an FIB entry? 

A. by forwarding the packet 

B. by dropping the packet 

C. by creating a new FIB entry for the packet 

D. by looking in the routing table for an alternate FIB entry 

Answer:

Explanation: 


Q24. PPPoE is composed of which two phases? 

A. Active Authentication Phase and PPP Session Phase 

B. Passive Discovery Phase and PPP Session Phase 

C. Active Authorization Phase and PPP Session Phase 

D. Active Discovery Phase and PPP Session Phase 

Answer:

Explanation: 

PPPoE is composed of two main phases:

Active Discovery Phase--In this phase, the PPPoE client locates a PPPoE server, called an access

concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.

PPP Session Phase--In this phase, PPP options are negotiated and authentication is performed. Once the

link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.

Reference: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn- cli/vpn-pppoe.html

Topic 3, Layer 3 Technologies 

20. Refer to the exhibit. 

Which one statement is true? 

A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL. 

B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B. 

C. The 10.0.0.0/8 network will not be in the routing table on Router B. 

D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network. 

E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL. 

Answer:

Explanation: 

You can filter what individual routes are sent (out) or received (in) to any interface within your EIGRP

configuration.

One example is noted above. If you filter outbound, the next neighbor(s) will not know about anything

except the 172.16.0.0/16 route and therefore won't send it to anyone else downstream. If you filter inbound, YOU won't know about the route and therefore won't send it to anyone else downstream.


Q25. Which three benefits does the Cisco Easy Virtual Network provide to an enterprise network? (Choose three.) 

A. simplified Layer 3 network virtualization 

B. improved shared services support 

C. enhanced management, troubleshooting, and usability 

D. reduced configuration and deployment time for dot1q trunking 

E. increased network performance and throughput 

F. decreased BGP neighbor configurations 

Answer: A,B,C 

Explanation: 


Q26. For troubleshooting purposes, which method can you use in combination with the “debug ip packet” command to limit the amount of output data? 

A. You can disable the IP route cache globally. 

B. You can use the KRON scheduler. 

C. You can use an extended access list. 

D. You can use an IOS parser. 

E. You can use the RITE traffic exporter. 

Answer:

Explanation: 

The debug ip packet command generates a substantial amount of output and uses a substantial amount of

system resources. This command should be used with caution in production networks. Always use with the access-list command to apply an extended ACL to the debug output. Reference: http://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html


Q27. A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable? 

A. EZVPN 

B. IPsec VPN client access 

C. VPDN client access 

D. SSL VPN client access 

Answer:

Explanation: 

The Cisco AnyConnect VPN Client provides secure SSL connections to the security

appliance for remote users. Without a previously installed client, remote users enter the IP address in their

browser of an interface configured to accept SSL VPN connections. Unless the security appliance is

configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.

After entering the URL, the browser connects to that interface and displays the login screen. If the user

satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it

downloads the client that matches the operating system of the remote computer. After downloading, the

client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls

itself (depending on the security appliance configuration) when the connection terminates. Reference:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next- generation-firewalls/100936-

asa8x-split-tunnel-anyconnect-config.html


Q28. Which type of BGP AS number is 64591? 

A. a private AS number 

B. a public AS number 

C. a private 4-byte AS number 

D. a public 4-byte AS number 

Answer:

Explanation: 


Q29. CORRECT TEXT 

You are a network engineer with ROUTE.com, a small IT company. They have recently merged two organizations and now need to merge their networks as shown in the topology exhibit. One network is using OSPF as its IGP and the other is using EIGRP as its IGP. R4 has been added to the existing OSPF network to provide the interconnect between the OSPF and EIGRP networks. Two links have been added that will provide redundancy. 

The network requirements state that you must be able to ping and telnet from loopback 101 on R1 to the OPSF domain test address of 172.16.1.100. All traffic must use the shortest path that provides the greatest bandwidth. The redundant paths from the OSPF network to the EIGRP network must be available in case of a link failure. No static or default routing is allowed in either network. 

A previous network engineer has started the merger implementation and has successfully assigned and verified all IP addressing and basic IGP routing. You have been tasked with completing the implementation and ensuring that the network requirements are met. You may not remove or change any of the configuration commands currently on any of the routers. You may add new commands or change default values. 

Answer: First we need to find out 5 parameters (Bandwidth, Delay, Reliability, Load, MTU) of the s0/0/0 interface (the interface of R2 connected to R4) for redistribution: 

R2#show interface s0/0/0 

Write down these 5 parameters, notice that we have to divide the Delay by 10 because the metric unit is in tens of microsecond. For example, we get Bandwidth=1544 Kbit, Delay=20000 us, Reliability=255, Load=1, MTU=1500 bytes then we would redistribute as follows: 

R2#config terminal 

R2(config)# router ospf 1 

R2(config-router)# redistribute eigrp 100 metric-type 1 subnets 

R2(config-router)#exit 

R2(config-router)#router eigrp 100 

R2(config-router)#redistribute ospf 1 metric 1544 2000 255 1 1500 

Note: In fact, these parameters are just used for reference and we can use other parameters with 

no problem. 

If the delay is 20000us then we need to divide it by 10, that is 20000 / 10 = 2000) 

For R3 we use the show interface fa0/0 to get 5 parameters too 

R3#show interface fa0/0 

For example we get Bandwidth=10000 Kbit, Delay=1000 us, Reliability=255, Load=1, MTU=1500 bytes 

R3#config terminal 

R3(config)#router ospf 1 

R3(config-router)#redistribute eigrp 100 metric-type 1 subnets 

R3(config)#exit 

R3(config-router)#router eigrp 100 

R3(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500 

Finally you should try to “show ip route” to see the 172.16.100.1 network (the network behind R4) 

in the routing table of R1 and make a ping from R1 to this network. 

Note: If the link between R2 and R3 is FastEthernet link, we must put the command below under 

EIGRP process to make traffic from R1 to go through R3 (R1 -> R2 -> R3 -> R4), which is better 

than R1 -> R2 -> R4. 

R2(config-router)# distance eigrp 90 105 

This command sets the Administrative Distance of all EIGRP internal routes to 90 and all EIGRP external routes to 105, which is smaller than the Administrative Distance of OSPF (110) -> the link between R2 & R3 will be preferred to the serial link between R2 & R4. Note: The actual OPSF and EIGRP process numbers may change in the actual exam so be sure to use the actual correct values, but the overall solution is the same. 


Q30. Scenario: 

You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command. 

How old is the Type 4 LSA from Router 3 for area 1 on the router R5 based on the output you have examined? 

A. 1858 

B. 1601 

C. 600 

D. 1569 

Answer:

Explanation: