Q51. A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage? 

A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host. 

B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery. 

C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment. 

D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator. 

Answer:

Explanation: 

Router Advertisements (RA) are sent in response to router solicitation messages. Router

solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by

hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next

scheduled RA message. Given that router solicitation messages are usually sent by hosts at system

startup (the host does not have a configured unicast address), the source address in router solicitation

messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast

address, the unicast address of the interface sending the router solicitation message is used as the source

address in the message. The destination address in router solicitation messages is the all-routers multicast

address with a scope of the link. When an RA is sent in response to a router solicitation, the destination

address in the RA message is the unicast address of the source of the router solicitation message. RA

messages typically include the following information:

One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6

addresses

Lifetime information for each prefix included in the advertisement

Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed

Default router information (whether the router sending the advertisement should be used as a default

router and, if so, the amount of time (in seconds) the router should be used as a default router)

Additional information for hosts, such as the hop limit and MTU a host should use in packets that it

originates Reference: http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/

ipv6_12_4t_book/ip6- addrg_bsc_con.html


Q52. A network engineer is trying to modify an existing active NAT configuration on an IOS router by using the following command: 

(config)# no ip nat pool dynamic-nat-pool 192.1.1.20 192.1.1.254 netmask 255.255.255.0 

Upon entering the command on the IOS router, the following message is seen on the console: 

%Dynamic Mapping in Use, Cannot remove message or the %Pool outpool in use, cannot destroy 

What is the least impactful method that the engineer can use to modify the existing IP NAT configuration? 

A. Clear the IP NAT translations using the clear ip nat traffic * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. 

B. Clear the IP NAT translations using the clear ip nat translation * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. 

C. Clear the IP NAT translations using the reload command on the router, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. 

D. Clear the IP NAT translations using the clear ip nat table * " command, then replace the NAT configuration quickly, before any new NAT entries are populated into the translation table due to active NAT traffic. 

Answer:

Explanation: 


Q53. A network engineer executes the show crypto ipsec sa command. Which three pieces of information are displayed in the output? (Choose three.) 

A. inbound crypto map 

B. remaining key lifetime 

C. path MTU 

D. tagged packets 

E. untagged packets 

F. invalid identity packets 

Answer: A,B,C 

Explanation: 

show crypto ipsec sa This command shows IPsec SAs built between peers. The encrypted

tunnel is built between 12.1.1.1 and 12.1.1.2 for traffic that goes between networks 20.1.1.0 and 10.1.1.0.

You can see the two Encapsulating Security Payload (ESP) SAs built inbound and outbound.

Authentication Header (AH) is not used since there are

no AH SAs.

This output shows an example of the show crypto ipsec sa command (bolded ones found in answers for

this question).

interface: FastEthernet0

Crypto map tag: test, local addr. 12.1.1.1

local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port):

(10.1.1.0/255.255.255.0/0/0) current_peer: 12.1.1.2

PERMIT, flags={origin_is_acl,}

#pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918 #pkts decaps: 7760382, #pkts

decrypt: 7760382, #pkts verify 7760382 #pkts compressed:

0, #pkts decompressed: 0

#pkts not compressed: 0, #pkts compr. failed: 0,

#pkts decompress failed: 0, #send errors 1, #recv errors 0 local crypto endpt.: 12.1.1.1, remote crypto

endpt.: 12.1.1.2 path mtu 1500, media mtu 1500

current outbound spi: 3D3

inbound esp sas:

spi: 0x136A010F(325714191)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 3442, flow_id: 1443, crypto map: test sa timing: remaining key lifetime (k/sec):

(4608000/52) IV size: 8 bytes

replay detection support: Y

inbound ah sas:

inbound pcp sas:

inbound pcp sas:

outbound esp sas:

spi: 0x3D3(979)

transform: esp-3des esp-md5-hmac ,

in use settings ={Tunnel, }

slot: 0, conn id: 3443, flow_id: 1444, crypto map: test sa timing: remaining key lifetime (k/sec):

(4608000/52) IV size: 8 bytes

replay detection support: Y

outbound ah sas:

outbound pcp sas:

Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike- protocols/5409-

ipsec-debug-00.html


Q54. A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered: 

switch#show flow exporter Flow_Exporter-1 What is the expected output? 

A. configuration of the specified flow exporter 

B. current status of the specified flow exporter 

C. status and statistics of the specified flow monitor 

D. configuration of the specified flow monitor 

Answer:

Explanation: 

show flow exporter exporter-name (Optional) Displays the current status of the specified flow exporter.

Example:

Device# show flow exporter

FLOW_EXPORTER-1

Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-mt/cfg-de- fnflowexprts.

html


Q55. You have been asked to evaluate how EIGRP is functioning in a customer network. 

Traffic from R1 to R61 s Loopback address is load shared between R1-R2-R4-R6 and R1-R3-R5-R6 paths. What is the ratio of traffic over each path? 

A. 1:1 

B. 1:5 

C. 6:8 

D. 19:80 

Answer:

Explanation: 


Q56. When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication? 

A. username 

B. password 

C. community-string 

D. encryption-key 

Answer:

Explanation: 

The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security

levels exits: "noAuthNoPriv" (no authentiation and no encryption noauth keyword in CLI),

"AuthNoPriv" (messages are authenticated but not encrypted auth keyword in CLI), "AuthPriv" (messages

are authenticated and encrypted priv keyword in CLI). SNMPv1 and SNMPv2 models only support the

"noAuthNoPriv" model since they use plain community string to match the incoming packets. The SNMPv3

implementations could be configured to use either of the models on per-group basis (in case if

"noAuthNoPriv" is configured, username serves as a replacement for community string). Reference: http://

blog.ine.com/2008/07/19/snmpv3-tutorial/


Q57. Which three problems result from application mixing of UDP and TCP streams within a network with no QoS? (Choose three.) 

A. starvation 

B. jitter 

C. latency 

D. windowing 

E. lower throughput 

Answer: A,C,E 

Explanation: 

It is a general best practice not to mix TCP-based traffic with UDP-based traffic (especially

streaming video) within a single service provider class due to the behaviors of these protocols during

periods of congestion. Specifically, TCP transmitters will throttle-back flows when drops have been

detected. Although some UDP applications have application-level windowing, flow control, and

retransmission capabilities, most UDP transmitters are completely oblivious to drops and thus never lower

transmission rates due to dropping. When TCP flows are combined with UDP flows in a single service

provider class and the class experiences congestion, then TCP flows will continually lower their rates,

potentially giving up their bandwidth to drop-oblivious UDP flows. This effect is called TCP-starvation/

UDP-dominance. This can increase latency and lower the overall throughput. TCP-starvation/UDPdominance

likely occurs if (TCP-based) mission-critical data is assigned to the same service provider class

as (UDP-based) streaming video and the class experiences sustained congestion. Even if WRED is

enabled on the service provider class, the same behavior would be observed, as WRED (for the most part)

only affects TCP-based flows. Granted, it is not always possible to separate TCP-based flows from UDPbased

flows, but it is beneficial to be aware of this behavior when making such application-mixing

decisions. Reference: http://www.cisco.com/warp/public/cc/so/neso/vpn/vpnsp/spqsd_wp.htm


Q58. Which traffic characteristic is the reason that UDP traffic that carries voice and video is assigned to the queue only on a link that is at least 768 kbps? 

A. typically is not fragmented 

B. typically is fragmented 

C. causes windowing 

D. causes excessive delays for video traffic 

Answer:

Explanation: 


Q59. What are the three modes of Unicast Reverse Path Forwarding? 

A. strict mode, loose mode, and VRF mode 

B. strict mode, loose mode, and broadcast mode 

C. strict mode, broadcast mode, and VRF mode 

D. broadcast mode, loose mode, and VRF mode 

Answer:

Explanation: 

Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit

the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the

reachability of the source address in packets being forwarded. This capability can limit the appearance of

spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast

RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all

network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this

document. When administrators use Unicast RPF in strict mode, the packet must be received on the

interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may

drop legitimate traffic that is received on an interface that was not the router's choice for sending return

traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the

network. When administrators use Unicast RPF in loose mode, the source address must appear in the

routing table. Administrators can change this behavior using the allow-default option, which allows the use

of the default route in the source verification process. Additionally, a packet that contains a source address

for which the return route points to the Null 0 interface will be dropped. An access list may also be

specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken

to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of

this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern

when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain

asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.

html


Q60. What is the primary service that is provided when you implement Cisco Easy Virtual Network? 

A. It requires and enhances the use of VRF-Lite. 

B. It reduces the need for common services separation. 

C. It allows for traffic separation and improved network efficiency. 

D. It introduces multi-VRF and label-prone network segmentation. 

Answer:

Explanation: