Q31. Refer to the exhibit. 

Why is the host unable to obtain an IP address? 

A. IP source guard is configured on the switch port. 

B. The DHCP server pool addresses are configured incorrectly. 

C. DHCP requests are being blocked. 

D. DHCP option 150 is disabled. 


Q32. Refer to the exhibit. 

Which additional information must you specify in this configuration to capture NetFlow traffic? 

A. ingress or egress traffic 

B. the number of cache entries 

C. the flow cache active timeout 

D. the flow cache inactive timeout 



Configuring NetFlow 

Perform the following task to enable NetFlow on an interface. SUMMARY STEPS 

1. enable 

2. configure terminal 

3. interface type number 

4. ip flow {ingress | egress} 

5. exit 

6. Repeat Steps 3 through 5 to enable NetFlow on other interfaces. 

7. end 


Command or Action 


Step 1 



Router> enable Enables privileged EXEC mode. . 

Enter your password if prompted. 

Step 2 

configure terminal Example: 



Router(config)# interface ethernet 0/0 

Specifies the interface that you want to enable NetFlow on and enters interface configuration mode. 

Step 4 

ip flow {ingress | egress} 


Router(config-if)# ip flow ingress 

Enables NetFlow on the interface. 

. ingress—Captures traffic that is being received by the interface 

. egress—Captures traffic that is being transmitted by the interface 

Step 5 



Router(config-if)# exit 

(Optional) Exits interface configuration mode and enters global configuration mode. 


You need to use this command only if you want to enable NetFlow on another interface. 

Step 6 

Repeat Steps 3 through 5 to enable NetFlow on other interfaces. 

This step is optional. 

Step 7 



Router(config-if)# end Exits the current configuration mode and returns to privileged EXEC mod 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_boo k/cfg_nflow_data_expt.html 

Q33. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.) 

A. Received packets are authenticated by the key with the smallest key ID. 

B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys. 

C. Received packets are authenticated by any valid key that is chosen. 

D. Sent packets are authenticated by the key with the smallest key ID. 

Answer: C,D 


Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work: 

Router1(config)#key chain KeyChainR1 

Router1(config-keychain)#key 1 

Router1(config-keychain-key)#key-string FirstKey 

Router1(config-keychain-key)#key 2 

Router1(config-keychain-key)#key-string SecondKey 

Router2(config)#key chain KeyChainR2 

Router2(config-keychain)#key 1 

Router2(config-keychain-key)#key-string FirstKey 

Router2(config-keychain-key)#key 2 

Router2(config-keychain-key)#key-string SecondKey 

Apply these key chains to R1 & R2: 

Router1(config)#interface fastEthernet 0/0 

Router1(config-if)#ip authentication mode eigrp 1 md5 

Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1 

Router2(config)#interface fastEthernet 0/0 

Router2(config-if)#ip authentication mode eigrp 1 md5 

Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2 

There are some rules to configure MD5 authentication with EIGRP: 

+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match) 

+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP 

+ When sending EIGRP messages the lowest valid key number is used -> D is correct. 

+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why 

answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used. 

Q34. Which technology is an application of MSDP, and provides load balancing and redundancy between the RPs? 

A. static RP 


C. auto RP 

D. anycast RP 



Using Anycast RP is an implementation strategy that provides load sharing and redundancy in Protocol Independent Multicast sparse mode (PIM-SM) networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Multicast Source Discovery Protocol (MSDP) is the key protocol that makes Anycast RP possible. 

Reference: www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/White_papers/anycast.html 

Q35. Refer to the exhibit. 

Which statement is true? 

A. R2 is directly connected to the receiver for this group and is the winner of an assert mechanism. 

B. R2 is directly connected to the receiver for this group, and it forwards the traffic onto Ethernet3/0, but it is forwarding duplicate traffic onto Ethernet3/0. 

C. R2 has the A flag (Accept flag) set on Ethernet 3/0. This is fine, since the group is in BIDIR-PIM mode. 

D. R2 is directly connected to the receiver for this group and is the loser of an assert mechanism. 

E. The A flag is set until the SPT threshold is reached for this multicast group. 



show ip mroute Field Descriptions 



RPF neighbor or RPF nbr 

IP address of the upstream router to the source. Tunneling indicates that this router is sending data to the RP encapsulated in register packets. The hexadecimal number in parentheses indicates to which RP it is registering. Each bit indicates a different RP if multiple RPs per group are used. If an asterisk (*) appears after the IP address in this field, the RPF neighbor has been learned through an assert. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/ipmulti/command/reference/fiprmc_r/1rfmult 3.html 

Q36. Which two statements about the metric-style wide statement as it applies to route redistribution are true? (Choose two.) 

A. It is used in IS-IS. 

B. It is used in OSPF. 

C. It is used in EIGRP. 

D. It is used for accepting TLV. 

E. It is used in PIM for accepting mroutes. 

F. It is used for accepting external routes. 

Answer: A,D 


To configure a router running IS-IS to generate and accept only new-style TLVs (TLV stands for type, length, and value object), use the metric-style wide command. 

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/TE_1208S.html#wp49409 

Q37. Which three options must be configured when deploying OSPFv3 for authentication? (Choose three.) 

A. security parameter index 

B. crypto map 

C. authentication method 

D. IPsec peer 

E. encryption algorithm 

F. encryption key 

G. IPsec transform-set 

H. authentication key 

Answer: A,C,H 

Q38. Which three statements about Cisco HDLC are true? (Choose three.) 

A. HDLC serial encapsulation provides asynchronous framing and error detection. 

B. Serial link keepalives are maintained by SLARP. 

C. HDLC serial encapsulation provides synchronous framing without retransmission. 

D. HDLC frame size can be reduced with MPPC compression. 

E. The interface is brought down after five ignored keepalives. 

F. The interface is brought down after three ignored keepalives. 

Answer: B,C,F 


Cisco High-Level Data Link Controller (HDLC) is the Cisco proprietary protocol for sending data over synchronous serial links using HDLC. Cisco HDLC also provides a simple control protocol called Serial Line Address Resolution Protocol (SLARP) to maintain serial link keepalives. For each encapsulation type, a certain number of keepalives ignored by a peer triggers the serial interface to transition to the down state. For HDLC encapsulation, three ignored keepalives causes the interface to be brought down. By default, synchronous serial lines use the High-Level Data Link Control (HDLC) serial encapsulation method, which provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. 

Reference: http://www.cisco.com/c/en/us/td/docs/routers/access/800/819/software/configuration/Guide/ 819_SCG/6ser_conf.html#78662 

Q39. Refer to the exhibit. 

What kind of load balancing is done on this router? 

A. per-packet load balancing 

B. per-flow load balancing 

C. per-label load balancing 

D. star round-robin load balancing 



Here we can see that for the same traffic source/destination pair of to there were a total of 100 packets (shown by second entry without the *) and that the packets were distributed evenly across the three different outgoing interfaces (34, 33, 33 packets, respectively. 

Q40. Refer to the exhibit. 

What password will be required to enter privileged EXEC mode on a device with the given configuration? 

A. ciscotest 

B. ciscocert 

C. cisco 

D. ciscors 

E. ciscoccie