Q1. A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two.)
A. IP routing
B. FIB
C. ARP cache
D. MAC address table
E. Cisco Express Forwarding table
F. topology table
Answer: A,B
Explanation:
To clear one or more entries in the IP routing table, use the following commands in any mode:
Command Purpose
clear ip route {* |
Clears one or more routes from both the
{route |
unicast RIB and all the module FIBs. The
prefix/length}[next-hop route options are as follows:
interface]}
· *--All routes.
[vrf vrf-name]
Example:
· route--An individual IP route.
switch(config)# clear ip
· prefix/length--Any IP prefix.
route
10.2.2.2 · next-hop--The next-hop address · interface--The interface to reach the next-hop address.
The vrf-name can be any case-sensitive, al-phanumeric string up to 32 characters.
Reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/unicast/5_0_3_N1_1/Ci
sco_n5k_layer3_ucast_cfg_rel_503_N1_1/l3_manage-routes.html
Q2. A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even if no interesting traffic exists. Which feature can be used to accomplish this task?
A. TCP Adjust
B. Dialer Persistent
C. PPPoE Groups
D. half-bridging
E. Peer Neighbor Route
Answer: B
Explanation:
A new interface configuration command, dialer persistent, allows a dial-on-demand routing (DDR) dialer
profile connection to be brought up without being triggered by interesting traffic. When configured, the dialer persistent command starts a timer when the dialer interface starts up and starts the connection when the timer expires. If interesting traffic arrives before the timer expires, the connection is still brought up and set as persistent. The command provides a default timer interval, or you can set a custom timer interval. To configure a dialer interface as persistent, use the following commands beginning in global configuration mode:
Command Purpose
Step 1 Router(config)# interface dialer Creates a dialer interface and number enters interface
Configuration mode.
Step 2 Router(config-if)# ip address Specifies the IP address and mask address mask of the dialer
interface as a node in the destination network to be called.
Step 3 Router(config-if)# encapsulation Specifies the encapsulation type.
type
Step 4 Router(config-if)# dialer string Specifies the remote destination to dial-string class class-name call
and the map class that defines characteristics for calls to this destination.
Step 5 Router(config-if)# dialer pool Specifies the dialing pool to use number for calls to this destination.
Step 6 Router(config-if)# dialer-group Assigns the dialer interface to a group-number dialer group.
Step 7 Router(config-if)# dialer-list Specifies an access list by list dialer-group protocol protocol- number or
by protocol and list name {permit | deny | list number to define the interesting access-list-number} packets that can trigger a call. Step 8 Router(config-if)# dialer
(Optional) Specifies the remote-name user-name
authentication name of the remote router on the destination subnetwork for a dialer interface.
Step 9 Router(config-if)# dialer Forces a dialer interface to be persistent [delay [initial] connected at all
times, even in seconds | max-attempts the absence of interesting traffic.
number]
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_4t/dia_12_4t_book/dia_dia
ler_persist.html
Q3. A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?
A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
Answer: D
Explanation:
Configuring NAT to Allow Internal Users to Access the Internet Using Overloading NAT Router
interface ethernet 0
ip address 10.10.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface ethernet 1
ip address 10.10.20.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.
interface serial 0
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24 !
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!
!
!
!
!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has the source
address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP
address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0
through 10.10.20.31.
Note in the previous second configuration, the NAT pool "ovrld"only has a range of one address. The
keyword overload used in the ip nat inside source list 7 pool
ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.
Reference:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
Q4. Which IPv6 address type is seen as the next-hop address in the output of the show ipv6 rip RIPng database command?
A. link-local
B. global
C. site-local
D. anycast
E. multicast
Answer: A
Explanation:
Q5. You have been asked to evaluate how EIGRP is functioning in a customer network.
What percent of R1’s interfaces bandwidth is EIGRP allowed to use?
A. 10
B. 20
C. 30
D. 40
Answer: B
Explanation:
Q6. CORRECT TEXT
ROUTE.com is a small IT corporation that has an existing enterprise network that is running IPv6 0SPFv3. Currently OSPF is configured on all routers. However, R4's loopback address (FEC0:4:4) cannot be seen in R1's IPv6 routing table. You are tasked with identifying the cause of this fault and implementing the needed corrective actions that uses OPSF features and does not change the current area assignments. You will know that you have corrected the fault when R4's loopback address (FEC0:4:4) can be seen in RTs IPv6 routing table.
Special Note: To gain the maximum number of points you must remove all incorrect or unneeded configuration statements related to this issue.
Answer: Here is the solution below:
Explanation:
To troubleshoot the problem, first issue the show running-config on all of 4 routers. Pay more attention to the outputs of routers R2 and R3 The output of the "show running-config" command of R2:
The output of the "show running-config" command of R3:
We knew that all areas in an Open Shortest Path First (OSPF) autonomous system must be physically connected to the backbone area (Area 0). In some cases, where this is not possible, we can use a virtual link to connect to the backbone through a non-backbone area. The area through which you configure the virtual link is known as a transit area. In this case, the area 11 will become the transit area. Therefore, routers R2 and R3 must be configured with the area <area id> virtual-link <neighbor router-id>command. + Configure virtual link on R2 (from the first output above, we learned that the OSPF process ID of R2 is 1):
R2>enable
R2#configure terminal
R2(config)#ipv6 router ospf 1
R2(config-rtr)#area 11 virtual-link 3.3.3.3
Save the configuration:
R2(config-rtr)#end
R2#copy running-config startup-config
(Notice that we have to use neighbor router-id 3.3.3.3, not R2's router-id 2.2.2.2) + Configure virtual link on R3 (from the second output above, we learned that the OSPF process ID of R3 is 1 and we have to disable the wrong configuration of "area 54 virtual-link 4.4.4.4"):
R3>enable
R3#configure terminal
R3(config)#ipv6 router ospf 1
R3(config-rtr)#no area 54 virtual-link 4.4.4.4
R3(config-rtr)#area 11 virtual-link 2.2.2.2
Save the configuration:
R3(config-rtr)#end
R3#copy running-config startup-config
You should check the configuration of R4, too. Make sure to remove the incorrect configuration statements to get the full points.
R4(config)#ipv6 router ospf 1
R4(config-router)#no area 54 virtual-link 3.3.3.3
R4(config-router)#end
After finishing the configuration doesn’t forget to ping between R1 and R4 to make sure they work.
Note. If you want to check the routing information, use the show ipv6 route command, not "show ip route".
Q7. Which common issue causes intermittent DMVPN tunnel flaps?
A. a routing neighbor reachability issue
B. a suboptimal routing table
C. interface bandwidth congestion
D. that the GRE tunnel to hub router is not encrypted
Answer: A
Explanation:
DMVPN Tunnel Flaps Intermittently Problem DMVPN tunnel flaps intermittently. Solution
When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship
formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make
sure the neighborship between the routers is always up. Reference: http://www.cisco.com/c/en/us/support/
docs/security-vpn/ipsec-negotiation-ike- protocols/29240-dcmvpn.html#Prblm1
Q8. Which Cisco VPN technology uses AAA to implement group policies and authorization and is also used for the XAUTH authentication method?
A. DMVPN
B. Cisco Easy VPN
C. GETVPN
D. GREVPN
Answer: B
Explanation:
Q9. For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?
A. The traffic filter is blocking all ICMPv6 traffic.
B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.
C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.
D. IPv6 traffic filtering can be implemented only on SVIs.
Answer: C
Explanation:
OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features, so if any IPv6 traffic
filters are implemented be sure to include the link local address so that it is permitted in the filter list.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx- os/unicast/configuration/
guide/l3_cli_nxos/l3_ospfv3.html
Q10. You have been asked to evaluate how EIGRP is functioning in a customer network.
What type of route filtering is occurring on R6
A. Distribute-list using an ACL
B. Distribute-list using a prefix-list
C. Distribute-list using a route-map
D. An ACL using a distance of 255
Answer: A
Explanation: