Q1. Refer to the exhibit.
Which type of BGP peer is 192.168.1.1?
A. route reflector client
B. iBGP
C. confederation
D. VPNv4
Answer: C
Q2. Which three statements about RIP timers are true? (Choose three.)
A. The default update timer is 30 seconds.
B. The default invalid timer is 180 seconds.
C. The default holddown timer is 180 seconds.
D. The default flush timer is 60 seconds.
E. The default scan timer is 60 seconds.
F. The default hello timer is 5 seconds.
Answer: A,B,C
Explanation:
The routing information protocol uses the following timers as part of its operation:
Update Timer
Invalid Timer
Flush Timer
Holddown Timer
Update Timer
The update timer controls the interval between two gratuitous Response Message. By default the value is 30 seconds. The response message is broadcast to all its RIP enabled interface.
Invalid Timer
The invalid timer specifies how long a routing entry can be in the routing table without being updated. This is also called as expiration Timer. By default, the value is 180 seconds. After the timer expires the hop count of the routing entry will be set to 16, marking the destination as unreachable.
Flush Timer
The flush timer controls the time between the route is invalidated or marked as unreachable and removal of entry from the routing table. By default the value is 240 seconds. This is 60 seconds longer than Invalid timer. So for 60 seconds the router will be advertising about this unreachable route to all its neighbors. This timer must be set to a higher value than the invalid timer.
Hold-down Timer
The hold-down timer is started per route entry, when the hop count is changing from lower value to higher value. This allows the route to get stabilized. During this time no update can be done to that routing entry. This is not part of the RFC 1058. This is Cisco's implementation. The default value of this timer is 180 seconds.
Reference: http://en.wikipedia.org/wiki/Routing_Information_Protocol#Timers
Q3. Which statement is true about trunking?
A. Cisco switches that run PVST+ do not transmit BPDUs on nonnative VLANs when using a dot1q trunk.
B. When removing VLAN 1 from a trunk, management traffic such as CDP is no longer passed in that VLAN.
C. DTP only supports autonegotiation on 802.1q and does not support autonegotiation for ISL.
D. DTP is a point-to-point protocol.
Answer: D
Explanation:
Ethernet trunk interfaces support different trunking modes. You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Point-to-Point Protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swvlan.html
Q4. Which Layer 2 tunneling technique eliminates the need for pseudowires?
A. OTV
B. L2TPv3
C. AToM
D. VPLS
Answer: A
Q5. Refer to the exhibit.
Switch DSW1 should share the same MST region with switch DSW2. Which statement is true?
A. Configure DSW1 with the same version number, and VLAN-to-instance mapping as shown on DSW2.
B. Configure DSW1 with the same region name, number, and VLAN-to-instance mapping as shown on DSW2.
C. DSW2 uses the VTP server mode to automatically propagate the MST configuration to DSW1.
D. DSW1 is in VTP client mode with a lower configuration revision number, therefore, it automatically inherits MST configuration from DSW2.
E. DSW1 automatically inherits MST configuration from DSW2 because they have the same domain name.
Answer: B
Q6. Which three options must be configured when deploying OSPFv3 for authentication? (Choose three.)
A. security parameter index
B. crypto map
C. authentication method
D. IPsec peer
E. encryption algorithm
F. encryption key
G. IPsec transform-set
H. authentication key
Answer: A,C,H
Q7. A floating static route appears in the routing table of an interface even when the interface is unusable.
Which action can you take to correct the problem?
A. Remove the permanent option from the static route.
B. Correct the administrative distance.
C. Configure the floating static route to point to another route in the routing table.
D. Correct the DHCP-provided route on the DHCP server.
Answer: A
Q8. EIGRP allows configuration of multiple MD5 keys for packet authentication to support easy rollover from an old key to a new key. Which two statements are true regarding the usage of multiple authentication keys? (Choose two.)
A. Received packets are authenticated by the key with the smallest key ID.
B. Sent packets are authenticated by all valid keys, which means that each packet is replicated as many times as the number of existing valid keys.
C. Received packets are authenticated by any valid key that is chosen.
D. Sent packets are authenticated by the key with the smallest key ID.
Answer: C,D
Explanation:
Suppose two routers are connected with each other via Fa0/0 interfaces and they are configured to authenticate via MD5. Below is a simple configuration on both routers so that they will work:
Router1(config)#key chain KeyChainR1
Router1(config-keychain)#key 1
Router1(config-keychain-key)#key-string FirstKey
Router1(config-keychain-key)#key 2
Router1(config-keychain-key)#key-string SecondKey
Router2(config)#key chain KeyChainR2
Router2(config-keychain)#key 1
Router2(config-keychain-key)#key-string FirstKey
Router2(config-keychain-key)#key 2
Router2(config-keychain-key)#key-string SecondKey
Apply these key chains to R1 & R2:
Router1(config)#interface fastEthernet 0/0
Router1(config-if)#ip authentication mode eigrp 1 md5
Router1(config-if)#ip authentication key-chain eigrp 1 KeyChainR1
Router2(config)#interface fastEthernet 0/0
Router2(config-if)#ip authentication mode eigrp 1 md5
Router2(config-if)#ip authentication key-chain eigrp 1 KeyChainR2
There are some rules to configure MD5 authentication with EIGRP:
+ The key chain names on two routers do not have to match (in this case the name “KeyChainR1 & “KeyChainR2 do not match)
+ The key number and key-string on the two potential neighbors must match (for example “key 1 & “key-string FirstKey” must match on “key 1” & “key-string FirstKey” of neighboring router) Also some facts about MD5 authentication with EIGRP
+ When sending EIGRP messages the lowest valid key number is used -> D is correct.
+ When receving EIGRP messages all currently configured valid keys are verified but the lowest valid one will be used -> Although answer C does not totally mention like that but it is the most suitable answer because A and B are totally wrong. Answer A is not correct because we need valid key to authenticate. As mentioned above, although answer C is not totally correct but it puts some light on why
answer B is not correct: each packet is NOT “replicated as many times as the number of existing valid keys”. All currently configured valid keys are verified but the lowest valid one will be used.
Q9. For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor command?
A. 6VPE
B. MPLS Carrier's carrier
C. inter-AS MPLS VPN option D
D. inter-AS MPLS VPN option C
E. Unified MPLS
Answer: E
Explanation:
Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as "Seamless MPLS." New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed. Only the RRs need newer software to support this architecture. Since the RRs advertise the BGP prefixes with the next hop set to themselves, they assign a local MPLS label to the BGP prefixes. This means that in the data plane, the packets forwarded on these end-to-end LSPs have an extra MPLS label in the label stack. The RRs are in the forwarding path. There are two possible scenarios:
. The ABR does not set the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part of the network. Because of this, the ABR needs to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP. If this is done, there is still scalability. Only the ABR loopback prefixes (from the core) need to be advertised into the aggregation part, not the loopback prefixes from the PE routers from the remote aggregation parts.
. The ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part. Because of this, the ABR does not need to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP.
In both scenarios, the ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR from the aggregation part of the network into the core part. If this is not done, the ABR needs to redistribute the loopback prefixes of the PEs from the aggregation IGP into the core IGP. If this is done, there is no scalability. In order to set the next hop to self for reflected iBGP routes, you must configure the neighbor x.x.x.x next-hop-self all command.
Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html
Q10. What is the function of the command ip pim autorp listener?
A. It allows a border PIM sparse mode router to accept autorp information from another autonomous system.
B. It allows the mapping agents to accept autorp information from the PIM rendezvous point.
C. It allows the routers to flood the autorp information in a sparse-mode-only network.
D. It allows a BSR to accept autorp information and translate it into BSR messages.
Answer: C
Explanation:
To cause IP multicast traffic for the two Auto-RP groups 224.0.1.39 and 224.0.1.40 to be Protocol Independent Multicast (PIM) dense mode flooded across interfaces operating in PIM sparse mode, use the ip pim autorp listener command in global configuration mode. To disable this feature, use the no form of this command.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_i3.html#wp3085748429