Q1. Which two statements are true about VPLS? (Choose two.)
A. It can work over any transport that can forward IP packets.
B. It provides integrated mechanisms to maintain First Hop Resiliency Protocols such as HSRP, VRRP, or GLBP.
C. It includes automatic detection of multihoming.
D. It relies on flooding to propagate MAC address reachability information.
E. It can carry a single VLAN per VPLS instance.
Answer: D,E
Explanation:
VPLS relies on flooding to propagate MAC address reachability information. Therefore, flooding cannot be prevented.
VPLS can carry a single VLAN per VPLS instance. To multiplex multiple VLANs on a single instance, VPLS uses IEEE QinQ.
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-574984.html
Q2. Refer to the exhibit.
Which BGP feature is being used?
A. fast session deactivation
B. graceful restart
C. PIC
D. graceful shutdown
Answer: A
Q3. Which two statements about the function of a PIM designated router are true? (Choose two.)
A. It forwards multicast traffic from the source into the PIM network.
B. It registers directly connected sources to the PIM rendezvous point.
C. It sends PIM Join/Prune messages for directly connected receivers.
D. It sends IGMP queries.
E. It sends PIM asserts on the interfaces of the outgoing interface list.
Answer: B,C
Explanation:
In PIM ASM and SSM modes, the software chooses a designated router (DR) from the routers on each network segment. The DR is responsible for forwarding multicast data for specified groups and sources on that segment. In ASM mode, the DR is responsible for unicasting PIM register packets to the RP. When a DR receives an IGMP membership report from a directly connected receiver, the shortest path is formed to the RP, which may or may not go through the DR. The result is a shared tree that connects all sources transmitting on the same multicast group to all receivers of that group. In SSM mode, the DR triggers (*, G) or (S, G) PIM join messages toward the RP or the source. The path from the receiver to the source is determined hop by hop. The source must be known to the receiver or the DR.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/multicast/configuration/guide/n7k_multic_cli_5x/pim.html#wp1054047
Q4. Which two options are advantages of NetFlow version 9 over NetFlow version 5? (Choose two.)
A. NetFlow version 9 adds support for IPv6 headers.
B. NetFlow version 9 adds support for MPLS labels.
C. NetFlow version 9 adds support for the Type of Service field.
D. NetFlow version 9 adds support for ICMP types and codes.
Answer: A,B
Explanation:
NetFlow version 9 includes support for all of these fields that version 5 supports and can optionally include additional information such as Multiprotocol Label Switching (MPLS) labels and IPv6 addresses and ports.
Q5. Which two statements about SoO checking in EIGRP OTP deployments are true? (Choose two).
A. During the import process, the SoO value in BGP is checked against the SoO value of the site map.
B. During the reception of an EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of the site map on the ingress interface.
C. At the ingress of the PE/CE link, the SoO in the EIGRP update is checked against the SoO within the PE/CE routing protocol.
D. At the egress of the PE/CE link, the SoO is checked against the SoO within the PE/CE routing protocol.
E. The SoO is checked at the ingress of the backdoor link.
F. The SoO is checked at the egress of the backdoor link.
Answer: A,B
Explanation:
. SoO checking:
– During the import process the SoO value in BGP update is checked against the SoO value of the site-map attached to VRF interface. The update is propagated to CE only if there is no match (this check is done regardless of protocol used on PE/CE link).
– At reception of EIGRP update, the SoO value in the EIGRP update is checked against the SoO value of site-map attached to the incoming interface. This update is accepted only if there is no match (this check can optionally be done on backdoor router).
Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ip-routing/whitepaper_C11-730404.html
Q6. Which two statements are true about OTV? (Choose two.)
A. It relies on flooding to propagate MAC address reachability information.
B. It uses a full mesh of point-to-multipoint tunnels to prevent head-end replication of multicast traffic.
C. It can work over any transport that can forward IP packets.
D. It supports automatic detection of multihoming.
Answer: C,D
Explanation:
The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic. As part of the OTV control protocol, automatic detection of multihoming is included. This feature enables the multihoming of sites without requiring additional configuration or protocols
Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-574984.html
Q7. Which two statements about PIM-DM are true? (Choose two.)
A. It forwards multicast packets on a source tree.
B. It requires an RP.
C. It forwards multicast packets on a shared distribution tree.
D. It floods multicast packets to neighbors that have requested the data.
E. It floods multicast packets throughout the network.
F. It forwards multicast packets to neighbors that have requested the data.
Answer: A,E
Q8. DRAG DROP
Drag and drop the SNMP element on the left to the corresponding definition on the right.
Answer:
Q9. DRAG DROP
Drag and drop Layer 2 QoS Commands on the left to the corresponding functions on the right.
Answer:
Q10. What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment?
A. It does not use Diffie-Hellman for secret exchange.
B. It does not support dead peer detection.
C. It does not support NAT traversal.
D. It does not hide the identity of the peer.
Answer: D
Explanation:
IKE phase 1's purpose is to establish a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not.
Reference: http://en.wikipedia.org/wiki/Internet_Key_Exchange