QUESTION 121
The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this:
access-list 101 permit tcp host 10.1.1.1 any eq 23
access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results. Which set of configurations resolves this issue?
A. no access-list 101
access-list 101 deny tcp host 10.1.1.1 any eq 23
access-list 101 deny tcp host 172.16.1.1 any eq 23
access-list 101 permit ip any any
B. control-plane
no service-policy input PM-CoPP
!
interface Ethernet 0/0
service-policy input PM-CoPP
C. control-plane
no service-policy input PM-CoPP
service-policy input PM-CoPP
D. no access-list 101
access-list 101 deny tcp host 10.1.1.1 any eq 23
access-list 101 deny tcp host 172.16.1.1 any eq 23
access-list 101 permit ip any any Interface E0/0
service-policy input PM-CoPP
Correct Answer: A
QUESTION 122
The network administrator configured the router for Control Plane Policing to limit OSPF traffic to be policed to 1 Mbps. Any traffic that exceeds this limit must also
be allowed at this point for traffic analysis. The router configuration is:
access-list 100 permit ospf any any
!
class-map CM-OSPF
match access-group 100
!
policy-map PM-COOP
class CM-OSPF
police 1000000 conform-action transmit
!
control-plane
service-policy output PM-COPP
The Control Plane Policing failed to monitor and police OSPF tratfic. Which configuration resolves this issue?
A. policy-map PM-COPP
class CM-OSPF
no police 1000000 conform-action transmit
police 1000000 conform-action transmit exceed-action transmit
B. control-plane
no service-policy output PM-COPP
service-policy input PM-COPP
C. no access-list 100
access-list 100 deny ospf any any
access-list 100 permit ip any any
!
policy-map PM-COPP
class CM-OSPF no police 1000000 conform-action transmit
police 1000000 conform-action transmit exceed-action drop
!
control-plane
no service-policy output PM-COPP
service-policy input PM-COPP
D. policy-map PM-COPP
class CM-OSPF
no police 1000000 conform-action transmit
police 1000000 conform-action transmit exceed-action transmit
!
control-plane
no service-policy output PM-COPP
service-policy input PM-COPP
Correct Answer: A
QUESTION 123
What is the purpose of the DHCPv6 Guard?
A. It allows DHCPv6 reply and advertisements from (rogue) DHCPv6 servers.
B. It shows that clients of a DHCPv6 server are affected.
C. It blocks DHCPv6 messages from relay agents to a DHCPv6 server.
D. It messages between a DHCPv6 server and a DHCPv6 client (or relay agent).
Correct Answer: C
QUESTION 124
An engineer notices that R1 does not hold enough log messages to identify the root cause during troubleshooting. Which command resolves this issue?
A. logging buffered 4096 critical
B. logging buffered 16000 critical
C. (config)# logging buffered 16000 informational
D. (config)# logging buffered 4096 informational
Correct Answer: C
QUESTION 125
How is a VPN forwarding table used in an MPLS network?
A. stores VPN routes with associated labels
B. learns customer routes through MP-BGP from the connected CE
C. learns PE route next hops through eBGP
D. learns VPN labels through LDP or RSVP
Correct Answer: C
QUESTION 126
What is LDP label binding?
A. two routers with label distribution session
B. neighboring router with label
C. destination prefix with label
D. source prefix with label
Correct Answer: C
QUESTION 127
Which table is used to map the packets in an MPLS LSP that exit from the same interface, via the same next hop, and have the same queuing policies?
A. RIB
B. CEF
C. LDP
D. FEC
Correct Answer: D
QUESTION 128
Network operations report issues with receiving too many external routes, which caused CPU spike on routers with smaller memories. Which action resolves the
issue?
A. Configure the area range command when redistributing on ABR.
B. Configure the summary-address command when redistributing on ABR.
C. Configure the summary-address command when redistributing on ASBR.
D. Configure the area range command when redistributing on ASBR.
Correct Answer: C
QUESTION 129
Which feature minimizes DoS attacks on an IPv6 network?
A. IPv6 Destination Guard
B. IPv6 Prefix Guard
C. IPv6 Binding Security Table
D. IPv6 Router Advertisement Guard
Correct Answer: A
QUESTION 130
The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks.
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23
!
class-map CLASS-SSH
match access-group 100
!
policy-map PM-COPP
class CLASS-SSH police 500000 conform-action transmit
!
Interface E0/0
service-policy input PM-COPP
!
Interface E0/1
service-policy input PM-COPP
The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue?
A. no access-list 100
access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
!
policy-map PM-COPP
class CLASS-SSH
no police 500000 conform-action transmit
police 500000 conform-action transmit exceed-action drop
B. interface E0/0
no service-policy input PM-COPP
!
interface E0/1
no service-policy input PM-COPP
!
control-plane service-policy input PM-COPP
C. no access-list 100
access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
!
Interface E0/0
no service-policy input PM-COPP
!
Interface E0/1
no service-policy input PM-COPP
!
control-plane service-policy input PM-COPP
D. no access-list 100
access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
Correct Answer: C
QUESTION 131
What does the MP-BGP OPEN message contain?
A. the version number and the AS number to which the router belongs
B. NLRI, path attributes, and IP addresses of the sending and receiving routers
C. MPLS labels and the IP address of the router that receives the message
D. IP routing information and the AS number to which the router belongs
Correct Answer: A
QUESTION 132
What is considered the primary advantage of running BFD?
A. reduction in time needed to detect Layer 3 routing neighbor failures
B. reduction in CPU needed to detect Layer 2 switch neighbor failures
C. reduction in time needed to detect Layer 2 switched neighbor failures
D. reduction in CPU needed to detect Layer 3 routing neighbor failures
Correct Answer: A
QUESTION 133
A host successfully inserted itself as a default router in the routing table of other hosts on the same segment. Which IPv6 first hop security feature prevents this type of attack?
A. Binding Table Recovery
B. IPv6 Destination Guard
C. IPv6 Router Advertisement Guard
D. IPv6 Prefix Guard
Correct Answer: C
QUESTION 134
An engineer configured two routers connected to two different service providers using BGP with default attributes. One of the links is presenting high delay, which causes slowness in the network. Which BGP attribute must the engineer configure to avoid using the high-delay ISP link if the second ISP ink is up?
A. WEIGHT
B. MED
C. AS-PATH
D. LOCAL_PREF
Correct Answer: D
QUESTION 135
When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device. Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?
A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
Correct Answer: B
QUESTION 136
An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing. Which two actions resolve the issue? (Choose two.)
A. Configure a domain name.
B. Configure transport input ssh command on the console.
C. Configure a source port for the SSH connection to initiate.
D. Configure a crypto key to be generated.
E. Configure a TACACS+ server and enable it
Correct Answer: AD
QUESTION 137
An engineer configured a DHCP server for Cisco IP phones to download its configuration from a TFTP server, but the IP phones failed to load the configuration. What must be configured to resolve the issue?
A. BOOTP port 67
B. BOOTP port 68
C. DHCP option 66
D. DHCP option 69
Correct Answer: C
QUESTION 138
An engineer configured policy-based routing for a destination IP address that does not exist in the routing table. How is the packet treated through the policy for configuring the set ip default next-hop command?
A. Packets are forwarded based on a static route.
B. Packets are not forwarded to the specific next hop.
C. Packets are forwarded based on the routing table.
D. Packets are forwarded to the specific next hop.
Correct Answer: D
QUESTION 139
In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two.)
A. by the recovery mechanism to recover the binding table in the event of a device reboot
B. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
C. by IPv6 routing protocols to securely build neighborships without the need of authentication
D. by various IPv6 guard features to validate the data link layer address
E. by storing hashed keys for IPsec tunnels for the built-in IPsec features
Correct Answer: AD
QUESTION 140
How does an MPLS Layer 3 VPN function?
A. multiple customer sites interconnect through service provider network to create secure tunnels between customer edge devices
B. set of sites interconnect privately over the Internet for security
C. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity
D. set of sites use multiprotocol BGP at the customer site for aggregation
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.