Professional Documents
Culture Documents
Number: 300-135
Passing Score: 846
Time Limit: 120 min
File Version: 1.0
Multiple Choice Questions / Drag and Drops / Simlet / Simulation Labs ONLY!
(NO TSHOOT TICKETS)
Exam A - MCQs-D&Ds - Nov 2017
Exam B - MCQs-D&Ds - April 2018
Exam C - MCQs-D&Ds - May 2018
Exam D - MCQs-D&Ds - June 2018
Exam E - MCQs-D&Ds - July 2018
Exam F - MCQs-D&Ds - July-August 2018
Exam G - MCQs-D&Ds - September 2018
Exam H - Simlet - HSRP
Exam I - Simulation Labs
MCQs-D&Ds - Nov 2017
QUESTION 1
Drag and Drop - Mandatory and Optional GRE Headers
Section: (none)
Explanation
Explanation/Reference:
Mandatory: Protocol Type,Reserved0, Version
Optional: Checksum, Key, Sequence Number
QUESTION 2
Drag and Drop - Standard and Extended GRE Tunnel Header
Section: (none)
Explanation
Explanation/Reference:
Standard Header: Checksum, Protocol Type, Reserved0, Version
Extended Header: Key, Sequence Number
QUESTION 3
Which three IP header option fields can you modify in an extended ping? (Choose three.)
A. Value
B. Strict
C. Record
D. Timestamp
E. Timeout
Explanation/Reference:
QUESTION 4
Select valid type of tunnels mode (Choose four.)
A. GRE
B. 6to4
C. ISATAP
D. NHRP
E. IPv6IP
F. mGRE
Explanation/Reference:
QUESTION 5
Drag and Drop - Debug and Show Commands
Associate debug and show commands with what they do. Not all options will be used. (7 options)
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
debug ip mpacket <-> multicast packet
debug standby errors<-> HSRP issues
debug ip packet <-> All IPv4 information
debug ipv6 packet <-> All IPv6 information
debug vlan <-> 802.1q troubleshoot
debug ip cef <-> hardware forwarding
QUESTION 6
Drag and Drop - Extended Traceroute
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Probe count <-> limits the number of traceroute
Port Number <-> troubleshoot TCP and UDP port
Source address <-> troubleshoot connections generated from specific interface
Max TTL <-> limits the number of hops a packet travel
Type of Service <-> troubleshoot QoS issues
QUESTION 7
Which three keywords are supported in the IP header option? (Choose three.)
A. Timeout
B. Type of service
C. Validate
D. Timestamp
E. Record
F. Strict
Explanation/Reference:
QUESTION 8
Drag and Drop - Valid Tunnel Types
Drag and drop the correct tunnel types in the right order. Not all options will be used.
Explanation/Reference:
Sequence 1 - 6to4
Sequence 2 - GRE IP
Sequence 3 - IPv6 IP
Sequence 4 - ISATAP
MCQs-D&Ds - April 2018
QUESTION 1
In which troubleshooting approach you start troubleshooting from middle of OSI layer stack and then either go up or down layer for further troubleshooting?
A. Bottom-up
B. Top-down
C. Divide-and-conquer
D. Follow-the-path
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which two things should you check while troubleshooting uRPF? (Choose two)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which access-list allows SSH access from network 10.10.15.0/24?
A. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 21
B. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 23
C. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 22
D. access-list 142 permit tcp 10.10.15.0 0.0.0.255 any eq 25
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Drag and Drop
Securing the control plane on R1 connected via SSH to the network 10.10.0.0/16. You should choose the right answers and place them in the right
configuring order. Not all options will be used.
Explanation/Reference:
Sequence 1
access-list X permit tcp 10.10.0.0/16 eq 22 any estab
access-list X permit tcp 10.10.0.0/16 any eq 22
Sequence 2
class-map match-all SSH
match access-group X
Sequence 3
Policy Y
Class SSH
Sequence 4
Control plane
service-policy input Y
QUESTION 5
What two statements could be the reason for GRE Tunnel interface in up/down state? (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
Which two are valid AAA authentications methods? (Choose two.)
A. Line
B. Krb6
C. LDAP
D. Local
E. Blowfish
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which two commands are required to setup GRE tunnel between R2 & R3? (Choose two.)
A. R2:
interface tunnel 1
ip address 10.1.1.1 255.255.255.252
tunnel source 192.168.1.1
tunnel destination 192.168.2.3
B. R3:
interface tunnel 1
ip address 10.1.1.2 255.255.255.252
tunnel source 192.168.2.3
tunnel destination 192.168.1.1
C. ???
D. ???
E. ???
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
While troubleshooting you noticed *** as output of traceroute command. What is the reason for that?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Drag and Drop - MPP
Drag and drop the correct MPP commands in the right configuration order.
Explanation/Reference:
Sequence 1:-
access-list 125 permit tcp x x eq 22 established
access-list 125 permit tcp x x eq 22
Sequence 2:-
class-map yyy
match acceess-group 125
Sequence 3:-
policy-map zzzz
class yyy
Sequence 4:-
control-plane
service policy input zzzz
QUESTION 10
Drag and Drop - Valid Debug Commands
Question about four valid debug commands on a switch. Not all options will be used. (Choose four.)
Explanation/Reference:
=Answer=
1. debug glbp errors
2. debug ip igmp snooping
3. debug ip interface route-cache
4. debug spanning-tree mstp init
QUESTION 11
Drag and Drop - Monitoring GRE Packets
Choose and place in the right order headers when monitoring GRE packet. Not all options will be used.
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Step 1. Source tunnel IP header
Step 2. GRE header
Step 3. Original source IP header
Step 4. Data
QUESTION 12
Which two statements could be the reason for GRE tunnel interface in up/down state? (Choose two.)
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Which access-list allows SSH access from network 10.10.15.0/24?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
MCQs-D&Ds - May 2018
QUESTION 1
Which two statements about GRE are true?
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which two statements about IPv6 traffic filtering are true? (Choose two.)
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Virtual Fragmentation Reassembly
When virtual fragmentation reassembly (VFR) is enabled, VFR processing begins after ACL input lists are checked against incoming packets. The incoming
packets are tagged with the appropriate VFR information.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-3s/ipv6-xe-36s-book/ip6-sec-trfltr-fw.html#GUID-01C01A9C-C68D-47B5-B9B5-
BA44A704383E
QUESTION 3
Question about keepalive in GRE tunnel with two options. (Choose two.)
A. Enabled by default
B. Supports on point-to-point GRE tunnel interface
C. Supports on point to multi-point mGRE
D. 1 option for IPSec
E. Support broadcast
F. Support broadcast multicast
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
GRE Tunnels with IPsec
When GRE is used with IPsec, the keepalives are encrypted like any other traffic. As with user data packets, if the IKE and IPsec security associations are
not already active on the GRE tunnel, the first GRE keepalive packet will trigger IKE/IPsec initialization.
https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sb_gretk.html
QUESTION 4
Drag and Drop - GRE Tunnels (Required and Optional)
Explanation/Reference:
Required Component
- Tunnel Destination Address
- Tunnel IP Address
- Tunnel Source Address
Optional Component
- TCP MSS
- Tunnel Key
- Tunnel Mode
The detail is you remember the configuration in GRE, the required components is necessary to form a GRE tunnel.
QUESTION 5
You are performing a peer review on this implementation script, which is intended to enable AAA on a device. If the script is deployed which two effects does
it have on the device? (Choose two.)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
When you have:
R1#sh run | sec aaa
no aaa new-model
R1(config)#aaa authentication ?
R1(config)#aaa authentication login default local
^
% Invalid input detected at ‘^’ marker.
QUESTION 6
What is a common protocol for ping and traceroute?
A. ICMP
B. PIM
C. IGMP
D. IP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
When configuring a router or switch, which plane is affected?
A. data
B. management
C. control
D. forward
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
A user is able to log into the switch but cannot enable. What might be the reason?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Drag and Drop - Ping and Traceroute
Explanation/Reference:
Validate Reply Data — specify data pattern
Data pattern – ???
DF-Bit - enable do not fragment bit in IP header
TOS - used for QoS troubleshooting
Validate - validate reply data
QUESTION 10
Which troubleshooting method is used when we troubleshoot a spanning tree issue for any VLAN?
A. divide and conquer
B. top-down
C. bottom-up
D. follow-the-path
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Drag and Drop - Ping
Explanation/Reference:
data — specify data pattern
df-bit — enable do not fragment bit in IP header
repeat — specify repeat count
size — specify datagram size (MTU)
source — specify source address or name
timeout — specify timeout interval
tos — specify type of service value
validate — validate reply data
QUESTION 12
Question about keepalive in GRE.
A. enabled by default.
B. possible to configure on point-to-point GRE tunnel interface.
C. mGRE
D. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Question about authentication, tacas/local, based on piece of configuration.
AAA and what will be the result with this configuration: it either checks the local database first or it only authenticate 2 listed users.
A. The aaa-new-model command is not there in the script; hence the script will not work.
B. The configuration script will be partially executed (as 2 local username and password are there).
C. ???
D. ???
E. ???
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
A question about GRE tunnel with the options of it support multicast, broadcast traffic or only broadcast and some other options that we needed to choose 2
correct ones. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
Question about keepalive in GRE tunnel. (Choose two.)
A. Enabled by default.
B. Supports on point-to-point GRE tunnel interface.
C. Supports on point to multi-point mGRE
D. Works with IPsec tunnel protection
E. Works with VRF only if FVRF and IVRF match.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Drag and Drop - Ping and Traceroute (Mod 2)
(This could be the official version. Been added just in case, even if wording isn't exact.)
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
TOS – something about quality of service
Df-bit – prevent packets from being segmented or broken up
Data Pattern – detect framing errors
Hop Count – verify routing metrics
Reply – verify reachability
MCQs-D&Ds - June 2018
QUESTION 1
A question about DHCP issue. Which troubleshooting method to use?
A. top down
B. bottom up
C. divide and conquer
D. compare configuration
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
A router knows one destination using EIGRP and two OSPF networks. Which will be the best way to determine the path? (Choose two.)
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Which two statements about ping and traceroute are true? (Choose two.)
A. Ping only using ICMP.
B. Only ping have TTL.
C. To determine if a host is reachable, using traceroute is better than ping.
D. Traceroute uses UDP diagram and ICMP.
E. Ping uses TCP and ICMP.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Which two protocols does the management plane protection feature support? (Choose two.)
A. HTTPS
B. ARP
C. DNS
D. TFTP
E. DHCP
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
Which two statements about uRPF are true? (Choose two.)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
Which two statements about time-based ACLs are true? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Which two ACLs use with IPv6 traffic filters? (Choose two.)
A. tagged
B. standard
C. named
D. numbered
E. dynamic
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
A question about GRE tunnel which is up and cannot pass through traffic. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
A GRE tunnel is up but the server or host cannot pass through traffic what are the two things need to be fixed? (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
You want to reach an endpoint and in between is an EIGRP and a link with OSPF routing. What is the best way to check the route? (Choose two.)
A. ping 10.1.1.1
B. trace 10.1.1.1
C. show ip route 10.1.1.1
D. show ip ospf database 10.1.1.1
E. show eigrp topology
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
A question about ping, traceroute and ICMP. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Drag and Drop
WAN is 1500 MTU. How do you configure the GRE tunnel where packets doesn't get fragmented? Not all options will be used.
(MAY NEED TO BE MODIFIED - PLEASE CHECK NETWORKTUT IF THIS IS THE CORRECT FORMAT.)
Select and Place:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
1: tunnel mode gre ip
2: ip mtu 1400
3: ip adjust tcp-mss 1360
QUESTION 13
A question about TACACS+/local authentication based on a piece of configuration.
A. It will check TACACS+ authentication but skip for the two users created locally.
B. The aaa-new model is not used and hence poliicy will not be applied.
C. AAA will not be used hence policy will not be applied.
D. Port of the script is rejected.
E. ???
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
A question about time-based ACLs. (Choose two.)
A. standard
B. extended
C. time source from router
D. NTP sync
E. ???
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
A question about GRE tunnel IPv6 over IPv4. (Choose two.)
A. SRC (source) must be IPv4.
B. IPv6 over IPv4
C. ???
D. ???
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
A question about troubleshooting connection to EIGRP/OSPF enabled device 10.11.1.1. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
A technician is troubleshooting connectivity problems between two routers that are directly connected through a serial line. The technician notices that the
serial line is up, but cannot see any neighbors displayed in the output of the show cdp neighbors command. In which OSI layer is the problem most likely
occurring?
A. physical
B. data link
C. network
D. transport
E. application
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
A question about something like tunnel path-mtu-discovery and the other choice has something like GRE and IP in the command line with two choices.
(Choose two.)
A. ip mtu 1400
B. ip tcp adjust-mss 1360
C. ???
D. ???
E. ???
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
MCQs-D&Ds - July 2018
QUESTION 1
GRE with IPsec tunnel are true. (Choose two.)
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which two can use to protect and secure management plane from unwanted and unauthorized access? (Choose two.)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
A question about pass encrytion in Cisco IOS software is true.
(About pass encryption in CISCO IOS software, which statement is true?)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
A question with one router and a computer (exhibit) 192.168.10.0/24. You receive timed out when you start to SSH the router. Which layer is the first that you
are going to look into this matter?
A. physical
B. datalink
C. network
D. ???
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
How do you make sure AAA will still allow you to login if TACACS+ fails? (Choose two.)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
A question with an image, regardless tunnel 1018 went down.
(Question refering to an exhibit – something with PIM, tunnel flapping and neighboring get rejected, regardless Tunnel 1018 went down.)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
When your network experiences Cisco Discovery Protocol and LLDP issues, with which layer of the OSI model must you begin troubleshooting?
A. physical layer
B. datalink layer
C. network layer
D. transport layer
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
If you want to use GRE with IPSec which is compatible with NAT traversal?
A. MD5 mode
B. SHA mode
C. IPsec tunnel mode
D. tunnel transport
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Which two can use to protect and secure management plane from unwanted and unauthorized access? (Choose two.)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Troubleshoot uRPF loose mode at client gateway router for networks that are not in the routing table. (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
A question about SSH into router, the connection time out. Which layer to troubleshoot first?
A. physical layer
B. network layer
C. ???
D. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
A question about restrict access for devices in management plane.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
A question with an exhibit with tunnel which flaps.
A. routing through.....
B. static route added
C. not properly configured interfaces...
D. ???
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
A question related to Cisco password security.
A. Enable secret is strongrt than enable password (as I can remember) with 7.
B. Weaker revisable algorithms that are hashed and encrypted related (with 5 and 7).
C. ???
D. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
A question related to VPN.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
A question related to IPsec security.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
Which of the two statements are true regarding traceroute?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
A question about restrict access for device on management plane? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Which IP header option fields can you modify in an extended ping? (Choose three.)
A. value
B. strict
C. record
D. timestamp
E. timeout
Explanation/Reference:
QUESTION 20
Which two statements about traceroute are true? (Choose two.)
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 21
Which command enables authenticated login if a TACACS+ failure occurs?
Explanation/Reference:
QUESTION 22
If you want to use GRE with IPSec which is compatible with NAT traversal?
A. MD5 mode
B. SHA mode
C. GRE tunnel mode
D. tunnel transport
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
You must add encryption to a GRE tunnel. Which IPsec configuration is recommended for a VPN with NAT transversal?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
A question with an exhibit and is asking why tunnel 1018 went down.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
MCQs-D&Ds - July-August 2018
QUESTION 1
Which protocol does mGRE use to send packets?
A. DMVPN
B. NHRP
C. OSPF
D. IPsec
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which protocols are supported with MPP? (Choose three.)
A. HTTP
B. HTTP and HTTPS
C. SSH
D. FTP
E. SFTP
F. TFTP
Explanation/Reference:
QUESTION 3
Which two topologies are allowed with p2p GRE over IPsec? (Choose two.)
A. Hub and Spoke
B. Partial Mesh
C. Point to Multipoint
D. Bus
E. Star
F. Ring
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Drag and Drop - uRPF Strict Mode / Loose Mode
Drag and drop the correct statements about uRPF strict and loose mode onto the right. Not all options will be used.
Explanation/Reference:
Strict
- Can be used on inside internet router interface
- Must have the same path back
Loose
- Can be used on outside internet router interface
- Must have the source IP in routing table
- The allow-default option may be used
QUESTION 5
Drag and Drop - Configuring SSH Sequence
Drag and drop the sequence for configuring SSH in the correct order onto the right.
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Step 1 - ip ssh version 2
Step 2 - ip domain-name cisco.com
Step 3 - crypto-key generate rsa
Step 4 - line vty 0 4
transport input ssh
Step 5 - transport input telnet
QUESTION 6
Which two keywords can be used with debug condition to filter output? (Choose two.)
A. Host name
B. Interface ID
C. Port number
D. Protocol
E. Packet size
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Output of show access-list, what can you do to correct SSH?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Which IPsec mode with least overhead?
A. transport
B. dynamic
C. transparent
D. tunnel
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
A question about OSPF fails to establish a neighbor adjacency and how to debug. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Which keywords can be used with debug condition to filter output? (Choose two.)
A. Port Number
B. Interface ID
C. Protocol
D. User Name
E. Packet Size
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Drag and Drop - Sequence of Configuring SSH
Drag and drop the correct sequence for configuring SSH in the correct order onto the right. Not all options will be used.
Explanation/Reference:
Step 1: ip domain-name cisco.com
Step 2: crypto-key generate rsa
Step 3: ip ssh version 2
Step 4: line vty 0 4
transport input ssh
QUESTION 12
An output of ‘show ip eigrp’ was given and we need to find out the error and troubleshoot based on given scenario. (Choose two.)
A. Hello timer mismatched
B. Process ID mismatched
C. Metric calculations mismatched
D. Router ID mismatched
E. Authentication mismatched
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
Drag and Drop - How do you configure uRPF Strict and Loose mode
Drag and drop the correct statements about uRPF strict and loose mode onto the right. Not all options will be used.
Explanation/Reference:
Strict Mode
- An IPv4 source address at the receiving end must match routing entry for the interface
- Can be used to configure on the inside interface of the Internet router
- Supports symmetric routing feature
Loose Mode
- Can be used to configure on the outside interface of the Internet router
- IPv4 source IP address must be the part of the routing table
QUESTION 14
How will you troubleshoot OSPF adjacency issue? (Choose two.)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
What IP header option fields can you modify in an extended ping? (Choose three.)
A. Value
B. Strict
C. Record
D. Timestamp
E. Timeout
Explanation/Reference:
MCQs-D&Ds - September 2018
QUESTION 1
Given show version, check why SSH is not successful?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
A question about enable secret and enable password. (Choose two.)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
A question about logging console critical. Which three types of logs will be displayed? (Choose three.)
A. alert
B. critical
C. emergency
D. ???
E. ???
Explanation/Reference:
QUESTION 4
A question about extended traceroute. (Choose two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
A question with a configuration snippet. Which purpose is to allow Telnet using port 3033. Why the configuration shown is not working?
A. add rotary 33
B. remove authentication login TTC
C. remove authorization exec TTC
D. remove transport input telnet
E. using access-lists
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
A question about how to use timed-based ACL to allow telnet from 6pm-6am.
A. time-range NOC-access
periodic daily 18:00 to 06:00
B. time-range NOC-access
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
C. ???
D. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Which system architect allow GRE and IPSec perform routing separately?
A. server-client
B. peer-to-peer
C. headend
D. ???
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
Which two VPN technologies allow unicast, multicast and private addressing? (Choose two.)
A. GRE
B. IPSec VPN
C. GET VPN
D. DMVPN
E. ???
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
Which two routing protocols support TLVs and Fast Reroute? (Choose two.)
A. EIGRP
B. RIPv2
C. IS-IS
D. OSPF
E. ???
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
A question with a show version output snippet. The register was 2102.
A. IOS update
B. less memory
C. configuration register is wrong
D. need new boot ROM
E. ???
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
A question with output of show version. SSH and configuration is not loaded. What is the issue?
A. IOS upgrade
B. ROM memory upgrade
C. configuration register
D. ???
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Which two protocols must use route protocol for using TLV and fast-reroute? (Choose two.)
A. ISIS
B. OSPF
C. EIGRP
D. RIP
E. RIPv2
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
A question about tunnels that support routing and multicasting.
A. DMVPN
B. GRE
C. IPSec
D. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
A question about a system architecture that seperates point to point and crypto function seperately for seperate routing processes.
A. backend
B. headend
C. peer to peer
D. client server
E. ???
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
A question about a user is supposed to access between 6:00 PM to 6:00 AM, however denied by midnight what needs to be changed.
A. time-range NOC_ACCESS
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
B. time-range SWITCH_ACCESS
periodic daily 18:00 to 23:59
periodic daily 00:00 to 06:00
C. time-range NOC_ACCESS
periodic daily 06:01 to 23:59
D. time-range SWITCH_ACCESS
periodic daily 06:01 to 23:59
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
A question about dynamic routing and encryption.
A. Easy VPN
B. GET VPN
C. DMVPN
D. ???
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 17
A question about extended traceroute. (Choose two.)
A. verbose mode
B. strict mode
C. changing TTL
D. changing IP Header option
E. ???
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
Which tunnel/technology support routing, multicasting and private IP address?
A. GRE
B. DMVPN
C. MPLS VPN
D. IPsec
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 19
Which two statements about enable secret and enable password are true? (Choose two.)
A. enable secret and enable password can not be configured same time.
B. enable password is easy to decipher.
C. enable secret is easy to decipher.
D. enable password is more preferable than enable secret.
E. enable secret is more preferable than enable password.
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Simlet - HSRP
QUESTION 1
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason
causing the issue.
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1
has not failed over to the standby router for group 1. You are required to troubleshoot and identify the issue.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R5. Router R5 do not see any route entries learned from R4; what could be the issue?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
From: lunch March 16th, 2018 - Networktut
Note: Correct answer is DHCP issue between R5 & R4. Not OSPF issue in R5 & R4.
R5 configuration :-
int gig0/0
ip address dhcp
This interface not getting dhcp ip address from R4. So even though OSPF configuration was like 0.0.0.0 0.0.0.0 area 0 , because this interface does not get
correct ip address from DHCP it can’t participate in OSPF.
R4 configuration :-
but
Int gig0/0
ip address dhcp .
This interface on R4 should have ip address configured on it instead of ” ip address dhcp ” . Hence its not able to provide dhcp lease address to R5.
R4 also had ospf configured as network 0.0.0.0 0.0.0.0 area 0. So all interface can participate if they are up and if they have ip address.
But because R5 interface connected to R4 could not obtail correct dhcp ip address from R4 due to DHCP issue they wont form ospf neighborship.
So correct answer is DHCP issue between R5 & R4. & I have got full marks in this section so you can count on me on this HSRP SIM.
QUESTION 5
Scenario: You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer
inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the
network problems.
Examine the configuration on R4. The routing table shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which of the following is the issue
preventing route entries being installed on R4 routing table?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Simulation Labs
QUESTION 1
LAB SIMULATION - BGP Sim (Cisco Official)
You work as Network Engineer for RADO Network Ltd company. Your colleague has setup POC lab simulating customer network to study about the
behavior of BGP protocol when routes are exchanged between two different autonomous systems.
Review the topology. You need to identify and fix iBGP and EBGP issues on R1 router.
Topology Details
AS64520
R1, R2 and R3 are three routers on AS 64520 and OSPF is IGP routing protocol configured between them.
IBGP configured between R1, R2 and R3 routers using peer group.
Loopback0 is used for IBGP peering, Loopback0 address configured on R1, R2 and R3 are advertised into BGP domain on AS64525.
AS64525
RA and RB are two routers on AS 64525 and EIGRP is IGP routing protocol configured between them.
Loopback0 address is used for IBGP peering, Loopback0 address configured on RA and RB advertised into BGP domain on AS64525.
R1 and RA form EBGP neighbor relationship using physical interface address.
R2 and RB form EBGP neighbor relationship using physical interface address.
Simulation Requirements
Identify and fix EBGP neighbor relationship issue between R1 and RA routers.
Identift and fix IBGP neighbor relationship issue between R1 and R2, R1 and R3.
You are allowed to remove any misconfiguration or incorrect configuration to only fix the issue and other initial configurations that not impacting the issues
should not be changed.
The final BGP table after fixing two issues on R1 router should display as shown below.
Special Note: To gain the maximum number of points you must fix IBGP and EBGP neighbor issues on router R1.
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Configurations on R1:
This lab is for BGP only so we only need to check BGP section.
R1#show running-config
—-output omitted—-
router bgp 64520
network 172.16.1.1 mask 255.255.255.255
neighbor IBGP peer-group
neighbor IBGP remote-as 64550
neighbor IBGP update-source loopback0
neighbor 172.16.2.2 peer-group IBGP
neighbor 172.16.3.3 peer-group IBGP
neighbor 209.165.200.2 remote-as 64525
—-output omitted—-
Solution - We see there are two issues here (two commands in bold), the first one is IBGP issue and the second one is EBGP issue.
R1> enable
R1# configure terminal
R1(config)# router bgp 64520
R1(config-router)# neighbor IBGP remote-as 64520
R1(config-router)# no neighbor 209.165.200.2 remote-as 64525
R1(config-router)# neighbor 209.165.201.2 remote-as 64525
R1(config-router)# end
R1# copy running-config startup-config <<NOTE: If this doesn't work, ignore it
Note:
In the second statement we fix the IBGP group to “remote-as 64520” without removing the wrongly configured IBGP group (“neighbor IBGP remote-as
64550”) because if we remove this statement, other related statements of IBGP (three statements “neighbor IBGP update-source Loopback0”, “neighbor
172.16.2.2 peer-group IBGP”, “neighbor 172.16.3.3 peer-group IBGP”) will be removed automatically because IBGP group no longer exists.
Also in statement 2 the “IBGP” group must be written in capital. You will receive an error if writing it in lowercase.
The IP addresses in the exam are different but the concept is still the same so please read the question carefully
After solving the problem don’t forget to verify with the “show ip bgp” command. You must see all the Loopback interfaces of other routers. Otherwise please
check your commands again.
QUESTION 2
LAB SIMULATION - BGP Sim (Networktut)
Loopback0 is used for IBGP peering while physical interface address is used for EBGP. Identify the IBGP issues on R1 to R2, R3 and EBGP issues to RA
and fix them so that the “show ip bgp” command on R1 will display all loopback interfaces of other routers.
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Configurations on R1:
This lab is for BGP only so we only need to check BGP section.
R1#show running-config
—-output omitted—-
router bgp 64520
network 172.16.1.1 mask 255.255.255.255
neighbor IBGP peer-group
neighbor IBGP remote-as 64550
neighbor IBGP update-source loopback0
neighbor 172.16.2.2 peer-group IBGP
neighbor 172.16.3.3 peer-group IBGP
neighbor 209.165.200.2 remote-as 64525
—-output omitted—-
Solution - We see there are two issues here (two commands in bold), the first one is IBGP issue and the second one is EBGP issue.
R1> enable
R1# configure terminal
R1(config)# router bgp 64520
R1(config-router)# neighbor IBGP remote-as 64520
R1(config-router)# no neighbor 209.165.200.2 remote-as 64525
R1(config-router)# neighbor 209.165.201.2 remote-as 64525
R1(config-router)# end
R1# copy running-config startup-config <<NOTE: If this doesn't work, ignore it
Note:
In the second statement we fix the IBGP group to “remote-as 64520” without removing the wrongly configured IBGP group (“neighbor IBGP remote-as
64550”) because if we remove this statement, other related statements of IBGP (three statements “neighbor IBGP update-source Loopback0”, “neighbor
172.16.2.2 peer-group IBGP”, “neighbor 172.16.3.3 peer-group IBGP”) will be removed automatically because IBGP group no longer exists.
Also in statement 2 the “IBGP” group must be written in capital. You will receive an error if writing it in lowercase.
The IP addresses in the exam are different but the concept is still the same so please read the question carefully
After solving the problem don’t forget to verify with the “show ip bgp” command. You must see all the Loopback interfaces of other routers. Otherwise please
check your commands again.