2014 Latest Cisco 350-001 Dump Free Download(101-110)!
QUESTION 101
You are using IPv6, and would like to configure EIGRPv3. Which three of these correctly describe how you can perform this configuration? (Choose three.)
A. EIGRP for IPv6 is directly configured on the interfaces over which it runs.
B. EIGRP for IPv6 is not configured on the interfaces over which it runs, but if a user uses
passive-interface configuration, EIGRP for IPv6 needs to be configured on the interface that is
made passive.
C. There is a network statement configuration in EIGRP for IPv6, the same as for IPv4.
D. There is no network statement configuration in EIGRP for IPv6.
E. When a user uses a passive-interface configuration, EIGRP for IPv6 does not need to be
configured on the interface that is made passive.
F. When a user uses a non-passive-interface configuration, EIGRP for IPv6 does not need to be
configured on the interface that is made passive
Answer: ADE
Explanation:
Restrictions for Implementing EIGRP for IPv6:
This section lists ways in which EIGRP for IPv6 differs from EIGRP IPv4 as well as EIGRP for IPv6 restrictions.
EIGRP for IPv6 is directly configured on the interfaces over which it runs. This feature allows EIGRP for IPv6 to be configured without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
In per-interface configuration at system startup, if EIGRP has been configured on an interface, then the EIGRP protocol may start running before any EIGRP router mode commands have been executed.
An EIGRP for IPv6 protocol instance requires a router ID before it can start running. ?EIGRP for IPv6 has a shutdown feature. The routing process should be in “no shutdown” mode in order to start running.
When a user uses passive-interface configuration, EIGRP for IPv6 does not need to be configured on the interface that is made passive.
EIGRP for IPv6 provides route filtering using the distribute-list prefix-list command. Use of the routE.map command is not supported for route filtering with a distribute list.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter 09186a00805fc867.html
QUESTION 102
Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be
employed to prevent the use of malformed or forged IP sources addresses?
A. It is applied only on the input interface of a router.
B. It is applied only on the output interface of a router.
C. It can be configured either on the input or output interface of a router.
D. It cannot be configured on a router interface.
E. It is configured under any routing protocol process.
Answer: A
Explanation:
Unicast Reverse Path Forwarding:
Is a small security feature, when configured on an interface, the router checks the incoming packet’s source address with its routing table. If the incoming packet’s source is reachable via the same interface it was received, the packet is allowed. URPF provides protection again spoofed packets with unverifiable source.
http://www.cciecandidate.com/?p=494
Unicast RPF can be used in any “single-homed” environment where there is essentially only one access point out of the network; that is, one upstream connection. Networks having one access point offer the best example of symmetric routing, which means that the interface where a packet enters the network is also the best return path to the source of the IP packet. Unicast RPF is best used at the network perimeter for Internet, intranet, or extranet environments, or in ISP environments for customer network terminations.
Feature Overview
The Unicast RPF feature helps to mitigate problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
For example, a number of common types of denial-of-service (DoS) attacks, including Smurf and Tribe Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
How It Works
When Unicast RPF is enabled on an interface, the router examines all packets received as input on that interface to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This “look backwards” ability is available only when Cisco express forwarding (CEF) is enabled on the router, because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation. Note Unicast RPF is an input function and is applied only on the input interface of a router at the upstream end of a connection.
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html
QUESTION 103
Unicast Reverse Path Forwarding can perform all of these actions except which one?
A. examine all packets received to make sure that the source addresses and source interfaces
appear in the routing table and match the interfaces where the packets were received
B. check to see if any packet received at a router interface arrives on the best return path
C. combine with a configured ACL
D. log its events, if you specify the logging options for the ACL entries used by the unicast rpf
command
E. inspect IP packets encapsulated in tunnels, such as GRE
Answer: E
Explanation:
For RPF to function, CEF must be enabled on the router. This is because the router uses the Forwarding Information Base (FIB) of CEF to perform the lookup process, which is built from the router’s routing table. In other words, RPF does not really look at the router’s routing table; instead, it uses the CEF FIB to determine spoofing.
Also, RPF cannot detect all spoofed packets. For the network in this example, the perimeter router cannot determine spoofing from packets received on the external E1 interface if they match the default route statement. Therefore, the more routes your router has in its CEF FIB table, the more likely the router will be capable of detecting spoofing attacks. In addition, RPF cannot detect any spoofed packets that are encapsulated, such as packets encapsulated in GRE, IPSec, L2TP, and other packets.
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this document.
When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router’s choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.
When administrators use Unicast RPF in loose mode, the source address must appear in the routing table. Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths. Unicast RPF in an Enterprise Network In many enterprise environments, it is necessary to use a combination of strict mode and loose mode Unicast RPF. The choice of the Unicast RPF mode that will be used will depend on the design of the network segment connected to the interface on which Unicast RPF is deployed.
Administrators should use Unicast RPF in strict mode on network interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. A subnet composed of end stations or network resources fulfills this requirement. Such a design would be in place for an access layer network or a branch office where there is only one path into and out of the branch network. No other traffic originating from the subnet is allowed and no other routes are available past the subnet. Unicast RPF loose mode can be used on an uplink network interface that has a default route associated with it.
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html
QUESTION 104
Which three of these statements about Dynamic Trunking Protocol are correct? (Choose three.)
A. It supports autonegotiation for both ISL and IEEE 802.1Q trunks.
B. It must be disabled on an interface if you do not want the interface to work as a trunk or start
negotiation to become a trunk.
C. It is a point-to-multipoint protocol.
D. It is a point-to-point protocol.
E. It is not supported on private VLAN ports or tunneling ports.
Answer: ABD
Explanation:
By default Cisco states that PVLANs will be forwarded. Keep in mind that if you do not disable DTP it will attempt to negotiate a trunk with any additional switch that it is connected to on the port in question. Switchport mode access – This command puts the interface (access port) into permanent nontrunking mode.
The interface will generate DTP frames, negotiating with the neighboring interface to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface does not agree to the change.
Switchport mode dynamic desirable – This command makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces. If the neighboring interface is set to the access or non-negotiate mode, the link will become a non-trunking link. Switchport mode dynamic auto – This command makes the interface willing to convert the link to a trunk link if the neighboring interface is set to trunk or desirable mode. Otherwise, the link will become a non-trunking link. Switchport mode trunk – This command puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface does not agree to the change. Switchport nonegotiate – Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link, otherwise the link will be a non-trunking link.
Using these different trunking modes, an interface can be set to trunking or nontrunking or even able to negotiate trunking with the neighboring interface. To automatically negotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Cisco proprietary Point-to-Point Protocol.
QUESTION 105
You are designing your network to be able to use trunks. As part of this process you are
comparing the ISL and 802.1Q encapsulation options. All of these statements about the two
encapsulation options are correct except which one?
A. Both support normal and extended VLAN ranges.
B. ISL is a Cisco proprietary encapsulation method and 802.1Q is an IEEE standard.
C. ISL encapsulates the original frame.
D. Both support native VLANs.
E. 802.1Q does not encapsulate the original frame.
Answer: D
Explanation:
ISL is a Cisco proprietary protocol for the interconnection of multiple switches and maintenance of VLAN information as traffic goes between switches. ISL provides VLAN trunking capabilities while it maintains full wire-speed performance on Ethernet links in full-duplex or half-duplex mode. ISL operates in a point- to-point environment and can support up to 1000 VLANs. In ISL, the original frame is encapsulated and an additional header is added before the frame is carried over a trunk link. At the receiving end, the header is removed and the frame is forwarded to the assigned VLAN.
ISL uses Per VLAN Spanning Tree (PVST), which runs one
instance of Spanning Tree Protocol (STP) per VLAN. PVST allows the optimization of root switch placement for each VLAN and supports the load balancing of VLANs over multiple trunk links. 802.1Q is the IEEE standard for tagging frames on a trunk and supports up to 4096 VLANs. In 802.1Q, the trunking device inserts a 4-byte tag into the original frame and recomputes the frame check sequence (FCS) before the device sends the frame over the trunk link. At the receiving end, the tag is removed and the frame is forwarded to the assigned VLAN. 802.1Q does not tag frames on the native VLAN. It tags all other frames that are transmitted and received on the trunk. When you configure an 802.1Q trunk, you must make sure that you
configure the same native VLAN on both sides of the trunk. IEEE 802.1Q defines a single instance of spanning tree that runs on the native VLAN for all the VLANs in the network. This is called Mono Spanning Tree (MST). This lacks the flexibility and load balancing capability of PVST that is available with ISL. However, PVST+ offers the capability to retain multiple spanning tree topologies with 802.1Q trunking.
QUESTION 106
What s the default stratum clock on a Cisco router, when you see the key word “master”
configured on the NTP line?
A. 1
B. 2
C. 4
D. 6
E. 8
Answer: E
Explanation:
NTP master
The “ntp master” is used to configure the device as a master clock when external time synchronization is not possible; for example, the router is not connected to the Internet. If the network has ntp master configured and it cannot reach any clock with a lower stratum number, the system claims to be synchronized at the configured stratum number, and other systems synchronize to it via NTP. By default, the master clock function is disabled.
When enabled, the default stratum is 8.
In the world of NTP, stratum levels define the distance from the reference clock. A reference clock is a stratum-0 device that is assumed to be accurate and has little or no delay associated with it (typically an atomic clock).
A server that is directly connected to a stratum-0 device is called a stratum-1 server, a server that is directly connected to a stratum-1 is called a stratum-2 server and so on.
http://www.cisco.com/en/US/products/hw/switches/ps1893/ products_command_reference_chapter09186a008007dec6.html
QUESTION 107
Though many options are supported in EIGRPv6, select two options from the below list that are
supported. Choose 2
A. VRF
B. auto-summary
C. per-interface configuration
D. prefix-list support via route-map
E. prefix-list support via distribute-list
Answer: CE
Explanation:
EIGRPv6 does differ from EIGRPv4 in the following ways:
EIGRPv6 is configured (enabled) directly on Cisco routers interfaces; this means EIGRPv6 can be configured (enabled) on a routers interface, without having to configure (assign) a Global IPv6 address on the interface and without using the network command while the router is in router configuration mode.
Also, when configuring (enabling) EIGRPv6 on a Cisco router, the EIGRP routing process must be configured (assigned) with a router-id (by using the router configuration command router-id); if a router-id is not configured (assigned) the EIGRPv6 routing process will not start. The EIGRPv6 routing process also uses a shutdown feature; meaning an EIGRPv6 routing process will not start until the routing process has been placed into no shutdown mode. (by, typing the no shutdown command while the router is in router configuration mode) Also, on Passive Interfaces; EIGRPv6 is not required to be configured. Lastly, EIGRPv6 use the router configuration command distribute-list prefix-list to perform route filtering; and when configuring route filtering the route-map command is not supported.
Below is some additional information on EIGRPv6:
IPv6 EIGRP and IPV4 EIGRP are very similar in concept except for the following differences:
IPv6 is configured on interface basis (like OSPFv3 and RIPng) and networks are advertised based on the interface command -> C is correct.
When configured on interface, IPv6 EIGRP is initially placed in “shutdown” state as with OSPFv3, IPv6 EIGRP require a router-id in IPv4 format Passive interfaces can only be configured in the routing process mode. The need for extra memory resources and supported in IOS 12.4(6)T and later. There is no split horizon in IPv6 because it is possible to get multiple prefixes per interface. Their is no concept of classful routing in IPv6 EIGRP consequently no automatic summary -> B is not correct EIGRPv6 uses the router configuration command “distribute-list prefix-list” to perform route filtering, and when configuring route filtering the “route-map” command is not supported -> E is correct but D is not.
Virtual Routing and Forwarding (VRF) is also supported in EIGRPv6.
QUESTION 108
During the IPv6 address resolution, a node sends a neighbor solicitation message in order to
discover which of these?
A. The Layer 2 multicast address of the destination node
B. The solicited node multicast address of the destination node
C. The Layer 2 address of the destination node based on the destination IPv6 address
D. The IPv6 address of the destination node based on the destination Layer 2 address
Answer: C
Explanation:
Nodes send Neighbor Solicitations to request the link-layer address of a target node while also providing their own link-layer address to the target. Neighbor Solicitations are multicast when the node needs to resolve an address and unicast when the node seeks to verify the reachability of a neighbor.
QUESTION 109
Which one of these statements is true of OSPF type 5 LSAs?
A. They are used to summarize area routes to other areas.
B. They are used in not-so-stubby areas to propagate external routes.
C. They are used to notify areas of the ASBR.
D. They are flooded to all areas except stub areas (external route).
Answer: D
Explanation:
http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml#app a1
QUESTION 110
Which OSPF LSA type does an ASBR use to originate a default route into an area?
A. LSA 1
B. LSA 3
C. LSA 4
D. LSA 5
E. LSA 7
Answer: D
Explanation:
By default, the OSPF router does not generate a default route into the OSPF domain. In order for OSPF to generate a default route, you must use the default-information originate command. With this command, the router will advertise type 5 LSA with a link ID of 0.0.0.0.
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00801ec9f0.s html
If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.