2014 Latest Cisco 350-001 Dump Free Download(121-130)!
QUESTION 121
A request arrived on your MPLS-vpn-bgp group. Due to a security breach, your customer is
experiencing DoS attacks coming from specific subnets (200.0.10.0/24, 200.0.12.0/24). You have
checked all MPLS-EBGP routes being advertised to BHK from other VPN sites and found four
subnets listed:
200.0.10.0/24, 200.0.11.0/24, 200.0.12.0/24, 200.0.13.0/24. You immediately apply an outbound
ACL filter using the appropriate MPLS-EBGP tool: access-list 1 deny 0.0.0.0 255.255.254.255
access-list 1 permit any What happens when you apply this ACL on the MPLS-EBGP connection
to BHK?
A. It blocks all routes.
B. It blocks the routes 200.0.12.0/24, 200.0.10.0/24 only.
C. It blocks the routes 200.0.12.0/24, 200.0.13.0/24 only.
D. It blocks the routes 200.0.10.0/24, 200.0.13.0/24 only.
E. Nothing happens, no routes are blocked.
Answer: B
Explanation:
Remember, for the wild card mask, 1s are I DON’T CARE, and 0s are I CARE. In the access-list we put an 0.0.0.0 255.255.254.255 network; of course 255 means “1111 1111. This means we don’t care about any of the bits in the first, second & 4th octets. In fact, the number 0 (in 0.0.0.0) is just smallest numbers we can throw there and it is easy to type but we can use any number, it wouldn’t matter, since I DON’T CARE about them except the third octet as the wild card mask is not all “255.
Now let’s extract the 0 in the third octet in binary form (so easy, right?) 0 = 0000 0000
With the 254 in the wildcard mask, we only care about the last bit of the third octet because 254 is “1111 1110.
That means, if the third octet is in the form of xxxx xxx0 then it will match my access-list (x can be 0 or 1 because I DON’T CARE).
Now let’s write the third octet of 4 above subnets in binary form:
10 = 0000.1010
11 = 0000.1011
12 = 0000.1100
13 = 0000.1101
So, only 10 & 12 satisfy my access list -> I will only block the routes to 200.0.12.0/24, 200.0.10.0/24 – > B is correct.
Here is a simple configuration example explaining the question above. Connect to Routers R1 and BHK via FastEthernet 0/0
Router R1
interface Loopback0
ip address 200.0.10.1 255.255.255.0
!
interface Loopback1
ip address 200.0.11.1 255.255.255.0
!
interface Loopback2
ip address 200.0.12.1 255.255.255.0
!
interface Loopback3
ip address 200.0.13.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.0.1.2 255.255.255.252
router bgp 65500
no synchronization
bgp log-neighbor-changes
network 10.0.1.0 mask 255.255.255.252
network 200.0.10.0
network 200.0.11.0
network 200.0.12.0
network 200.0.13.0
neighbor 10.0.1.1 remote-as 65525
no auto-summary
Router BHK
router bgp 65525
no synchronization
bgp log-neighbor-changes
network 10.0.1.0 mask 255.255.255.252
neighbor 10.0.1.2 remote-as 65500
neighbor 10.0.1.2 route-map 1 in
distribute-list list in
no auto-summary
access-list 1 deny 0.0.0.0 255.255.254.255
access-list 1 permit any
Note: You may need to clear the BGP process on Router BHK after applying the route-map
QUESTION 122
Half of your network uses RIPv2 and the other half runs OSPF. The networks do not communicate
with each other. Which two of these factors describe the impact of activating EIGRP over each
separate part? (Choose two.)
A. EIGRP will not be accepted when configured on the actual RIPv2 routers.
B. OSPF will no longer be used in the routing table, because you only have EIGRP internal routes
running.
C. OSPF will no longer be used in the routing table, because you only have EIGRP external routes
running.
D. RIPv2 will populate its RIP database but not its routing table, because you only have EIGRP
external routes running.
E. RIPv2 will populate its RIP database but not its routing table, because you only have EIGRP
internal routes running.
F. OSPF database will have RIPv2 routes.
Answer: BE
Explanation:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800943c5.shtml
QUESTION 123
Your company is researching a new application that runs over IPv6, but part of it must still have IPv4 support. Your company uses a traditional IPv4 network. Your plan is not to run IPv6 over the whole network, but to segment parts of the network or even to operate simultaneously with IPv6
and IPv4. You must make a brief presentation about IPv6 technology to the board of technical
directors. Which three of these items could be part of your presentation? (Choose three.)
A. Tunnel IPv6 over IPv4 to connect far-end IPv6 networks.
B. Explain why configuring IPv4 and IPv6 at the same time over the same LAN interface is not
possible.
C. Explain why configuring IPv4 and IPv6 at the same time over the same LAN interface is possible.
D. What is the meaning of EUI-64 and how does it work?
E. Tunnel IPv4 over IPv6 to connect far-end IPv4 networks.
Answer: ACD
Explanation:
An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. It may also be unique over a broader scope. In many cases, an interface ID will be the same as or based on the link-layer address of an interface. Interface IDs used in aggregatable global unicast and other IPv6 address types must be 64 bits long and constructed in the modified EUI-64 format. Interface IDs are constructed in the modified EUI-64 format in one of the following ways:
For all IEEE 802 interface types (for example, Ethernet, and FDDI interfaces), the first three octets (24 bits) are taken from the Organizationally Unique Identifier (OUI) of the 48-bit link-layer address (the Media Access Control [MAC] address) of the interface, the fourth and fifth octets (16 bits) are a fixed hexadecimal value of FFFE, and the last three octets (24 bits) are taken from the last three octets of the MAC address. The construction of the interface ID is completed by setting the Universal/Local (U/L) bit the seventh bit of the first octet a value of 0 or 1. A value of 0 indicates a locally administered identifier; a value of 1 indicates a globally unique IPv6 interface identifier.
For other interface types (for example, serial, loopback, ATM, Frame Relay, and tunnel interface types except tunnel interfaces used with IPv6 overlay tunnels), the interface ID is constructed in the same way as the interface ID for IEEE 802 interface types; however, the first MAC address from the pool of MAC addresses in the router is used to construct the identifier (because the interface does not have a MAC address).
For tunnel interface types that are used with IPv6 overlay tunnels, the interface ID is the IPv4 address assigned to the tunnel interface with all zeros in the high-order 32 bits of the identifier. An IPv4-compatible IPv6 address is an IPv6 unicast address that has zeros in the high-order 96 bits of the address and an IPv4 address in the low-order 32 bits of the address. The format of an IPv4- compatible IPv6 address is 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D. The entire 128-bit IPv4-compatible IPv6 address is used as the IPv6 address of a node and the IPv4 address embedded in the low-order 32 bits is used as the IPv4 address of the node. IPv4-compatible IPv6 addresses are assigned to nodes that support both the IPv4 and IPv6 protocol stacks and are used in automatic tunnels.
QUESTION 124
When running IP SLA, which application type should be used if you want to know round-trip delay, jitter, and packet loss for the full path?
A. ICMP path echo
B. UDP echo
C. ICMP path jitter
D. Application Performance Monitor
E. TCP connect
Answer: C
Explanation:
Before configuring any IP SLAs application, you can use the show ip sla application command to verify that the operation type is supported on your software image. In contrast with other IP SLAs operations, the IP SLAs Responder does not have to be enabled on either the target device or intermediate devices for Path Jitter operations. However, the operational efficiency may improve if you enable the IP SLAs Responder. The IP SLAs ICMP Path Jitter operation is ICMP-based. ICMP- based operations can compensate for source processing delay but cannot compensate for target processing delay. For more robust monitoring and verifying, use of the IP SLAs UDP Jitter operation is recommended. The jitter values obtained using the ICMP Path Jitter operation are approximates because ICMP does not provide the capability to embed processing times on routers in the packet. If the target router does not place ICMP packets as the highest priority, then the router will not respond properly. ICMP performance also can be
affected by the configuration of priority queueing on the router and by ping response. The path jitter operation does not support hourly statistics and hop information. Unlike other IP SLAs operations, the ICMP Path Jitter operation is not supported in the RTTMON MIB. Path Jitter operations can only be configured using Cisco IOS commands and statistics can only be returned using the show ip sla commands. The IP SLAs Path Jitter operation does not support the IP SLAs History feature (statistics history buckets) because of the large data volume involved with Jitter operations.
QUESTION 125
Which option is true when calculating round-trip delay in IP SLA operations?
A. The processing time on the end routers is only assessed for operations that involve the responder.
B. The processing time on the end routers is only assessed for operations that involve the
transmitter.
C. The processing time on the end routers is only assessed for operations that involve both the
responder and the transmitter.
D. The processing time on the end routers is not assessed for neither the responder nor the
transmitter.
Answer: A
Explanation:
The Cisco IOS IP SLAs Responder is a component embedded in the destination Cisco routing device that allows the system to anticipate and respond to Cisco IOS IP SLAs request packets. The Cisco IOS IP SLAs Responder provides an enormous advantage with accurate measurements without the need for dedicated probes and additional statistics not available via standard ICMP-based measurements. The patented Cisco IOS IP SLAs Control Protocol is used by the Cisco IOS IP SLAs Responder providing a mechanism through which the responder can be notified on which port it should listen and respond. Only a Cisco IOS device can be a source for a destination IP SLAs Responder. Figure 2 shows where the Cisco IOS IP SLAs Responder fits in relation to the IP network. The Cisco IOS IP SLAs Responder listens on a specific port for control protocol messages sent by a Cisco IOS IP SLAs operation. Upon receipt of the control message, the responder will enable the specified UDP or TCP port for the specified duration. During this time, the responder accepts the requests and responds to them. The responder disables the port after it responds to the Cisco IOS IP SLAs packet, or when the specified time expires. For added security, MD5 authentication for control messages is available.
Enabling the Cisco IOS IP SLAs Responder on the destination device is not required for all Cisco IOS IP SLAs operations. For example, if services that are already provided by the destination router (such as Telnet or HTTP) are chosen, the Cisco IOS IP SLAs Responder need not be enabled. For non-Cisco devices, the Cisco IOS IP SLAs Responder cannot be configured and Cisco IOS IP SLAs can send operational packets only to services native to those devices.
QUESTION 126
Having multiple unknown unicast frames in a switch would most likely deplete which of these resources?
A. available MAC addresses in the system
B. available memory for frame buffering
C. available bandwidth
D. electrical power
E. TCAM entries
Answer: C
QUESTION 127
Refer to the exhibit. R2 and R3 are routers connected using Ethernet services from a service
provider and can receive pings from each other. OSPF is configured as the routing protocol but
adjacency is not happening. According to the output of the show commands in the exhibit, what
could be the most likely cause of the problem?
A. Ethernet interfaces were configured as point-to-point.
B. Process IDs are not matching.
C. Configured bandwidths do not match on both interfaces.
D. Broadcasts and multicast are not being propagated over the Ethernet services.
E. OSPF cost does not match on both interfaces.
Answer: D
Explanation:
OSPF Adjacencies
Occurs through exchange of Hello packets
After adjacency established, link-state databases (LSDBs) are synched
Two OSPF neighbors on point-to-point link form full adjacency with each other In LANs, all routers form adjacency with the DR and BDR; updates need to be sent only to DR, which updates all other routers; all other routers on LAN are called DROTHERS and maintain a partial neighbor relationship with each other
Once adjacencies are established, LSAs are exchanged through a reliable mechanism. LSAs are flooded to ensure topological awareness. LSAs have a sequence number and a lifetime value. LSAs convey the cost of links used for the SPF calculation. The cost metric is based on interface bandwidth. The LSA aging timer is 30-minute default.
Here are the details of the exchange process between two routers on a LAN (Router 1 and Router 2) and the OSPF adjacency states involved:
Step 1 Router 1 begins in the down state because it is not exchanging OSPF information with any other router.
It sends Hello packets via multicast address 224.0.0.5(all SPF). Step 2 Router 2 receives the OSPF Hello and adds Router 1 in its list of neighbors. This is the beginning of the init state.
Step 3 Router 2 sends a unicast Hello packet response to Router 1. Step 4 Router 1 receives the Hello and notes that it is listed in the packet. It ads Router 2 to its list of neighbors. Router 1 knows that it has bidirectional communication with Router 2. This is known as the Two-Way State.
Step 5 In LAN environment, DR and BDR elected
Step 6 In LAN environment, Hello packets function as keepalive mechanism every 10 seconds.
QUESTION 128
Which mechanism can you use to achieve sub-second failover for link failure detection when a
switched Ethernet media is used and loss of signal is not supported by the link provider?
A. OSPF standard hellos
B. Cisco Discovery Protocol link detection
C. Bidirectional Forwarding Detection
D. Fast Link Pulse
E. autonegotiation
Answer: C
Explanation:
BFD is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators. Because the network administrator can use BFD to detect forwarding path failures at a uniform rate, rather than the variable rates for different routing protocol hello mechanisms, network profiling and planning will be easier, and reconvergence time will be consistent and predictable
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fs_bfd.html
QUESTION 129
While troubleshooting a network, you need to verify the liveness of hosts in the subnet
192.168.1.64/26. All of the hosts are able to reply to ping requests. How would you confirm the
existing nodes using one single command?
A. ping 192.168.1.255
B. ping with sweep option
C. ping 192.168.1.127
D. ping 192.168.1.64
E. ping with broadcast option
Answer: C
Explanation:
The 192.168.1.27 is the broadcast address of the 192.168.1.64/26 sub-network so by sending a ping request to this address all the hosts in this subnet will reply (to the broadcast address). But it is not quite right nowadays as all the Casco’s routers which have IOS version 12.0 or above will simply drop these pings. If you wish to test this function then you have to turn on the ip directed-broadcast function (which is disabled by default from version 12.0). The purpose of the ip directed-broadcast command is to enable forwarding of directed broadcasts. When this is turned on for an interface, the interface will respond to broadcast messages that are sent to its subnet. Cisco introduced this command in IOS version 10 (and it is enabled by default) but they soon realized this command was being exploited in denial of service attacks and disabled it from version 12.0. As you can guess, a ping to the broadcast address requires all hosts in that subnet to reply and it consumes much traffic if many are sent. A type of this attack is smurf attack, in which the attacker tries to borrow the victims IP address as the source address and sends ICMP packets to the broadcast address of the network. When all the hosts in that subnet hear the ICMP request, they will reply to the computer which the attacker borrowed the IP address from. You can try this function by enabling ip directed-broadcast command in interface mode. Then from the directly connected router issue the ping to the broadcast address of that subnet (or ping 255.255.255.255).
QUESTION 130
When troubleshooting a network, the output of the command show interfaces indicates a large
number of runts. What is a runt?
A. the number of packets that are discarded because they exceed the maximum packet size of the
medium
B. errors created when the CRC generated by the originating LAN station or far-end device does not
match the checksum calculated from the data received.
C. the number of packets that are discarded because they are smaller than the minimum packet size
of the medium
D. the number of received packets that were ignored by the interface because the interface hardware
ran low on internal buffers
E. the number of times that the interface requested another interface within the router to slow down
Answer: C
Explanation:
In networks, a runt is a packet that is too small. For example, the Ethernet protocol requires that each packet be at least 64 bytes long. In Ethernet, which operates on the idea that two parties can attempt to get use of the line at the same time and sometimes do, runts are usually the fragments of packet collisions. Runts can also be the result of bad wiring or electrical interference. Runts are recorded by programs that use the Remote Network Monitoring (RNM) standard information base for network administration. RMON calls them “undersize packets”.
A giant is a packet that’s oversize.