2014 Latest Cisco 350-001 Dump Free Download(241-250)!
QUESTION 241
A router that acts as an Internet border gateway has multiple upstream connections that are used in a load-sharing setup. The NOC has identified a DDoS attack from a specific source entering its network via interface GigabitEthernet0/1.
The NOC wants to block this suspicious traffic on the border router in a scalable way and without major changes to the different interface configurations.
Which configuration would block the DDoS attack from the known source (194.90.1.5)?
A. interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip verify unicast source reachable-via any
!
ip route 194.90.1.5 255.255.255.255 Null0
B. interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip verify unicast source reachable-via any
!
ip route 194.90.1.5 255.255.255.255 192.168.1.2
C. interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip verify unicast source reachable-via rx
!
ip route 194.90.1.5 255.255.255.255 Null0
D. interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip verify unicast source reachable-via rx
!
ip route 194.90.1.5 255.255.255.255 192.168.1.2
Answer: A
QUESTION 242
In GLBP, which router will answer on client ARP requests?
A. all active AVF routers as the first response is used by the client
B. the AVG router, replying with a different AVF MAC address each time
C. a random AVF router, based on a GLBP seed hash key
D. only the AVG router that received the ARP request first
Answer: B
Explanation:
LBP Active Virtual Gateway
Members of a GLBP group elect one gateway to be the active virtual gateway (AVG) for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group. Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the AVG. These gateways are known as active virtual forwarders (AVFs) for their virtual MAC address. The AVG is responsible for answering Address Resolution Protocol (ARP) requests for the virtual IP address.
Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses.
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html#wp1039649
QUESTION 243
Which three protocols or applications should be placed in a class that is configured with WRED? (Choose three.)
A. HTTP
B. RTP
C. streaming video
D. BitTorrent
E. POP3
Answer: ADE
Explanation:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfwred_ps1835_TSD_Produ cts_Configuration_Guide_Chapter.html
QUESTION 244
What is the command to configure RSVP to reserve up to one-tenth of a Gigabit link, but only allow each individual flow to use 1 MB/s?
A. ip rsvp bandwidth 10000 1000
B. ip rsvp bandwidth 100000 1
C. ip rsvp bandwidth 10 1
D. ip rsvp bandwidth 1000000 1000
Answer: A
Explanation:
This command enables the traffic-engineering tunnels on the interface. It configures the interface to send and receive RSVP signaling to establish traffic-engineering tunnels across this interface; both sides of the link need to have this configuration enabled.
Define the bandwidth allocation on the interfaces:
ip rsvp bandwidth interface-kbps single-flow-kbps [sub-pool kbps] This command enables RSVP reservations for traffic-engineering tunnels. interface-kbps is the amount of bandwidth (in kbps) on the interface that is available for reservation, and it is referred to as global pool.
single-flow-kbps is the maximum amount of bandwidth (in kbps) allowed for a single flow. This parameter is ignored for traffic-engineering tunnel reservations. [sub-pool kbps] is the amount of bandwidth (in kbps) from the global pool available for reservations in a subpool.
ip rsvp bandwidth
To enable RSVP for IP on an interface, use the ip rsvp bandwidth interface configuration command.
To disable
RSVP, use the no form of the command.
ip rsvp bandwidth [interface-kbps] [single-flow-kbps]
no ip rsvp bandwidth [interface-kbps] [single-flow-kbps] Syntax Description interface-kbps
(Optional) Amount of bandwidth (in kbps) on interface to be reserved. The range is 1 to 10, 000, 000. single-flow-kbps (Optional) Amount of bandwidth (in kbps) allocated to a single flow. The range is 1 to 10, 000, 000.
QUESTION 245
Which two statements are true about RED? (Choose two.)
A. RED randomly drops packets before the queue becomes full.
B. RED is always useful, without dependency on flow.
C. RED increases the drop rate as the average queue size increases.
D. RED has a per-flow intelligence.
Answer: AC
Explanation:
RED aims to control the average queue size by indicating to the end hosts when they should temporarily slow down transmission of packets.
RED takes advantage of the congestion control mechanism of TCP. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. Assuming the packet source is using TCP, it will decrease its transmission rate until all the packets reach their destination, indicating that the congestion is cleared. You can use RED as a way to cause TCP to slow down transmission of packets.
TCP not only pauses, but it also restarts quickly and adapts its transmission rate to the rate that the network can support.
RED distributes losses in time and maintains normally low queue depth while absorbing spikes. When enabled on an interface, RED begins dropping packets when congestion occurs at a rate you select during configuration.
Packet Drop Probability
The packet drop probability is based on the minimum threshold, maximum threshold, and mark probability denominator.
When the average queue depth is above the minimum threshold, RED starts dropping packets. The rate of packet drop increases linearly as the average queue size increases until the average queue size reaches the maximum threshold.
The mark probability denominator is the fraction of packets dropped when the average queue depth is at the maximum threshold. For example, if the denominator is 512, one out of every 512 packets is dropped when the average queue is at the maximum threshold.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfconav.html
QUESTION 246
Which of the following is true about the MPLS header and its EXP field size?
A. The MPLS header is 2 bytes, and the EXP field is 3 bits long.
B. The MPLS header is 1 byte, and the EXP field is 3 bits long.
C. The MPLS header is 4 bytes, and the EXP field is 3 bits long.
D. The MPLS header is 3 bytes, and the EXP field is 3 bits long.
Answer: C
Explanation:
http://books.google.com.pk/books?id=DoOsh4NsCKwC&pg=PA95&lpg=PA95&dq=MPLS+header+is+4+bytes,+and+the+EXP+field+is+3+bits+long&source=bl&ots=lGc3RcpOUs&sig=MwvvUoDkbWfl8elpSuq_wn53i_I&hl=en&sa=X&ei=HTXLUfSzBsap4gT8tYHoBg&ved=0CCoQ6AEwAA#v=onepage&q=MPLS%20header%20is%204%20bytes%2C%20and%20the%20EXP%20field%20is%203%20bits%20long&f =false (page 100)
QUESTION 247
Which protocol and port have been assigned by IANA for RADIUS authentication?
A. UDP/1812
B. UDP/1813
C. TCP/1812
D. TCP/1813
Answer: A
QUESTION 248
What is also called Type 0 authentication in OSPF on Cisco Routers?
A. MD5
B. There is no Type 0 authentication
C. SHA1
D. Null
Answer: D
Explanation:
These are the three different types of authentication supported by OSPF. Null Authentication–This is also called Type 0 and it means no authentication information is included in the packet header. It is the default.
Plain Text Authentication–This is also called Type 1 and it uses simple clear-text passwords. MD5 Authentication–This is also called Type 2 and it uses MD5 cryptographic passwords.
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094069.
shtml
QUESTION 249
Refer to the exhibit. Which two statements are correct, when the QoS configuration is applied in an outbound direction on a 10-Mb/s interface? (Choose two.)
A. When reaching 10 Mb/s of input rate, the video class will be policed to 200 kb/s.
B. The class FTP is allowed to reach more than 1 Mb/s in the event of congestion.
C. IP precedence 1 traffic is affected by a drop probability.
D. Video traffic above 200 kb/s is allowed to pass when the total interface output rate does not reach 10 Mb/s.
E. Video traffic above 200 kb/s is allowed to pass when congestion is present.
Answer: BD
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intrface.html
QUESTION 250
Choose two commands that are required to enable multicast on a router, when it is known that the receivers use a specific functionality of IGMPv3. (Choose two.)
A. ip pim rp-address
B. ip pim ssm
C. ip pim sparse-mode
D. ip pim passive
Answer: BC
Explanation:
Source specific multicast only works with IGMPv3
http://www.cisco.com/en/US/docs/ios/ipmulti/command/reference/imc_04.html#wp1043638
If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.