2014 Latest Cisco 350-001 Dump Free Download(61-70)!

QUESTION 61
Two routers configured to run BGP have been connected to a firewall, one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer,
including the correct BGP session endpoint addresses and the correct BGP session hop-count
limit (EBGP multihop). What is a good first test to see if BGP will work across the firewall?

A.    Attempt to TELNET from the router connected to the inside of the firewall to the router connected to
the outside of the firewall. If telnet works, BGP will work, since telnet and BGP both use TCP to
transport data.
B.    Ping from the router connected to the inside interface of the firewall to the router connected to the
outside interface of the firewall. If you can ping between them, BGP should work, since BGP uses
IP to transport packets.
C.    There is no way to make BGP work across a firewall without special configuration, so there is no
simple test that will show you if BGP will work or not, other than trying to start the peering session.
D.    There is no way to make BGP work across a firewall.

Answer: C
Explanation:
1. The question doesn’t say that you are passing the port parameter to the telnet session. In the answer cisco says “since telnet and BGP both use TCP to transport data.” Meaning that TELNET and BGP share TCP, no mention of ports.
2. If you telnet to Port 179 you are testing the path only in 1 direction from the inside to the outside. Yes stateful firewalls will allow return traffic from outside, but they won’t allow the outside neighbor to initiate a session.
3. If the Firewall is using NAT for outgoing traffic, which is common, you will be able to telnet to the BGP peer, but the peer won’t be able to reach your router back if it needs to initiate a session.
4. The Firewall can translate port 179 to 23 or anything else that will give you a false positive on your Telnet test.
5. Answer C says that
A. “There is no way to make BGP work across a firewall without special configuration” Special configuration refers to the Firewall, since in the question they explicitly say that BGP has been properly configured.
B. “Trying to start the peering session.” will provide you with a definitive answer.
C. Therefore correct answer is C.

QUESTION 62
Spanning Tree Protocol IEEE 802.1s defines the ability to deploy which of these?

A.    one global STP instance for all VLANs
B.    one STP instance for each VLAN
C.    one STP instance per set of VLANs
D.    one STP instance per set of bridges

Answer: C
Explanation:
The IEEE 802.1s standard is the Multiple Spanning Tree (MST). With MST, you can group VLANs and run one instance of Spanning Tree for a group of VLANs. Other STP types:
Common Spanning Tree (CST), which is defined with IEEE 802.1Q, defines one spanning tree instance for all VLANs.
Rapid Spanning Tree (RSTP), which is defined with 802.1w, is used to speed up STP convergence. Switch ports exchange an explicit handshake when they transition to forwarding.

QUESTION 63
Which two of these are used in the selection of a root bridge in a network utilizing Spanning Tree Protocol IEEE 802.1D? (Choose two.)

A.    Designated Root Cost
B.    bridge ID priority
C.    max age
D.    bridge ID MAC address
E.    Designated Root Priority
F.    forward delay

Answer: BD
Explanation:
The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a unique identifier (ID) and a configurable priority number; the bridge ID contains both numbers. To compare two bridge IDs, the priority is compared first. If two bridges have equal priority, then the MAC addresses are compared. For example, if switches A (MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 10, then switch A will be selected as the root bridge. If the network administrators would like switch B to become the root bridge, they must set its priority to be less than 10.

QUESTION 64
If a port configured with STP loop guard stops receiving BPDUs, the port will be put into which
state?

A.    learning state
B.    listening state
C.    forwarding state
D.    root-inconsistent state

Answer: D
Explanation:
STP Loop Guard
Feature Description
The STP loop guard feature provides additional protection against Layer 2 forwarding loops (STP loops). An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. This usually happens because one of the ports of a physically redundant topology (not necessarily the STP blocking port) no longer receives STP BPDUs. In its operation, STP relies on continuous reception or transmission of BPDUs based on the port role. The designated port transmits BPDUs, and the non-designated port receives BPDUs.
When one of the ports in a physically redundant topology no longer receives BPDUs, the STP conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop. The loop guard feature makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop. When the loop guard blocks an inconsistent port, this message is logged:
CatOS%SPANTREE-2-LOOPGUARDBLOCK: No BPDUs were received on port 3/2 in vlan 3.
Moved to loop-inconsistent state.
Cisco IOS%SPANTREE-2-LOOPGUARD_BLOCK: Loop guard blocking port FastEthernet0/24 on VLAN0050.
Once the BPDU is received on a port in a loop-inconsistent STP state, the port transitions into another STP state. According to the received BPDU, this means that the recovery is automatic and intervention is not necessary. After recovery, this message is logged:
CatOS%SPANTREE-2-LOOPGUARDUNBLOCK: port 3/2 restored in vlan 3. Cisco IOS%SPANTREE-2-LOOPGUARD_UNBLOCK: Loop guard unblocking port FastEthernet0/24 on VLAN0050.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.shtml

QUESTION 65
What is the purpose of the STP PortFast BPDU guard feature?

A.    enforce the placement of the root bridge in the network
B.    ensure that a port is transitioned to a forwarding state quickly if a BPDU is received
C.    enforce the borders of an STP domain
D.    ensure that any BPDUs received are forwarded into the STP domain

Answer: C
Explanation:
STP configures meshed topology into a loop-free, tree-like topology. When the link on a bridge port goes up, STP calculation occurs on that port. The result of the calculation is the transition of the port into forwarding or blocking state. The result depends on the position of the port in the network and the STP parameters. This calculation and transition period usually takes about 30 to 50 seconds. At that time, no user data pass via the port. Some user applications can time out during the period. In order to allow immediate transition of the port into forwarding state, enable the STP PortFast feature.
PortFast immediately transitions the port into STP forwarding mode upon linkup. The port still participates in STP. So if the port is to be a part of the loop, the port eventually transitions into STP blocking mode.
As long as the port participates in STP, some device can assume the root bridge function and affect active STP topology. To assume the root bridge function, the device would be attached to the port and would run STP with a lower bridge priority than that of the current root bridge. If another device assumes the root bridge function in this way, it renders the network suboptimal. This is a simple form of a denial of service (DoS) attack on the network. The temporary introduction and subsequent removal of STP devices with low (0) bridge priority cause a permanent STP recalculation. The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology. At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console. This message is an example:
2000 May 12 15:13:32 %SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.
Disabling 2/1
2000 May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml# topic1

QUESTION 66
When STP UplinkFast is enabled on a switch utilizing the default bridge priority, what will the new bridge priority be changed to?

A.    8192
B.    16384
C.    49152
D.    65535

Answer: C
Explanation:
The STP UplinkFast is used to fast switchover to alternate ports when the root port fails. When STP UplinkFast is enabled on a switch utilizing the default bridge priority (32768), the new bridge priority will be changed to 49152. The reason for the priority being raised is to prevent the switch from becoming the root (recall that lower bridge priority is preferred). To enable UplinkFast feature, use the “set spantree uplinkfast enable” in privileged mode The set spantree uplinkfast enable command has the following results:
Changes the bridge priority to 49152 for all VLANs (allowed VLANs). Increases the path cost and portvlancost of all ports to a value greater than 3000. On detecting the failure of a root port, an instant cutover occurs to an alternate port selected by Spanning Tree Protocol (without using this feature, the network will need about 30 seconds to re- establish the connection.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094641.shtml

QUESTION 67
Which of these best describes the actions taken when a VTP message is received on a switch
configured with the VTP mode “transparent”?

A.    VTP updates are ignored and forwarded out all ports.
B.    VTP updates are ignored and forwarded out trunks only.
C.    VTP updates are made to the VLAN database and are forwarded out trunks only.
D.    VTP updates are ignored and are not forwarded.

Answer: B
Explanation:
You can configure a switch to operate in any one of these VTP modes:
Server–In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
Client–VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
Transparent–VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2. Off (configurable only in CatOS switches)–In the three described modes, VTP advertisements are received and transmitted as soon as the switch enters the management domain state. In the VTP off mode, switches behave the same as in VTP transparent mode with the exception that VTP advertisements are not forwarded.
VTP V2
VTP V2 is not much different than VTP V1. The major difference is that VTP V2 introduces support for Token Ring VLANs. If you use Token Ring VLANs, you must enable VTP V2. Otherwise, there is no reason to use VTP V2. Changing the VTP version from 1 to 2 will not cause a switch to reload. VTP Password If you configure a password for VTP, you must configure the password on all switches in the VTP domain. The password must be the same password on all those switches. The VTP password that you configure is translated by algorithm into a 16-byte word (MD5 value) that is carried in all summary-advertisement VTP packets.
VTP Pruning
VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic.
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

QUESTION 68
The classic Spanning Tree Protocol (802.1D 1998) uses which sequence of variables to determine the best received BPDU?

A.    1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest port id, 4) lowest root path cost
B.    1) lowest root path cost, 2) lowest root bridge id, 3) lowest sender bridge id, 4) lowest sender port id
C.    1) lowest root bridge id, 2) lowest sender bridge id, 3) lowest root path cost 4) lowest sender port id
D.    1) lowest root bridge id, 2) lowest root path cost, 3) lowest sender bridge id, 4) lowest sender port id

Answer: D
Explanation:
Configuration bridge protocol data units (BPDUs) are sent between switches for each port. Switches use a fourstep process to save a copy of the best BPDU seen on every port. When a port receives a better BPDU, it stops sending them. If the BPDUs stop arriving for 20 seconds (default), it begins sending them again.
Step 1 Lowest Root Bridge ID (BID)
Step 2 Lowest Path cost to Root Bridge
Step 3 Lowest Sender BID
Step 4 Lowest Port ID
Cisco General Networking Theory Quick Reference Sheets

QUESTION 69
Which three port states are used by RSTP 802.1w? (Choose three.)

A.    Listening
B.    Learning
C.    Forwarding
D.    Blocking
E.    Discarding
F.    Disabled

Answer: BCE
Explanation:

clip_image001

QUESTION 70
Loop guard and UniDirectional Link Detection both protect against Layer 2 STP loops. In which
two ways does loop guard differ from UDLD in loop detection and prevention? (Choose two.)

A.    Loop guard can be used with root guard simultaneously on the same port on the same VLAN while
UDLD cannot.
B.    UDLD protects against STP failures caused by cabling problems that create one-way links.
C.    Loop guard detects and protects against duplicate packets being received and transmitted on
different ports.
D.    UDLD protects against unidirectional cabling problems on copper and fiber media.
E.    Loop guard protects against STP failures caused by problems that result in the loss of BPDUs
from a designated switch port.

Answer: BE
Explanation:
Answers B, D, & E are all correct. However, as UDLD is only enabled on Fiber media by default I have selected B instead of D as you will have to manually configure UDLD if you want it to work on copper media.
The Cisco-proprietary UDLD protocol allows devices connected through fiber-optic or copper (for example, Category 5 cabling) Ethernet cables connected to LAN ports to monitor the physical configuration of the cables and detect when a unidirectional link exists. When a unidirectional link is detected, UDLD shuts down the affected LAN port and alerts the user. Unidirectional links can cause a variety of problems, including spanning tree topology loops. UDLD is a Layer 2 protocol that works with the Layer 1 protocols to determine the physical status of a link. At Layer 1, autonegotiation takes care of physical signaling and fault detection. UDLD performs tasks that autonegotiation cannot perform, such as detecting the identities of neighbors and shutting down misconnected LAN ports. When you enable both autonegotiation and UDLD, Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols.
Based on the various design considerations, you can choose either UDLD or the loop guard feature. In regards to STP, the most noticeable difference between the two features is the absence of protection in UDLD against STP failures caused by problems in software. As a result, the designated switch does not send BPDUs.
However, this type of failure is (by an order of magnitude) more rare than failures caused by unidirectional links. In return, UDLD might be more flexible in the case of unidirectional links on EtherChannel. In this case,
UDLD disables only failed links, and the channel should remain functional with the links that remain. In such a failure, the loop guard puts it into loop-inconsistent state in order to block the whole channel.
Additionally, loop guard does not work on shared links or in situations where the link has been unidirectional since the link-up. In the last case, the port never receives BPDU and becomes designated. Because this behavior could be normal, this particular case is not covered by loop guard.
UDLD provides protection against such a scenario.

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(51-60)!

QUESTION 51
Refer to the exhibit. What problem does the debug ip ospf event output from R3 indicate?

clip_image002

A.    209.165.202.140 and R3 are not both configured as OSPF stubs.
B.    209.165.202.140 and R3 are not configured in the same OSPF area.
C.    209.165.202.140 is configured as a no-summary stub.
D.    Transit area OSPF hello packets are not processed by design.

Answer: A
Explanation:
As you can see that the hello packets are mismatched. This means that 209.165.202.140 and R3 are not configured as OSPF stubs.

QUESTION 52
When troubleshooting the issue, you notice the election of a new root bridge with an unknown
MAC address. Knowing that all access ports have the PortFast feature enabled, what would be the
easiest way to resolve the issue without losing redundant links?

A.    Enable bpduguard globally.
B.    Enable rootguard.
C.    Enable loopguard.
D.    Enable spanning tree.
E.    Enable UDLD.

Answer: A
Explanation:
Loopguard, spanning tree, and UDLD are obvious red herrings. This leaves enabling rootguard or bpduguard. One key is that enabling bpduguard only affects ports that have portfast enabled; see the following URL under “Configuration.”
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

QUESTION 53
You are the network administrator of a small Layer 2 network with 50 users. Lately, users have
been complaining that the network is very slow. While troubleshooting, you notice that the CAM
table of your switch is full, although it supports up to 12,000 MAC addresses. How can you solve this issue and prevent it from happening in the future?

A.    Upgrade the switches
B.    Configure BPDU guard
C.    Configure VLAN access lists
D.    Configure port security
E.    Configure Dynamic ARP inspection

Answer: D
Explanation:
Enabling Port Security
Port security is either autoconfigured or enabled manually by specifying a MAC address. If a MAC address is not specified, the source address from the incoming traffic is autoconfigured and secured, up to the maximum number of MAC addresses allowed. These autoconfigured MAC addresses remain secured for a time, depending upon the aging timer set. The autoconfigured MAC addresses are cleared from the port in case of a link-down event. When you enable port security on a port, any dynamic CAM entries that are associated with the port are cleared. If there are any currently configured static or permanent CAM entrie on that same port, you may not be able to enable the port-security on that port. If this is the case, clear the configured static and permanent earl entries on that port and then enable port-security. To enable port security, perform this task in privileged mode:

clip_image001
http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.2glx/configuration/guide/sec_port.
html

QUESTION 54
On a router that is configured with multiple IP SLA probes, which command can be used to
manage the CPU load that was created by the periodic probing?

A.    ip sla monitor low-memory
B.    ip sla group schedule
C.    ip sla reaction-trigger
D.    ip sla enable timestamp

Answer: B
Explanation:
http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_02.html (see usage guidelines)

QUESTION 55
Which configuration would make an IP SLA probe use a precedence value of 3?

A.    ip sla 1
icmp-echo 1.1.1.1
tos 12
B.    ip sla 1
icmp-echo 1.1.1.1
tos 96
C.    ip sla 1
icmp-echo 1.1.1.1
precedence 3
D.    ip sla 1
icmp-echo 1.1.1.1
dscp 12

Answer: B
Explanation:
SUMMARY STEPS
1. enable
2. configure terminal
3. ip sla monitor operation-number
4. type echo protocol ipIcmpEcho {destination-ip-address | destination-hostname} [source-ipaddr {ip-address |
hostname} | source-interface interface-name]
5. frequency seconds
6. exit
7. ip sla monitor schedule operation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day
month] | pending | now | after hh:mm:ss] [ageout seconds] [recurring]
8. exit
http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html

QUESTION 56
Which NetFlow version should be used to collect accounting data for IPv6 traffic?

A.    version 1
B.    version 5
C.    version 7
D.    version 8
E.    version 9

Answer: E
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/15-s/ip6-nflw-v9.html

QUESTION 57
To troubleshoot network issues more accurately, milliseconds should be included in the syslog of the router. Which command will achieve this?

A.    service timestamps log datetimec msec
B.    logging timestamps msec
C.    syslog timestamps hour minute second miliseconds
D.    service logging timestamp msec
E.    logging service timestamp msec

Answer: A
Explanation:
Logging is a quite essential part of a secure network configuration. Logging not only helps the Network Administrators to identify the issue while troubleshooting, also enables them to react to intrusion attempts or Denial-of ç’–ervice attacks.
By default on Cisco IOS , no timestamp information is included; however, you can enable timestamps and also modify the format of the timestamp attached to SYSLOG message by using the service timestamps log global configuration commands as follows:
ITKE(Config)# service timestamps log {uptime |datetime [msec |localtime |show-timezone]} http://itknowledgeexchange.techtarget.com/network-technologies/what-is-service-timestamps- logging-and-howit-can-be-configured-cisco-switch-or-a-router/

QUESTION 58
What is the purpose of an explicit “deny any” statement at the end of an ACL?

A.    none, since it is implicit
B.    to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually
required
C.    to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually
required
D.    to allow the log option to be used to log any matches
E.    to prevent sync flood attacks
F.    to prevent half-opened TCP connections

Answer: D
Explanation:
As we know, there is always a “deny all” line at the end of each access-list to drop all other traffic that doesn’t match any “permit” lines. You can enter your own explicit deny with the “log” keyword to see what are actually blocked, like this:
Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255 Router(config)# access-list 1 deny any log
Note: The log keyword can be used to provide additional detail about source and destinations for a given protocol. Although this keyword provides valuable insight into the details of ACL hits, excessive hits to an ACL entry that uses the log keyword increase CPU utilization. The performance impact associated with logging varies by platform. Also, using the log keyword disables Cisco Express Forwarding (CEF) switching for packets that match the access-list statement. Those packets are fast switched instead.

QUESTION 59
Which of these is mandatory when configuring Cisco IOS Firewall?

A.    Cisco IOS IPS enabled on the untrusted interface
B.    NBAR enabled to perform protocol discovery and deep packet inspection
C.    a route map to define the trusted outgoing traffic
D.    a route map to define the application inspection rules
E.    an inbound extended ACL applied to the untrusted interface

Answer: E
Explanation:
After the ACL is defined, it must be applied to the interface (inbound or outbound). In early software releases, out was the default when a keyword out or in was not specified. The direction must be specified in later software releases.

QUESTION 60
Which statement correctly describes the disabling of IP TTL propagation in an MPLS network?

A.    The TTL field from the IP packet is copied into the TTL field of the MPLS label header at the
ingress edge LSR.
B.    TTL propagation cannot be disabled in an MPLS domain.
C.    TTL propagation is only disabled on the ingress edge LSR.
D.    The TTL field of the MPLS label header is set to 255.
E.    The TTL field of the IP packet is set to 0.

Answer: D
Explanation:
Time-to-Live (TTL) is an 8-bit field in the MPLS label header which has the same function in loop detection of the IP TTL field. Recall that the TTL value is an integer from 0 to 255 that is decremented by one every time the packet transits a router. If the TTL value of an IP packet becomes zero, the router discards the IP packet, and an ICMP message stating that the TTL expired in transit is sent to the source IP address of the IP packet. This mechanism prevents an IP packet from being routed continuously in case of a routing loop.
By default, the TTL propagation is enabled so a user can use traceroute command to view all of the hops in the network.
We can disable MPLS TTL propagation with the no mpls ip propagate-ttl command under global configuration.
When entering a label-switched path (LSP), the edge router will use a fixed TTL value (255) for the first label.
This increases the security of your MPLS network by hiding provider network from customers.

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(41-50)!

QUESTION 41
Which two OSPF LSA types are new in OSPF version 3? (Choose two.)

A.    Link
B.    NSSA external
C.    Network link
D.    Intra-area prefix
E.    AS domain

Answer: AD
Explanation:
New LSA Types
OSPFv3 carries over the seven basic LSA types we’re familiar with from OSPFv2. However, the type 1 and 2 LSAs have been re-purposed, as will be discussed in a bit. OSPFv3 also introduces two new LSA types: Link and Intra-area Prefix.

clip_image001
http://packetlife.net/blog/2010/mar/2/ospfv2-versus-ospfv3/

QUESTION 42
What action will a BGP route reflector take when it receives a prefix marked with the community
attribute NO ADVERTISE from a client peer?

A.    It will advertise the prefix to all other client peers and non-client peers.
B.    It will not advertise the prefix to EBGP peers.
C.    It will only advertise the prefix to all other IBGP peers.
D.    It will not advertise the prefix to any peers.

Answer: D
Explanation:
BGP requires that all BGP peers in the same autonomous system form an iBGP session with all peers in the autonomous system. This is too difficult in many environments. Route reflectors are fully functional iBGP speakers that form iBGP sessions with other iBGP speakers, and they also perform a second function – they forward routes from other iBGP speakers to route reflector clients. The route reflector clients and clients form a cluster.

QUESTION 43
Refer to the Exhibit. The displayed QoS configuration has been configured on a router.
IPv6 is being implemented on the router, and it is required to convert the QoS policy to support both IPv4 and IPv6 on the same class.
Which alternative configuration would allow matching DSCP AF41 for both IPv4 and IPv6 on the
same class map?

clip_image001[4]

A.    Class-map match-all CLASS1
Match dscp af41
B.    Class-map match-all CLASS1
Match ip dscp af41
Match ipv6 dscp af41
C.    Class-map match-any CLASS1
Match ip dscp af41
Match ipv6 dscp af41
D.    Class-map match-any CLASS1
Match qos-group af41

Answer: A

QUESTION 44
Voice quality is bad due to high delay and jitter on a link. Which two actions will improve the quality of voice calls? (Choose two.)

A.    Increase the queue size of the voice class.
B.    Guarantee bandwidth during congestion to the voice class with a bandwidth command.
C.    Increase the tx-ring of the egress interface.
D.    Implement LLQ for the voice class.
E.    Decrease the rx-ring of the egress interface.
F.    Decrease the queue size of the voice class.

Answer: DF
Explanation:
http://www.cisco.com/en/US/docs/ios/voice/monitor/configuration/guide/vt_qos_voip_tbsh.pdf

QUESTION 45
Which three statements accurately describe a link-state routing protocol? (Choose three.)

A.    Each router sends routing information to all nodes in the flooding domain.
B.    Each router sends all or some portion of its routing table to neighboring routers.
C.    Each router individually builds a picture of the entire flooding domain.
D.    Each router has knowledge of all other routers in the flooding domain.
E.    Each router is only aware of neighboring routers.
F.    Each router installs routes directly from the routing updates into the routing table.

Answer: ACD

QUESTION 46
While you are troubleshooting network performance issues, you notice that a switch is periodically flooding all unicast traffic. Further investigation reveals that periodically the switch is also having spikes in CPU utilization, causing the MAC address table to be flushed and relearned. What is the most likely cause of this issue?

A.    a routing protocol that is flooding updates
B.    a flapping port that is generating BPDUs with the TCN bit set
C.    STP is not running on the switch
D.    a user that is downloading the output of the show-tech command
E.    a corrupted switch CAM table

Answer: B
Explanation:
Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur. TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant. Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.
Ports with the STP portfast feature enabled will not cause TCNs when going to or from the forwarding state. Configuration of portfast on all end-device ports (such as printers, PCs, servers, and so on) should limit TCNs to a low amount. Refer to this document for more information on TCNs:
Understanding Spanning-Tree Protocol Topology Changes Note: In MSFC IOS, there is an optimization that will trigger VLAN interfaces to repopulate their ARP tables when there is a TCN in the respective VLAN. This limits flooding in case of TCNs, as there will be an ARP broadcast and the host MAC address will be relearned as the hosts reply to ARP.
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d080 8.shtml

QUESTION 47
Your network is suffering from regular outages. After troubleshooting, you learn that the transmit lead of a fiber uplink was damaged. Which two features can prevent the same issues in the
future? (Choose two.)

A.    root guard
B.    loop guard
C.    BPDU guard
D.    UDLD
E.    BPDU skew detection

Answer: BD
Explanation:
STP Loop Guard
The STP loop guard feature provides additional protection against Layer 2 forwarding loops (STP loops). An STP loop is created when an STP blocking port in a redundant topology erroneously transitions to the forwarding state. This usually happens because one of the ports of a physically redundant topology (not necessarily the STP blocking port) no longer receives STP BPDUs. In its operation, STP relies on continuous reception or transmission of BPDUs based on the port role. The designated port transmits BPDUs, and the non-designated port receives BPDUs. When one of the ports in a physically redundant topology no longer receives BPDUs, the STP conceives that the topology is loop free. Eventually, the blocking port from the alternate or backup port becomes designated and moves to a forwarding state. This situation creates a loop. The loop guard feature makes additional checks. If BPDUs are not received on a non-designated port, and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening / learning / forwarding state. Without the loop guard feature, the port assumes the designated port role. The port moves to the STP forwarding state and creates a loop.
Loop Guard versus UDLD
Loop guard and Unidirectional Link Detection (UDLD) functionality overlap, partly in the sense that both protect against STP failures caused by unidirectional links. However, these two features differ in functionality and how they approach the problem. This table describes loop guard and UDLD functionality:

clip_image001[6]
Based on the various design considerations, you can choose either UDLD or the loop guard feature. In regards to STP, the most noticeable difference between the two features is the absence of protection in UDLD against STP failures caused by problems in software. As a result, the designated switch does not send BPDUs.
However, this type of failure is (by an order of magnitude) more rare than failures caused by unidirectional links. In return, UDLD might be more flexible in the case of unidirectional links on EtherChannel. In this case, UDLD disables only failed links, and the channel should remain functional with the links that remain. In such a failure, the loop guard puts it into loop-inconsistent state in order to block the whole channel.
Additionally, loop guard does not work on shared links or in situations where the link has been unidirectional since the link-up. In the last case, the port never receives BPDU and becomes designated. Because this behavior could be normal, this particular case is not covered by loop guard.
UDLD provides protection against such a scenario.
As described, the highest level of protection is provided when you enable UDLD and loop guard.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.
shtml#loop_guard_vs_uld

QUESTION 48
Which feature would prevent guest users from gaining network access by unplugging an IP phone
and connecting a laptop computer?

A.    IPSec VPN
B.    SSL VPN
C.    port security
D.    port security with statically configured MAC addresses
E.    private VLANs

Answer: D
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port _sec.html#wp1061587

QUESTION 49
After applying a new ACL on a device, its CPU utilization rose significantly and many messages
starting with “%SEC-6-IPACCESSLOG” appeared on the Syslog server.
What can be done to resolve this situation?

A.    Increase memory allocation for ACLs.
B.    Remove all entries from the ACL and use a single permit ip any any statement.
C.    Remove the log keyword from each ACL entry.
D.    Reboot the device after the ACL has been applied.

Answer: C
Explanation:
http://www.networksa.org/?p=347

QUESTION 50
You are the network administrator of a medium-sized company, and users are complaining that
they cannot send emails to some organizations. During your troubleshooting, you notice that your DNS MX record is blacklisted by several public blacklist filters. After clearing these listings for your IP address, and assuming that your email server has the right virus protection in place, what are two possible solutions to prevent this from happening in the future? (Choose two.)

A.    Change your Internet provider.
B.    Change your public IP address.
C.    Allow the email server to send traffic only to TCP port 25.
D.    Put your email server in a DMZ.
E.    Use a separate public IP address for your email server only.

Answer: CE
Explanation:
http://www.parkansky.com/tutorials/dmz.htm

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(31-40)!

QUESTION 31
Which two are effects of connecting a network segment that is running 802.1D to a network
segment that is running 802.1w? (Choose Two.)

A.    the entire network switches to 802.1D and generates BPDUs to determine root bridfe status.
B.    A migration delay of three seconds occurs when the port that is connected to the 802.1D bridge
comes up
C.    The entire network reconverges and a unique root briddge for the 802.1D segment, and a root bridge
for the 802.1W segment, is chosen
D.    the first hop 802.1w switch that is connected to the 802.1D runs entirely in 802.1D compatibility mode
and converts the BPDUs to either 802.1D or 802.1W segments of the network
E.    Classic 802.1D timers, Such as forward Delay and Max-age, will only be used as a backup, and will
not be necessary if point-to-point links and edge prots are properly identified and set by the administrator.

Answer: BE
Explanation:
Each port maintains a variable that defines the protocol to run on the corresponding segment. A migration delay timer of three seconds also starts when the port comes up. When this timer runs, the current STP or RSTP mode associated to the port is locked. As soon as the migration delay expires, the port adapts to the mode that corresponds to the next BPDU it receives. If the port changes its mode of operation as a result of a BPDU received, the migration delay restarts. 802.1D works by the concept that the protocol had to wait for the network to converge before it transitioned a port into the forwarding state. With Rapid Spanning Tree it does not have to rely on any timers, the only variables that that it relies on is edge ports and link types. Any uplink port that has an alternate port to the root can be directly placed into the forwarding state (This is the Rapid convergence that you speak of “restored quickly when RSTP is already in use?”). This is what happened when you disconnected the primary look; the port that was ALT, moved to FWD immediately, but the switch also still needs to create a BDU with the TC bit set to notify the rest of the network that a topology has occurred and all non-edge designated ports will transition to BLK, LRN, and then FWD to ensure there are no loops in the rest of the network. This is why if you have a host on a switchport, and you know for a fact that it is only one host, enable portfast to configure the port as an edgeport so that it does not have to transition to all the STP states.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

QUESTION 32
Which command is used to enable Etherchannel hashing for layer 3 IP and Layer 4 Port-based
CEF?

A.    mpls ip cef
B.    port-channel ip cef
C.    mpls ip port-channel cef
D.    port-channel load balance
E.    mpls ip load-balance
F.    ip cef etherchannel channel-id XOR L4
G.    ip cef connection exchange

Answer: D
Explanation:
Port-channel load balance is normally used for enable etherchannel hashing for Layer 3 IP and Layer 4 port based CEF.

QUESTION 33
In 802.1s, how is the VLAN to instance mapping represented in the BPDU?

A.    The VLAN to instance mapping is a normal 16-byte field in the MST BPDU.
B.    The VLAN to instance mapping is a normal 12-byte field in the MST BPDU.
C.    The VLAN to instance mapping is a 16-byte MD5 signature field in the MST BPDU.
D.    The VLAN to instance mapping is a 12-byte MD5 signature field in the MST BPDU.

Answer: C
Explanation:
MST Configuration and MST Region
Each switch running MST in the network has a single MST configuration that consists of these three attributes:
1. An alphanumeric configuration name (32 bytes)
2. A configuration revision number (two bytes)
3. A 4096-element table that associates each of the potential 4096 VLANs supported on the chassis to a given instance.
In order to be part of a common MST region, a group of switches must share the same configuration attributes.It is up to the network administrator to properly propagate the configuration throughout the region. Currently, this step is only possible by the means of the command line interface (CLI) or through Simple Network
Management Protocol (SNMP). Other methods can be envisioned, as the IEEE specification does not explicitly mention how to accomplish that step.
Note: If for any reason two switches differ on one or more configuration attribute, the switches are part of different regions. For more information refer to the Region Boundary section of this document.
Region Boundary
In order to ensure consistent VLAN-to-instance mapping, it is necessary for the protocol to be able to exactly identify the boundaries of the regions. For that purpose, the characteristics of the region are included in the BPDUs. The exact VLANs-to-instance mapping is not propagated in the BPDU, because the switches only need to know whether they are in the same region as a neighbor. Therefore, only a digest of the VLANs-toinstance mapping table is sent, along with the revision number and the name. Once a switch receives a BPDU, the switch extracts the digest (a numerical value derived from the VLAN-to-instance mapping table through a mathematical function) and compares this digest with its own computed digest. If the digests differ, the port on which the BPDU was received is at the boundary of a region.
In generic terms, a port is at the boundary of a region if the designated bridge on its segment is in a different region or if it receives legacy 802.1d BPDUs. In this diagram, the port on B1 is at the boundary of region A, whereas the ports on B2 and B3 are internal to region B:

clip_image001
MST Instances
According to the IEEE 802.1s specification, an MST bridge must be able to handle at least these two instances:
One Internal Spanning Tree (IST)
One or more Multiple Spanning Tree Instance(s) (MSTIs)
The terminology continues to evolve, as 802.1s is actually in a pre-standard phase. It is likely these names will change in the final release of 802.1s. The Cisco implementation supports 16 instances:
one IST (instance 0) and 15 MSTIs.
show vtp status
Cisco switches “show vtp status” Field Descriptions has a MD5 digest field that is a 16-byte checksum of the
VTP configuration as shown below
Router# show vtp status
VTP Version: 3 (capable)
Configuration Revision: 1
Maximum VLANs supported locally: 1005
Number of existing VLANs: 37
VTP Operating Mode: Server
VTP Domain Name: [smartports]
VTP Pruning Mode: Disabled
VTP V2 Mode: Enabled
VTP Traps Generation: Disabled
MD5 digest : 0x26 0xEE 0x0D 0x84 0x73 0x0E 0x1B 0x69
Configuration last modified by 172.20.52.19 at 7-25-08 14:33:43 Local updater ID is 172.20.52.19 on interface Gi5/2 (first layer3 interface fou) VTP version running: 2
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfc.shtml
http://www.cisco.com/en/US/docs/ios-xml/ios/lanswitch/command/lsw-cr-book.pdf

QUESTION 34
Which three combinations are valid LACP configurations that will set up a channel? (Choose
three.)

A.    On/On
B.    On/Auto
C.    Passive/Active
D.    Desirable/Auto
E.    Active/Active
F.    Desirable/Desirable

Answer: ACE
Explanation:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186 a0080094aec.shtml (pagp and lacp modes, see the table)

QUESTION 35
Which two options does Cisco PfR use to control the entrance link selection with inbound
optimization? (Choose two.)

A.    Prepend extra AS hops to the BGP prefix.
B.    Advertise more specific BGP prefixes (longer mask).
C.    Add (prepend) one or more communities to the prefix that is advertised by BGP.
D.    Have BGP dampen the prefix.

Answer: AC
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/pfr/configuration/15-2s/pfr-bgp- inbound.html#GUID-F8A59E24-1D59-4924-827D-B23B43D9A8E0
http://www.cisco.com/en/US/products/ps8787/products_ios_protocol_option_home.html

QUESTION 36
Which two orders in the BGP Best Path Selection process are correct? (Choose two.)

A.    Higher local preference, then lowest MED, then eBGP over iBGP paths
B.    Higher local preference, then highest weight, then lowest router ID
C.    Highest weight, then higher local preference, then shortest AS path
D.    Lowest origin type, then higher local preference, then lowest router ID
E.    Highest weight, then higher local preference, then highest MED

Answer: AC
Explanation:
Weight is the first attribute BGP uses in the route selection process. Route with a higher weight is preferred when multiple routes exist to the same destination.

QUESTION 37
What is the first thing that happens when IPv6 is enabled on an interface on a host?

A.    A router solicitation is sent on that interface.
B.    There is a duplicate address detection on the host interface.
C.    The link local address is assigned on the host interface.
D.    A neighbor redirect message is sent on the host interface.

Answer: B
Explanation:
Duplicate address detection (DAD) is used to verify that an IPv6 home address is unique on the LAN before assigning the address to a physical interface (for example, QDIO). z/OS Communications Server responds to other nodes doing DAD for IP addresses assigned to the interface.
http://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.hale001 %2Fipv6d0021002145.htm

QUESTION 38
What is the flooding scope of an OSPFv3 LSA, if the value of the S2 bit is set to 1 and the S1 bit is set to 0?

A.    link local
B.    area wide
C.    AS wide
D.    reserved

Answer: C
Explanation:
The Type 1 router LSA is now link local and the Type 2 Network LSA is AS Wide S2 and S1 indicate the LSA’s flooding scope. Table 9-1 shows the possible values of these two bits and the associated flooding scopes.

clip_image001[4]
Table 9-1 S bits in the OSPFv3 LSA Link State Type field and their associated flooding scopes
LSA Function Code, the last 13 bits of the LS Type field, corresponds to the OSPFv2 Type field. Table 9-2 shows the common LSA types used by OSPFv3 and the values of their corresponding LS Types. If you decode the hex values, you will see that the default U bit of all of them is 0. The S bits of all LSAs except two indicate area scope. Of the remaining two, AS External LSAs have an AS flooding scope and Link LSAs have a linklocal flooding scope. Most of the OSPFv3 LSAs have functional counterparts in OSPFv2; these OSPFv2 LSAs and their types are also shown in Table 9-2. Table 9-2 OSPFv3 LSA types and their OSPFv2 counterparts

clip_image001[6]

http://www.networkworld.com/subnets/cisco/050107-ch9-ospfv3.html?page=1

QUESTION 39
How will EIGRPv6 react if there is an IPv6 subnet mask mismatch between the Global Unicast
addresses on a point-to-point link?

A.    EIGRPv6 will form a neighbor relationship.
B.    EIGRPv6 will not form a neighbor relationship.
C.    EIGRPv6 will form a neighbor relationship, but with the log MSG: “EIGRPv6 neighbor not on a
common subnet.”
D.    EIGRPv6 will form a neighbor relationship, but routes learned from that neighbor will not be
installed in the routing table.

Answer: A
Answer: A
Explanation:
http://www.ietf.org/rfc/rfc3587.txt

QUESTION 40
Which two tunneling techniques support IPv6 multicasting? (Choose two.)

A.    6to4
B.    6over4
C.    ISATAP
D.    6PE
E.    GRE

Answer: BE
Explanation:
When IPv6 multicast is supported (over a 6to4 tunnel), an IPv6 multicast routing protocol must be used
Restrictions for Implementing IPv6 Multicast
IPv6 multicast for Cisco IOS software uses MLD version 2. This version of MLD is fully backward- compatible with MLD version 1 (described in RFC 2710). Hosts that support only MLD version 1 will interoperate with a router running MLD version 2. Mixed LANs with both MLD version 1 and MLD version 2 hosts are likewise supported.
IPv6 multicast is supported only over IPv4 tunnels in Cisco IOS Release 12.3(2)T, Cisco IOS Release 12.2
(18)S, and Cisco IOS Release 12.0(26)S.
When the bidirectional (bidir) range is used in a network, all routers in that network must be able to understand the bidirectional range in the bootstrap message (BSM). IPv6 multicast routing is disabled by default when the ipv6 unicast-routing command is configured. On Cisco Catalyst 6500 and Cisco 7600 series routers, the ipv6 multicast-routing also must be enabled in order to use IPv6 unicast routing
http://www.cisco.com/web/about/ac123/ac147/ac174/ac197/ about_cisco_ipj_archive_article09186a00800c830a.html
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast.html https://supportforums.cisco.com/thread/183386

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(21-30)!

QUESTION 21
A new Backup Connection is being deployed on a remote site router. the stability of the connection has been a concern. in order to provide more information to EIGRP Regarding this interface, You wish to incorporate the “Reliability” cost metric in the EIGRP Calculation with the command metric weights 1 0 1 0 1.
What impact will this modification on the remote site router have for other existing EIGRP
neighborships from the same EIGRP Domain?

A.    Existing Neighbors will immediately begin using the new metric.
B.    Existing Neighbors will use the new metric after clearing the EIGRP Neighbors.
C.    Existing Neighbors will resync, maintaining the neighbor relationship
D.    All ecisting neighbor relationships will go down

Answer: D
Explanation:
For eigrp Neighbor relationship to form, K values must match on both routers.

QUESTION 22
Refer to the exhibit. R1 has an EBGP session to ISP 1 and an EBGP session to ISP 2. R1 receives the same prefixes through both links.
Which configuration should be applied so that the link between R1 and ISP 2 will be preferred for outgoing traffic (R1 to ISP 2)?

clip_image001

A.    Increase local preference on R1 for routes received from ISP2.
B.    Decrease local preference on R1 for routes received from ISP2.
C.    Increase MED on ISP 2 for routes received from R1.
D.    Decrease MED on ISP 2 for routes received from R1.

Answer: A
Explanation:
Local preference is an indication to the AS about which path has preference to exit the AS in order to reach a certain network. A path with higher local preference is preferred more. The default value of preference is 100.
http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b82d1f.shtml

QUESTION 23
When you are troubleshooting duplex mismatches, which two errors are typically seen on the
fullduplex end? (Choose two.)

A.    runts
B.    FCS errors
C.    interface resets
D.    late collisions

Answer: AB
Explanation:
FCS, or File Check Sequence Errors, are one of the more common errors found in a network. When packets are transmitted and received, each contains a File Check Sequence that allows the receiving device to determine if the packet is complete without having to examine each bit. This is a type of CRC, or Cyclical Redundancy Check. Barring a station powering up or down during a transmission, the most common cause of these errors is noise. Network noise can be caused by cabling being located too close to noise sources such as lights, heavy machinery, etc. If a cabling installation is particularly faulty — such as pairs being untwisted, improper terminations, field terminated patch cables, etc. — these errors will occur on your network. Poorly manufactured components or minimally compliant components that are improperly installed can compound this issue. Cabling segments that are too long can also cause these errors.
Cabling issues, as defined above, or MAC layer packet formation issues (possibly hardware related) cause these errors. A faulty LAN driver can also cause this. Replacement of the driver will correct the latter issue. These errors can also be seen in correlation with RUNT packets or packets that are too short. Noise, however, is the most common cause and can generally be corrected by addressing the cabling channel.

QUESTION 24
Which two options are contained in a VTP subset advertisement? (Choose two.)

A.    followers field
B.    MD5 digest
C.    VLAN information
D.    sequence number

Answer: CD
Explanation:
Subset Advertisements
When you add, delete, or change a VLAN in a Catalyst, the server Catalyst where the changes are made increments the configuration revision and issues a summary advertisement. One or several subset advertisements follow the summary advertisement. A subset advertisement contains a list of VLAN information.
If there are several VLANs, more than one subset advertisement can be required in order to advertise all the VLANs.
Subset Advertisement Packet Format

clip_image001[5]
This formatted example shows that each VLAN information field contains information for a different VLAN. It is ordered so that lowered-valued ISL VLAN IDs occur first:

clip_image001[7]
Most of the fields in this packet are easy to understand. These are two clarifications:
Code — The format for this is 0x02 for subset advertisement. Sequence number — This is the sequence of the packet in the stream of packets that follow a summary advertisement. The sequence starts with 1.
Advertisement Requests
A switch needs a VTP advertisement request in these situations:
The switch has been reset.
The VTP domain name has been changed.
The switch has received a VTP summary advertisement with a higher configuration revision than its own.
Upon receipt of an advertisement request, a VTP device sends a summary advertisement. One or more subset advertisements follow the summary advertisement. This is an example:

clip_image001[9]

Code–The format for this is 0x03 for an advertisement request. Start-Value–This is used in cases in which there are several subset advertisements. If the first (n) subset advertisement has been received and the subsequent one (n+1) has not been received, the Catalyst only requests advertisements from the (n+1)th one.
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml

QUESTION 25
Which two statements are true about traffic shaping? (Choose two.)

A.    Out-of-profile packets are queued.
B.    It causes TCP retransmits.
C.    Marking/remarking is not supported.
D.    It does not respond to BECN and ForeSight Messages.
E.    It uses a single/two-bucket mechanism for metering.

Answer: AC
Explanation:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCwQFjAA&url=http%3A%2F%2Fstaffweb.itsligo.ie%2Fstaff%2Fpflynn%2FTelecoms%25203%2FSlides%2FONT%2520Mod%25204%2520Lesson%25207.ppt&ei=LoDIUfTTGtO3hAeQz4HQCA&usg=AFQjCNGY24UkAfy8tKIHlz Em9gfoIjv6fg&sig2=t4UIzkZ12wnO2988dEDyug&bvm=bv.48293060,d.ZG4 (slide 6)

QUESTION 26
Which three options are features of VTP version 3? (Choose three.)

A.    VTPv3 supports 8K VLANs.
B.    VTPv3 supports private VLAN mapping.
C.    VTPv3 allows for domain discovery.
D.    VTPv3 uses a primary server concept to avoid configuration revision issues.
E.    VTPv3 is not compatible with VTPv1 or VTPv2.
F.    VTPv3 has a hidden password option.

Answer: BDF
Explanation:
Key Benefits of VTP Version 3
Much work has gone into improving the usability of VTP version 3 in three major areas:
The new version of VTP offers better administrative control over which device is allowed to update other devices’ view of the VLAN topology. The chance of unintended and disruptive changes is significantly reduced, and availability is increased. The reduced risk of unintended changes will ease the change process and help speed deployment.
Functionality for the VLAN environment has been significantly expanded. Two enhancements are most beneficial for today’s networks:
?In addition to supporting the earlier ISL VLAN range from 1 to 1001, the new version supports the whole IEEE 802.1Q VLAN range up to 4095.
?In addition to supporting the concept of normal VLANs, VTP version 3 can transfer information regarding Private VLAN (PVLAN) structures.
The third area of major improvement is support for databases other than VLAN (for example, MST).
Brief Background on VTP Version 1 and VTP Version 2
VTP version 1 was developed when only 1k VLANs where available for configuration. A tight internal coupling of the VLAN implementation, the VLAN pruning feature, and the VTP function itself offered an efficient means of implementation. It has proved in the field to reliably support Ethernet, Token Ring, and FDDI networks via VTP.
The use of consistent VLAN naming was a requirement for successful use of VMPS (Vlan Membership Policy Server). VTP ensures the consistency of VLAN names across the VTP domain. Most VMPS implementations are likely to be migrated to a newer, more flexible and feature-rich method. To add support for Token Ring, VTP version 1 was enhanced and called VTP version 2. Certain other minor changes and enhancements were also added at this time. The functional base in VTP version 3 is left unchanged from VTP version 2, so backward compatibility is built in. It is possible, on a per link basis, to automatically discover and support VTP version 2 devices.
VTP version 3 adds a number of enhancements to VTP version 1 and VTP version 2:
Support for a structured and secure VLAN environment (Private VLAN, or PVLAN) Support for up to 4k VLANs
Feature enhancement beyond support for a single database or VTP instance Protection from unintended database overrides during insertion of new switches Option of clear text or hidden password protection
Configuration option on a per port base instead of only a global scheme Optimized resource handling and more efficient transfer of information These new requirements made a new code foundation necessary. The design goal was to make VTP version 3 a versatile vehicle. This was not only for the task of transferring a VLAN DB but also for transferring other databases-for example, the MST database.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/solution_guide_c78_508010.
html

QUESTION 27
Which three options are considered in the spanning-tree decision process? (Choose three.)

A.    lowest root bridge ID
B.    lowest path cost to root bridge
C.    lowest sender bridge ID
D.    highest port ID
E.    highest root bridge ID
F.    highest path cost to root bridge

Answer: ABC
Explanation:
Configuration bridge protocol data units (BPDUs) are sent between switches for each port. Switches use s four step process to save a copy of the best BPDU seen on every port. When a port receives a better BPDU, it stops sending them. If the BPDUs stop arriving for 20 seconds (default), it begins sending them again.
Step 1 Lowest Root Bridge ID (BID)
Step 2 Lowest Path Cost to Root Bridge
Step 3 Lowest Sender BID
Step 4 Lowest Port ID
Reference
Cisco General Networking Theory Quick Reference Sheets

QUESTION 28
Why would a rogue host that is running a DHCP Server on a Campus LAN network present a
security risk?

A.    It may allocate IP addresses from an unknown subnet to the users
B.    all Multicast traffic can be sniffer y using the DHCO Multicasr capabilities
C.    the CPU utilization of the first hop router can be overloaded by exploiting DHCP Relay open ports
D.    A potential Man-in-the-middle Attack can be used against the clients.

Answer: D
Explanation:
A rogue DHCP server is typically used in conjunction with a network attacker who launches man-in- the-middle (MitM) attacks. MitM is an attack technique in which the attacker exploits normal protocol processing behavior to reroute normal traffic flow between two endpoints. A hacker will broadcast DHCP requests with spoofed MAC addresses, thereby exhausting the address space of the legitimate DHCP server. Once the addresses are exhausted, the rogue DHCP server provides DHCP responses to users’ DHCP requests. These responses would include DNS servers and a default gateway, which would be used to launch a MitM attack.

QUESTION 29
Which Statement is true about TCN Propagation?

A.    The originator of the TCN immediately floods this information through the network
B.    the TCN propagation is a two step process
C.    A TCN is generated and sent to the root bridge
D.    the root bridge must flood this information throught the network

Answer: C
Explanation:
New Topology Change Mechanisms
When an 802.1D bridge detects a topology change, it uses a reliable mechanism to first notify the root bridge.
This is shown in this diagram:

clip_image001[11]
Once the root bridge is aware of a change in the topology of the network, it sets the TC flag on the BPDUs it sends out, which are then relayed to all the bridges in the network. When a bridge receives a BPDU with the TC flag bit set, it reduces its bridging-table aging time to forward delay seconds. This ensures a relatively quick flush of stale information. Refer to Understanding Spanning-Tree Protocol Topology Changes for more information on this process. This topology change mechanism is deeply remodeled in RSTP. Both the detection of a topology change and its propagation through the network evolve.
Topology Change Detection
In RSTP, only non-edge ports that move to the forwarding state cause a topology change. This means that a loss of connectivity is not considered as a topology change any more, contrary to 802.1D (that is, a port that moves to blocking no longer generates a TC). When a RSTP bridge detects a topology change, these occur:
It starts the TC While timer with a value equal to twice the hello-time for all its non-edge designated ports and its root port, if necessary.
It flushes the MAC addresses associated with all these ports. Note: As long as the TC While timer runs on a port, the BPDUs sent out of that port have the TC bit set.
BPDUs are also sent on the root port while the timer is active.
Topology Change Propagation
When a bridge receives a BPDU with the TC bit set from a neighbor, these occur:
It clears the MAC addresses learned on all its ports, except the one that receives the topology change.
It starts the TC While timer and sends BPDUs with TC set on all its designated ports and root port (RSTP no longer uses the specific TCN BPDU, unless a legacy bridge needs to be notified). This way, the TCN floods very quickly across the whole network. The TC propagation is now a one step process. In fact, the initiator of the topology change floods this information throughout the network, as opposed to 802.1D where only the root did. This mechanism is much faster than the 802.1D equivalent. There is no need to wait for the root bridge to be notified and then maintain the topology change state for the whole network for <max age plus forward delay> seconds.

clip_image001[13]
In just a few seconds, or a small multiple of hello-times, most of the entries in the CAM tables of the entire network (VLAN) flush. This approach results in potentially more temporary flooding, but on the other hand it clears potential stale information that prevents rapid connectivity restitution.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml

QUESTION 30
Which statement is true about loop guard?

A.    Loop Guard only operates on interfaces that are considered point-to-point by the spanning tree.
B.    Loop Guard only operates on root ports.
C.    Loop Guard only operates on designated ports
D.    Loop Guard only operates on edge ports

Answer: A
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.2glx/configuration/guide/stp_enha.
html#wp1048163

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(11-20)!

QUESTION 11
Apart from interdomain multicast routing, what else is MSDP used for?

A.    Source Specific Multicast and IGMPv2
B.    Announcing multicast sources to BGP speakers
C.    Anycast RP
D.    Intradomain multicast routing

Answer: C
Explanation:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/ guide/1cfmsdp_ps1835_TSD_Products_Configuration_Guide_Chapter.html

QUESTION 12
Which IGMPv2 message contains a non-zero “Max Response Time”?

A.    Membership Query
B.    Membership Report
C.    Membership Delay
D.    Backward Compatible IGMPv1 Report Message

Answer: A
Explanation:
The Max Response Time field is used only in Membership Query messages. It specifies the maximum allowed time before sending a responding report in units of 1/10 second. In all other messages, it is set to zero by the sender and ignored by receivers.

QUESTION 13
What is Phantom RP used for?

A.    it is used for load balancing in bidirectional PIM
B.    it is used for redundancy in bidirectional PIM
C.    it is used for redundancy in PIM-SM
D.    it is used for load balancing in PIM-SM

Answer: B
Explanation:
Phantom RP
In Bidirectional PIM (Bidir-PIM), the RP does not have an actual protocol function. The RP acts as a routing vector in which all the traffic converges. The RP can be configured as an address that is not assigned to any particular device called a Phantom RP. This means that the RP address does not need to reside on a physical router interface, but can just be an address in a subnet. The RP can also be a physical router, but it is not necessary.
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6552/whitepaper_c11- 508498.html

QUESTION 14
Which three statements are true about TACACS+? (Choose three.)

A.    It is a Cisco proprietary protocol.
B.    It runs on TCP port 59.
C.    Authentication and authorization are done at different stages.
D.    TACACS+ encrypts the entire body of the packet, but leaves a standard TACACS+ header.
E.    It is an industry standard protocol.
F.    TACACS+ encrypts both the entire body of the packet and the TACACS+ header.

Answer: ACD
Explanation:
TACACS+ utilizes TCP port 49. It consists of three separate protocols, which can be implemented on separate servers.[1]
TACACS+ offers multiprotocol support, such as IP and AppleTalk. Normal operation fully encrypts the body of the packet for more secure communications. It is a Cisco proprietary enhancement to the original TACACS protocol.
http://en.wikipedia.org/wiki/TACACS%2B

QUESTION 15
What does Cisco recommend when you are enabling Cisco IOS IPS?

A.    Do not enable all the signatures at the same time.
B.    Do not enable the ICMP signature.
C.    Disable the Zone-Based Policy Firewall because it is not compatible with Cisco IOS IPS.
D.    Disable CEF because it is not compatible with Cisco IOS IPS.

Answer: A
Explanation:
Router memory and resource constraints prevent a router from loading all Cisco IOS IPS signatures. Thus, it is recommended that you load only a selected set of signatures that are defined by the categories. Because the categories are applied in a “top-down” order, you should first retire all signatures, followed by “unretiring” specific categories. Retiring signatures enables the router to load information for all signatures, but the router does not build the parallel scanning data structure.

QUESTION 16
Which two statements are true about Unicast Reverse Path Forwarding Loose Mode? (Choose
two.)

A.    It is used in multihome network scenarios.
B.    It can be used with BGP to mitigate DoS and DDoS.
C.    It does not need to have CEF enabled.
D.    It is enabled via the interface level command ip verify unicast reverse-path.
E.    It cannot be used with “classification” access lists.

Answer: AB
Explanation:
The Unicast Reverse Path Forwarding Loose Mode feature creates a new option for Unicast Reverse Path Forwarding (Unicast RPF), providing a scalable anti-spoofing mechanism suitable for use in multihome network scenarios. This mechanism is especially relevant for Internet Service Providers (ISPs), specifically on routers that have multiple links to multiple ISPs. In addition, Unicast RPF (strict or loose mode), when used in conjunction with a Border Gateway Protocol (BGP) “trigger, ” provides an excellent quick reaction mechanism that allows network traffic to be dropped on the basis of either the source or destination IP address, giving network administrators an efficient tool for mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks.
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html

QUESTION 17
Which three protocols should be explicitly managed by using a CoPP policy on an Internet border
router? (Choose three.)

A.    SMTP
B.    ICMP
C.    BGP
D.    SSH
E.    RTP
F.    BitTorrent
G.    VTP

Answer: BCD
Explanation:
Control Plane Policing (CoPP) is a Cisco IOS-wide feature designed to allow users to manage the flow of traffic handled by the route processor of their network devices. CoPP is designed to prevent unnecessary traffic from overwhelming the route processor that, if left unabated, could affect system performance. Route processor resource exhaustion, in this case, refers to all resources associated with the punt path and route processor(s) such as Cisco IOS process memory and buffers, and ingress packet queues.
http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html#3

QUESTION 18
What is true about IP Source Guard with port security?

A.    Binding should be manually configured.
B.    It is not supported if IEEE 802.1x port-based authentication is enabled
C.    The DHCP server must support option 82, or the client is not assigned an IP address.
D.    It filters based on source IP address only.

Answer: C
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_s e/configuration/guide/swdhcp82.html (see enabling IP source guard, see the table ?step 3)

QUESTION 19
Which two commands are required to enable multicast on a router, knowing that the receivers only supports IGMPv2? (Choose Two)

A.    IP PIM RP-address
B.    IP PIM ssm
C.    IP PIM Sparse-mode
D.    IP PIM Passive

Answer: AC
Explanation:
Sparse mode logic (pull mode) is the opposite of Dense mode logic (push mode), in Dense mode it is supposed that in every network there is someone who is requesting the multicast traffic so PIM-DM routers begin by flooding the multicast traffic out of all their interfaces except those from where a prune message is received to eliminate the “leaf” from the multicasting tree (SPT), the Source-Based Tree (S, G); as opposed to Sparse mode that send the traffic only if someone explicitly requested it. Not like Dense mode, which build a separated source-based tree (S, G) between the source and the requester of the traffic, Sparse mode mechanism is based on a fixed point in the network named Rendez-Vous point.
All sources will have to register with the RP to which they send their traffic and thereby build a source-based tree (S, G) between them and the RP (not with the final multicast receiver like in PIM-DM) and all PIM-SM routers, “whatever” multicast traffic they are requesting, have to register with the RP and build a shared-tree (*. G)
http://tools.ietf.org/html/rfc2236
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00800b087 1.shtml
http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080094821.shtml#sparsemode

QUESTION 20
A branch router is configured with an egress QoS policy that was designed for a total number of 10 concurrent VOIP Calls.
Due to Expansion, 15 VOIP Calls are now running over the link, but after the 14th call was
established, all calls were affected and the voice quality was dramatically degraded.
Assuming that there is enough bandwidth on the link for all of this traffic, which part of the QOS configuration should be updated due to the new traffic profile?

A.    Increase the shaping rate for the priority queue.
B.    Remove the policer applied on the priority queue.
C.    Remove the shaper applied on the preiority queue.
D.    Increase the policing rate for the priority queue.

Answer: D
Explanation:
The question works on the premise that there was no congestion on the link upto the 13th call. When you please the 14th call there is congestion on the link. When there is NO congestion the priority command is allowed to take as much bandwidth as required. When there is congestion on the link the Priority command has to only use the configured bandwidth.
Adding the 14th call caused congestion, which in turn made the priority command restrict the calls to the configured value of 10 hence affect the quality of all calls.

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

2014 Latest Cisco 350-001 Dump Free Download(1-10)!

QUESTION 1
In order to maintain security, with which hop count are IPv6 neighbor discovery packets sent?

A.    0
B.    1
C.    255
D.    256

Answer: C

QUESTION 2
Which command will define a VRF with name ‘CCIE’ in IPv6?

A.    ip vrf CCIE
B.    ipv6 vrf CCIE
C.    vrf definition CCIE
D.    ipv6 vrf definition CCIE

Answer: C
Explanation:
Vrf definition CCIE creates a multiprotocol VRF for both IPv4 and IPv6

QUESTION 3
For which routes does LDP advertise a label binding?

A.    all routes in the routing table
B.    only the IGP and BGP routes in the routing table
C.    only the BGP routes in the routing table
D.    only the IGP routes in the routing table

Answer: D
Explanation:
LDP can only do bindings for IGP learned routes. If the route is learned from BGP, BGP has to do the label binding. For CCIE R&S you don’t need to worry about using BGP for label distribution, as this is used for Inter-AS MPLS L3VPN scenarios. If you change your setup so the routes are learned from IGP instead of BGP they will have labels.

QUESTION 4
Which command can be used on a PE router to connect to a CE router (11.1.1.4) in VRF red?

A.    telnet 11.1.1.4 /vrf-source red
B.    telnet 11.1.1.4 source /vrf red
C.    telnet 11.1.1.4 /source vrf red
D.    telnet 11.1.1.4 /vrf red
E.    telnet 11.1.1.4 vrf red

Answer: D
Explanation:
Telnetting can be done through the VRF using the Management Ethernet interface. In the following example, the router telnets to 172.17.1.1 through the Management Ethernet interface VRF:
Router# telnet 172.17.1.1 /vrf Mgmt-intf
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/Management_Eth ernet.html

QUESTION 5
Which two statements are correct about Nonstop Forwarding? (Choose two.)

A.    It allows the standby RP to take control of the device after a hardware or software fault on the active RP.
B.    It is a Layer 3 function that works with SSO to minimize the amount of time a network is
unavailable to users following a switchover.
C.    It is supported by the implementation of EIGRP, OSPF, RIPv2, and BGP protocols.
D.    It synchronizes startup configuration, startup variables, and running configuration.
E.    The main objective of NSF is to continue forwarding IP packets following a switchover.
F.    Layer 2 802.1w or 802.1s must be used, as 802.1d cannot process the Layer 2 changes.
G.    Routing protocol tuning parameters must be the same as the NSF parameters, or failover will
be inconsistent.

Answer: BE
Explanation:
Cisco Nonstop Forwarding (NSF) works with the Stateful Switchover (SSO) feature in Cisco IOS software. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of Cisco NSF is to continue forwarding IP packets following a Route Processor (RP) switchover.
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsnsf20s.html

QUESTION 6
Which three fields are optional in an OSPFv3 external LSA? (Choose three.)

A.    Forwarding Address
B.    External Route
C.    Reference Link-State ID
D.    Option
E.    Prefix Options

Answer: ABC
Explanation:
AS-External LSA
As with OSPFv2, the AS-External LSA advertises prefixes external to the OSPF routing domain; one LSA is required for each external prefix advertised. However, the format of the OSPFv3 As-External LSA (Figure 9-10) is different from its OSPFv2 counterpart.
Figure 9-10. OSPFv3 AS-External LSA

clip_image001
http://fengnet.com/book/CCIE%20Professional%20Development%20Routing%20TCPIP%20Volume% 20I/images/09fig10_alt.jpg

QUESTION 7
On a router, interface S0 is running EIGRPv6, and interface S1 is running OSPFv3. A
redistribution command is issued under OSPFv3, redistribute EIGRP 1 metric 20 under ipv6 router nospf 1. What will happen after applying this redistribution command?

A.    All routes showing up as D and D EX in the routing table will be redistributed into OSPFv3.
B.    All routes showing up as D, D EX, and C in the routing table will be redistributed into OSPFv3.
C.    All routes showing up as D and D EX in the routing table and the S0 interface will be
redistributed into OSPFv3.
D.    All routes showing up as D in the routing table will be redistributed into OSPFv3.
E.    All routes showing up as D EX in the routing table will be redistributed into OSPFv3.

Answer: A
Explanation:
D are EIGRP Internal Routes and D EX are EIGRP external routes. Both Internal and External EIGRP routes will be redistributed with the configuration shown above

QUESTION 8
Which type of domains is interconnected using Multicast Source Discovery Protocol?

A.    PIM-SM
B.    PIM-DM
C.    PIM-SSM
D.    DVMRP

Answer: A
Explanation:
Multicast Source Discovery Protocol (MSDP) is a Protocol Independent Multicast (PIM) family multicast routing protocol defined by Experimental RFC 3618. MSDP interconnects multiple IPv4 PIM Sparse-Mode (PIM-SM) domains which enables PIM-SM to have Rendezvous Point (RP) redundancy and inter-domain multicasting.
http://en.wikipedia.org/wiki/Multicast_Source_Discovery_Protocol

QUESTION 9
Which two multicast address ranges are assigned as source-specific multicast destination
addresses and are reserved for use by source-specific applications and protocols? (Choose two.)

A.    232.0.0.0/8
B.    239.0.0.0/8
C.    232.0.0.0/4
D.    FF3x::/32
E.    FF2x::/32
F.    FF3x::/16

Answer: AD
Explanation:
Source-specific multicast (SSM) is a method of delivering multicast packets in which the only packets that are delivered to a receiver are those originating from a specific source address requested by the receiver. By so limiting the source, SSM reduces demands on the network and improves security. SSM requires that the receiver specify the source address and explicitly excludes the use of the (*, G) join for all multicast groups in RFC 3376, which is possible only in IPv4’s IGMPv3 and IPv6’s MLDv2. Source-specific multicast is best understood in contrast to any-source multicast (ASM). In the ASM service model a receiver expresses interest in traffic to a multicast address. The multicast network must
1. discover all multicast sources sending to that address, and
2. route data from all sources to all interested receivers. This behavior is particularly well suited to groupware applications where
1. all participants in the group want to be aware of all other participants, and
2. the list of participants is not known in advance.
The source discovery burden on the network can become significant when the number of sources is large.
In the SSM service model, in addition to the receiver expressing interest in traffic to a multicast address, the receiver expresses interest in receiving traffic from only one specific source sending to that multicast address.
This relieves the network of discovering many multicast sources and reduces the amount of multicast routing information that the network must maintain. SSM requires support in last-hop routers and in the receiver’s operating system. SSM support is not required in other network components, including routers and even the sending host. Interest in multicast traffic from a specific source is conveyed from hosts to routers using IGMPv3 as specified in RFC 4607.
SSM destination addresses must be in the ranges 232.0.0.0/8 for IPv4 or FF3x::/96 for IPv6.
http://en.wikipedia.org/wiki/Source-specific_multicast

QUESTION 10
How is RPF used in multicast routing?

A.    to prevent multicast packets from looping
B.    to prevent PIM packets from looping
C.    to instruct PIM where to send a (*,G) or (S,G) join message
D.    to prevent multicast packets from looping and to instruct PIM where to send a (*,G) or (S,G) join message

Answer: D

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001

Free 2014 Cisco 200-101 Dump (91-97) Download!

QUESTION 91
Syslog was configured with a level 3 trap. Which 3 types of logs would be generated (choose three)

A.    Emergencies
B.    Alerts
C.    Critical
D.    Errors
E.    Warnings

Answer: ABC

QUESTION 92
Which three statements about Syslog utilization are true? (Choose three.)

A.    Utilizing Syslog improves network performance.
B.    The Syslog server automatically notifies the network administrator of network problems.
C.    A Syslog server provides the storage space necessary to store log files without using router disk space.
D.    There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages.
E.    Enabling Syslog on a router automatically enables NTP for accurate time stamping.
F.    A Syslog server helps in aggregation of logs and alerts.

Answer: CDF

QUESTION 93
A network administrator enters the following command on a router: logging trap 3. What are three message types that will be sent to the Syslog server? (Choose three.)

A.    informational
B.    emergency
C.    warning
D.    critical
E.    debug
F.    error

Answer: BDF

QUESTION 94
In a GLBP network, who is responsible for the arp request?

A.    AVF
B.    AVG
C.    Active Router
D.    Standby Router

Answer: B

QUESTION 95
In GLBP, which router will respond to client ARP requests?

A.    The active virtual gateway will reply with one of four possible virtual MAC addresses.
B.    All GLBP member routers will reply in round-robin fashion.
C.    The active virtual gateway will reply with its own hardware MAC address.
D.    The GLBP member routers will reply with one of four possible burned in hardware addresses.

Answer: A

QUESTION 96
Which three statements about HSRP operation are true? (Choose three.)

A.    The virtual IP address and virtual MA+K44C address are active on the HSRP Master router.
B.    The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
C.    HSRP supports only clear-text authentication.
D.    The HSRP virtual IP address must be on a different subnet than the routers’ interfaces on the same LAN.
E.    The HSRP virtual IP address must be the same as one of the router’s interface addresses on the LAN.
F.    HSRP supports up to 255 groups per interface, enabling an administrative form of load balancing.

Answer: ABF

QUESTION 97
What is a valid HSRP virtual MAC address?

A.    0000.5E00.01A3
B.    0007.B400.AE01
C.    0000.0C07.AC15
D.    0007.5E00.B301

Answer: C

If you want to pass the Cisco 200-101 Exam sucessfully, recommend to read latest Cisco 200-101 Dumpfull version.

clip_image001

Free 2014 Cisco 200-101 Dump (81-90) Download!

QUESTION 81
What is the default Syslog facility level?

A.    local4
B.    local5
C.    local6
D.    local7

Answer: D

QUESTION 82
What command instructs the device to timestamp Syslog debug messages in milliseconds?

A.    service timestamps log datetime localtime
B.    service timestamps debug datetime msec
C.    service timestamps debug datetime localtime
D.    service timestamps log datetime msec

Answer: B

QUESTION 83
Which protocol can cause overload on a CPU of a managed device?

A.    Netflow
B.    WCCP
C.    IP SLA
D.    SNMP

Answer: D

QUESTION 84
What is the alert message generated by SNMP agents called ?

A.    TRAP
B.    INFORM
C.    GET
D.    SET

Answer: AB

QUESTION 85
Which three features are added in SNMPv3 over SNMPv2?

A.    Message Integrity
B.    Compression
C.    Authentication
D.    Encryption
E.    Error Detection

Answer: ACD

QUESTION 86
What are three components that comprise the SNMP framework? (Choose three.)

A.    MIB
B.    agent
C.    set
D.    AES
E.    supervisor
F.    manager

Answer: ABF

QUESTION 87
What SNMP message alerts the manager to a condition on the network?

A.    response
B.    get
C.    trap
D.    capture

Answer: C

QUESTION 88
What authentication type is used by SNMPv2?

A.    HMAC-MD5
B.    HMAC-SHA
C.    CBC-DES
D.    community strings

Answer: D

QUESTION 89
Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three.)

A.    SNMPv3 enhanced SNMPv2 security features.
B.    SNMPv3 added the Inform protocol message to SNMP.
C.    SNMPv2 added the Inform protocol message to SNMP.
D.    SNMPv3 added the GetBulk protocol messages to SNMP.
E.    SNMPv2 added the GetBulk protocol message to SNMP.
F.    SNMPv2 added the GetNext protocol message to SNMP.

Answer: ACE

QUESTION 90
What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?

A.    SNMP
B.    Netflow
C.    WCCP
D.    IP SLA

Answer: B

If you want to pass the Cisco 200-101 Exam sucessfully, recommend to read latest Cisco 200-101 Dumpfull version.

clip_image001

Free 2014 Cisco 200-101 Dump (71-80) Download!

QUESTION 71
What are two enhancements that OSPFv3 supports over OSPFv2? (Choose two.)

A.    It requires the use of ARP.
B.    It can support multiple IPv6 subnets on a single link.
C.    It supports up to 2 instances of OSPFv3 over a common link.
D.    It routes over links rather than over networks.

Answer: BD

QUESTION 72
What Netflow component can be applied to an interface to track IPv4 traffic?

A.    flow monitor
B.    flow record
C.    flow sampler
D.    flow exporter

Answer: A

QUESTION 73
What are three benefits of GLBP? (Choose three.)

A.    GLBP supports up to eight virtual forwarders per GLBP group.
B.    GLBP supports clear text and MD5 password authentication between GLBP group members.
C.    GLBP is an open source standardized protocol that can be used with multiple vendors.
D.    GLBP supports up to 1024 virtual routers.
E.    GLBP can load share traffic across a maximum of four routers.
F.    GLBP elects two AVGs and two standby AVGs for redundancy.

Answer: BDE

QUESTION 74
What command visualizes the general NetFlow data on the command line?

A.    show ip flow export
B.    show ip flow top-talkers
C.    show ip cache flow
D.    show mls sampling
E.    show mls netflow ip

Answer: C

QUESTION 75
What are three reasons to collect Netflow data on a company network? (Choose three.)

A.    To identify applications causing congestion.
B.    To authorize user network access.
C.    To report and alert link up / down instances.
D.    To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.
E.    To detect suboptimal routing in the network.
F.    To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.

Answer: ADF

QUESTION 76
What are three factors a network administrator must consider before implementing Netflow in the network? (Choose three.)

A.    CPU utilization
B.    where Netflow data will be sent
C.    number of devices exporting Netflow data
D.    port availability
E.    SNMP version
F.    WAN encapsulation

Answer: ABC

QUESTION 77
What are the benefit of using Netflow? (Choose three.)

A.    Network, Application & User Monitoring
B.    Network Planning
C.    Security Analysis
D.    Accounting/Billing

Answer: ACD

QUESTION 78
What are the three things that the Netflow uses to consider the traffic to be in a same flow?

A.    IP address
B.    Interface name
C.    Port numbers
D.    L3 protocol type
E.    MAC address

Answer: ACD

QUESTION 79
Which three are the components of SNMP? (Choose three)

A.    MIB
B.    SNMP Manager
C.    SysLog Server
D.    SNMP Agent
E.    Set

Answer: ABD

QUESTION 80
What are the Popular destinations for syslog messages to be saved?

A.    Flash
B.    The logging buffer .RAM
C.    The console terminal
D.    Other terminals
E.    Syslog server

Answer: BCE

If you want to pass the Cisco 200-101 Exam sucessfully, recommend to read latest Cisco 200-101 Dumpfull version.

clip_image001

Free 2014 Cisco 200-101 Dump (61-70) Download!

QUESTION 61
Hotspot Question

clip_image002

clip_image001

clip_image001[4]

If required, what password should be configured on the DeepSouth router in the branch office to allow a connection to be established with the MidEast router?

A.    No password is required.
B.    Enable
C.    Secret
D.    Telnet
E.    Console

Answer: B
Explanation:

In the diagram, DeepSouth is connected to Dubai’s S1/2 interface and is configured as follows:
Interface Serial1/2
IP address 192.168.0.5 255.255.255.252
Encapsulalation PPP ; Encapsulation for this interface is PPP
Check out the following Cisco Link:
http://www.cisco.com/en/US/tech/tk713/tk507/technologies_configuration_example09186a00800 94333.shtml#configuringausernamedifferentfromtheroutersname
Here is a snipit of an example:
Network Diagram
If Router 1 initiates a call to Router 2, Router 2 would challenge Router 1, but Router 1 would not challenge Router 2. This occurs because the ppp authentication chap callin command is configured on Router 1. This is an example of a unidirectional authentication. In this setup, the ppp chap hostname alias-r1 command is configured on Router 1. Router 1 uses “alias-r1” as its hostname for CHAP authentication instead of “r1.” The Router 2 dialer map name should match Router 1’s ppp chap hostname; otherwise, two B channels are established, one for each direction.

clip_image002[4]

QUESTION 62
Hotspot Question

clip_image002[6]

clip_image001[6]

clip_image001[8]

What would be the destination Layer 2 address in the frame header for a frame that is being forwarded by Dubai to the host address of 172.30.4.4?

A.    825
B.    230
C.    694
D.    387

Answer: C
Explanation:
According to command output 172.30.4.4 is using the 694 dlci value. http://www.cisco.com/en/US/docs/ios/12_2/wan/command/reference/wrffr4.html#wp1029343

QUESTION 63
Hotspot Question

clip_image002[8]

clip_image001[10]

clip_image001[12]

Which connection uses the default encapsulation for serial interfaces on Cisco routers?

A.    The serial connection to the NorthCoast branch office.
B.    The serial connection to the North branch office.
C.    The serial connection to the Southlands branch office.
D.    The serial connection to the Multinational Core.

Answer: B
Explanation:
Cisco default encapsulation is HDLC which is by default enabled on all cisco router. If we want to enable other encapsulation protocol(PPP,X.25 etc) we need to define in interface setting. But here except s1/1 all interface defined by other encapsulation protocol so we will assume default encapsulation running on s1/1 interface and s1/1 interface connected with North

QUESTION 64
Hotspot Question

clip_image002[10]

clip_image001[14]

clip_image001[16]

A static map to the S-AMER location is required. Which command should be used to create this map?

A.    frame-relay map ip 172.30.0.3 825 broadcast
B.    frame-relay map ip 172.30.0.3 230 broadcast
C.    frame-relay map ip 172.30.0.3 694 broadcast
D.    frame-relay map ip 172.30.0.3 387 broadcast

Answer: B
Explanation:
frame-relay map ip 172.30.0.3 230 broadcast 172.30.0.3 is S-AMER router ip address and its configure on 230 dlci value. Check “show frame-relay map ” output in the diagram.

QUESTION 65
Which command displays the CHAP authentication process as it occurs between two routers?

A.    debug chap authentication
B.    debug authentication
C.    debug chap ppp
D.    debug ppp authentication

Answer: D

QUESTION 65
A department decides to replace its hub with a Catalyst 2950 switch that is no longer needed by another department. To prepare the switch for installation, the network administrator has erased the startup configuration and reloaded the switch. However, PCs that are connected to the switch experience various connectivity problems. What is a possible cause of the problem?

A.    The VLAN database was not erased.
B.    The management VLAN is disabled.
C.    The running configuration should have been erased.
D.    The “mode” button was not pressed when the switch was reloaded.
E.    The switch was not configured with an IP address or a default gateway.

Answer: A

QUESTION 66
Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.)

A.    Global addresses start with 2000::/3.
B.    Link-local addresses start with FE00:/12.
C.    Link-local addresses start with FF00::/10.
D.    There is only one loopback address and it is ::1.
E.    If a global address is assigned to an interface, then that is the only allowable address for the interface.

Answer: AD

QUESTION 67
What are three features of the IPv6 protocol? (Choose three.)

A.    optional IPsec
B.    autoconfiguration
C.    no broadcasts
D.    complicated header
E.    plug-and-play
F.    checksums

Answer: BCE

QUESTION 68
A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?

A.    Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
B.    Add a second router to handle the VLAN traffic.
C.    Add two more Fast Ethernet interfaces.
D.    Implement a router-on-a-stick configuration.

Answer: D

QUESTION 69
Select the action that results from executing these commands.

Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

A.    A dynamically learned MAC address is saved in the startup-configuration file.
B.    A dynamically learned MAC address is saved in the running-configuration file.
C.    A dynamically learned MAC address is saved in the VLAN database.
D.    Statically configured MAC addresses are saved in the startup-configuration file if frames from that
address are received.
E.    Statically configured MAC addresses are saved in the running-configuration file if frames from that
address are received.

Answer: B

QUESTION 70
Which two of these statements are true of IPv6 address representation? (Choose two.)

A.    There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast.
B.    A single interface may be assigned multiple IPv6 addresses of any type.
C.    Every IPv6 interface contains at least one loopback address.
D.    The first 64 bits represent the dynamically created interface ID.
E.    Leading zeros in an IPv6 16 bit hexadecimal field are mandatory.

Answer: BC

If you want to pass the Cisco 200-101 Exam sucessfully, recommend to read latest Cisco 200-101 Dumpfull version.

clip_image001

1 562 563 564 565 566 614