Itfreedumps provides the latest online questions for all IT certifications,

such as IBM, Microsoft, CompTIA, Huawei, and so on.

Hot exams are available below.

AZ-204 Developing Solutions for Microsoft Azure

820-605 Cisco Customer Success Manager

MS-203 Microsoft 365 Messaging

HPE2-T37 Using HPE OneView

300-415 Implementing Cisco SD-WAN Solutions (ENSDWI)

DP-203 Data Engineering on Microsoft Azure

500-220 Engineering Cisco Meraki Solutions v1.0

NACE-CIP1-001 Coating Inspector Level 1

NACE-CIP2-001 Coating Inspector Level 2

200-301 Implementing and Administering Cisco Solutions

Share some 300-410 exam online questions below.

1.Refer to the exhibit.
Router R1 peers with two ISPs using static routes to get to the internet. The requirement is that R1
must prefer ISP-A under normal circumstances and failover to ISP-B if the connectivity to ISP-A is
lost. The engineer observes that R1 is load balancing traffic across the two ISPs.
Which action resolves the issue by sending traffic to ISP-A only with failover to ISP-B?
A. Configure OSPF between R1. ISP-A. and ISP-B for dynamic failover if any ISP link to R1 fails
B. Configure two static routes on R1. one pointing to ISP-A and another pointing to ISP- B with 222
admin distance
C. Change the bandwidth of the interface on R1 so that interface to ISP-A has a higher value than the
interface to ISP-B
D. Configure two static routes on R1. one pointing to ISP-B with more specific routes and another
pointing to ISP-A with summary routes
Answer: D

2.What must be configured by the network engineer to circumvent AS_PATH prevention mechanism
in IP/VPN Hub and Spoke deployment scenarios?
A. Use allows in and as-override at all Pes.
B. Use allowas in and as-override at the PE-Hub.
C. Use Allowas-in the PE_Hub
D. Use as-override at the PE_Hub
Answer: D

3.An engineer is trying to copy an IOS file from one router to another router by using TFTP.
Which two actions are needed to allow the file to copy? (Choose two.)
A. Copy the file to the destination router with the copy tftp: flash: command
B. Enable the TFTP server on the source router with the tftp-server flash: <filename> command
C. TFTP is not supported in recent IOS versions, so an alternative method must be used
D. Configure a user on the source router with the username tftp password tftp command
E. Configure the TFTP authentication on the source router with the tftp-server authentication local
command
Answer: A,B

4.Refer to the exhibit.

R1 is configured with IP SLA to check the availability of the server behind R6 but it kept failing.
Which configuration resolves the issue?
A. R1(config)# ip sla 700
R1(config-track)# delay down 30 up 20
B. R1(config)# ip sla 700
R1(config-track)# delay down 20 up 30
C. R1(config)# track 700 ip sla 700
R1(config-track)# delay down 30 up 20
D. R1(config)# track 700 ip sla 700
R1(config-track)# delay down 20 up 30
Answer: C

5.Refer to the exhibit.

The DHCP client is unable to receive an IP address from the DHCP server RouterB is configured as
follows:

Which command is required on the fastethernet 0/0 interface of RouterB to resolve this issue?
A. RouterB(config-if)#lp helper-address 172.31.1.1
B. RouterBiconfig-ififclp helper-address 255.255 255 255
C. RouterB(config-if)#lp helper-address 172.16.1.1
D. RouterB(config-if)#lp helper-address 172.16.1.2
Answer: D

6.165.202.128/27 from ISP2. An engineer is ISP1 reports they are receiving ISP2 routes from
AS65401.
Which configuration onR1 resolves the issue?
A. access-list 10 deny 209.165.202.128 0.0.0.31
access-list 10 permit any
!
router bgp 65401
neighbor 209.165.201.1 distribute-list 10 out
B. access-list 10 deny 209.165.202.128 0.0.0.31
access-list 10 permit any
!
router bgp 65401
neighbor 209.165.201.1 distribute-list 10 in
C. ip route 209.165.200.224 255.255.255.224 209.165.201.1
ip route 209.165.202.128 255.255.255.224 209.165.201.5
D. ip route 0.0.0.0 0.0.0.0 209.165.201.1
ip route 0.0.0.0 0.0.0.0 209.165.201.5
Answer: A
Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23675-27.html

7.Refer to the exhibit.

A loop occurs between R1, R2, and R3 while EIGRP is run with poison reverse enabled.
Which action prevents the loop between R1, R2, and R3?
A. Configure route tagging
B. Enable split horizon
C. Configure R2 as stub receive-only
D. Configure route filtering
Answer: B

8.Refer to the exhibit.

An engineer configured NetFlow on R1, but the flows do not reach the NMS server from R1.
Which configuration resolves this Issue?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: B

9.Refer to the exhibit.

Troubleshoot and ensure that branch B only ever uses the MPLS B network to reach HQ.
Which action achieves this requirement?
A. Introduce an AS path filter on branch A routers so that only local prefixes are advertised into BGP
B. increase the local preference for all HQ prefixes received at branch B from the MPLS B network to
be higher than the local preferences used on the MPLS A network
C. Introduce AS path prepending on the branch A MPLS B network connection so that any HQ
advertisements from branch A toward the MPLS B network are prepended three times
D. Modify the weight of all HQ prefixes received at branch B from the MPLS B network to be higher
than the weights used on the MPLS A network
Answer: A
Explanation:
If we modify the weight, increase local preference or use AS path prepending then we can only make
MPLS B prefer over MPLS
A. But when MPLS B is down then MPLS A will be used which does not meet the requirement of this
question. Only with AS path filtering we can deny prefixes from certain AS and make sure branch B
never uses MPLS A to reach HQ.

10.Refer to the exhibit.

Users in VLAN46 cannot get the IP from the DHCP server. Assume that all the parameters are
configured properly in VLAN 10 and on the DHCP server.
Which command on interlace VLAN46 allows users to receive IP from the DHCP server?
A. ip dhcp-addreos 10.221.10.10
B. ip dhcp server 10.221.10.10
C. ip helper-addrets 10.221.10.10
D. ip dhcp relay information trust-all
Answer: C

11.An engineer configured two routers connected to two different service providers using BGP with
default attributes. One of the links is presenting high delay, which causes slowness in the network.
Which BGP attribute must the engineer configure to avoid using the high-delay ISP link if the second
ISP link is up?
A. LOCAL_PREF
B. MED
C. WEIGHT
D. AS-PATH
Answer: A

12.Exhibit:
Which action resolves the authentication problem?
A. Configure the user name on the TACACS+ server
B. Configure the UDP port 1812 to be allowed on the TACACS+ server
C. Configure the TCP port 49 to be reachable by the router
D. Configure the same password between the TACACS+ server and router.
Answer: D
Explanation:
Explanation
From the last line of the output, we notice that the result was “Invalid AUTHEN packet”. Therefore
something went wrong with the username or password.
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-
access-control-system-tacacs-/200467-Troubleshoot-TACACS-Authentication-Issue.html

13.What are two functions of IPv6 Source Guard? (Choose two.)

A. It uses the populated binding table for allowing legitimate traffic.
B. It works independent from IPv6 neighbor discovery.
C. It denies traffic from unknown sources or unallocated addresses.
D. It denies traffic by inspecting neighbor discovery packets for specific pattern.
E. It blocks certain traffic by inspecting DHCP packets for specific sources.
Answer: A,C
Explanation:
14.Refer to the exhibit.
The administrator configured the network devise for end-to-end reachability, but the ASBRs are not
propagation routes to each other.
Which set of configuration resolves this issue?
A. router bgp 100
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.2.2 route-reflector-client
neighbor 10.1.3.3 route-reflector-client
B. router bap 100
neighbor 10.1.1.1 next-hop-self
neighbor 10.1.2.2 next-hop-self
neighbor 10.1.3.3 next-hop-self
C. router bgp 100
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.2.2 update-source Loopback0
neighbor 10.1.3.3 update-source Loopback0
D. router bgp 100
neighbor 10.1.1.1 ebgp-multihop
neighbor 10.1.2.2 ebgp-multihop
neighbor 10.1.3.3 ebgp-multihop
Answer: A

15.Refer to the exhibit.

An engineer recently implemented uRPF by configuring the ip verify unicast source reachable-via rx
command on interface gi0/3 The engineer noticed right after implementing F that an inbound packet
on the giO-3 interface with a source address of 172 16 3 251 was dropped.
Which action resolves the issue?
A. Configure uRPF loose mode to forward the packet.
B. Permit the 172.16.3.251 in the inbound ACL on interface gi0/3.
C. Permit the 172.16.3.251 in the inbound ACL on interface gi0/3 to allow 172.16.3.251.
D. Configure uRPF strict mode to forward the packet
Answer: A
Explanation:
Option A configures uRPF loose mode to forward the packet. This mode allows the router to check if
there is a route in the routing table that matches the source IP address of the incoming packet,
regardless of the interface that is used to reach the source. This mode is suitable for networks that
have asymmetric routing, where the incoming and outgoing interfaces for a packet may differ2.
Option B permits the 172.16.3.251 in the inbound ACL on interface gi0/3. This option does not resolve
the issue, because it only allows the packet to pass the ACL check, but not the uRPF check. The
packet will still be dropped by uRPF if there is no route to reach the source IP address via the same
interface3.
Option C permits the 172.16.3.251 in the inbound ACL on interface gi0/3 to allow 172.16.3.251. This
option is redundant and incorrect, because it repeats the same IP address twice in the ACL
statement. It also does not resolve the issue for the same reason as Option B3.
Option D configures uRPF strict mode to forward the packet. This option does not resolve the issue,
because it is the same mode that was already configured on the interface. Strict mode requires that
the router has a route to reach the source IP address via the same interface where the packet was
received. If this condition is not met, the packet will be dropped4.

16.16.4.0/24

17.Refer to the exhibit.

An engineer examines the BGP update for the IPv6 prefix 2001:db8::1/128. which should have been
summarized into a /64 prefix.
Which sequence of actions achieves the summarization?
A. R1 is a route reflector client of a RR with a router ID of 1.1.1.1. and the originator of the prefix has
a router ID of 3.3.3.3. Both routers belong to different ASs. The prefix is not advertised to any peer
and must be advertised using the network statement on R3.
B. R1 is a route reflector with a router ID of 3.3.3.3. and the originator of the prefix is a route reflector
client, which has a router ID of 3.3.3.3. Both routers belong to the same AS Configure an aggregate
address on the router with ID 1.1.1.1 for the prefix
C. R1 is a route reflector with a router ID of 1.111. and the originator of the prefix is a route reflector
client, which has a router ID of 3.3.3.3. Both routers belong to the same AS Configure an aggregate
address on the router with ID 1.1.1.1 for the prefix
D. R1 is a route reflector client of a RR with a router ID of 1.1.1.1. and the originator of the prefix has
a router ID of 3.3.3.3. Both routers belong to the same AS. Configure an aggregate address on the
router with ID 3 3.3.3 for the prefix.
Answer: D

18.Refer to Exhibit.
The network administrator configured the branch router for IPv6 on the E0/0 interface. The
neighboring router is fully configured to meet requirements, but the neighbor relationship is not
coming up.
Which action fixes the problem on the branch router to bring the IPv6 neighbors up?
A. Enable the IPv4 address family under the router ospfv3 4 process by using the address-family ipv4
unicast command
B. Disable IPv6 on the E0/0 interface using the no ipv6 enable command
C. Enable the IPv4 address family under the E0/0 interface by using the address-family ipv4 unicast
command
D. Disable OSPF for IPv4 using the no ospfv3 4 area 0 ipv4 command under the E0/0 interface
Answer: A
Explanation:
Explanation
Once again, Cisco changed the IOS configuration commands required for OSPFv3 configuration. The
new OSPFv3 configuration uses the “ospfv3” keyword instead of the earlier “ipv6 router ospf”
routing process command and “ipv6 ospf” interface commands.
The Open Shortest Path First version 3 (OSPFv3) address families feature enables both IPv4 and
IPv6 unicast traffic to be supported. With this feature, users may
have two processes per interface, but only one process per address family (AF).
19.Refer to the exhibit.

Router R2 should be learning the route for 10.123.187.0/24 via EIGRP.

Which action resolves the issue without introducing more issues?
A. Use distribute-list to modify the route as an internal EIGRP route
B. Redistribute the route in EIGRP with metric, delay, and reliability
C. Use distribute-list to filter the external router in OSPF
D. Remove route redistribution in R2 for this route in OSPF
Answer: C

20.Refer to the exhibit.

The none area 0 routers in OSPF still receive more specific routes of 10.1.1.0.10.1.2.0.10.1.3.0 from
area 0.
Which action resolves the issue?
A. Configure route summarization on OSPF-enabled interfaces.
B. Summarize by using the summary-address 10.1.0.0 255.255.252.0 command.
C. Summarize by using the area range command on ABRs
D. Configure the summary-address 10.1.0.0 255.255.252.0 command under OSPF process.
Answer: C

21.Refer to Exhibit:
AS 111 wanted to use AS 200 as the preferred path for 172.20.5.0/24 and AS 100 as the backup.
After the configuration, AS 100 is not used for any other routes.
Which configuration resolves the issue?
A. route-mmap SETLP permit 10
match ip address prefix-list PLIST1
set local-preference 99
route-map SETLP permit 20
B. route-map SETLP permit 10
match ip address prefix-list PLIST1
set local-preference 110
route-map SETLP permit 20
C. router bgp 111
no neighbor 192.168.10.1 route-map SETLP in
neighbor 192.168.10.1 route-map SETLP out
D. router bap 111
no neighbor 192.168.10.1 route-map SETLP in
neighbor 192.168.20.2 route-map SE TLP in
Answer: A
Explanation:
There is an implicit deny all at the end of any route-map so all other traffic that does not match
172.20.5.0/24 would be dropped. Therefore we have to add a permit sequence at the end of the route-
map to allow other traffic.
The default value of Local Preference is 100 and higher value is preferred so we have to set the local
preference of AS100 lower than that of AS200.

22.The network administrator is tasked to configure R1 to authenticate telnet connections based on

Cisco ISE using RADIUS. ISE has been configured with an IP address of 192.168.1.5 and with a
network device pointing towards R1 (192.168.1.1) with a shared secret password of Cisco123. If ISE
is down, the administrator should be able to connect using the local database with a username and
password combination of admin/cisco123.
The administrator has configured the following on R1:
ISE has gone down. The Network Administrator is not able to Telnet to R1 when ISE went down.
Which two configuration changes will fix the issue? (Choose two.)

A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: C,E

23.Which statement about MPLS LDP router ID is true?

A. If not configured, the operational physical interface is chosen as the router ID even if a loopback is
configured.
B. The loopback with the highest IP address is selected as the router ID.
C. The MPLS LDP router ID must match the IGP router ID.
D. The force keyword changes the router ID to the specified address without causing any impact.
Answer: B
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/12-4m/mp-
ldp-12-4mbook.pdf

24.Which statement about IPv6 RA Guard is true?

A. It does not offer protection in environments where IPv6 traffic is tunneled.
B. It cannot be configured on a switch port interface in the ingress direction.
C. Packets that are dropped by IPv6 RA Guard cannot be spanned.
D. It is not supported in hardware when TCAM is programmed.
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3s-
book/ip6-ra-guard.html#GUID-589AF00C-7499-439F-AD23-51005D61CAB7
The IPv6 RA Guard feature does not offer protection in environments where IPv6 traffic is tunneled.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-
xe-16-book/ip6-ra-guard.pdf

25.Refer to the exhibit.

R1 uses SP1 as the primary path. A network engineer must force all SSH traffic generated from R1
toward SP2.
Which configuration accomplishes the task?
A)

B)
C)

D)

A. Option
B. Option
C. Option
D. Option
Answer: C

26.Refer to the exhibit.

An engineer is troubleshooting a TACACS problem.

Which action resolves the issue?
A. Configure a matching TACACS server IP.
B. Configure a matching preshared key.
C. Generate authentication from a relative source interface.
D. Apply a configured AAA profile to the VTY.
Answer: B
Explanation:
Reference: https://community.cisco.com/t5/network-access-control/issues-with-tacacs-
authentication/td-p/3412001
The last line shows us the reason, which is “Invalid AUTHEN packet (check keys)” so the most likely
cause of this problem is key mismatch.

27.DRAG DROP
Drag and drop the operations from the left onto the locations where the operations are performed on
the right.

Answer:

Explanation:
Label Switch Router

28.Refer to the exhibit.

SanFrancisco and Boston routers are choosing slower links to reach each other despite the direct
links being up.
Which configuration fixes the issue?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: D

29.Refer to the exhibit.

An engineer is troubleshooting failed access by contractors to the business application server via
Telnet or HTTP during the weekend.
Which configuration resolves the issue?
A)

B)

C)

D)

A. Option
B. Option
C. Option
D. Option
Answer: A
30.Refer to the exhibit.

An engineer is trying to configure local authentication on the console line, but the device is trying to
authenticate using TACACS+.
Which action produces the desired configuration?
A. Add the aaa authentication login default none command to the global configuration.
B. Replace the capital “C” with a lowercase “c” in the aaa authentication login Console local
command.
C. Add the aaa authentication login default group tacacs+ local-case command to the
globalconfiguration.
D. Add the login authentication Console command to the line configuration
Answer: D
Explanation:
Reference: https://community.cisco.com/t5/switching/how-to-define-login-local-for-console-0/td-
p/2949493

31.Refer to the exhibit.

A router receiving BGP routing updates from multiple neighbors for routers in AS 690.
What is the reason that the router still sends traffic that is destined to AS 690 to a neighbor other than
10.222.1.1?
A. The local preference value in another neighbor statement is higher than 250.
B. The local preference value should be set to the same value as the weight in the route map.
C. The route map is applied in the wrong direction.
D. The weight value in another neighbor statement is higher than 200.
Answer: C

32.Refer to the exhibit.

A network engineer is adding a new spoke router into an existing DMVPN Phase 3 tunnel with a hub
router to provide secure communication between sites.
Which additional configuration must the engineer apply to enable the tunnel to come up?
A. ip nhrp registration no-unique
B. ip nhrp server-only non-caching
C. ip nhrp responder tunnel
D. ip nhrpnhs 172.23.5.1
Answer: D

33.Users report issues with reachability between areas as soon as an engineer configured summary
routes between areas in a multiple area OSPF autonomous system.
Which action resolves the issue?
A. Configure the summary-address command on the ASBR.
B. Configure the summary-address command on the ABR.
C. Configure the area range command on the ABR.
D. Configure the area range command on the ASBR.
Answer: C
Explanation:
For OSPF, we can only summary at the ABR with the command “area range” or at the ASBR with the
command “summary-address” -> Therefore answer A and answer B are not correct.
In this question, the most likely problem is that when doing summarization, the network mask is
configured wrong and summarization doesn’t work because of the misconfiguration. When
configuring the area range command, make sure that the summarization mask is in the form of a
prefix mask rather than a wildcard mask (that is, 255.255.255.0 instead of 0.0.0.255).
Good reference: https://www.configrouter.com/troubleshooting-route-summarization-ospf-14082/

34.Refer to Exhibit.

A network administrator added one router in the Cisco DNA Center and checked its discovery and
health from the Network Health Dashboard. The network administrator observed that the router is still
showing up as unmonitored.
What must be configured on the router to mount it in the Cisco DNA Center?
A. Configure router with NetFlow data
B. Configure router with the telemetry data
C. Configure router with routing to reach Cisco DNA Center
D. Configure router with SNMPv2c or SNMPv3 traps
Answer: B
Explanation:
Unmonitored: Unmonitored devices are devices for which Assurance did not receive any telemetry
data during the specified time range.

35. Performs PHP

Label Edge Router:

36.Refer to the exhibit.

An administrator is configuring a GRE tunnel to establish an EIGRP neighbor to a remote router. The
other tunnel endpoint is already configured. After applying the configuration as shown, the tunnel
started flapping.
Which action resolves the issue?
A. Stop sending a route matching the tunnel destination across the tunnel.
B. Modify the network command to use the Tunne10 Interface netmask.
C. Advertise the Loopback0 interface from R2 across the tunnel.
D. Readdress the IP network on the Tunne10 on both routers using the /31 netmask.
Answer: A

37.Refer to the exhibit.

When an FTP client attempts to use passive FTP to connect to the FTP server, the file transfers fail.
Which action resolves the issue?
A. Configure active FTP traffic.
B. Modify FTP-SERVER access list to remove established at the end.
C. Modify traffic filter FTP-SERVER in to the outbound direction.
D. Configure to permit TCP ports higher than 1023.
Answer: D

38.Refer to the exhibit.

After an engineer configured a new Cisco rouler as a DHCP server, users reponed two primary
issues:
? Devices in the HR subnet have intermittent connectivity problems.
? Workstations in the LEGAL subnet cannot obtain IP addresses.
Which configurations must the engineer apply to ROUTER_1 to restore connectivity for the affected
devices?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A

39.Refer to the exhibit.

AAA server 10.1.1.1 is configured with the default authentication and accounting settings, but the
switch cannot communicate with the server.
Which action resolves this issue?
A. Match the authentication port
B. Match the accounting port
C. Correct the timeout value.
D. Correct the shared secret.
Answer: A
Explanation:
Command Default
Accounting port: 1813
Authentication port: 1812
Accounting: enabled
Authentication: enabled
Retransmission count: 1
Idle-time: 0
Server monitoring: disabled
Timeout: 5 seconds
Test username: test
Test password: test
Reference: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/radius-server-
host.html
By default, RADIUS uses UDP port 1812 for authentication and port 1813 for accounting. In the
exhibit above we see port 1814 is being used for authentication to AAA server at 10.1.1.1 which is not
the default port so we must adjust the authentication port to the default value 1812.

40.An engineer received a ticket about a router that has reloaded. The monitoring system graphs
show different traffic patterns between logical and physical interfaces when the router is rebooted.
Which action resolves the issue?
A. Configure the snmp ifindex persist command globally.
B. Clear the logical interfaces with snmp ifindex clear command
C. Configure the snmp ifindex persist command on the physical interfaces.
D. Trigger a new snmpwalk from the monitoring system to synchronize interface OlDs
Answer: A

41.Refer to the exhibit.

An administrator noticed that after a change was made on R1, the timestamps on the system logs did
not match the clock.
What is the reason for this error?
A. An authentication error with the NTP server results in an incorrect timestamp.
B. The keyword localtime is not defined on the timestamp service command.
C. The NTP server is in a different time zone.
D. The system clock is set incorrectly to summer-time hours.
Answer: B

42.Refer to the exhibit.

An engineer configured user login based on authentication database on the router, but no one can log
into the router.
Which configuration resolves the issue?
A. aaa authentication login default enable
B. aaa authorization network default local
C. aaa authentication login default local
D. aaa authorization exec default local
Answer: C

43.Refer to the exhibit.

The R2 loopback interface is advertised with RIP and EIGRP using default values.
Which configuration changes make R1 reach the R2 loopback using RIP?
A. R1(config)# router rip
R1(config-router)# distance 90
B. R1(config)# router rip
R1(config-router)# distance 100
C. R1(config)# router eigrp 1
R1(config-router)# distance eigrp 130 120
D. R1(config)# router eigrp 1
R1(config-router)# distance eigrp 120 120
Answer: C
Explanation:
distance (AD Number u want to change to) (neighbor IP) (Wildcard Mask) (access-list number)

44.Refer to the exhibit.

After a misconfiguration by a junior engineer, the console access to router A is not working.
Which configuration allows access to router A?
A)

B)

C)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C

45.What does the MP-BGP OPEN message contain?

A. MPLS labels and the IP address of the router that receives the message
B. the version number and the AS number to which the router belongs
C. IP routing information and the AS number to which the router belongs
D. NLRI, path attributes, and IP addresses of the sending and receiving routers
Answer: B

46.Refer to the exhibit.

The branch router is configured with a default route toward the internet and has no routes configured
for the HQ site that is connected through interface G2/0. The HQ router is fully configured and does
not require changes.
Which configuration on the branch router makes the intranet website (TCP port 80) available to the
branch office users?
A. access-list 100 permit tcp any host intranet-webserver-ip eq 80
!
route-map pbr permit 10
match ip address 100
set ip next-hop 192.168.2.2
!
interface G2/0
ip policy route-map pbr
B. access-list 101 permit tcp any any eq 80
access-list 102 permit tcp any host intranet-webserver-ip
!
route-map pbr permit 10
match ip address 101 102
set ip next-hop 192.168.2.2
!
interface G1/0
ip policy route-map pbr
C. access-list 101 permit tcp any any eq 80
access-list 102 permit tcp any host intranet-webserver-ip
!
route-map pbr permit 10
match ip address 101
set ip next-hop 192.168.2.2
route-map pbr permit 20
match ip address 102
set ip next-hop 192.168.2 2
!
interface G2/0
ip policy route-map pbr
D. acceslist 100 permit tcp host intranet-webserverip eq 80 any
!
route-map pbr permit 10 match ip address 100
set ip next-hop 192.168 2.2
!
interface G1/0
ip policy route-map pbr
Answer: B
Explanation:
the ACL 101 matches all HTTP pakects while the ACL 102 matches TCP packets destined to Intranet
webserver. These packets will be sent to HQ router.
If a match command refers to several objects in one command, either of them should match (the
logical OR algorithm is applied). For example, in the match ip address 101 102 command, a route is
permitted if it is permitted by access list 101 or access list 102.

47.Refer to the exhibit.

The administrator configured route advertisement to a remote low resources router to use only the
default route to reach any network but failed.
Which action resolves this issue?
A. Change the direction of the distribute-list command from out to in.
B. Remove the line with the sequence number 5 from the prefix list.
C. Remove the prefix keyword from the distribute-list command.
D. Remove the line with the sequence number 10 from the prefix list.
Answer: B

48.Which transport layer protocol is used to form LDP sessions?

A. UDP
B. SCTP
C. TCP
D. RDP
Answer: C
Explanation:
LDP multicasts hello messages to a well-known UDP port (646) in order to discover neighbors. Once
the discovery is accomplished, a TCP connection (port 646) is established and the LDP session
begins. LDP keepalives ensure the health of the session. Thanks to the LDP session, LDP messages
create the label mappings required for a FEC. Withdraw messages are used when FECs need to be
torn down.

49.Which two labet distribution methods are used by routers in MPLS? (Choose two)
A. targeted hello message
B. LDP discovery hello message
C. LDP session protection message
D. downstream unsolicited
E. downstream on demand
Answer: D,E

50.Refer to the exhibit.

After the network administrator rebuilds the IPv6 DHCP server, clients are not getting the IPv6
address lease.
Which action resolves the issue?
A. Remove FE80 A8BB CCFF FEOO 5000 assigned by the IPV6 DHCP server.
B. Add Ipv6 dhcp sarver MY_POOL under the interface ethernet 0/0 on H1.
C. Add Ipv6 dhcp server MY_POOL under the interface ethernet 0/0 on R1.
D. Configure FF02::1:2 to discover al IPv6 OHCP cfcents
Answer: C

51.An engineer must configure a Cisco router to initiate secure connections from the router to other
devices in the network but kept failing.
Which two actions resolve the issue? (Choose two.)
A. Configure a source port for the SSH connection to initiate
B. Configure a TACACS+ server and enable it
C. Configure transport input ssh command on the console
D. Configure a domain name
E. Configure a crypto key to be generated
Answer: D,E
Explanation:
Follow these guidelines when configuring the switch as an SSH server or SSH client:
+ An RSA key pair generated by a SSHv1 server can be used by an SSHv2 server, and the reverse.
+ If the SSH server is running on a stack master and the stack master fails, the new stack master
uses the RSA key pair generated by the previous stack master
+ If you get CLI error messages after entering the crypto key generate rsa global configuration
command, an RSA key pair has not been generated. Reconfigure the hostname and domain, and
then enter the crypto key generate rsa command.
+ When generating the RSA key pair, the message No host name specified might appear. If it does,
you must configure a hostname by using the hostname global configuration command.
+ When generating the RSA key pair, the message No domain specified might appear. If it does, you
must configure an IP domain name by using the ip domain-nameglobal configuration command.
+ When configuring the local authentication and authorization authentication method, make sure that
AAA is disabled on the console.
Reference: https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/
multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_01100

52.An engineer is creating a policy that overrides normal routing behavior.

If the route to a destination of 10.100.100.0/24 is withdrawn from the routing Table, the policy must
direct traffic to a next hop of 10.1 1.1. if the route is present in the routing table, then normal
forwarding must occur.
Which configuration meets the requirements?
A. access-list 100 permit ip any any
!
route-map POLICY permit 10
match ip address 100
set ip next-hop recursive 10.1.1.1
B. access-list 100 permit ip any 10.100.100.0 0.0.0.255
!
Route-map POLICY permit 10
match ip address 100
set ip default next-hop 10.1.1.1
C. access-list 100 permit ip any 10.100.100.0 0.0.0.255
!
route-map POLICY permit 10
match ip address 100
set ip next-hop 10.1.1.1
!
route map POLICY permit 20
D. access-list 100 permit ip any 10.100.100.0 0.0.0.255
!
route map POLICY permit 10
match ip address 100
Set ip next-hop recursive 10.1.1.1
!
route-map POLICY permit 20
Answer: D

53.What is a MPLS PHP label operation?

A. Downstream node signals to remove the label.
B. It improves P router performance by not performing multiple label lookup.
C. It uses implicit-NULL for traffic congestion from source to destination forwarding
D. PE removes the outer label before sending to the P router.
Answer: A
54.What is the role of a route distinguisher via a VRF-Lite setup implementation?
A. It extends the IP address to identify which VFP instance it belongs to.
B. It manages the import and export of routes between two or more VRF instances
C. It enables multicast distribution for VRF-Lite setups to enhance EGP routing protocol capabilities
D. It enables multicast distribution for VRF-Lite setups to enhance IGP routing protocol capabilities
Answer: A

55.Refer to exhibit.

Routing protocols are mutually redistributed on R3 and R1. Users report intermittent connectivity to
services hosted on the 10.1.1.0/24 prefix. Significant routing update changes are noticed on R3 when
the show ip route profile command is run.
How must the services be stabilized?
A. The issue with using BGP must be resolved by using another protocol and redistributing it into
EIGRP on R3
B. The routing loop must be fixed by reducing the admin distance of iBGP from 200 to 100 on R3
C. The routing loop must be fixed by reducing the admin distance of OSPF from 110 to 80 on R3
D. The issue with using iBGP must be fixed by running eBGP between R3 and R4
Answer: B
Explanation:
After redistribution, R3 learns about network 10.1.1.0/24 via two paths:
+ Internal BGP (IBGP): advertised from R4 with AD of 200 (and metric of 0)
+ OSPF: advertised from R1 with AD of 110 (O E2) (and metric of 20)
Therefore R3 will choose the path with the lower AD via OSPF But this is a looped path which is
received from R3 -> R2 -> R1 -> R3. So when the advertised route from R4 is expired, the looped
path is also expired soon and R3 will reinstall the main path from R4. This is the cause of intermittent
connectivity. In order to solve this issue, we can lower the AD of iBGP to a value which is lower than
110 so that it is preferred over OSPF-advertised route.

56.Refer to the exhibit.

An organization is installing a new L3 MPLS link to establish DM VPN Phase 2 tunnels between the
hub and two spoke routers.
Which additional configuration should the engineer implement on each device to achieve optimal
routing between the spokes?
A)
B)

C)

D)

A. Option
B. Option
C. Option
D. Option
Answer: C

57.Which Layer 3 VPN attribute allows different customers to connect to the same MPLS network
with overlapping IP ranges?
A. VRF
B. RT
C. MP-BGP
D. RD
Answer: D
Explanation:
In a Layer 3 VPN (Virtual Private Network) over an MPLS (Multiprotocol Label Switching) network, the
attribute that allows different customers to connect with overlapping IP ranges is the Route
Distinguisher (RD)123.
RD is a unique identifier that is prepended to each IP address in a customer’s VPN to create a
unique VPNv4 address. This allows customers to use overlapping IP addresses without conflict123.
The RD makes it possible for the same IP prefix to exist in different VPNs, which is crucial when
customers have overlapping IP ranges123.
Reference: MPLS Layer 3 VPN Explained - NetworkLessons.com
MPLS: Layer 3 VPNs Configuration Guide - Cisco
Understanding Using MPLS-Based Layer 3 VPNs on Switches - Juniper

58.A network administrator successfully established a DMVPN tunnel with one hub and two spokes
using EIGRP. One of the requirements was to enable spoke-to-spoke tunnels through the hub router
using EIGRP.
Which configuration command must the engineer configure to meet the requirement?
A. no ip eigrp 1 mode multipoint
B. no ip eigrp 1 split-horizon
C. no ip eigrp 1 tunnel-redirect
D. no ip eigrp 1 mode mgre
Answer: B

59.Refer to the exhibit.

APC is configured to obtain an IP address automatically, but it receives an IP address only from the
169.254.0.0 subnet The DHCP server logs contained no DHCPDISCOVER message from the MAC
address of the PC.
Which action resolves the issue?
A. Configure an ip helper-address on the router to forward DHCP messages to the server.
B. Configure DHCP Snooping on the switch to forward DHCP messages to the server.
C. Configure a DHCP reservation on the server for the PC.
D. Configure a static IP address on the PC and exclude it from the DHCP pool.
Answer: A

60.Refer to the exhibit.

An engineer notices a connectivity problem between routers R1 and R2. The frequency of this
problem is high during peak business hours.
Which action resolves the issue?
A. Increase the MTU on the interfaces that connect R1 and R2.
B. Increase the available bandwidth between R1 and R2.
C. Decrease the EIGRP keepallve and hold down timers on R1 and R2.
D. Set static EIGRP neighborship between R1 and R2.
Answer: B

61.The network administrator configured CoPP so that all SNMP traffic from Cisco Prime located at
192.168.1.11 toward the router CPU is limited to 1000 kbps.
Any traffic that exceeds this limit must be dropped.
access-list 100 permit udp any any eq 161
!
class-map CM-SNMP
match access-group 100
!
policy-map PM-COPP
class CM-SNMP
police 1000 conform-action transmit
!
control-plane
service-policy input PM-COPP
The network administrator is not getting the desired result for the SNMP traffic and SNMP traffic is
getting dropped frequently.
Which set of configurations resolves the issue?
A. no access-list 100
access-list 100 permit tcp host 192.168.1.11 any eq 161
B. no access-list 100
access-list 100 permit udp host 192.168.1.11 any eq 161
!
policy-map PM-COPP
class CM-SNMP
no police 1000 conform-action transmit
police 1000000 conform-action transmit
!
control-plane
no service-policy input PM-COPP
!
interface E 0/0
service-policy input PM-COPP
!
interface E 0/1
service-policy input PM-COPP
C. no access-list 100
access-list 100 permit udp host 192.168.1.11 any eq 161
!
policy-map PM-COPP
class CM-SNMP
no police 1000 conform-action transmit
police 1000000 conform-action transmit
D. policy-map PM-COPP class CM-SNMP
no police 1000 conform-action transmit police 1000000 conform-action transmit
Answer: C
Explanation:
In the context of Control Plane Policing (CoPP) in Cisco devices, the rate limit is specified in bits per
second (bps), not kilobits per second (kbps). Therefore, a limit of 1000 kbps should indeed be entered
as 1,000,000 bps in the CoPP configuration.
Also, the access list should be configured to match the specific SNMP traffic from the Cisco Prime IP
address (192.168.1.11), as you correctly pointed out.
Here’s the corrected configuration:
no access-list 100
access-list 100 permit udp host 192.168.1.11 any eq 161
!
policy-map PM-COPP
class CM-SNMP
no police 1000 conform-action transmit
police 1000000 conform-action transmit
This configuration ensures that only the SNMP traffic from Cisco Prime is policed and any excess
traffic is dropped, preventing the router’s CPU from being overwhelmed.

62.A network administrator is troubleshooting a high utilization issue on the route processor of a
router that was reported by NMS The administrator logged into the router to check the control plane
policing and observed that the BGP process is dropping a high number of routing packets and
causing thousands of routes to recalculate frequently.
Which solution resolves this issue?
A. Police the cir for BGP, conform-action transmit, and exceed action transmit.
B. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action set-frde-transmit.
C. Shape the cir for BGP. conform-action transmit, and exceed action transmit.
D. Police the pir for BGP, conform-action set-prec-transmit, and exceed action set-clp-transmit.
Answer: D
Explanation:
CIR (Committed Information Rate) is the minimum guaranteed traffic delivered in the network.
PIR (Peak Information Rate) is the top bandwidth point of allowed traffic in a non busy times without
any guarantee.

+ Policing: is used to control the rate of traffic flowing across an interface. During a bandwidth exceed
(crossed the maximum configured rate), the excess traffic is generally dropped or remarked. The
result of traffic policing is an output rate that appears as a saw-tooth with crests and troughs. Traffic
policing can be applied to inbound and outbound interfaces. Unlike traffic shaping, QoS policing
avoids delays due to queuing. Policing is configured in bytes.
+ Shaping: retains excess packets in a queue and then schedules the excess for later transmission
over increments of time. When traffic reaches the maximum configured rate, additional packets are
queued instead of being dropped to proceed later. Traffic shaping is applicable only on outbound
interfaces as buffering and queuing happens only on outbound interfaces. Shaping is configured in
bits per second.
Therefore in this case we can only policing, not shaping as traffic shaping is applicable only on
outbound interfaces as buffering and queuing happens only on outbound interfaces. Moreover, BGP
traffic is not important so we can drop the excess packets without any problems.
And we only policing the PIR traffic so that the route processor is not overwhelmed by BGP
calculation.
Note: The “set-prec-transmit” is the same as “transmit” command except it sets the IP Precedence
level as well. The “set-clp-transmit” sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM
cell and transmits the packet.

63.What is a function of BFD?

A. peer recovery after a Layer 3 protocol adjacency failure
B. peer recovery after a Layer 2 adjacency failure
C. failure detection independent of routing protocols and media types
D. failure detection dependent on routing protocols and media types
Answer: D

64.Which IPv6 feature enables a device to reject traffic when it is originated from an address that is
not stored in the device binding table?
A. IPv6 Snooping
B. IPv6 Source Guard
C. IPv6 DAD Proxy
D. IPv6 RA Guard
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3s-
book/ip6-src-guard.html
65.A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321
router. However, the SSH response from the router is abnormal and stuck during the high link
utilization. The problem is identified as SSH traffic does not match in the ACL.
Which action resolves the issue?
A. Rate-limit SSH traffic to ensure dedicated bandwidth.
B. Apply CoPP on the control plane interface.
C. Increase the IP precedence value of SSH traffic to 6.
D. Apply CoPP on the WAN interface inbound direction.
Answer: B
Explanation:
Explanation
The problem is “SSH traffic does not match in the ACL” and “CoPP policy is applied for receiving
SSH traffic from the WAN interface” so we should apply CoPP on the control plane interface instead.

66.Refer to the exhibit.

R1 is being monitored using SNMP and monitoring devices are getting only partial information.
What action should be taken to resolve this issue?
A. Modify the CoPP policy to increase the configured exceeded limit for SNMP.
B. Modify the access list to include snmptrap.
C. Modify the CoPP policy to increase the configured CIR limit for SNMP.
D. Modify the access list to add a second line to allow udp any any eq snmp
Answer: D

67.Refer to the exhibit.

Packets arriving from source 209.165.200.215 must be sent with the precedence bit set to 1, and
packets arriving from source 209.165.200.216 must be sent with the precedence bit set to 5.
Which action resolves the issue?
A. set ip precedence critical in route-map Texas permit 10
B. set ip precedence critical in route-map Texas permit 20
C. set ip precedence immediate in route-map Texas permit 10
D. set ip precedence priority in route-map Texas permit 20
Answer: B

68.How does an MPLS Layer 3 VPN differentiate the IP address space used between each VPN?
A. by RD
B. by address family
C. by MP-BGP
D. byRT
Answer: A

69.Refer to the exhibit.

SIMULATION
Answer:
Solution:
R-West#
service sequence-numbers
service timestamps log datetime msec
snmp-server enable traps ospf
archieve
log config
logging enable
hidekeys
notify syslog
exit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific lsa
wr
end
wr

70.Refer to the exhibit. An engineer is trying to log in to R1 via R3 loopback address.

Which action resolves the issue?
A. Add transport input SCP
B. Add transport input none
C. Remove the IPv6 traffic filter from R1, which is blocking the Telnet.
D. Remove the IPv6 traffic from R1, which is blocking the SSH
Answer: C

71.Refer to the exhibit.

Which action resolves the adjacency issue?
A. Match the hello interval timers.
B. Configure the same EIGRP process IDs.
C. Match the authentication keys.
D. Configure the same autonomous system numbers.
Answer: D
Explanation:
EIGRP does not have process ID as it uses Autonomous System (AS) numbers only.
This is not an authentication problem or we would see this error from the debug:
EIGRP: Ethernet0/0: ignored packet from 10.1.1.3, opcode = 1 (missing authentication or key-chain
missing)
If the AS numbers between two routers are different then the neighbor relationship cannot be formed.

72.Refer to the exhibit.

An administrator wanted to make R1 always elected as DR. R2 as BDR. and R3 as DROTHER but
could not achieve the desired results.
Which two configurations resolve the issue? (Choose two.)
A. On the R1 FO/0 interface, configure OSPF priority to 255.
B. On the R2 FO/0 interface, configure OSPF priority to 201.
C. On the R1 F0/0 interface, configure OSPF priority to 202.
D. On the R3 FO'O interface, configure OSPF priority to 201.
E. On the R2 FO/0 interface, configure OSPF priority to 200.
Answer: A,D

73.Which security feature can protect DMVPN tunnels?

A. IPsec
B. TACACS+
C. RTBH
D. RADIUS
Answer: A

74.Refer to the exhibit.

A junior engineer configured SNMP to network devices. Malicious users have uploaded different
configurations to the network devices using SNMP and TFTP servers.
Which configuration prevents changes from unauthorized NMS and TFTP servers?
A. access-list 20 permit 10.221.10.11
access-list 20 deny any log
!
snmp-server group NETVIEW v3 priv read NETVIEW access 20
snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20
snmp-server community Cisc0Us3r RO 20
snmp-server community Cisc0wrus3r RW 20
snmp-server tftp-server-list 20
B. access-list 20 permit 10.221.10.11
access-list 20 deny any log
!
snmp-server group NETVIEW v3 priv read NETVIEW access 20
snmp-server group NETADMIN v3 priv read NETVIEW write NETADMIN access 20
snmp-server community Cisc0wrus3r RO 20
snmp-server community Cisc0Us3r RW 20
snmp-server tftp-server-list 20
C. access-list 20 permit 10.221.10.11
access-list 20 deny any log
D. access-list 20 permit 10.221.10.11
Answer: A

75.Refer to the exhibit.

An enterprise operations team must monitor all application server traffic in the data center The team
finds that traffic coming from the hub site from R3 and R6 rs monitored successfully but traffic
destined to the application server is not monitored.
Which action resolves the issue?
A)
B)

C)

D)

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C

76.Refer to the exhibit.

When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is
causing unnecessary traffic to pass through the interface.
Which command must be configured to resolve the issue?
A. access-class INTERNET in
B. ipv6 traffic-filter INTERNET in
C. ipv6 access-class INTERNET in
D. ip access-group INTERNET in
Answer: C
77.Which feature drops packets if the source address is not found in the snooping table?
A. IPv6 Source Guard
B. IPv6 Destination Guard
C. IPv6 Prefix Guard
D. Binding Table Recovery
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-3s/ip6f-xe-3s-
book/ip6-snooping.pdf

78.Refer to the exhibit.

An engineer configures DMVPN and receives the hub location prefix of 10.1.1.0724 on R2 and R3
The R3 prefix of 10 1.3.0/24 is not received on R2. and the R2 prefix 10.1,2.0/24 is not received on
R3.
Which action reserves the issue?
A. Split horizon prevents the routes from being advertised between spoke routers it should be
disabled with the command no ip split-horizon eigrp 10 on the tunnel interface of R1
B. There is no spoke-to-spoke connection DMVPN configuration should be modified to enable a
tunnel connection between R2 and R3 and neighbor relationship confirmed by use of the show ip
eigrp neighbor command
C. Split horizon prevents the routes from being advertised between spoke routers it should be
disabled with the no ip split-horizon eigrp 10 command on the Gi0/0 interface of R1.
D. There is no spoke-to-spoke connection DMVPN configuration should be modified with a manual
neighbor relationship configured between R2 and R3 and confirmed bb use of the show ip eigrp
neighbor command.
Answer: A
Explanation:
In this topology, the Hub router will receive advertisements from R2 Spoke router on its tunnel
interface. The problem here is that it also has a connection with R3 Spoke on that same tunnel
interface. If we don’t disable split-horizon, then the Hub will not relay routes from R2 to R3 and the
other way around. That is because it received those routes on the same interface tunnel and
therefore
it cannot advertise back out that same interface (split-horizon rule). Therefore we must disable
splithorizon on the Hub router to make sure the Spokes know about each other.

79.Refer to the exhibit.

Router R4 is configured correctly with default OSPF values. A network engineer configured R7 for
OSPF. R7 must not be elected as a DR for the segment between R4-R7. The adjacency between R4
and R7 failed to form.
Which configuration resolves the issue?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
80.Refer to the exhibit.
R1 cannot receive the R2 Interfaces with individual prefixes.
What must be reconfigured to advertise R2 Interfaces to R1?
A. EIGRP process on R2 by removing the stub command Keyword summary
B. interface FastEthernet0/1 on R2 with an EIGRP summary for all three loopback prefixes
C. EIGRP process on R2 with the command stub summary receive-only
D. EIGRP process on R2 with the command stub summary connected
Answer: D
81.Refer to the exhibit.

Why is user authentication being rejected?

A. The TACACS+ server expects “user”, but the NT client sends “domain/user”.
B. The TACACS+ server refuses the user because the user is set up for CHAP.
C. The TACACS+ server is down, and the user is in the local database.
D. The TACACS+ server is down, and the user is not in the local database.
Answer: D
Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-
accesscontrol-system-tacacs-/13864-tacacs-pppdebug.html

82.SIMULATION
A network is configured with IP connectivity, and the routing protocol between devices started having
problems right after the maintenance window to implement network changes.
Troubleshoot and resolve to a fully functional network to ensure that:
R4
R5
Answer:
R4
Int range et0/0 C 1
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 CCNP
Router ospf 1
Redistribute connected subnets route-map to-ospf metric-type 1
Copy run start
R5
Int range et0/0 C 1
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 CCNP
Interface eth 0/1
Ip ospf cost 10
Copy run start
VERIFICATION: -

Graphical user interface, text, application Description automatically generated

83.A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command.
Which configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU
over GRE?
A. ip tcp adjust-mss 1360
crypto ipsec fragmentation after-encryption
B. ip tcp adjust-mtu 1360
crypto ipsec fragmentation after-encryption
C. ip tcp adjust-mss 1360
crypto ipsec fragmentation mtu-discovery
D. ip tcp adjust-mtu 1360
crypto ipsec fragmentation mtu-discovery
Answer: A
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-
troubleshoot-00.html

84.Refer to the exhibit.

An engineer is troubleshooting a failed Telnet session from PC to the DHCP server.
Which action resolves the issue?
A. Remove sequence 30 and add it back to the IPv6 traffic filter as sequence 5.
B. Remove sequence 20 and add it back to the IPv6 traffic filter as sequence 5.
C. Remove sequence 10 to add the PC source IP address and add it back as sequence 10.
D. Remove sequence 20 for sequence 40 in the access list to allow Telnet.
Answer: B

85.Refer to the exhibit.

R1 and R2 cannot establish an EIGRP adjacency.

Which action establishes EIGRP adjacency?
A. Remove the current autonomous system number on one of the routers and change to a different
value.
B. Remove the passive-interface command from the R2 configuration so that it matches the R1
configuration.
C. Add the no auto-summary command to the R2 configuration so that it matches the R1
configuration.
D. Add the passive-interface command to the R1 configuration so that it matches the R2
configuration.
Answer: B

86.SIMULATION
A network is configured with CoPP to protect the CORE router route processor for stability and DDoS
protection. As a company policy, a class named class-default is preconfigured and must not be
modified or deleted.
Troubleshoot CoPP to resolve the issues introduced during the maintenance window to ensure that:
WAN
CORE
MGMT
Answer:
CORE
policy-mao CoPP
class CoPP-CRITICAL
police 1000000 50000 50000 conform-action transmit exceed-action transmit
Text Description automatically generated with medium confidence
CORE# Copy run start
TESTING: -
CORE

Graphical user interface Description automatically generated with medium confidence

MGMT
Graphical user interface, text Description automatically generated

87.Refer to the exhibit.

The administrator noticed that the connection was flapping between the two ISPs instead of switching
to ISP2 when the ISP1 failed.
Which action resolves the issue?
A. Include a valid source-interface keyword in the icmp-echo statement.
B. Reference the track object 1 on the default route through ISP2 instead of ISP1.
C. Modify the static routes to refer both to the next hop and the outgoing intertace.
D. Modify the threshold to match the administrative distance of the ISP2 route.
Answer: A
Explanation:
https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-withdefault-routes-
using-I.html
88.Refer to the exhibit.

Refer to the exhibit. A network engineer receives a report that Spoke 1 users can perform bank
transactions with the server located at the Center site, but Spoke 2 users cannot.
Which action resolves the issue?
A. Configure the Spoke 2 users IP on the router B OSPF domain
B. Configure encapsulation dot1q 78 on the router C interface.
C. Configure IPv6 on the routers B and C interfaces
D. Configure OSPFv2 on the routers B and C interfaces
Answer: C

89.Which IP precedence value does BFD use to prioritize traffic within an infrastructure device?
A. 4
B. 5
C. 6
D. 7
Answer: D

90.Refer to the exhibit.

An administrator must harden a router, but the administrator failed to test the SSH access
successfully to the router.
Which action resolves the issue?
A. Configure SSH on the remote device to log m using SSH
B. SSH syntax must be ssh -I user ip to log in to the remote device
C. Configure enable secret to log in to the device
D. SSH must be allowed with the transport output ssh command
Answer: B

91.Refer to the exhibit.

A network engineer cannot remote access R3 using Telnet from switch S1.
Which action resolves the issue?
A. Allow the inbound connection via the exec command on R3.
B. Add the transport input telnet command on R3.
C. Allow to use the ssh -I admin 10.0.0.1 command on the switch.
D. Add the login admin command on the switch.
Answer: A

92.Refer to the exhibit.

The authentication is not working as desired and the user drops into user-exec mode.
 Which configuration resolves the issue?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C

Get 300-410 exam dumps full version.

Powered by TCPDF (www.tcpdf.org)