QUESTION 121
What is the purpose of Route Target Constraint?
|
A. |
to avoid using route reflectors in MPLS VPN networks |
|
B. |
to avoid using multiple route distinguishers per VPN in MPLS VPN networks |
|
C. |
to be able to implement VPLS with BGP signaling |
|
D. |
to avoid sending unnecessary BGP VPNv4 or VPNv6 updates to the PE router |
|
E. |
to avoid BGP having to perform route refreshes |
Correct Answer: D
Explanation:
Some service providers have a very large number of routing updates being sent from RRs to PEs, using considerable resources. A PE does not need routing updates for VRFs that are not on the PE; therefore, the PE determines that many routing updates it receives are “unwanted.” The PE can filter out the unwanted updates using Route Target Constraint.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/iproute_bgp/configuration/guide/2_xe/irg_xe_book/irg_rt_filter_xe.html
QUESTION 122
Which set of commands conditionally advertises 172.16.0.0/24 as long as 10.10.10.10/32 is in the routing table?
|
A. |
|
|
B. |
|
|
C. |
|
|
D. |
|
Correct Answer: B
Explanation:
Advertise maps are used for conditional routing to advertise specified prefixes if something which is specified in exist map exists. In our question we need to advertise 172.16.0.0/24 if 10.10.10.10/32 exists in the routing table so we have to use command. “neighbor x.x.x.x advertise-map <prefix-list of 172.16.0.0/24> exist-map <prefix-list of 10.10.10.10/32>”. Therefore B is correct.
QUESTION 123
Which statement about OSPF multiaccess segments is true?
|
A. |
The designated router is elected first. |
|
B. |
The designated and backup designated routers are elected at the same time. |
|
C. |
The router that sent the first hello message is elected first. |
|
D. |
The backup designated router is elected first. |
Correct Answer: D
Explanation:
According to the RFC, the BDR is actually elected first, followed by the DR. The RFC explains why:
“The reason behind the election algorithm’s complexity is the desire for an orderly transition from Backup Designated Router to Designated Router, when the current Designated Router fails. This orderly transition is ensured through the introduction of hysteresis: no new Backup Designated Router can be chosen until the old Backup accepts its new Designated Router responsibilities. The above procedure may elect the same router to be both Designated Router and Backup Designated Router, although that router will never be the calculating router (Router X) itself.”
Reference: http://www.ietf.org/rfc/rfc2328.txt?Page76
QUESTION 124
What is a disadvantage of using aggressive mode instead of main mode for ISAKMP/IPsec establishment?
|
A. |
It does not use Diffie-Hellman for secret exchange. |
|
B. |
It does not support dead peer detection. |
|
C. |
It does not support NAT traversal. |
|
D. |
It does not hide the identity of the peer. |
Correct Answer: D
Explanation:
IKE phase 1’s purpose is to establish a secure authenticated communication channel by using the Diffie-Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.Phase 1 operates in either Main Mode or Aggressive Mode. Main Mode protects the identity of the peers; Aggressive Mode does not.
Reference: http://en.wikipedia.org/wiki/Internet_Key_Exchange
QUESTION 125
When you migrate a network from PVST+ to rapid-PVST+, which two features become inactive? (Choose two.)
|
|
Root guard |
|
B. |
Loop guard |
|
C. |
UplinkFast |
|
D. |
UDLD |
|
E. |
BackboneFast |
|
F. |
Bridge Assurance |
Correct Answer: CE
Explanation:
It is good to know the UplinkFast and BackboneFast behavior before you start the migration process.
Access1#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24586
Address 0015.63f6.b700
Cost 3019
Port 107 (FastEthernet3/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49162 (priority 49152 sys-id-ext 10)
Address 000f.f794.3d00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
————— —- — ——— ——– ——————————–
Fa3/0/1 Root FWD 3019 128.107 P2p
Fa3/0/2 Altn BLK 3019 128.108 P2p
Access1#show spanning-tree summary
Switch is in pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is enabled
BackboneFast is enabled
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
——————— ——– ——— ——– ———- ———-
VLAN0010 1 0 0 1 2
VLAN0020 1 0 0 1 2
——————— ——– ——— ——– ———- ———-
2 vlans 2 0 0 2 4
This output is taken after the mode is changed to rapid-PVST+:
Access1#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0015.63f6.b700
Cost 3019
Port 107 (FastEthernet3/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49162 (priority 49152 sys-id-ext 10)
Address 000f.f794.3d00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
UplinkFast enabled but inactive in rapid-pvst mode
Interface Role Sts Cost Prio.Nbr Type
————— —- — ——— ——– ——————————–
Fa3/0/1 Root FWD 3019 128.107 P2p
Fa3/0/2 Altn BLK 3019 128.108 P2p
Access1#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is enabled but inactive in rapid-pvst mode
BackboneFast is enabled but inactive in rapid-pvst mode
Configured Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
——————— ——– ——— ——– ———- ———-
VLAN0010 1 0 0 1 2
VLAN0020 1 0 0 1 2
——————— ——– ——— ——– ———- ———-
2 vlans 2 0 0 2 4
You can see in the show spanning-tree summary command output that UplinkFast and BackboneFast are enabled, but are inactive in rapid-PVST mode.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72836-rapidpvst-mig-config.html#upback1
QUESTION 126
Which two mechanisms can be used to eliminate Cisco Express Forwarding polarization? (Choose two.)
|
A. |
alternating cost links |
|
B. |
the unique-ID/universal-ID algorithm |
|
C. |
Cisco Express Forwarding antipolarization |
|
D. |
different hashing inputs at each layer of the network |
Correct Answer: BD
Explanation:
This document describes how Cisco Express Forwarding (CEF) polarization can cause suboptimal use of redundant paths to a destination network. CEF polarization is the effect when a hash algorithm chooses a particular path and the redundant paths remain completely unused.
How to Avoid CEF Polarization
1: 12: 7-83: 1-1-14: 1-1-1-25: 1-1-1-1-16: 1-2-2-2-2-27: 1-1-1-1-1-1-18: 1-1-1-2-2-2-2-2
The number before the colon represents the number of equal-cost paths. The number after the colon represents the proportion of traffic which is forwarded per path.This means that:
This illustrates that, when there is even number of ECMP links, the traffic is not load-balanced.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/116376- technote-cef-00.html
QUESTION 127
Refer to the exhibit. Which two statements about the VPN solution are true? (Choose tw
o.)
|
A. |
Customer A and customer B will exchange routes with each other. |
|
B. |
R3 will advertise routes received from R1 to R2. |
|
C. |
Customer C will communicate with customer A and B. |
|
D. |
Communication between sites in VPN1 and VPN2 will be blocked. |
|
E. |
R1 and R2 will receive VPN routes advertised by R3. |
Correct Answer: CE
Explanation:
+ VPN1 exports 10:1 while VPN3 imports 10:1 so VPN3 can learn routes of VPN1.
+ VNP1 imports 10:1 while VNP3 export 10:1 so VNP1 can learn routes of VPN3. > Customer A can communicate with Customer C
+ VPN2 exports 20:1 while VPN3 imports 20:1 so VPN3 can learn routes of VPN2.
+ VPN2 imports 20:1 while VPN3 exports 20:1 so VPN2 can learn routes of VPN3. > Customer B can communicate with Customer C
Therefore answer C is correct.
Also answer E is correct because R1 & R2 import R3 routes.
Answer A is not correct because Customer A & Customer B do not import routes which are exported by other router. Customer A & B can only see Customer C.
Answer B is not correct because a router never exports what it has learned through importation. It only exports its own routes.
Answer D is correct because two VPN1 and VPN2 cannot see each other. Maybe in this question there are three correct answers.
QUESTION 128
Which statement is true about Fast Link Pulses in Ethernet?
|
A. |
They are used during collision detection. |
|
B. |
They are used only if the media type is optical. |
|
C. |
They are part of UniDirectional Link Detection. |
|
D. |
They are used during autonegotiation. |
Correct Answer: D
Explanation:
To make sure that your connection is operating properly, IEEE 802.3 Ethernet employs normal link pulses (NLPs), which are used for verifying link integrity in a 10BaseT system. This signaling gives you the link indication when you attach to the hub and is performed between two directly connected link interfaces (hub-to-station or station-to-station). NLPs are helpful in determining that a link has been established between devices, but they are not a good indicator that your cabling is free of problems.
An extension of NLPs is fast link pulses. These do not perform link tests, but instead are employed in the autonegotiation process to advertise a device’s capabilities.
Reference: http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1904.html
QUESTION 129
Which three statements about IS-IS are true? (Choose three.)
|
A. |
IS-IS can be used only in the service provider network. |
|
B. |
IS-IS can be used to route both IP and CLNP. |
|
C. |
IS-IS has three different levels of authentication: interface level, process level, and domain level. |
|
D. |
IS-IS is an IETF standard. |
|
E. |
IS-IS has the capability to provide address summarization between areas. |
Correct Answer: BCE
Explanation:
Intermediate System to Intermediate System (IS-IS) was designed as the routing protocol for ISO’s CLNP described in IS0 10589. IS-IS is a Link State routing protocol akin to OSPF and was developed by DEC for use with DECnet Phase V. It was originally thought that TCP/IP would gradually make way for the seven layer OSI architecture so an enhancement to IS-IS was developed called Integrated IS-IS also known as Dual IS-IS that could route both Connectionless- Mode Network Service (CLNS) as well as IP.
Cisco IOS supports IS-IS authentication on 3 different levels; between neighbors, area-wide, and domain-wide, where each can be used by themselves or together.
summary-address address mask {level-1 | level-1-2 | level-2} is used to configure IP address summarization.
References:
http://www.rhyshaden.com/isis.htm
http://mynetworkingwiki.com/index.php/Configuring_IS-IS
QUESTION 130
Which two statements are true about RSTP? (Choose two.)
|
A. |
By default, RSTP uses a separate TCN BPDU when interoperating with 802.1D switches. |
|
B. |
By default, RSTP does not use a separate TCN BPDU when interoperating with 802.1D switches. |
|
C. |
If a designated port receives an inferior BPDU, it immediately triggers a reconfiguration. |
|
D. |
By default, RSTP uses the topology change TC flag. |
|
E. |
If a port receives a superior BPDU, it immediately replies with its own information, and no reconfiguration is triggered. |
Correct Answer: BD
Explanation:
The RSTP does not have a separate topology change notification (TCN) BPDU. It uses the topology change (TC) flag to show the topology changes.
Free VCE & PDF File for Cisco 400-101 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …