QUESTION 81
Refer to the exhibit. A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue?
|
A. |
There is a router doing PAT at site B. |
|
B. |
There is a router doing PAT at site A. |
|
C. |
NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address. |
|
D. |
There is a routing issue, as NHRP registration is working. |
Correct Answer: B
Explanation:
If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of NAT used on both NAT devices, then a session initiated between the two spokes cannot be established.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/convert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html
QUESTION 82
Refer to the exhibit. For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table?
|
A. |
The AS number of the BGP is specified in the given AS_PATH. |
|
B. |
The origin of the given route is unknown. |
|
C. |
BGP is designed only for publicly routed addresses. |
|
D. |
The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed. |
|
E. |
BGP does not allow the AS number 65535. |
Correct Answer: A
Explanation:
BGP is considered to be a ‘Path Vector’ routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it’s own AS in the AS_PATH of a route it rejects the route.
QUESTION 83
Refer to the exhibit. Which statement is true?
|
A. |
IS-IS has been enabled on R4 for IPv6, single-topology. |
|
B. |
IS-IS has been enabled on R4 for IPv6, multitopology. |
|
C. |
IS-IS has been enabled on R4 for IPv6, single-topology and multitopology. |
|
D. |
R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS. |
Correct Answer: A
Explanation:
When working with IPv6 prefixes in IS-IS, you can configure IS-IS to be in a single topology for both IPv4 and IPv6 or to run different topologies for IPv4 and IPv6. By default, IS-IS works in single-topology mode when activating IPv4 and IPv6. This means that the IS-IS topology will be built based on IS Reachability TLVs. When the base topology is built, then IPv4 prefixes (IP Reachability TLV) and IPv6 prefixes (IPv6 Reachability TLV) are added to each node as leaves, without checking if there is IPv6 connectivity between nodes.
Reference: https://blog.initialdraft.com/archives/3381/
QUESTION 84
Refer to the exhibit. While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. What can be the cause of this issue, and how can it be prevented?
|
A. |
The hardware routing table is full. Redistribute from BGP into IGP. |
|
B. |
The software routing table is full. Redistribute from BGP into IGP. |
|
C. |
The hardware routing table is full. Reduce the number of routes in the routing table. |
|
D. |
The software routing table is full. Reduce the number of routes in the routing table. |
Correct Answer: C
Explanation:
L3HWFORWADING-2
Error Message C4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full. Switching to software forwarding.
The hardware routing table is full; forwarding takes place in the software instead. The switch performance might be degraded.
Recommended Action Reduce the size of the routing table. Enter the ip cef command to return to hardware forwarding.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/system/message/message/emsg.html
QUESTION 85
Refer to the exhibit. Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1?
|
A. |
The interface Ethernet0/1 is in down state. |
|
B. |
The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router. |
|
C. |
The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0. |
|
D. |
OSPF is not enabled on the interface Ethernet0/1. |
Correct Answer: D
Explanation:
From the output of the “show ip ospf database” command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR’s next hop interface for other routers to reach network 192.168.10.0.
The Forwarding Address is determined by these conditions:
* The forwarding address is set to 0.0.0.0 if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes.
* These conditions set the forwarding address field to a non-zero address:
+ OSPF is enabled on the ASBR’s next hop interface AND + ASBR’s next hop interface is non-passive under OSPF AND + ASBR’s next hop interface is not point-to-point AND
+ ASBR’s next hop interface is not point-to-multipoint AND + ASBR’s next hop interface address falls under the network range specified in the router ospf command.
* Any other conditions besides these set the forwarding address to 0.0.0.0. > We can see E0/1 interface is not running OSPF because it does not belong to network 110.110.0.0 0.0.255.255 which is declared under OSPF process -> F.A address is set to 0.0.0.0. Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html
QUESTION 86
Which three conditions can cause excessive unicast flooding? (Choose three.)
|
A. |
Asymmetric routing |
|
B. |
Repeated TCNs |
|
C. |
The use of HSRP |
|
D. |
Frames sent to FFFF.FFFF.FFFF |
|
E. |
MAC forwarding table overflow |
|
F. |
The use of Unicast Reverse Path Forwarding |
Correct Answer: ABE
Explanation:
Causes of Flooding
The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links.
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur.
TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant.
Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs.
Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html#causes
QUESTION 87
Which statement describes the BGP add-path feature?
|
A. |
It allows for installing multiple IBGP and EBGP routes in the routing table. |
|
B. |
It allows a network engineer to override the selected BGP path with an additional path created in the config. |
|
C. |
It allows BGP to provide backup paths to the routing table for quicker convergence. |
|
D. |
It allows multiple paths for the same prefix to be advertised. |
Correct Answer: D
Explanation:
BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity.
Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios.
The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html
QUESTION 88
In the DiffServ model, which class represents the highest priority with the highest drop probability?
|
A. |
AF11 |
|
B. |
AF13 |
|
C. |
AF41 |
|
D. |
AF43 |
Correct Answer: D
Explanation:
AF43– Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence.
Table of AF Classes and Drop Priority
Drop Precedence
Class 1
Class 2
Class 3
Class 4
Low drop
AF11
DSCP 10
001010
AF21
DSCP 18
010010
AF31
DSCP 26
011010
AF41
DSCP 34
100010
Medium drop
AF12
DSCP 12
001100
AF22
DSCP 20
010100
AF32
DSCP 28
011100
AF42
DSCP 36
100100
High drop
AF13
DSCP 14
001110
AF23
DSCP 22
010110
AF33
DSCP 30
011110
AF43
DSCP 38
100110
Reference: https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=56
QUESTION 89
Refer to the exhibit. NHRP registration is failing; what might be the problem?
|
A. |
invalid IP addressing |
|
B. |
fragmentation |
|
C. |
incorrect NHRP mapping |
|
D. |
incorrect NHRP authentication |
Correct Answer: D
Explanation:
Configuring an authentication string ensures that only routers configured with the same string can communicate using NHRP. Therefore, if the authentication scheme is to be used, the same string must be configured in all devices configured for NHRP on a fabric.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp10554
QUESTION 90
Refer to the exhibit. Which technology does the use of bi-directional BPDUs on all ports in the topology support?
|
A. |
RSTP |
|
B. |
MST |
|
C. |
Bridge Assurance |
|
D. |
Loop Guard |
|
E. |
Root Guard |
|
F. |
UDLD |
Correct Answer: C
Explanation:
Spanning Tree Bridge Assurance
Bridge Assurance (BA) can help protect against bridging loops where a port becomesdesignated because it has stopped receiving BPDUs. This is similar to the functionof loop guard.
Reference: http://lostintransit.se/tag/convergence/
Free VCE & PDF File for Cisco 400-101 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …