Question No.341

Which two values comprise the VPN ID for an MPLS VPN? (Choose two.)

  1. an OUI

  2. a VPN index

  3. a route distinguisher

  4. a 16-bit AS number

  5. a 32-bit IP address

Correct Answer: AB


Each MPLS VPN ID defined by RFC 2685 consists of the following elements:

An Organizational Unique Identifier (OUI), a three-octet hex number: The IEEE Registration Authority assigns OUIs to any company that manufactures components under the ISO/IEC 8802 standard. The OUI is used to generate universal LAN MAC addresses and protocol identifiers for use in local and metropolitan area network applications. For example, an OUI for Cisco Systems is 00-03-6B (hex).

A Virtual Private Network (VPN) index: a four-octet hex number, which identifies the VPN within the company.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp- l3-vpns-15-mt-book/mp-assgn-id-vpn.html

Question No.342

Refer to the exhibit. Which two statements about this configuration are true? (Choose two.)


  1. It allows to be distributed into EIGRP.

  2. It allows a default route to be distributed into EIGRP.

  3. It allows and larger subnets to be distributed into EIGRP.

  4. It prevents from being distributed into EIGRP.

  5. It prevents a default route from being distributed into EIGRP.

  6. It creates summary routes and injects them into EIGRP.

Correct Answer: AB


In this example, the prefix list is configured to only allow the two specific routes of and the default route. Any other routes will be filtered.

Question No.343



Correct Answer:


Question No.344

What are two advantages to using Asynchronous mode instead of Demand mode for BFD? (Choose two.)

  1. Asynchronous mode requires half as many packets as Demand mode for failure detection.

  2. Asynchronous mode can be used in place of the echo function.

  3. Asynchronous mode supports a larger number of BFD sessions.

  4. Asynchronous mode requires one fourth as many packets as Demand mode for failure detection.

  5. Asynchronous mode#39;s round-trip jitter is less than that of Demand mode.

Correct Answer: AB


Pure Asynchronous mode is advantageous in that it requires half as many packets to achieve a particular Detection Time as does the Echo function. It is also used when the Echo function cannot be supported for some reason.

Reference: https://tools.ietf.org/html/rfc5880

Question No.345

Which statement describes Cisco PfR link groups?

  1. Link groups enable Cisco PfR Fast Reroute when NetFlow is enabled on the external interfaces of the border routers.

  2. Link groups define a strict or loose hop-by-hop path.

  3. Link groups are required only when Cisco PfR is configured to load-balance all traffic.

  4. Link groups are enabled automatically when Cisco PfR is in Fast Reroute mode.

  5. Link groups set a preference for primary and fallback (backup) external exit interfaces.

Correct Answer: E


The Performance Routing – Link Groups feature introduced the ability to define a group of exit links as a preferred set of links, or a fallback set of links for PfR to use when optimizing traffic classes specified in an PfR policy. PfR currently selects the best link for a traffic class based on the preferences specified in a policy and the traffic class performanceusing parameters such as reachability, delay, loss, jitter or MOSon a path out of the specified link.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/pfr/configuration/guide/15_1/pfr_15_1_book/pfr-link- group.html

Question No.346

Refer to the exhibit. Why is the router out of memory?


  1. The router is experiencing a BGP memory leak software defect.

  2. The BGP peers have been up for too long.

  3. The amount of BGP update traffic in the network is too high.

  4. The router has insufficient memory due to the size of the BGP database.

Correct Answer: D


Here we can see that this router is running out of memory due to the large size of the BGP

routing database. In this case, this router is receiving over 200,000 routes from each of the 4 peers.

Question No.347

Refer to the exhibit. Which statement is true about a valid IPv6 address that can be configured on interface tunnel0?


  1. There is not enough information to calculate the IPv6 address.

  2. 6to4 tunneling allows you to use any IPv6 address.

  3. 2001::7DCB:5901::/128 is a valid IPv6 address.

  4. 2002::7DCB:5901::/128 is a valid IPv6 address.

Correct Answer: D


Most IPv6 networks use autoconfiguration, which requires the last 64 bits for the host. The first 64 bits are the IPv6 prefix. The first 16 bits of the prefix are always 2002:, the next 32 bits are the IPv4 address, and the last 16 bits of the prefix are available for addressing multiple IPv6 subnets behind the same 6to4 router. Since the IPv6 hosts using autoconfiguration already have determined the unique 64 bit host portion of their address, they must simply wait for a Router Advertisement indicating the first 64 bits of prefix to have a complete IPv6 address. A 6to4 router will know to send an encapsulated packet directly over IPv4 if the first 16 bits are 2002, using the next 32 as the destination, or otherwise send the packet to a well-known relay server, which has access to native IPv6.

Reference: http://en.wikipedia.org/wiki/6to4

Question No.348

Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.)

  1. the tunneling protocol

  2. the transport protocol

  3. the ISAKMP profile

  4. the transform-set

  5. the tunnel peer

Correct Answer: AB


The Tunnel Mode Auto Selection feature eases the configuration and spares you about knowing the responder#39;s details. This feature automatically applies the tunneling protocol (GRE or IPsec) and transport protocol (IPv4 or IPv6) on the virtual template as soon as the IKE profile creates the virtual access interface. This feature is useful on dual stack hubs aggregating multivendor remote access, such as Cisco AnyConnect VPN Client, Microsoft Windows7 Client, and so on.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe- 3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html

Question No.349

Refer to the exhibit. Assuming that the peer is configured correctly and the interface is up, how

many neighbors will be seen in the EIGRPv6 neighbor table on this IPv6-only router?


  1. one neighbor, which will use a local router-id of 6010. AB8. . /64

  2. one neighbor, which will use a local router-id of 6020. AB8. . /64

  3. none, because EIGRPv6 only supports authenticated peers

  4. none, because of the mismatch of timers

  5. none, because there is no EIGRP router ID configured

Correct Answer: E


Configuring EIGRP for IPv6 has some restrictions; they are listed below:

The interfaces can be directly configured with EIGRP for IPv6, without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.

The router ID needs to be configured for an EIGRPv6 protocol instance before it can run. EIGRP for IPv6 has a shutdown feature. Ensure that the routing process is in quot;no shutquot; mode to start running the protocol.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing- protocol-eigrp/113267-eigrp-ipv6-00.html

Question No.350

You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.)

  1. the ISAKMP profile

  2. the crypto keyring

  3. the IPsec profile

  4. the IPsec transform set

  5. the tunnel interface

  6. the physical interface

Correct Answer: BEF


ip vrf forwardingvrf-name Example:

Router(config-if)# ip vrf forwarding green

Associates a virtual private network (VPN) routing and forwarding (VRF) instance with an interface or subinterface.

vrf-name is the name assigned to a VRF. Router(config-if)# tunnel vrfvrf-name Example:

Router(config-if)# tunnel vrf finance1

Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination. vrf-name is the name assigned to a VRF.

Router(config)# crypto keyringkeyring-name [vrf fvrf-name] Defines a crypto keyring to be used during IKE authentication and enters keyring configuration mode.

keyring-nameName of the crypto keyring.

fvrf-name(Optional) Front door virtual routing and forwarding (FVRF) name to which the keyring will be referenced. fvrf-name must match the FVRF name that was defined during virtual routing and forwarding (VRF) configuration

