300-101_Updated_Questions_2_14.pdf

300-101 Updated All Question PDF (75 Questions) Revised 1/27

New Question 1: Refer to the following access list. access-list 100 permit ip any any log After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this? A. A packet that matches access-list with the “log” keyword is Cisco Express Forwarding switched. B. A packet that matches access-list with the “log” keyword is fast switched. C. A packet that matches access-list with the “log” keyword is process switched. D. A large amount of IP traffic is being permitted on the router. Correct Answer: C

New Question 2: What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log router (config)#access-list 101 permit ip any any router (config)#interface fastEthernet 1/0 router (config-if)#ip access-group 101 in A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0192.168.255.255 and logs any intrusion attempts. B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet. C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts. D. It prevents private internal addresses to be accessed directly from outside. Correct Answer: C

New Question 3: A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes? A. Track the up/down state of a loopback interface and shut down this interface during maintenance. B. Adjust the HSRP priority without the use of preemption. C. Disable and enable all active interfaces on the active HSRP node. D. Enable HSRPv2 under global configuration, which allows for maintenance mode. Correct Answer: A

New Question 4: Which two commands would be used to troubleshoot high memory usage for a process? (Choose two.) A. router#show memory allocating-process table B. router#show memory summary C. router#show memory dead D. router#show memory events E. router#show memory processor statistics Correct Answer: A,B

New Question 6: The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.) A. Traffic Class B. Source address C. Flow Label D. Hop Limit E. Destination Address F. Fragment Offset Correct Answer: Answer: A,C,D

New Question 7: A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same VRF. At a later time, a new loopback is added to Router 1, but it cannot ping any of the existing interfaces. Which two configurations enable the local or remote router to ping the loopback from any existing interface? (Choose two.) A. adding a static route for the VRF that points to the global route table B. adding the loopback to the VRF C. adding dynamic routing between the two routers and advertising the loopback D. adding the IP address of the loopback to the export route targets for the VRF E. adding a static route for the VRF that points to the loopback interface F. adding all interfaces to the global and VRF routing tables Correct Answer: A,B New Question 8: Which three benefits does the Cisco Easy Virtual Network provide to an enterprise network? (Choose three.) A. simplified Layer 3 network virtualization B. improved shared services support C. enhanced management, troubleshooting, and usability D. reduced configuration and deployment time for dot1q trunking E. increased network performance and throughput F. decreased BGP neighbor configurations Correct Answer: A,B,C

New Question 7: Which PPP authentication method sends authentication information in cleartext? A. MS CHAP B. CDPCP C. CHAP D. PAP Correct Answer: D

New Question 9: On which two types of interface is Frame Relay switching supported? (Choose two.) A. serial interfaces B. Ethernet interfaces C. fiber interfaces

D. ISDN interfaces E. auxiliary interfaces Correct Answer: A,D

New Question 10: Which two statements about AAA implementation in a Cisco router are true? (Choose two.) A. RADIUS is more flexible than TACACS+ in router management. B. RADIUS and TACACS+ allow accounting of commands. C. RADIUS and TACACS+ encrypt the entire body of the packet. D. RADIUS and TACACS+ are client/server AAA protocols. E. Neither RADIUS nor TACACS+ allow for accounting of commands. Correct Answer: B,D

New Question 11: Which option represents the minimal configuration that allows inbound traffic from the 172.16.1.0/24 network to successfully enter router R, while also limiting spoofed 10.0.0.0/8 hosts that could enter router R? A. (config)#ipcef (config)#interface fa0/0 (config-if)#ip verify unicast source reachable-via rx allow-default B. (config)#ipcef (config)#interface fa0/0 (config-if)#ip verify unicast source reachable-via rx C. (config)#no ipcef (config)#interface fa0/0 (config-if)#ip verify unicast source reachable-via rx D.

(config)#interface fa0/0 (config-if)#ip verify unicast source reachable-via any

Correct Answer: A

New Question 12: Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address 10.10.10.1? A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80 D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any Correct Answer: D

New Question 13: Which easy virtual networking configuration component significantly decreases network configuration? A. B. C. D. E.

Easy Trunk Dot1e Virtual Network Trunk VNET Tags MBGP

Correct Answer: C

New Question 14: In which two ways can split horizon issues be overcome in a Frame Relay network environment? (choose two.) A. Configuring one physical serial interface with Frame Relay to various remote sites. B. Configure a loopback interface with Frame Relay to various remote sites. C. Configuring multiple subinterfaces on a single physical interface to various remote sites. D. Enabling split horizon. E. Disabling split horizon Correct Answer: C,E New Question 15: What is the administrative distance for EBGP? A. 200 B. 30 C. 70 D. 20 Correct Answer: D New Question 16: Which three IP SLA performance metrics can you use to monitor enterprise-class networks? (Choose three.) A. B. C. D. E. F.

Delay Reliability Packet loss Traps Connectivity Bandwidth

Correct Answer: A,C,E

New Question 17: What command can you enter to configure an enable password that uses an encrypted password from another configuration? A. B. C. D. E. F.

enable secret $abc%!e.Cd34$!ao0 enable secret 7 Sabc%!e.Cd34$!ao0 enable secret 0 Sabc%U*.Cd34$!ao0 enable secret 5 $abc%!e.Cd34$!ao0 enable secret 15 $abc%ie.Cd34$!ao0 enable secret 6 $abc%!e.Cd34$!ao0

Correct Answer: D

New Question 18: A network engineer wants to notify a manager in the events that the IP SLA connection loss threshold reached. Which two features are needed to implement this function? (choose two) A. B. C. D. E.

MOS Threshold action Cisco EEM SNMP traps IOS

Correct Answer: B,D New Question 19: At which layer does Cisco Express Forwarding use adjacency tables to populate addressing information? A. B. C. D.

Layer 1 Layer 2 Layer 3 Layer 4

Correct Answer: B

New Question 20: When the tunnel interface is configured in default mode, which statement about routers and the tunnel destination address is true? A. The router must have a route installed towards the tunnel destination B. The router must have wccp redirects enabled inbound from the tunnel destination C. The router must have cisco discovery protocol enabled on the tunnel to form a CDP neighborship with the tunnel destination D. The router must have redirects enabled outbound towards the tunnel destination Correct Answer: A

New Question 21: A question in regards to the output of show crypto isakmp sa? (Sorry don’t have the exact quest.) A. B. C. D.

Ipsec configuration not compatible Isakmp not compatible. Isakmp is not enabled. Isakmp is default mode

Correct Answer: D New Question 22: In Rapid-Commit mode , the DHCP client obtain configuration parameters from the server through a rapid two message exchange. What two messages? A. B. C. D. E. F. G.

SOLICIT ADVERTISE REQUEST CONFIRM RENEW REBIND REPLY

Correct Answer: A, G

New Question 23: A network administrator notices that the BGP state drops and logs are generated for missing BGP hello keepalives. What is the potential problem? A. InCorrect Answer: neighbor options B. Hello timer mismatch C. BGP path MTU enabled D. MTU mismatch Correct Answer: D

New Question 25: Refer to the exhibit showing complete command output. What type of OSPF router is Router A?

A. B. C. D.

ABR ASBR Edge Router Internal Router

Correct Answer: A

New Question 26: Refer to the exhibit. ! Access-list 1 permit 192.168.1.1 access-list 1 deny any Access-list 2 permit 192.168.1.4 access-list 2 deny any ntp access-group serve 1 ntp master 4 ! Which three ntp features can be deduced on the router? (choose 3) A. B.

Only accepts time requests from 192.168.1.1 Only handle four requests at a time

C. D. E. F.

Only is in stratum 4 Only updates its time from 192.168.1.1 Only accepts time requests from 192.168.1.4 Only updates its time from 192.168.1.4

Correct Answer: A,C,F New Question 27: Considering the IPv6 address independence requirements, which process do you avoid when you use NPTv6 for translation? A. B. C. D.

rewriting of higher layer information checksum verification ipv6 duplication and conservation IPSEC AH header modification

Correct Answer:A New Question 28: Which two statements about NTP operation are true? (Choose two.) A. If multiple NTP servers are configured, the one with the lowest stratum is preferred B. By default, NTP communications use UDP port 123. C. If multiple NTP servers are configured, the one with the highest stratum is preferred. D. Locally configured time overrides time received from an NTP server. E. “Stratum” refers to the number of hops between the NTP client and the NTP server. NTP questions Correct Answer: A, B

New Question 29: Which two attributes describe UDP within a TCP/IP network? (Choose two.) A. Acknowledgments B. Unreliable delivery C. Connectionless communication D. Connection-oriented communication E. Increased headers Correct Answer: B, C

New Question 30: Refer to the following configuration command. Router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80 Which statement about the command is true ? A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80 is translated to 172.16.10.8:8080. B. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is transtated to 172.16.10.8:80. C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8. D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is redirected to port 8080 or port 80. Correct Answer: A

New Question 31: Which IP SLA operation can be used to measure round-trip delay for the full path and hop-by-hop round-trip delay on the network? A. HTTP B. ICMP path echo C. TCP connect D. ICMP echo Correct Answer: B

New Question 32: A network engineer wants to display the statistics of an active tunnel on a DMVPN network. Which command should the administrator execute to accomplish this task? A. Router#show crypto ipsec sa B. Router#show crypto isakmp peers C. Router#show crypto isakmp sa D. Router#show crypto ipsec transform-set E. Router#show crypto engine connections active Correct Answer: A

New Question 33: Refer to the exhibit.

A network engineer has configured GRE between two IOS routers. The state of the tunnel interface is continuously oscillating between up and down. What is the solution to this problem? A. Create a more specific static route to define how to reach the remote router. B. Create a more specific ARP entry to define how to reach the remote router. C. Save the configuration and reload the router. D. Check whether the internet service provider link is stable Correct Answer: A

New Question 34: What is the optimal location from which to execute a debug command that produces an excessive amount of information? A. Vty lines B. SNMP commands C. A console port D. An AUX port Correct Answer: A New Question 35: What is the function of the snmp-server manager command? A. To disable SNMP messages from getting to the SNMP engine B. To enable the device to send SNMP traps to the SNMP server

C. To enable the device to send and receive SNMP requests and responses D. To configure the SNMP server to store log data Correct Answer: C New Question 36: A network engineer receives reports about poor voice quality issues at a remote site. The network engineer does a packet capture and sees out-of-order packets being delivered. Which option can cause the VOIP quality to suffer? A. traffic over backup redundant links B. misconfigured voice vlan C. speed duplex link issues D. load balancing over redundant links Correct Answer: D

New Question 37: What following parameters for the EIGRP authentication need to match in order for EIGRP neighbors to establish a neighbor relationship? A. Autonomous System number. B. K-Values C. If authentication is used both: the key number, the password, and the date/time. D. The neighbors must be on common subnet (all IGPs follow this rule). Correct Answer: C

New Question 38: A network administrator creates a static route that points directly to a multiaccess interface, instead of the next-hop IP address. The administrator notices that Cisco Express Forwarding ARP requests are being sent to all destinations. Which issue might this configuration create? A. Low bandwidth usage B. High memory usage C. Cisco Express Forwarding routing loop D. High bandwidth usage E. IP route interference Correct Answer: C

New Question 39: A network engineer is configuring the router for NetFlow data exporting. What is required in order for NDE to begin exporting data? A. Source B. Flow mask C. Destination D. Interface type E. Traffic type F. NetFlow version Correct Answer: C

New Question 40: A network engineer wants to ensure an optimal end-to-end delay bandwidth product. The delay is less than 64 KB. Which TCP feature ensures steady state throughput? A. Window scaling B. Network buffers C. Round-trip timers D. TCP acknowledgments Correct Answer: A New Question 41: Reter to the exhibit. Router 1 cannot ping router 2 via the Frame Relay between them. Which two statements describe the problems? (Chooses two.)

A. Encapsulation is mismatched. B. Frame Relay map is configured. C. DLCI is active. D. DLCI is inactive or deleted. E. An access list is needed to allow ping. Correct Answer: A,D New Question 42: Which type of IPv6 packet will indicate traffic from single host and single node? A. Anycast B. Broadcast C. Multicast D. Unicast Correct Answer: Answer: D

New Question 43 Which two functionalities are specific to stateless NAT64? (Choose two.) A. No requirement exists for the characteristics of Ipv6 address assignment. B. It does not conserve Ipv4 addresses. C. It provides 1-to-1 translation. D. It uses address overloading. E. State or bindings are created on the translation. Correct Answer: B,C

New Question 44 Other than a working EIGRP configuration, which option must be the same on all routers for EIGRP authentication key rolleover to work correctly? A. SMTP

B. SNMP C. Passwords D. Time Correct Answer: D

New Question 45 Refer to the Exhibit Dest 172.31.1.1

src 172.16.30.1

state QM_IDLE

conn-id 3

slot 0

status Active

A network engineer is troubleshooting a DMVPN setup between the hub and the spoke. The engineer executes the command show crypto isakmp sa and observes the output that is displayed. What is the problem? A. That ISAKMP is not enabled B. That ISAKMP is using default settings C. An incompatible IP sec transform set D. An incompatible ISAKMP policy Corect Answer: B

New Question 46 In which form does PAP authentication send the username and password across the link? A. Encrypted B. Password protected C. Clear text D. Hashed Correct Answer: C

Question 47: An engineer is using a network sniffer to troubleshoot DHCPv6 between a router and hosts on the LAN with the following configuration: Interface Ethernet0 Ipv6 dhcp server DHCPSERVERPOOL rapid-commit ! Which two DHCPv6 messages will appear in the sniffer logs? A. reply B. request C. advertise D. acknowledge

E. solicit F. accept Correct Answer: A,E

New Question 48:

New Question 49: How should a router that is being used in a Frame Relay network be configured to keep split horizon issues from preventing routing updates? A. Configure a separate subinterface for each PVC with a unique DLCI and subnet assigned to the subinterface. B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic. C. Configure many subinterfaces in the same subnet. D. Configure a single subinterface to establish multiple PVC connections to multiple remote router interfaces. Correct Answer: A

New Question 50 Which mode of uRPF causes a router interface to accept a packet, if the network to which the packet’s source IP address belongs is found in the router’s FIB? A. Strict mode

B. Loose mode C. Auto mode D. Desirable mode Correct Answer: B

New Question 51 Which of the following are characteristics of TACACS+? (Choose two.) A. Uses UDP B. Encrypts an entire packet C. Offers robust accounting D. Cisco-proprietary Correct Answer: B,D

New Question 52 Which two options are causes of out-of-order packets? (Choose two.) A. a routing loop B. a router in the packet flow path that is intermittently dropping packets C. high latency D. packets in a flow traversing multiple paths through the network. E. some packets in a flow being process-switched and others being interrupt-switched on a transit Router. Correct Answer: D,E

New Question 53 Your company uses Voice over IP (VoIP). The system sends UDP datagrams containing the voice data between communicating hosts. When areas of the network become busy, some of the datagrams arrive at their destination out of order. What happens when this occurs? A. UDP will send an ICMP Information request message to the source host. B. UDP will pass the information in the datagrams up to the next OSI layer in the order in which they arrive. C. UDP will drop the datagrams that arrive out of order. D. UDP will use the sequence numbers in the datagram headers to reassemble the data Correct Answer: B

New Question 54: Which alerts will be seen on the console when running the command: logging console warnings?

A. warnings only B. warnings, notifications, error, debugging, informational C. warnings, errors, critical, alerts, emergencies D. notifications, warnings, errors E. warnings, errors, critical, alerts Correct Answer: C

New Question 55: Which IP SLA operation requires Cisco endpoints? A. UDP Jitter for VoIP B. ICMP Path Echo C. ICMP Echo D. UDP Jitter Correct Answer: A

New Question 56: Meaning of priority 0 configured in ospf router? (Not enough information with the answer choices. Please refer to the explanation for information) Explanation: If needed, you can set the priority value to 0 in order to configure a router to never become a DR/BDR. This is necessary in hub and spoke networks where the hub should be configured to become the DR, where as the spokes should neither be DR nor BDR. New Question 57: What is not supported by Unicast Reverse Path Forwarding interface? A. Ping to self router B. Default Route C. ACL access D. Searchable both Correct Answer: C

New Question 58 A question about how ALWAYS block the outbound web traffic on Saturdays and Sunday between 1:00 AM to 23:59 AM. A. B. C. D.

absolute sat sun 01:00 23:59 periodic sat sun 01:00 23.59 periodic Saturday Sunday 01:00 to 11:59 Not sure about the answer option.

Correct Answer: C

New Question 59 Which two phases of DMPVN allow the spoke site to create dynamic tunnels to one other (Choose 2)? A. B. C. D. E.

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

Correct Answer: B, C New Question 60 Which OSPF network type doesn’t require a DR election? A. B. C. D.

Broadcast Point to point Non-Broadcast Point-to-multipoint

Correct Answer: B,D New Question 61 Which command configures a PPPoE client and specifies dial-on-demand routing functionality? A.pppoe-client dial-pool-number B.PPPoE enable C.interface dialer 1 D.encapsulation PPP Correct Answer: A New Question 62 A network engineer implemented Cisco EVN. Which feature implements shared services support? A. B. C. D.

edge interfacing tunnel feedback route replication route redistribution.

Correct Answer: C

New Question 63 A Configuration snippet in regards to ip sla network A. B. C. D. E.

apply the ipv6 acl under a vty ip access-class ipv6 access-class in access-list IN access list OUT

New Question 64 In regards to CEF (Cisco Express Forwarding) with a highlight of a configuration snippet “valid punt adjacency”. Correct Answer: not supported in CEF, forward to the next switching layer

New Question 65 Eigrp is implemented in a frame relay network but there is no adjacency. Which options cause the adjacency to come up? (choose 2) Correct Answer: disable split horizon, use neighbor command

New Question 66 What is uRPF checking first when the packet enters the interface? A. B. C. D.

Access list ingress Access list egress Route available in FIB or It verifies a reverse patch via the fib to the source It verifies that the source has a ??? EED adjacency

Correct Answer: C

New Question 67 A network engineer applies the command ip tcp adjust-mss under interface configuration mode. What is the result? A. B. C. D.

The probability of SYN packet truncation is increased. The UDP session is inversely affected. The probability of dropped or segmented TCP packets is decreased The optimum MTU value for the interface is set.

Correct Answer: C

New Question 68 Which command instruct a PPPoE client to obtain its IP address from the PPPoE server? A. B. C. D.

Interface dialer IP address negotiated PPPOE enable Not Sure

Correct Answer: B

New Question 69 Refer to the following configuration command. Router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80

Which statement about the command is true? A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80 is translated to 172.16.10.8:8080. B. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80 C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8. D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is redirected to port 8080 or port 80. Correct Answer: B New Question 70 Always block the outbound web traffic on Saturdays and Sunday between 1:00 to 23:59 with 4 options Correct Answer: Absolute Saturday Sunday 01:00 to 11:59 (Do not confuse it with periodic Saturday Sunday 01:00 to 23:59)

New Question 71 Refer to the exhibit Which two options are the causes for IP SLA tracking to fail? (Choose 2)

A. The source-interface is configured incorrectly. B. The destination must be 172.30.30.2 for icmp-echo. C. A route back to the R1 LAN network is missing in R2. D. The default route has wrong next hop IP address.

E. The threshold value is wrong. Correct Answer: A, C New Question 72 A network engineer recently deployed Easy Virtual Networking in the enterprise network. Which feature improves the service support?? A. edge interfacing, B. tunnel feedback, C. route replication D. route distinguisher Correct Answer: C

New Question 73 A question in regards to allowing website access between certain times Correct Answer: Filters using Time-Based ACLs

New Question 74 A network engineer enable OSPF on a Frame Relay WAN connection to various remote sites, but no OSPF adjacencies come up. Which two action are possible solution for this issue (Choose 2) A. Change the network type to point-to-multipoint under WAN interface. B. Enable virtual links. C. Change the network type to nonbroadcast multipoint access. D. Configure the neighbor command under OSPF process for each remote site. E. Ensure that the OSPF process number matches among all remote sites. Correct Answer: A, D New Question 75 There is a question about applying an IPv6 access-list to block traffic INBOUND telnet and interface Correct Answer: There are 5 answer options – 3 being output and 2 being inbound. The two inbound options are the correct answers