Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Exam Details
Exam Code
:300-410
Exam Name
:Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
Certification
:CCNP Enterprise
Vendor
:Cisco
Total Questions
:925 Q&As
Last Updated
:Mar 31, 2025
Cisco CCNP Enterprise 300-410 Questions & Answers
Question 101:
Yesterday one of your associates made some change to the syslog configuration on the router R69. Today, while working on the router you received this syslog message:
000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
Based on this output, which of the following commands did the associate execute?
A. service sequence-numbers
B. service timestamps log
C. service timestamps log datetime msec
D. logging console 4
Correct Answer: A
The associate must have executed the service sequence-numbers command during his changes. This command instructs the syslog system to add a sequence number to each message, which can help to organize a timeline when messages
are sent to a syslog server from various sources.
The associate could not have executed the service timestamps log command. This command enables time stamps on log messages, showing the time since the system was rebooted. If this had been done, a time stamp similar to the
following would have been added to the message:
*Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
The associate could not have executed the service timestamps log datetime msec command. This command enables time stamps on log messages, showing the time since the system was rebooted in milliseconds. If this had been done, a
time stamp similar to the following would have been added to the message:
*Mar 1 18:46:11:058 %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
The associate could not have executed the logging console 4 command. This command instructs the syslog system to only display messages of levels 4, 3, 2 and 1 in severity. Since the message displayed is a level 5 message, this
command could not have been executed.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify logging
References:
Cisco > Catalyst 4500 Series Switch Software Configuration Guide, IOS XE 3.7.0E and IOS 15.2(3) > Configuring System Message Logging > System Log Message Format
Question 102:
Which of the following translation mechanisms has the following characteristics? Translates 1 to 1 Translates IPv6 to IPv6 Translates only the prefix Is deployed at the network edge
A. NAT64
B. NAT44
C. NPTv6
D. NPTv4
Correct Answer: C
Network Prefix Translation (NPTv6) is a stateless method of translating the prefix of a received IPv6 address to another prefix without changing the host portion of the IPv6 address. Its mappings are 1 to 1, and it translates only the prefix of the address.
NAT64 translates from IPv6 to IPv4 and vice versa. It does not translate from IPv6 to IPv6.
NAT44 translates from IPv4 to IPv4. It does not translate from IPv6 to IPv6.
There is IPv4 version of Network Prefix Translation, called NPTv4. IT does not translate from IPv6 to IPv6.
References: RFC 6296 > IPv6-to-IPv6 Network Prefix Translation Cisco > Publications and Merchandise > The Internet Protocol Journal > Issues > Volume 14, Number 2, June 2011 > IPv6 Site Multihoming
Question 103:
You have applied the following configuration to Router71, as indicated in the following partial output of the show run command:
Which of the following statements is true of this configuration?
A. This is a GLBP configuration
B. 171.16.6.100 is the IP address of the HSRP group
C. The numeral 1 is the number of the HSRP group
D. This router will be prevented from taking back over as active router when it recovers from a loss of its Serial0 interface
Correct Answer: C
One is the number of the HSRP group. Hot Standby Routing Protocol (HSRP) can be used to provide default gateway redundancy for computers sharing the same gateway. At least two routers are gathered into a routing group, which in this
case is numbered 1. One of the routers will answer ARP requests for the standby IP address (in this case 171.16.6.100), which is the address the computers will have configured as their default gateway. That router is called the active router.
If that router goes down, then the other router will start answering ARP requests for the standby IP address.
This is not a Gateway Load Balancing Protocol configuration. That is an alternative to HSRP which allows both routers to be used while still providing backup to one another. That configuration would be different in that it uses GLBP groups
rather than standby groups, among other differences.
This router will be not prevented from taking back over as active router when it recovers from an outage of its Serial 0 interface. The presence of the command standby 1 preempt indicates that the router can take back over or preempt the
other router when it recovers from an outage of its Serial 0 interface. The command standby 1 track Serial0 tells the router to track the up/down state of its Serial 0 interface. If it goes down, it knows to decrement its HSRP priority by 10 (the
decrement value). This will drop its HSRP priority to 95. We do not see the priority of the other router in the group, but if for example its priority is 100, this configuration would allow it to take over as active router.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify tracking objects
References:
Home > Support > Technology support > IP > IP application services > Troubleshoot and alerts > Troubleshooting Technotes > How to Use the standby preempt and standby track Commands
Question 104:
You have been asked to troubleshoot the NTP configuration of a router named R70. After executing the show run command, you receive the following partial output of the command that shows the configuration relevant to NTP:
Based on this output, which of the following statements is true?
A. the time zone is set to 8 hours less than Pacific Standard time
B. the router will listen for NTP broadcasts on interface E0/0
C. the router will send NTP broadcasts on interface E0/0
D. the router will periodically update its software clock
Correct Answer: C
The router will send NTP broadcast on its E0/0 interface. The command ntp broadcast, when executed under an interface, instructs the router to send NTP broadcast packets on the interface. Any devices on the network that are set with the ntp broadcast client command on any interface will be listening for these NTP broadcasts. While the clients will not respond in any way, they will use the information in the NTP broadcast packets to synchronize their clocks with the information.
The time zone is not set to 8 hours less than Pacific Standard Time. The value -8 in the command clock timezone PST -8 is the amount of hours offset from UTC time, not from the time zone stated in the command.
The router will not listen for NTP broadcasts on the interface E0/0. The ntp broadcast command, when executed under an interface, instructs the router to send NTP broadcast packets on the interface. To set the interface to listen and use
NTP broadcasts, you would execute the ntp broadcast client command on the interface.
The router will not periodically update its software clock. The command ntp update-calendar configures the system to update its hardware clock from the software clock at periodic intervals.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify Network Time Protocol (NTP)
References:
Basic System Management > Setting Time and Calendar Services > Configuring NTP
Question 105:
Some of the technicians in your organization use the secure web interface to make some of the configurations changes on the router R68. Today it was reported that a technician could not make a connection to the secure web server. You execute a show run command on R68 and receive the following output:
What must the technician do to make the connection to the secure web interface?
A. specify port 443 in the command
B. specify port 1025 in the command
C. disable the HTTP server first
D. enable the secure server
Correct Answer: B
The partial output of the show run command indicates that the port number of the HTTPS interface has been changed to 1025. This is indicted by the presence of this command in the configuration:
ip http secure-port 1025
That is not the default port configuration of 443. Therefore, anyone wishing to connect to the secure server will need to reference the new port number in the command. If you change the HTTPS port number, clients attempting to connect to
the HTTPS server must specify the port number in the URL, in this format:
https://device:port_number
In this syntax, port_number is the HTTPS port number.
It will not help for the technician to reference port 443 in the command, because that is no longer the port number of the secure server. It is now 1025.
It is not required to disable the HTTP server to use the HTTPS server, although it is a best practice to do so.
There is no need to enable the secure server. We can see it has been enabled by the presence of this command in the configuration:
ip http secure-server
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify device management
References:
Cisco IOS HTTP Services Command Reference > clear ip http client cookie through show ip http server secure status > ip http secure-port
Question 106:
You just received the following system message.
*Mar 1 18:46:11:553 %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
(Switch-2)
With this message in mind, which of the following commands were executed on the device? (Choose all that apply.)
A. logging console level notifications
B. logging console level 4
C. service timestamps log datetime msec
D. service timestamps log datetime
Correct Answer: AC
The two commands that must have been executed to produce output in that format are logging console level notifications and service timestamps log datetime msec.
The logging console level notifications command species that all messages at level 5 (notifications and above) will be sent to the console. This is not entered by the number of the message type, but the name of the message type.
The service timestamps log datetime msec command specifies that a timestamp up to the millisecond should be included in all messages that include the time.
While the logging console level command can be used with a level number on some devices, notifications are level 5, not 4.
The service timestamps log datetime command specifies that a timestamp should be included in all messages, but it will not include the millisecond. Better logging functionality can be achieved by using the msec keyword to help organize
tightly spaced events.
The logging history command can specify the proper level of messages to reduce unnecessary messages.
Objective:
Infrastructure Services
Sub-Objective:
Configure and verify logging
References: Catalyst 2960 and 2960-S Software Configuration Guide, 12.2(55)SE > Configuring System Message Logging Cisco > Cisco IOS Embedded Syslog Manager Command Reference > logging console Cisco > Cisco IOS Configuration Fundamentals Command Reference > R through setup > service timestamps
Question 107:
Which of the following statements is NOT true of NPTv6?
A. is transport agnostic
B. translates the entire IPv6 address to another IPv6 address
C. is check sum neutral
D. translates only the IPv6 prefix
Correct Answer: B
Network Prefix Translation (NPTv6) is a stateless method of translating the prefix of a received IPv6 address to another prefix without changing the host portion of the IPv6 address. Some of its characteristics are:
It supports both transports that perform checksums on the IP header and those that do not. It provides a 1 to 1 relationship between the inside and outside prefixes.
It translates only the prefix, and not the entire address.
Objective:
Infrastructure Services
Sub-Objective:
Describe IPv6 NAT
References:
Cisco > Publications and Merchandise > The Internet Protocol Journal > Issues > Volume 14, Number 2, June 2011 > IPv6 Site Multihoming Howfunky...a place with useless technical content!>IPv6 to IPv6 Network Prefix Translation or
NPTv6
Question 108:
You are configuring NAT64 to allow communication between a host running IPv6 and a server running IPv4. The router R1 sits between the host and the server. The router's Fa0/2/7 interface is connected to the IPv6 host, and the Fa0/2/6 interface is connected to the IPv4 server.
The IPv6 host has an IPv6 address of 2001::a00:1/128 and the IPv4 server is at 10.0.0.1. Below is the relevant configuration on R1:
When the IPv4 server responds to the IPv6 host, what IPv6 address will be in the source address in the packet?
A. 2001::a001
B. 2001::A00:B
C. 3001::a00:1
D. 2001::A00:A
Correct Answer: C
NAT64 is a solution when IPv6 hosts need to communicate with IPv4-only servers. When the translation occur on the router the IPv4 address 10.0.0.1 will converted to hex as a00:1 and will be attached to the end of the stateful prefix of
3001::/96 that was configured on the router interface connected to the IPv4 server. The result will be 3001::a00:1.
The address will not be 2001::a001. The prefix that will be attached to the hex version of 10.0.0.1 will not be that of the interface fa0/2/7 but will be the prefix that was configured on that interface for nat64 translation which is 3301::/96. The
address will not be 2001::a00:b. That is the IPv6 address on the interface connected to the IPv6 host, but that address is not used for IPv4 to IPv6 communication. A translated address will be generated by converting the IPv4 address of the
IPv4 host to hex and attaching it to the IPv6 prefix configured on the interface connected to the IPv4 server.
The address will not be 2001::A00:A. That is the IPv6 address of the IPv6 host. That was statically mapped to 10.0.0.10 in the configuration and as such will be the IPv4 address used by the IPv6 host on the IPv4 side of the router.
Objective:
Infrastructure Services
Sub-Objective:
Describe IPv6 NAT
References:
Stateful Network Address Translation 64 (PDF)
Question 109:
Your network team is assessing options available to translate IPv6 address to IPv4 addresses. You have focused your attention on the variants of NAT64. One of your requirements is the conservation of IPv4 addresses.
Which of the following versions of NAT 64 helps to conserve IPv4 addresses?
A. stateless
B. manual
C. static
D. stateful
Correct Answer: D
One of the characteristics of stateful NAT64 is that it conserves IPv4 addresses. NAT64 is a version of network address translation that translates IPv6 address to IPv4 and vice versa. It has two variants, stateless and stateful. The following table describes some of the major differences between the two:
NAT64 has neither the variant static nor the variant manual.
References: Home > Products and services > Cisco IOS and NX-OS software > Cisco IOS technologies > Enterprise ipv6 solution > Data sheets and literature > White papers > NAT64 Technology: Connecting IPv6 and IPv4 Networks > Technologies Facilitating IPv6/IPv4 Translation
Question 110:
The network team is reviewing its options with regard to network address translation. Now that the network has been completely changed over to IPv6, you need a mechanism to translate from the private IPv6 addresses inside your network to public IPv6 addresses. You would like for these mappings to be one-to-one.
Which of the following performs this function?
A. stateful NAT64
B. NPT6
C. NAT44
D. stateless NAT 64
Correct Answer: B
NPT6 is a version of NAT that translates private IPv6 addresses to public or global IPv6 addresses. It is a stateless mechanism and requires a one-to-one mapping of private to global IPv6 addresses.
Neither version of NAT64 translates from private IPv6 addresses to public or global IPv6 addresses. Both stateful and stateless NAT64 translate from IPv4 to IPv6.
NAT44 does translate private IPv6 addresses to public or global IPv6 addresses, but it is stateful in operation. It does not perform one-to-one mappings.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-410 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
