Cisco CCNP Enterprise 300-410 Questions & Answers

• Question 81:

  An engineer is creating a policy that overrides normal routing behavior.if the route to a destination of 10.100.100.0/24 is withdrawn from the routing

  Table, the policy must direct traffic to a next hop of 10.1 1.1. if the route is present in the routing table, then normal forwarding must occur.

  Which configuration meets the requirements?

  A. access-list 100 permit ip any any ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.1.1.1

  B. access-list 100 permit ip any 10.100.100.0 0.0.0.255 ! Route-map POLICY permit 10 match ip address 100 set ip default next-hop 10.1.1.1

  C. access-list 100 permit ip any 10.100.100.0 0.0.0.255 ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.1.1.1 ! route map POLICY permit 20

  D. access-list 100 permit ip any 10.100.100.0 0.0.0.255 ! route map POLICY permit 10 match ip address 100 Set ip next-hop recursive 10.1.1.1 ! route-map POLICY permit 20

  Correct Answer: D

• Question 82:

  The network administrator configured CoPP so that all routing protocol traffic toward the router CPU is limited to 1 mbps. All traffic that exceeds this limit must be dropped.

  The router is running BGP and OSPF Management traffic for Telnet and SSH must be limited to 500kbps.

  access-list 100 permit tcp any any eq 179 access-list 100 permit tcp any any range 22 23 access-list 100 permit ospf any any ! class-map CM-ROUTING match access-group 100 class-map CM-MGMT match access-group 100 ! policy-map PM-COPP class CM-ROUTING police 1000000 conform-action transmit class CM-MGMT police 500000 conform-action transmit ! control-plane service-policy output PM-COPP

  No traffic is filtering through CoPP,which is resulting in high CPU utilization, which configuration resolves the issue?

  A. no access-list 100access-list 100 permit tcp any any eq 179 access-list 100 permit ospf any any access-list 101 Permit tcp any any range 22 23 ! class-map CM-MGMT no match access-group 100 match access-group 101

  B. control-plane no service-policy output PM-COPP service-policy input PM-COPP

  C. No access-list 100 access-list 100 permit tcp any any eq 179 access-list 100 permit tcp any any range eq 22 access-list 100 permit tcp any any range eq 23 access-list 100 permit ospf any any

  D. no access-list 100 access-list 100 permit tcp any any eq 179 access-list 100 permit ospf any any access-list 101 Permit tcp any any range 22 23 ! class-map CM-MGMT no match access-group 100 match access-group 101 ! control-plane no service-policy output PM-COPP service-policy input PM-COPP

  Correct Answer: D

• Question 83:

  Refer to the exhibit.

  

  Which command must beconfigured to make VRF CCNP work?

  A. interface Loopback0 vrf forwarding CCNP

  B. interface Loopback0 ip address 10.1.1.1 255.255.255.0

  C. interface Loopback0 ip address 10.1.1.1 255.255.255.0 vrf forwarding CCNP

  D. interface Loopback0 ip address10.1.1.1 255.255.255.0 ip vrf forwarding CCNP

  Correct Answer: B

  From the exhibit, we learn that the command "ip address 10.1.1.1 255.255.255.0" has been issued before the command "ip vrf forwarding CCNP". But the second command removed the IP address configured in the first command so we have to retype the IP address command.

• Question 84:

  The network administrator configured the router for Control Plane Policing to limit OSPF traffic to be policed to 1 Mbps. Any traffic that exceeds this limit must also be allowed at this point for traffic analysis. The router configuration is:

  access-list 100 permit ospf any any ! class-map CM-OSPF match access-group 100 ! policy-map PM-COPP class CM-OSPF police 1000000 conform-action transmit ! control-plane service-policy output PM-COPP

  The Control Plane Policingfailed to monitor and police OSPF traffic. Which configuration resolves this issue?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 85:

  Examine the output of the show ip flow export command:

  

  Which statement is true regarding the results?

  A. 15 export packets were dropped because there was insufficient memory to create the export packet

  B. 3 export packets were dropped because CEF was unable to switch or forward the packet to the process level

  C. 61 packets were dropped because the send queue was full

  D. 8 flows were exported

  Correct Answer: C

  Sixty-one packets were dropped because the send queue was full. The last line in the output, 61 export packets were dropped due to output drops, will result when the send queue is full.

  Fifteen packets were not dropped because there was insufficient memory to create the export packet. Drops that occurred from insufficient memory are indicated with the line 3 flows failed due to lack of export packet, and there were only

  three of them.

  Three export packets were not dropped because CEF was unable to switch or forward the packet to the process level. Drops that occurred because CEF was unable to switch or forward the packet, are indicated with the line 15 export

  packets were dropped due to no fib, and there were fifteen of them.

  Eleven flows were sent, not eight. The eleven flows were sent in eight datagrams.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify Cisco NetFlow

  References:

  Cisco > Cisco IOS NetFlow Command Reference > show ip flow export Home > Products and services > Cisco IOS and NX-OS software > Cisco IOS Technologies > Management instrumentation > Cisco IOS NetFlow > Data sheets and

  literature > Introduction to Cisco IOS NetFlow - A Technical Overview

• Question 86:

  You need to configure a Cisco router to act as a DHCP server and provide the following services:

  1.

  Hand out IP addresses for subnet 10.10.0.0/16

  2.

  Set the domain name for the clients to "Cisco"

  3.

  Set the DNS server to 10.10.0.1

  4.

  Set the default gateway to 10.10.0.1

  5.

  Prevent IP address conflicts with 6 print servers that have consecutive permanently assigned addresses starting at 10.10.0.20.

  Which of the following sets of commands will successfully accomplish this?

  A. Router1(config)# service dhcp Router1(config)# ip dhcp pool IPPool Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 Router1(dhcp-config)# domain-name Cisco Router1(dhcp-config)# dns-server 10.10.0.1 Router1(dhcp-config)# default-router 10.10.0.1 Router1(dhcp-config)# exit Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25

  B. Router1(config)# service dhcp Router1(config)# dhcp pool IPPool Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 Router1(dhcp-config)# domain-name Cisco Router1(dhcp-config)# dns-server 10.10.0.1 Router1(dhcp-config)# default-router 10.10.0.1

  Router1(dhcp-config)# exit

  Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25

  C. Router1(config)# service dhcp Router1(config)# ip dhcp pool IPPool Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 Router1(dhcp-config)# domain-name Cisco Router1(dhcp-config)# dns-server 10.10.0.1 Router1(dhcp-config)# default-gateway 10.10.0.1 Router1(dhcp-config)# exit Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25

  D. Router1(config)# service dhcp Router1(config)# ip dhcp pool IPPool Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 Router1(dhcp-config)# domain-name Cisco Router1(dhcp-config)# dns-server 10.10.0.1 Router1(dhcp-config)# default-router 10.10.0.1 Router1(dhcp-config)# exit Router1(config)# ip dhcp excluded-address 10.10.0.20 - 10.10.0.25

  Correct Answer: A

  The following command sequence is correct:

  Router1(config)# service dhcp

  Router1(config)# ip dhcp pool IPPool

  Router1(dhcp-config)# network 10.10.0.0 255.255.0.0

  Router1(dhcp-config)# domain-name Cisco

  Router1(dhcp-config)# dns-server 10.10.0.1

  Router1(dhcp-config)# default-router 10.10.0.1

  Router1(dhcp-config)# exit

  Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25

  The Router1(config)# service dhcp command enables the DHCP process. It is enabled by default, but this command may be needed if it has been disabled.

  The Router1(config)# ip dhcp pool IPPool command creates a DHCP pool named IPPool.

  The Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 command specifies the subnet and mask for which the DHCP process will be handing out IP addresses. Unless otherwise specified, it is assumed that the assignment will start with

  the first address on the subnet and end with the last address on the subnet; in this case, 10.10.0.1 through 10.10.0.255.

  The Router1(dhcp-config)# domain-name Cisco command sets the domain name for the clients to "Cisco."

  The Router1(dhcp-config)# dns-server 10.10.0.1 command sets the DNS server IP address for the clients to 10.10.0.1.

  The Router1(dhcp-config)# default-router 10.10.0.1 command sets the default gateway for the clients to 10.10.0.1.

  The Router1(dhcp-config)# exit command exits back to global config mode.

  The Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25 command configures the DHCP process not to hand out addresses 10.10.0.20 through 10.10.0.25 so that there is no conflict with the print servers. This command is

  technically not a dhcp-config command, but if it is issued in the dhcp-config mode, the router will exit to global config mode and invoke the command.

  The other options are incorrect due to incorrect syntax or command mode.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify IPv4 and IPv6 DHCP

  References:

  Cisco > Cisco IOS IP Addressing Services Configuration Guide, Release 12.4 > Part 3: DHCP > DHCP Overview

• Question 87:

  Your network team is assessing options available to translate IPv6 address to IPv4 addresses.

  Which of the following is an advantage of NAT64 over NAT-PT as a translation option?

  A. DNS64 and NAT64 functions are completely separated

  B. DNS64 and NAT64 functions are completely integrated

  C. NAT64 only works over an Ethernet network

  D. NAT64 will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4 router

  Correct Answer: A

  DNS64 and NAT64 functions are completely separated when using NAT64. In NAT-PT these two functions are tightly coupled, which reduces flexibility and is why NAT-PT has been deprecated, with the IETF proposing NAT64 as its viable successor.

  DNS64 and NAT64 functions are not completely integrated in NAT64, so this is not an advantage of NAT64 over NAT-PT as a translation option.

  NAT64 works over non- Ethernet networks. It is NAT-PT that does only works on Ethernet networks. Therefore, this is not an advantage of NAT 64 over NAT-PT.

  NAT64 can reconstruct fragments packets if they are fragmented by an intermediate IPv4 router. It is NAT-PT that will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4 router, so this is not an advantage of NAT 64 over NAT-PT.

  Objective: Infrastructure Services Sub-Objective: Describe IPv6 NAT

  References: Home > Products and services > Cisco IOS and NX-OS software > Cisco IOS technologies > Enterprise IPv6 solution > Data sheets and literature > White papers > NAT64 Technology: Connecting IPv6 and IPv4 Networks > Technologies Facilitating IPv6/IPv4 Translation

• Question 88:

  You configured a device as an IP SLA responder using the following configuration:

  

  Which line indicates that the device is not a Cisco device?

  A. frequency 30

  B. timeout 1000

  C. tcp-connect 10.0.0.1 23 control disable

  D. tag FLL-RO

  Correct Answer: C

  The IP SLA TCP connect operation is used to gather statistics on connection-oriented services. The tcp- connect 10.0.0.1 23 control disable command specifies the IP address to which the responder should respond, the port number on

  which to respond and it disables the control protocol normally used to inform the responder to temporarily enable the port specified .by the configuration in the sender. When the responder is a non-Cisco device, a well-known port number

  must be chosen and the control protocol should be disabled on the responder. When a Cisco device is the responder, then any port number can be chosen and the control protocol should be left enabled.

  The frequency 30 command specifies how often the test should occur in seconds. It is not changed in any way as a result of the responder being a non-Cisco device.

  The timeout 1000 command specifies in milliseconds the amount of time an IP SLAs operation waits for a response from its request packet. It is not changed in any way as a result of the responder being a non-Cisco device.

  The tag FLL-RO command simply applies a user-specified identifier to the IP SLAs operation and is changed in any way as a result of the responder being a non-Cisco device.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify IP SLA

  References:

  IP SLAs Configuration Guide, Cisco IOS Release 15MandT > Configuring IP SLAs TCP Connect Operations Cisco > Cisco IOS IP SLAs Command Reference > tcp-connect

• Question 89:

  Which command is NOT mandatory for inclusion in a plan to implement IP Service Level Agreements (SLAs) to monitor IP connections and traffic?

  A. ip sla

  B. ip sla schedule

  C. ip sla reset

  D. icmp-echo

  Correct Answer: C

  The ip sla reset command is not mandatory for an implementation plan to configure IP SLAs for monitoring IP connections and traffic. This command causes the IP SLA engine to either restart or shutdown. As a result, all IP SLAs operations

  are stopped, IP SLA configuration information is erased, and IP SLAs are restarted. The IP SLAs configuration information will need to be reloaded to the engine.

  The following commands are essential to the implementation plan:

  ip sla

  ip sla schedule

  icmp-echo

  The ip sla command allows you to configure IP SLAs operations. When you execute this command in the global configuration mode, it enables the IP SLA configuration mode. In the IP SLA configuration mode, you can configure different IP

  SLA operations. You can configure up to 2000 operations for a given IP SLA ID number.

  The icmp-echo command allows you to monitor IP connections and traffic on routers by creating an IP SLA ICMP Echo operation. This operation monitors end-to-end response times between routers.

  The ip sla schedule command allows you to schedule the IP SLA operation that has been configured. With this command, you can specify when the operation starts, how long the operation runs, and the how long the operation gathers

  information. For example, if you execute the ip sla schedule 40 start-time now life forever command, the IP SLA operation with the identification number 40 immediately starts running. This is because the now keyword is specified for the start-

  time parameter. The forever keyword with the life parameter indicates that the operation keeps collecting information indefinitely. Note that you cannot re-configure the IP SLA operation after you have executed the ip sla schedule command.

  The information gathered by an IP SLA operation is typically stored in RTTMON-MIB. A Management Information Base (MIB) is a database hosting information required for the management of routers or network devices. The RTTMON-MIB is

  a Cisco-defined MIB intended for Cisco IOS IP SLAs. RTTMON MIB acts as an interface between the Network Management System (NMS) applications and the Cisco IOS IP SLAs operations.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify IP SLA

  References:

  Cisco > Support > Technology Support > IP > IP Application Services > Technology Information > Technology White Paper > Cisco IOS IP Service Level Agreements User Guide Cisco IOS IP SLAs Command Reference > icmp-echo through

  probe-packet priority > ip sla Cisco IOS IP SLAs Command Reference > icmp-echo through probe-packet priority > ip sla schedule Cisco > Cisco IOS IP SLAs Command Reference > icmp-echo

• Question 90:

  Which of the following IPv4 to IPv6 migration techniques does not separate DNS and the translation process?

  A. NAT-PT

  B. stateless NAT64

  C. stateful NAT64

  D. MAP-T

  Correct Answer: A

  Network Address Translation-Protocol Translation (NAT-PT) and DNS are inseparable, which is one of the reasons why NAT-PT has been deprecated. Network Address Translation IPv6 to IPv4, or NAT64, is superior to the NAT-PT

  technique because this solution has complete separation of the functions of NAT64 and DNS64.

  Stateless NAT64 is a version of NAT64 that does not maintain a binding or session state when it performs Address Family Translation (AFT). As such, it cannot be used in some of the implementations in which stateful NAT 64 can. However,

  in this method, DNS and the translation process are independent.

  Stateful NAT64 creates or modifies bindings or session state while performing translation. For this reason, it can be used to translate from an IPv4 network to an IPv6 network if static mappings are created, which stateless NAT64 cannot.

  Mapping of Address and Ports using Translation (MAP-T) is a method of creating mappings to provide connectivity for IPv4 hosts across an IPv6 domain. Its operation is not connected to DNS.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Describe IPv6 NAT

  References:

  Home > Products and services > Cisco IOS and nx-os software > Cisco IOS technologies > Enterprise IPv6 solutions > Data sheets and literature > NAT64 Technology: Connecting IPv6 and IPv4 Networks