Q21. - (Topic 8)
Which two Cisco IOS commands, used in troubleshooting, can enable debug output to a remote location? (Choose two)
A. no logging console
B. logging host ip-address
C. terminal monitor
D. show logging | redirect flashioutput.txt
E. snmp-server enable traps syslog
Answer: B,C
Q22. - (Topic 6)
How does using the service password-encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
Answer: B
Explanation:
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file
Q23. - (Topic 4)
Which two statistics appear in show frame-relay map output? (Choose two.)
A. the number of BECN packets that are received by the router
B. the value of the local DLCI
C. the number of FECN packets that are received by the router
D. the status of the PVC that is configured on the router
E. the IP address of the local router
Answer: B,D
Explanation:
Sample “show frame-relay map” output: R1#sh frame map
Serial0/0 (up): ip 10.4.4.1 dlci 401(0x191,0x6410), dynamic, broadcast,, status defined, active
Serial0/0 (up): ip 10.4.4.3 dlci 403(0x193,0x6430), dynamic, broadcast,, status defined, active
Serial0/0 (up): ip 10.4.4.4 dlci 401(0x191,0x6410), static, CISCO, status defined, active
Q24. - (Topic 5)
Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?
A. ::1
B. ::
C. 2000::/3
D. 0::/10
Answer: A
Explanation:
In IPv6 the loopback address is written as, ::1
This is a 128bit number, with the first 127 bits being '0' and the 128th bit being '1'. It's just a single address, so could also be written as ::1/128.
Q25. - (Topic 4)
Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide secure end-to-end communications?
A. RSA
B. L2TP
C. IPsec
D. PPTP
Answer: C
Explanation:
IPSec is a framework of open standards that provides data confidentiality, data integrity, and data authentication between participating peers at the IP layer. IPSec can be used to protect one or more data flows between IPSec peers.
Q26. - (Topic 5)
What are three features of the IPv6 protocol? (Choose three.)
A. optional IPsec
B. autoconfiguration
C. no broadcasts
D. complicated header
E. plug-and-play
F. checksums
Answer: B,C,E
Explanation:
An important feature of IPv6 is that it allows plug and play option to the network devices by allowing them to configure themselves independently. It is possible to plug a node into an IPv6 network without requiring any human intervention. This feature was critical to allow network connectivity to an increasing number of mobile devices. This is accomplished by autoconfiguration.
IPv6 does not implement traditional IP broadcast, i.e. the transmission of a packet to all hosts on the attached link using a special broadcast address, and therefore does not define broadcast addresses. In IPv6, the same result can be achieved by sending a packet to the link-local all nodes multicast group at address ff02::1, which is analogous to IPv4 multicast to address 224.0.0.1.
Q27. - (Topic 3)
Which command is used to display the collection of OSPF link states?
A. show ip ospf link-state
B. show ip ospf lsa database
C. show ip ospf neighbors
D. show ip ospf database
Answer: D
Explanation:
The “show ip ospf database” command displays the link states. Here is an example: Here is the lsa database on R2.
R2#show ip ospf database
OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 793 0x80000003 0x004F85 2
10.4.4.4 10.4.4.4 776 0x80000004 0x005643 1
111.111.111.111 111.111.111.111 755 0x80000005 0x0059CA 2
133.133.133.133 133.133.133.133 775 0x80000005 0x00B5B1 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.1.1.1 111.111.111.111 794 0x80000001 0x001E8B
10.2.2.3 133.133.133.133 812 0x80000001 0x004BA9
10.4.4.1 111.111.111.111 755 0x80000001 0x007F16
10.4.4.3 133.133.133.133 775 0x80000001 0x00C31F
Q28. - (Topic 8)
Which three circumstances can cause a GRE tunnel to be in an up/down state? (Choose three.)
A. The tunnel interface IP address is misconfigured.
B. The tunnel interface is down.
C. A valid route to the destination address is missing from the routing table.
D. The tunnel address is routed through the tunnel itself.
E. The ISP is blocking the traffic.
F. An ACL is blocking the outbound traffic.
Answer: B,C,D
Q29. - (Topic 7)
What are three reasons to collect Netflow data on a company network? (Choose three.)
A. To identify applications causing congestion.
B. To authorize user network access.
C. To report and alert link up / down instances.
D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.
E. To detect suboptimal routing in the network.
F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.
Answer: A,D,F
Explanation:
NetFlow facilitates solutions to many common problems encountered by IT professionals.
+ Analyze new applications and their network impact
Identify new application network loads such as VoIP or remote site additions.
+ Reduction in peak WAN traffic
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.
+ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.
+ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.
+ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.
+ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.
Q30. - (Topic 8)
Why is the Branch2 network 10.1 0.20.0/24 unable to communicate with the Server farm1 network 10.1 0.10.0/24 over the GRE tunnel?
A. The GRE tunnel destination is not configured on the R2 router.
B. The GRE tunnel destination is not configured on the Branch2 router.
C. The static route points to the tunnel0 interface that is misconfigured on the Branch2 router.
D. The static route points to the tunnel0 interface that is misconfigured on the R2 router.
Answer: C