Q271. Which three types of traffic are allowed by IEEE 802.1X access control prior to getting authenticated? (Choose three.)
A. EAPOL
B. VTP
C. STP
D. ARP
E. CDP
F. HTTP
Answer: A,C,E
Explanation:
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic passes through the port.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/sw8021x.pdf
Q272. Which command sets the maximum segment size for a TCP packet initiated from a router?
A. ip mtu
B. ip tcp adjust-mss
C. ip tcp mss
D. ip tcp window-size
Answer: C
Q273. Which three events can cause a control plane to become overwhelmed? (Choose three.)
A. a worm attack
B. processing a stream of jumbo packets
C. a microburst
D. a configuration error
E. a reconvergence failure
F. a device-generated FTP session
Answer: A,D,E
Q274. Which two options are contained in the MSG part of a syslog message? (Choose two.)
A. TAG field
B. CONTENT field
C. three-digit priority value
D. IP address of the sending device
E. TLS port number
Answer: A,B
Q275. Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.)
A. the tunneling protocol
B. the transport protocol
C. the ISAKMP profile
D. the transform-set
E. the tunnel peer
Answer: A,B
Explanation:
The Tunnel Mode Auto Selection feature eases the configuration and spares you about knowing the responder’s details. This feature automatically applies the tunneling protocol (GRE or IPsec) and transport protocol (IPv4 or IPv6) on the virtual template as soon as the IKE profile creates the virtual access interface. This feature is useful on dual stack hubs aggregating multivendor remote access, such as Cisco AnyConnect VPN Client, Microsoft Windows7 Client, and so on.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-ipsec-virt-tunnl.html
Q276. Refer to the exhibit.
If IS-IS is configured utilizing default metrics, what is the cost for Router 4 to reach the 10.2.2.0/24 network?
A. 1
B. 20
C. 30
D. 63
Answer: C
Explanation:
By default, every link is an IS-IS network has a metric of 10.
Q277. Which two tasks are required for configuring SNMP to send traps on a Cisco IOS device? (Choose two.)
A. Create access controls for an SNMP community.
B. Configure SNMP notifications.
C. Configure the SNMP agent.
D. Configure SNMP status monitoring and troubleshooting.
E. Configure SNMP server group names.
F. Configure the SNMP server engine ID.
Answer: A,B
Explanation:
The best current practices recommend applying Access Control Lists (ACLs) to community strings and ensuring that the requests community strings are not identical to notifications community strings. Access lists provide further protection when used in combination with other protective measures. This example sets up ACL to community string:
access-list 1 permit 1.1.1.1 snmp-server community string1 ro 1
. SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Unsolicited (asynchronous) notifications can be generated as traps or inform requests. Traps are messages alerting the SNMP manager to a condition on the network. Inform requests (informs) are traps that include a request for confirmation of receipt from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml#wp1007320
Q278. For which kind of MPLS deployment is the next-hop-self all keyword used on a BGP neighbor command?
A. 6VPE
B. MPLS Carrier's carrier
C. inter-AS MPLS VPN option D
D. inter-AS MPLS VPN option C
E. Unified MPLS
Answer: E
Explanation:
Since the core and aggregation parts of the network are integrated and end-to-end LSPs are provided, the Unified MPLS solution is also referred to as "Seamless MPLS." New technologies or protocols are not used here, only MPLS, Label Distribution Protocol (LDP), IGP, and BGP. Since you do not want to distribute the loopback prefixes of the PE routers from one part of the network into another part, you need to carry the prefixes in BGP. The Internal Border Gateway Protocol (iBGP) is used in one network, so the next hop address of the prefixes is the loopback prefixes of the PE routers, which is not known by the IGP in the other parts of the network. This means that the next hop address cannot be used to recurse to an IGP prefix. The trick is to make the ABR routers Route Reflectors (RR) and set the next hop to self, even for the reflected iBGP prefixes. In order for this to work, a new knob is needed. Only the RRs need newer software to support this architecture. Since the RRs advertise the BGP prefixes with the next hop set to themselves, they assign a local MPLS label to the BGP prefixes. This means that in the data plane, the packets forwarded on these end-to-end LSPs have an extra MPLS label in the label stack. The RRs are in the forwarding path. There are two possible scenarios:
. The ABR does not set the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part of the network. Because of this, the ABR needs to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP. If this is done, there is still scalability. Only the ABR loopback prefixes (from the core) need to be advertised into the aggregation part, not the loopback prefixes from the PE routers from the remote aggregation parts.
. The ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR into the aggregation part. Because of this, the ABR does not need to redistribute the loopback prefixes of the ABRs from the core IGP into the aggregation IGP.
In both scenarios, the ABR sets the next hop to self for the prefixes advertised (reflected by BGP) by the ABR from the aggregation part of the network into the core part. If this is not done, the ABR needs to redistribute the loopback prefixes of the PEs from the aggregation IGP into the core IGP. If this is done, there is no scalability. In order to set the next hop to self for reflected iBGP routes, you must configure the neighbor x.x.x.x next-hop-self all command.
Reference: http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/116127-configure-technology-00.html
Q279. DRAG DROP
Drag and drop each SNMP security model and level on the left to the corresponding mode of authentication on the right.
Answer:
Q280. Which IPv6 prefix is used for 6to4 tunnel addresses?
A. 2001::/23
B. 2002::/16
C. 3ffe::/16
D. 5f00::/8
E. 2001::/32
Answer: B
Explanation:
6to4 works by taking advantage of a reserved IPv6 prefix, 2002::/16. A 6to4 tunnel interface automatically converts the 32 bits in its IPv6 address following this prefix to a global unicast IPv4 address for transport across an IPv4 network such as the public Internet.
Reference: http://packetlife.net/blog/2010/mar/15/6to4-ipv6-tunneling/