Q1. Which PPP authentication method sends authentication information in clear text?
A. MS CHAP
B. CDPCP
C. CHAP
D. PAP
Answer: D
Explanation:
PAP authentication involves a two-way handshake where the username and password are
sent across the link in clear text; hence, PAP authentication does not provide any protection against
playback and line sniffing. CHAP authentication, on the other hand, periodically verifies the identity of the
remote node using a three-way handshake. After the PPP link is established, the host sends a "challenge"
message to the remote node. The remote node responds with a value calculated using a one-way hash
function. The host checks the response against its own calculation of the expected hash value. If the
values match, the authentication is acknowledged; otherwise, the connection is terminated. Reference:
http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10241- ppp-callinhostname.
html
Q2. Which switching method is used when entries are present in the output of the command show ip cache?
A. fast switching
B. process switching
C. Cisco Express Forwarding switching
D. cut-through packet switching
Answer: A
Explanation:
Fast switching allows higher throughput by switching a packet using a cache created by the initial packet
sent to a particular destination. Destination addresses are stored in the high-speed cache to expedite forwarding. Routers offer better packet-transfer performance when fast switching is enabled. Fast switching is enabled by default on all interfaces that support fast switching.
To display the routing table cache used to fast switch IP traffic, use the "show ip cache" EXEC command.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd5.ht
ml#wp1038133
Q3. You have been asked to evaluate how EIGRP is functioning in a customer network.
What type of route filtering is occurring on R6
A. Distribute-list using an ACL
B. Distribute-list using a prefix-list
C. Distribute-list using a route-map
D. An ACL using a distance of 255
Answer: A
Explanation:
Q4. Which type of BGP AS number is 64591?
A. a private AS number
B. a public AS number
C. a private 4-byte AS number
D. a public 4-byte AS number
Answer: A
Explanation:
Q5. Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?
A. source address
B. destination address
C. router interface
D. default gateway
Answer: A
Explanation:
The Unicast RPF feature helps to mitigate problems that are caused by the introduction of
malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks,
including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing source
IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers
(ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have
source addresses that are valid and consistent with the IP routing table. This action protects the network of
the ISP, its customer, and the rest of the Internet. Reference: http://www.cisco.com/en/US/docs/ios/12_2/
security/configuration/guide/scfrpf.html
Q6. An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:
mac address C601.420F.0007
subnet 2001:DB8:0:1::/64
Which IPv6 addresses should the engineer add to the documentation?
A. 2001:DB8:0:1:C601:42FF:FE0F:7
B. 2001:DB8:0:1:FFFF:C601:420F:7
C. 2001:DB8:0:1:FE80:C601:420F:7
D. 2001:DB8:0:1:C601:42FE:800F:7
Answer: A
Explanation:
Explanation: Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-
Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the
need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained
through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI
(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted
between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which
can only appear in EUI-64 generated from the EUI-48 MAC address. Here is an example showing how the
Mac Address is used to generate EUI.
Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies
whether this interface identifier is universally or locally administered. If 0, the address is locally
administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally
unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses
has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address
is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.
Reference: https:// supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address
Q7. Which statement about the use of tunneling to migrate to IPv6 is true?
A. Tunneling is less secure than dual stack or translation.
B. Tunneling is more difficult to configure than dual stack or translation.
C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts.
D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses.
Answer: C
Explanation:
Using the tunneling option, organizations build an overlay network that tunnels one protocol over the other
by encapsulating IPv6 packets within IPv4 packets and IPv4 packets within IPv6 packets. The advantage of this approach is that the new protocol can work without disturbing the old protocol, thus providing connectivity between users of the new protocol. Tunneling has two disadvantages, as discussed in RFC 6144: Users of the new architecture cannot use the services of the underlying infrastructure.
Tunneling does not enable users of the new protocol to communicate with users of the old protocol without
dual-stack hosts, which negates interoperability.
Reference: http://www.cisco.com/c/en/us/products/
collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html
Q8. What is a function of NPTv6?
A. It interferes with encryption of the full IP payload.
B. It maintains a per-node state.
C. It is checksum-neutral.
D. It rewrites transport layer headers.
Answer: C
Explanation:
RFC 6296 describes a stateless IPv6-to-IPv6 Network Prefix Translation (NPTv6) function,
designed to provide address independence to the edge network. It is transport-agnostic with respect to
transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/
DCCP (Datagram Congestion Control Protocol) pseudo-header and checksum NPTv6 provides a simple
and compelling solution to meet the address-independence requirement in IPv6. The addressindependence
benefit stems directly from the translation function of the network prefix translator. To avoid
as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two-way,
checksum-neutral, algorithmic translation function, and nothing else. Reference: http://tools.ietf.org/html/
rfc6296
Q9. The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
Answer: A,C,D
Explanation:
Q10. What is the primary service that is provided when you implement Cisco Easy Virtual Network?
A. It requires and enhances the use of VRF-Lite.
B. It reduces the need for common services separation.
C. It allows for traffic separation and improved network efficiency.
D. It introduces multi-VRF and label-prone network segmentation.
Answer: C
Explanation: