Q1. Which two statements about TCP are true? (Choose two.)
A. TCP option must be divisible by 32.
B. It has a 16-bit window size.
C. Its maximum data offset is fifteen 32-bit words.
D. It has a 32-bit window size.
E. Its maximum data offset is ten 32-bit words.
F. It has a 32-bit checksum field.
Answer: B,C
Q2. Which two statements about 802.1Q tunneling are true? (Choose two.)
A. It requires a system MTU of at least 1504 bytes.
B. The default configuration sends Cisco Discovery Protocol, STP, and VTP information.
C. Traffic that traverses the tunnel is encrypted.
D. It is supported on private VLAN ports.
E. MAC-based QoS and UDLD are supported on tunnel ports.
F. Its maximum allowable system MTU is 1546 bytes.
Answer: A,E
Q3. Refer to the exhibit.
If a connection failure occurs between R1 and R2, which two actions can you take to allow CR-1 to reach the subnet 192.168.192.0/24 on R2? (Choose two.)
A. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into OSPF.
B. Turn up a BGP session between CR-1 and R1.
C. Create a static route on R1 for subnet 192.168.192.0/24 towards R3 and redistribute it into BGP.
D. Turn up an EIGRP session between R1 and R3 with AS 65535.
E. Create an OSPF virtual link between CR-1 and R2 to bypass R1.
Answer: A,B
Q4. What is a reason to use DHCPv6 on a network that uses SLAAC?
A. To get a record of the IPs that are used by the clients
B. To push DNS and other information to the clients
C. No reason, because there is no need for DHCPv6 when using SLAAC
D. Because DHCPv6 can be used only in stateful mode with SLAAC to record the IPs of the clients
E. Because DHCPv6 can be used only in stateless mode with SLAAC to record the IPs of the clients
F. Because DHCPv6 is required to use first-hop security features on the switches
Answer: B
Explanation:
SLAAC is by far the easiest way to configure IPv6 addresses, simply because you don’t have to configure any IPv6 address. With SLAAC, a host uses the IPv6 Neighbor Discovery Protocol (NDP) to determine its IP address and default routers. Using SLAAC, a host requests and listens for Router Advertisements (RA) messages, and then taking the prefix that is advertised to form a unique address that can be used on the network. For this to work, the prefix that is advertised must advertise a prefix length of 64 bits (i.e., /64). But the most significant of Stateless Address Autoconfiguration (SLAAC) is it provided no mechanism for configuring DNS resolver information.Therefore SLACC can be used along with DHCPv6 (Stateless) to push DNS and other information to the clients.
Q5. Which two statements are true about IS-IS? (Choose two.)
A. IS-IS DIS election is nondeterministic.
B. IS-IS SPF calculation is performed in three phases.
C. IS-IS works over the data link layer, which does not provide for fragmentation and reassembly.
D. IS-IS can never be routed beyond the immediate next hop.
Answer: C,D
Explanation:
IS-IS runs directly over the data link alongside IP. On Ethernet, IS-IS packets are always 802.3 frames, with LSAPs 0xFEFE while IP packets are either Ethernet II frames or SNAP frames identified with the protocol number 0x800. OSPF runs over IP as protocol number 89.
IS-IS runs directly over layer 2 and hence:
-cannot support virtual links unless some explicit tunneling is implemented
-packets are kept small so that they don't require hop-by-hop fragmentation
-uses ATM/SNAP encapsulation on ATM but there are hacks to make it use VcMux encapsulation
-some operating systems that support IP networking have been implemented to differentiate Layer 3 packets in kernel. Such Oss require a lot of kernel modifications to support IS-IS for IP routing.
-can never be routed beyond the immediate next hop and hence shielded from IP spoofing and similar Denial of Service attacks.
Reference: https://tools.ietf.org/html/draft-bhatia-manral-diff-isis-ospf-00
Q6. DRAG DROP
Answer:
Q7. Which two statements about OSPF are true? (Choose two.)
A. External type 2 routes are preferred over interarea routes.
B. Intra-area routes are preferred over interarea routes.
C. External type 1 routes are preferred over external type 2 routes.
D. External type 1 routes are preferred over intra-area routes.
E. External type 2 routes are preferred over external type 1 routes.
Answer: B,C
Q8. Refer to the exhibit.
Which three statements about the device with this configuration are true? (Choose three.)
A. Multiple AFIs are configured on the device.
B. The authentication on 172.16.129.7 is configured incorrectly.
C. The device is configured to support MPLS VPNs.
D. This device is configured with a single AFI.
E. The authentication on 172.16.129.4 is configured incorrectly.
F. The device is configured to support L2VPNs.
Answer: A,B,C
Q9. Refer to the exhibit.
Assuming that the peer is configured correctly and the interface is up, how many neighbors will be seen in the EIGRPv6 neighbor table on this IPv6-only router?
A. one neighbor, which will use a local router-id of 6010. AB8. . /64
B. one neighbor, which will use a local router-id of 6020. AB8. . /64
C. none, because EIGRPv6 only supports authenticated peers
D. none, because of the mismatch of timers
E. none, because there is no EIGRP router ID configured
Answer: E
Explanation:
Configuring EIGRP for IPv6 has some restrictions; they are listed below:
. The interfaces can be directly configured with EIGRP for IPv6, without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
. The router ID needs to be configured for an EIGRPv6 protocol instance before it can run.
. EIGRP for IPv6 has a shutdown feature. Ensure that the routing process is in "no shut" mode to start running the protocol.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/113267-eigrp-ipv6-00.html
Q10. Which statement describes the function of rekey messages?
A. They prevent unencrypted traffic from passing through a group member before registration.
B. They refresh IPsec SAs when the key is about to expire.
C. They trigger a rekey from the server when configuring the rekey ACL.
D. They authenticate traffic passing through a particular group member.
Answer: B
Explanation:
Rekey messages are used to refresh IPsec SAs. When the IPsec SAs or the rekey SAs are about to expire, one single rekey message for a particular group is generated on the key server. No new IKE sessions are created for the rekey message distribution. The rekey messages are distributed by the key server over an existing IKE SA. Rekeying can use multicast or unicast messages.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_getvpn/configuration/xe-3s/sec-get-vpn-xe-3s-book/sec-get-vpn.html