Q141. DRAG DROP
Drag each OSPF route-type identifier on the left to its description on the right.
Answer:
Q142. Refer to the exhibit.
While configuring AAA with a local database, users can log in via Telnet, but receive the message "error in authentication" when they try to go into enable mode. Which action can solve this problem?
A. Configure authorization to allow the enable command.
B. Use aaa authentication login default enable to allow authentication when using the enable command.
C. Verify whether an enable password has been configured.
D. Use aaa authentication enable default enable to allow authentication when using the enable command.
Answer: C
Explanation:
If a different enable password is configured, it will override the privilege level 15 of that user and force the existing password to be used for enable access.
Q143. Refer to the exhibit.
Which VLANs are permitted to send frames out port FastEthernet0/1?
A. 100 - 200
B. 4 - 100
C. 1 and 4 - 100
D. 3 and 4 - 100
Answer: D
Explanation:
Traffic on the native vlan does not get tagged as it crosses a trunk, so there is no dot1q tag in the first place to be filtered. And you don’t need to allow the native vlan. But if we force to tag the native vlan (with the “switchport trunk native vlan tag” command) then if the native vlan is not in the “allowed vlan” list it will be dropped.
Q144. Refer to the exhibit.
What will be the extended community value of this route?
A. RT:200:3000 RT:200:9999
B. RT:200:9999 RT:200:3000
C. RT:200:3000
D. RT:200:9999
Answer: D
Explanation:
Here the route map is being used to manually set the extended community RT to 200:9999
Q145. Which two features does the show ipv6 snooping features command show information about? (Choose two.)
A. RA guard
B. DHCP guard
C. ND inspection
D. source guard
Answer: A,C
Explanation:
The show ipv6 snooping features command displays the first-hop features that are configured on the router. Examples
The following example shows that both IPv6 NDP inspection and IPv6 RA guard are configured on the router:
Router# show ipv6 snooping features
Feature name priority state
RA guard 100 READY
NDP inspection 20 READY
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-s5.html
Q146. DRAG DROP
Drag and drop the fragmentation characteristics on the left to the corresponding protocol on the right.
Answer:
Q147. DRAG DROP
Drag and drop the OTV component on the left to the function it performs on the right.
Answer:
Q148. Refer to the exhibit.
If the traffic flowing from network 192.168.254.0 to 172.16.250.0 is unencrypted, which two actions must you take to enable encryption? (Choose two).
A. Configure the transform-set on R2 to match the configuration on R1.
B. Configure the crypto map on R2 to include the correct subnet.
C. Configure the ISAKMP policy names to match on R1 and R2.
D. Configure the crypto map names to match on R1 and R2.
E. Configure the Diffie-Hellman keys used in the ISAKMP policies to be different on R1 and R2.
Answer: A,B
Explanation:
A transform set combines an encryption method and an authentication method. During the IPsec security association negotiation with ISAKMP, the peers agree to use a particular transform set to protect a particular data flow. The transform set must be the same for both peers. Also, the crypto map on R2 points to the address name of VPN, which includes 172.16.0.0/16, but it should be the local subnet of 192.168.0.0/16
Q149. Refer to the exhibit.
Which statement about the R1 configuration is true?
A. It permits host 10.1.1.2 to establish a Telnet connection to R1.
B. It limits remote hosts to two SSH connection attempts.
C. SSH connections to R1 will log out after a 5-minute idle interval.
D. Hosts that reside on network 10.0.0.0/8 can SSH to R1.
E. The R1 timeout for outgoing SSH connection attempts is 30 seconds.
Answer: E
Explanation:
The timeout for outgoing SSH connection is defined by the “ip sshh time-out” command (in seconds), which is configured here as 30.
Q150. Refer to the exhibit.
Assuming that the peer is configured correctly and the interface is up, how many neighbors will be seen in the EIGRPv6 neighbor table on this IPv6-only router?
A. one neighbor, which will use a local router-id of 6010. AB8. . /64
B. one neighbor, which will use a local router-id of 6020. AB8. . /64
C. none, because EIGRPv6 only supports authenticated peers
D. none, because of the mismatch of timers
E. none, because there is no EIGRP router ID configured
Answer: E
Explanation:
Configuring EIGRP for IPv6 has some restrictions; they are listed below:
. The interfaces can be directly configured with EIGRP for IPv6, without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
. The router ID needs to be configured for an EIGRPv6 protocol instance before it can run.
. EIGRP for IPv6 has a shutdown feature. Ensure that the routing process is in "no shut" mode to start running the protocol.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/113267-eigrp-ipv6-00.html