Practice Free 300-410 Exam Online Questions
Refer to the exhibit.
An IT staff member comes into the office during normal office hours and cannot access devices through SSH.
Which action should be taken to resolve this issue?
- A . Modify the access list to use the correct IP address.
- B . Configure the correct time range.
- C . Modify the access list to correct the subnet mask
- D . Configure the access list in the outbound direction.
A
Explanation:
To ACL should be permit tcp 101 10.1.1.1 0.0.0.0
What is an advantage of using BFD?
- A . It detects local link failure at layer 1 and updates routing table.
- B . It detects local link failure at layer 2 and updates routing protocols.
- C . It has sub-second failure detection for layer 1 and layer 3 problems.
- D . It has sub-second failure detection for layer 1 and layer 2 problems.
Which configuration feature should be used to block rogue router advertisements instead of using the IPv6 Router Advertisement Guard feature?
- A . VACL blocking broadcast frames from nonauthorized hosts
- B . PVLANs with promiscuous ports associated to route advertisements and isolated ports for nodes
- C . PVLANs with community ports associated to route advertisements and isolated ports for nodes
- D . IPv4 ACL blocking route advertisements from nonauthorized hosts
B
Explanation:
The IPv6 Router Advertisement Guard feature provides support for allowing the network administrator to block or reject unwanted or rogue router advertisement guard messages that arrive at the network device platform. Router Advertisements are used by devices to announce themselves on the link. The IPv6 Router Advertisement Guard feature analyzes these router advertisements and filters out router advertisements that are sent by unauthorized devices.
Certain switch platforms can already implement some level of rogue RA filtering by the administrator configuring Access Control Lists (ACLs) that block RA ICMP messages that might be inbound on “user” ports.
Reference: https://datatracker.ietf.org/doc/html/rfc6104
Exhibit:
Bangkok is using ECMP to reach to the 192.168.5.0/24 network. The administrator must configure Bangkok in such a way that Telnet traffic from 192.168.3.0/24 and192.168.4.0/24 networks uses the HongKong router as the preferred router.
Which set of configurations accomplishes this task?
- A . access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
!
route-map PBR1 permit 10
match ip address 101
set ip next-hop 172.18.1.2
interface Ethernet0/3
ip policy route-map PBR1 - B . access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
!
route-map PBR1 permit 10
match ip address 101
set ip next-hop 172.18.1.2
interface Ethernet0/1
ip policy route-map PBR1 - C . access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255 eq 23
!
route-map PBR1 permit 10
match ip address 101
set ip next-hop 172.18.1.2
!
interface Ethernet0/3
ip policy route-map PBR1 - D . access-list 101 permit tcp 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit tcp 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255
!
route-map PBR1 permit 10
match ip address 101
set ip next-hop 172.18.1.2
!
interface Ethernet0/1
ip policy route-map PBR1
C
Explanation:
We need to use Policy Based Routing (PBR) here on Bangkok router to match the traffic from 192.168.3.0/24 & 192.168.4.0/24 and “set ip next-hop” to HongKong router(172.18.1.2 in this case).
Note: Please notice that we have to apply the PBR on incoming interface e0/3 to receive traffic from 192.168.3.0/24 and 192.168.4.0/24.
Refer to the exhibit.
A customer reports that user traffic of bank XYZ to the AAA server is not using the primary path via the R3-R2 link.
The network team observes:
No fiber is cut on links R2 and R3.
As101 and AS 201 routers established BGP peering.
Which configuration resolves the issue?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
An engneer must configure encrypted packets for a single router OSPF neighoorsMp.
Which configuration meets this requirement?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Refer to the exhibit.
The network administrator configured the branch router for IPv6 on the E 0/0 interface The neighboring router is fully configured to meet requirements, but the neighbor relationship is not coming up.
Which action fixes the problem on the branch router to bring the IPv6 neighbors up?
- A . Enable the IPv4 address family under the E 0/0 interface by using the address-family Ipv4 unicast command
- B . Disable IPv6 on the E 0/0 interface using the no ipv6 enable command
- C . Enable the IPv4 address family under the router ospfv3 4 process by using the address-family ipv4 unicast command
- D . Disable OSPF for IPv4 using the no ospfv3 4 area 0 ipv4 command under the E 0/0 interface.
C
Explanation:
Once again, Cisco changed the IOS configuration commands required for OSPFv3 configuration. The new OSPFv3 configuration uses the “ospfv3” keyword instead of the earlier “ipv6 router ospf” routing process command and “ipv6 ospf” interface commands.
The Open Shortest Path First version 3 (OSPFv3) address families feature enables both IPv4 and IPv6 unicast traffic to be supported. With this feature, users may have two processes per interface, but only one process per address family (AF).
What is a limitation of IPv6 RA Guard?
- A . It is not supported in hardware when TCAM is programmed
- B . It does not offer protection in environments where IPv6 traffic is tunneled.
- C . It cannot be configured on a switch port interface in the ingress direction
- D . Packets that are dropped by IPv6 RA Guard cannot be spanned
B
Explanation:
Restrictions for IPv6 RA Guard
The IPv6 RA Guard feature does not offer protection in environments where IPv6 traffic is tunneled.
This feature is supported only in hardware when the ternary content addressable memory (TCAM) is programmed.
This feature can be configured on a switch port interface in the ingress direction.
This feature supports host mode and router mode.
This feature is supported only in the ingress direction; it is not supported in the egress direction.
This feature is not supported on EtherChannel and EtherChannel port members.
This feature is not supported on trunk ports with merge mode.
This feature is supported on auxiliary VLANs and private VLANs (PVLANs). In the case of PVLANs, primary VLAN features are inherited and merged with port features.
Packets dropped by the IPv6 RA Guard feature can be spanned.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16-10/ip6f-xe-16-10-book/ip6-ra-guard.html#GUID-589AF00C-7499-439F-AD23-51005D61CAB7
Refer to the exhibit.
The static route is not present in the routing table of an adjacent OSPF neighbor router.
Which action resolves the issue?
- A . Configure the next hop of 10.20.20.1 in the prefix list DMZ-STATIC
- B . Configure the next-hop interface at the end of the static router for it to get redistributed
- C . Configure a permit 20 statement to the route map to redistribute the static route
- D . Configure the subnets keyword in the redistribution command
Refer to the exhibit.
The SNMP server with IP address 172.16 4 4 cannot access host router A.
Which configuration command on router A resolves the issue?
- A . snmp-server community ccnp
- B . access-list 4 permit 172.16.4.0 0.0.0.3
- C . access-list 4 permit host 172.16.4.4
- D . snmp-server host 172.16.4.4 ccnp