Ensurepass

Implementing Cisco IP Routing (ROUTE v2.0)

 

QUESTION 61

A network engineer is configuring a routed interface to forward broadcasts of UDP 69, 53, and 49 to 172.20.14.225. Which command should be applied to the configuration to allow this?

 

A.

router(config-if)#ip helper-address 172.20.14.225

B.

router(config-if)#udp helper-address 172.20.14.225

C.

router(config-if)#ip udp helper-address 172.20.14.225

D.

router(config-if)#ip helper-address 172.20.14.225 69 53 49

 

Correct Answer: A

Explanation:

To let a router forward broadcast packet the command ip helper-address can be used. The broadcasts will be forwarded to the unicast address which is specified with the ip helper command.ip helper-address {ip address}When configuring the ip helper-address command, the following broadcast packets will be forwarded by the router by default:

TFTP – UDP port 69

Domain Name System (DNS) – UDP port 53

Time service – port 37

NetBIOS Name Server – port 137

NetBIOS Datagram Server – port 138

Bootstrap Protocol (BOOTP) – port 67

TACACS – UDP port 49

Reference:

http://www.cisco-faq.com/163/forward_udp_broadcas.html

 

 

QUESTION 62

A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario?

 

A.

router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO

B.

router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO

C.

router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO

D.

router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO

 

Correct Answer: A

Explanation:

Most network admins and engineers are familiar with SNMPv2c which has become the dominant SNMP version of the past decade. It’s simple to configure on both the router/switch-side and just as easy on the network monitoring server. The problem of course is that the SNMP statistical payload is not encrypted and authentication is passed in cleartext. Most companies have decided that the information being transmitted isn’t valuable enough to be worth the extra effort in upgrading to SNMPv3, but I would suggest otherwise.

Like IPv4 to IPv6, there are some major changes under the hood. SNMP version 2 uses community strings (think cleartext passwords, no encryption) to authenticate polling and trap delivery. SNMP version 3 moves away from the community string approach in favor of user-based authentication and view-based access control. The users are not actual local user accounts, rather they are simply a means to determine who can authenticate to the device. The view is used to define what the user account may access on the IOS device. Finally, each user is added to a group, which determines the access policy for its users. Users, groups, views.

Reference:

http://www.ccnpguide.com/snmp-version-3/

 

 

QUESTION 63

When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?

 

A.

username

B.

password

C.

community-string

D.

encryption-key

 

Correct Answer: A

Explanation:

The following security models exist: SNMPv1, SNMPv2, SNMPv3. The following security levels exits: “noAuthNoPriv” (no authentiation and no encryption ?noauth keyword in CLI), “AuthNoPriv” (messages are authenticated but not encrypted – auth keyword in CLI), “AuthPriv” (messages are authenticated and encrypted – priv keyword in CLI). SNMPv1 and SNMPv2 models only support the “noAuthNoPriv” model since they use plain community string to match the incoming packets. The SNMPv3 implementations could be configured to use either of the models on per-group basis (in case if “noAuthNoPriv” is configured, username serves as a replacement for community string).

Reference:

http://blog.ine.com/2008/07/19/snmpv3-tutorial/

QUESTION 64

After a recent DoS attack on a network, senior management asks you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? (Choose two.)

 

A.

Use the msec option to enable service time stamps.

B.

Increase the logging history.

C.

Set the logging severity level to 1.

D.

Specify a logging rate limit.

E.

Disable event logging on all noncritical items.

 

Correct Answer: AB

Explanation:

The optional msec keyword specifies the date/time format should include milliseconds. This can aid in pinpointing the exact time of events, or to correlate the order that the events happened. To limit syslog messages sent to the router’s history table and to an SNMP network management station based on severity, use the logging history command in global configuration mode. By default, Cisco devices Log error messages of severity levels 0 through 4 (emergency, alert, critical, error, and warning levels); in other words, “saving level warnings or higher.” By increasing the severity level, more granular monitoring can occur, and SNMP messages will be sent by the less sever (5-7) messages.

 

 

QUESTION 65

A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection?

 

A.

secure copy protocol

B.

core dumps

C.

warm reloads

D.

SNMP

E.

NetFlow

 

Correct Answer: B

Explanation:

When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a core dump) to identify the cause of the crash. Core dumps are generally very useful to your technical support representative.

Four basic ways exist for setting up the router to generate a core dump:

Using Trivial File Transfer Protocol (TFTP)

Using File Transfer Protocol (FTP)

Using remote copy protocol (RCP)

Using a Flash disk

Reference:

http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr19aa.html

 

 

QUESTION 66

A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?

 

A.

It enables receiving NTP broadcasts on the interface where the command was executed.

B.

It enables receiving NTP broadcasts on all interfaces glo
bally.

C.

It enables a device to be an NTP peer to another device.

D.

It enables a device to receive NTP broadcast and unicast packets.

 

Correct Answer: A

Explanation:

The NTP service can be activated by entering any ntp command. When you use the ntp broadcast client command, the NTP service is activated (if it has not already been activated) and the device is configured to receive NTP broadcast packets on a specified interface simultaneously.

Command

Description

ntp broadcast client

Allows the system to receive NTP broadcast packets on an interface.

Reference:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850-cr-book/bsm-xe-3se-3850-cr-book_chapter_00.html

 

 

QUESTION 67

What is a function of NPTv6?

 

A.

It interferes with encryption of the full IP payload.

B.

It maintains a per-node state.

C.

It is checksum-neutral.

D.

It rewrites transport layer headers.

 

Correct Answer: C

Explanation:

RFC 6296 describes a stateless IPv6-to-IPv6 Network Prefix Translation (NPTv6) function, designed to provide address independence to the edge network. It is transport-agnostic with respect to transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/DCCP (Datagram Congestion Control Protocol) pseudo-header and checksum NPTv6 provides a simple and compelling solution to meet the address-independence requirement in IPv6. The address-independence benefit stems directly from the translation function of the network prefix translator. To avoid as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two-way, checksum-neutral, algorithmic translation function, and nothing else.

Reference:

http://tools.ietf.org/html/rfc6296

 

 

QUESTION 68

IPv6 has just been deployed to all of the hosts within a network, but not to the servers. Which feature allows IPv6 devices to communicate with IPv4 servers?

 

A.

NAT

B.

NATng

C.

NAT64

D.

dual-stack NAT

E.

DNS64

 

Correct Answer: C

Explanation:

NAT64 is a mechanism to allow IPv6 hosts to communicate with IPv4 servers. The NAT64 server is the endpoint for at least one IPv4 address and an IPv6 network segment of 32-bits (for instance

64:ff9b::/96, see RFC 6052, RFC 6146). The IPv6 client embeds the IPv4 address it wishes to communicate with using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NAT-mapping between the IPv6 and the IPv4 address, allowing them to communicate.

Reference:

http://en.wikipedia.org/wiki/NAT64

 

 

QUESTION 69

A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?

 

A.

connectionless-oriented

B.

service-oriented

C.

connection-oriented

D.

application-oriented

 

Correct Answer: C

Explanation:

Configuration Examples for IP SLAs TCP Connect Operations

The following example shows how to configure a TCP Connection-oriented operation from Device B to the Telnet port (TCP port 23) of IP Host 1 (IP address 10.0.0.1), as shown in the “TCP Connect Operation” figure in the “Information About the IP SLAs TCP Connect Operation” section. The operation is scheduled to start immediately. In this example, the control protocol is disabled on the source (Device B). IP SLAs uses the control protocol to notify the IP SLAs responder to enable the target port temporarily. This action allows the responder to reply to the TCP Connect operation. In this example, because the target is not a Cisco device and a well-known TCP port is used, there is no need to send the control message.

Device A (target device) Configuration

configure terminal

ip sla responder tcp-connect ipaddress 10.0.0.1 port 23

Reference:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_tcp_conn.html

 

 

QUESTION 70

A network engineer executes the “ipv6 flowset” command. What is the result?

 

A.

Flow-label marking in 1280-byte or larger packets is enabled.

B.

Flow-set marking in 1280-byte or larger packets is enabled.

C.

IPv6 PMTU is enabled on the router.

D.

IPv6 flow control is enabled on the router.

 

Correct Answer: A

Explanation:

Enabling Flow-Label Marking in Packets that Originate from the Device This feature allows the device to track destinations to which the device has sent packets that are 1280 bytes or larger.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 flowset

4. exit

5. clear ipv6 mtu

DETAILED STEPS

Command or Action

Purpose

Step 1

enable Example:

Device> enable

Enables privileged EXEC mode.

 

Step 2

configure terminal Example:

Device# configure terminal

Enters global configuration mode.

 

Step 3

ipv6 flowset Example:

Device(config)# ipv6 flowset

 

Configures flow-label marking in 1280-byte or larger packets sent by the device.

 

Reference:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/15-mt/ip6b-15-mt-book/ip6-mtu-path-disc.html

 

Free VCE & PDF File for Cisco 300-101 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …