Ensurepass

CCIE Routing and Switching Written Exam v5.1

 

QUESTION 81

Refer to the exhibit. A spoke site that is connected to Router-A cannot reach a spoke site that is connected to Router-B, but both spoke sites can reach the hub. What is the likely cause of this issue?

 

clip_image002

 

A.

There is a router doing PAT at site B.

B.

There is a router doing PAT at site A.

C.

NHRP is learning the IP address of the remote spoke site as a /32 address rather than a /24 address.

D.

There is a routing issue, as NHRP registration is working.

 

Correct Answer: B

Explanation:

If one spoke is behind one NAT device and another different spoke is behind another NAT device, and Peer Address Translation (PAT) is the type of NAT used on both NAT devices, then a session initiated between the two spokes cannot be established.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/convert/sec_dmvpn_xe_3s_book/sec_dmvpn_dt_spokes_b_nat_xe.html

 

 

QUESTION 82

Refer to the exhibit. For which reason could a BGP-speaking device in autonomous system 65534 be prevented from installing the given route in its BGP table?

 

clip_image004

 

A.

The AS number of the BGP is specified in the given AS_PATH.

B.

The origin of the given route is unknown.

C.

BGP is designed only for publicly routed addresses.

D.

The AS_PATH for the specified prefix exceeds the maximum number of ASs allowed.

E.

BGP does not allow the AS number 65535.

 

Correct Answer: A

Explanation:

BGP is considered to be a ‘Path Vector’ routing protocol rather than a distance vector routing protocol since it utilises a list of AS numbers to describe the path that a packet should take. This list is called the AS_PATH. Loops are prevented because if a BGP speaking router sees it’s own AS in the AS_PATH of a route it rejects the route.

 

QUESTION 83

Refer to the exhibit. Which statement is true?

 

clip_image005

 

A.

IS-IS has been enabled on R4 for IPv6, single-topology.

B.

IS-IS has been enabled on R4 for IPv6, multitopology.

C.

IS-IS has been enabled on R4 for IPv6, single-topology and multitopology.

D.

R4 advertises IPv6 prefixes, but it does not forward IPv6 traffic, because the protocol has not been enabled under router IS-IS.

 

Correct Answer: A

Explanation:

When working with IPv6 prefixes in IS-IS, you can configure IS-IS to be in a single topology for both IPv4 and IPv6 or to run different topologies for IPv4 and IPv6. By default, IS-IS works in single-topology mode when activating IPv4 and IPv6. This means that the IS-IS topology will be built based on IS Reachability TLVs. When the base topology is built, then IPv4 prefixes (IP Reachability TLV) and IPv6 prefixes (IPv6 Reachability TLV) are added to each node as leaves, without checking if there is IPv6 connectivity between nodes.

Reference: https://blog.initialdraft.com/archives/3381/

 

 

QUESTION 84

Refer to the exhibit. While troubleshooting high CPU utilization of a Cisco Catalyst 4500 Series Switch, you notice the error message that is shown in the exhibit in the log file. What can be the cause of this issue, and how can it be prevented?

 

clip_image007

 

A.

The hardware routing table is full. Redistribute from BGP into IGP.

B.

The software routing table is full. Redistribute from BGP into IGP.

C.

The hardware routing table is full. Reduce the number of routes in the routing table.

D.

The software routing table is full. Reduce the number of routes in the routing table.

 

Correct Answer: C

Explanation:

L3HWFORWADING-2

Error Message C4K_L3HWFORWARDING-2-FWDCAMFULL:L3 routing table is full. Switching to software forwarding.

The hardware routing table is full; forwarding takes place in the software instead. The switch performance might be degraded.

Recommended Action Reduce the size of the routing table. Enter the ip cef co
mmand to return to hardware forwarding.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/system/message/message/emsg.html

 

 

QUESTION 85

Refer to the exhibit. Which option explains why the forwarding address is set to 0.0.0.0 instead of 110.100.1.1?

 

clip_image009

 

A.

The interface Ethernet0/1 is in down state.

B.

The next-hop ip address 110.100.1.1 is not directly attached to the redistributing router.

C.

The next-hop interface (Ethernet0/1) is specified as part of the static route command; therefore, the forwarding address is always set to 0.0.0.0.

D.

OSPF is not enabled on the interface Ethernet0/1.

 

Correct Answer: D

Explanation:

From the output of the “show ip ospf database” command (although this command is not shown) we can conclude this is an ASBR (with Advertising Router is itself) and E0/1 is the ASBR’s next hop interface for other routers to reach network 192.168.10.0.

 

The Forwarding Address is determined by these conditions:

* The forwarding address is set to 0.0.0.0 if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes.

* These conditions set the forwarding address field to a non-zero address:

+ OSPF is enabled on the ASBR’s next hop interface AND + ASBR’s next hop interface is non-passive under OSPF AND + ASBR’s next hop interface is not point-to-point AND

+ ASBR’s next hop interface is not point-to-multipoint AND + ASBR’s next hop interface address falls under the network range specified in the router ospf command.

* Any other conditions besides these set the forwarding address to 0.0.0.0. > We can see E0/1 interface is not running OSPF because it does not belong to network 110.110.0.0 0.0.255.255 which is declared under OSPF process -> F.A address is set to 0.0.0.0. Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html

 

 

QUESTION 86

Which three conditions can cause excessive unicast flooding? (Choose three.)

 

A.

Asym
metric routing

B.

Repeated TCNs

C.

The use of HSRP

D.

Frames sent to FFFF.FFFF.FFFF

E.

MAC forwarding table overflow

F.

The use of Unicast Reverse Path Forwarding

 

Correct Answer: ABE

Explanation:

Causes of Flooding

The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most common reasons for destination MAC address not being known to the switch.

Cause 1: Asymmetric Routing

Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links.

Cause 2: Spanning-Tree Protocol Topology Changes

Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur.

TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant.

Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.

Cause 3: Forwarding Table Overflow

Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs.

Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html#causes

 

 

QUESTION 87

Which statement describes the BGP add-path feature?

 

A.

It allows for installing multiple IBGP and EBGP routes in the routing table.

B.

It allows a network engineer to override the selected BGP path with an additional path created in the config.

C.

It allows BGP to provide backup paths to the routing table for quicker convergence.

D.

It allows multiple paths for the same prefix to be advertised.

 

Correct Answer: D

Explanation:

BGP routers and route reflectors (RRs) propagate only their best path over their sessions. The advertisement of a prefix replaces the previous announcement of that prefix (this behavior is known as an implicit withdraw). The implicit withdraw can achieve better scaling, but at the cost of path diversity.

Path hiding can prevent efficient use of BGP multipath, prevent hitless planned maintenance, and can lead to MED oscillations and suboptimal hot-potato routing. Upon nexthop failures, path hiding also inhibits fast and local recovery because the network has to wait for BGP control plane convergence to restore traffic. The BGP Additional Paths feature provides a generic way of offering path diversity; the Best External or Best Internal features offer path diversity only in limited scenarios.

The BGP Additional Paths feature provides a way for multiple paths for the same prefix to be advertised without the new paths implicitly replacing the previous paths. Thus, path diversity is achieved instead of path hiding.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html

 

 

QUESTION 88

In the DiffServ model, which class represents the highest priority with the highest drop probability?

 

A.

AF11

B.

AF13

C.

AF41

D.

AF43

 

Correct Answer: D

Explanation:

AF43– Assured forwarding, high drop probability, Class 4 DSCP, and Flash-override precedence.

Table of AF Classes and Drop Priority

Drop Precedence

Class 1

Class 2

Class 3

Class 4

Low drop

AF11

DSCP 10

001010

AF21

DSCP 18

010010

AF31

DSCP 26

011010

AF41

DSCP 34

100010

Medium drop

AF12

DSCP 12

001100

AF22

DSCP 20

010100

AF32

DSCP 28

011100

AF42

DSCP 36

100100

High drop

AF13

DSCP 14

001110

AF23

DSCP 22

010110

AF33

DSCP 30

011110

AF43

DSCP 38

100110

Reference: https://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=56

 

 

 

 

 

 

 

 

QUESTION 89

Refer to the exhibit. NHRP registration is failing; what might be the problem?

 

clip_image011

 

A.

invalid IP addressing

B.

fragmentation

C.

incorrect NHRP mapping

D.

incorrect NHRP authentication

 

Correct Answer: D

Explanation:

Configuring an authentication string ensures that only routers configured with the same string can communicate using NHRP. Therefore, if the authentication scheme is to be used, the same string must be configured in all devices configured for NHRP on a fabric.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp10554

 

 

QUESTION 90

Refer to the exhibit. Which technology does the use of bi-directional BPDUs on all ports in the topology support?

 

clip_image013

 

A.

RSTP

B.

MST

C.

Bridge Assurance

D.

Loop Guard

E.

Root Guard

F.

UDLD

 

Correct Answer: C

Explanation:

Spanning Tree Bridge Assurance

Turns STP into a bidirectional protocol

Ensures spanning tree fails “closed” rather than “open”

If port type is “network” send BPDU regardless of state

If network port stops receiving BPDU it’s put in BA-inconsistent state

 

clip_image015

 

Bridge Assurance (BA) can help protect against bridging loops where a port becomesdesignated because it has stopped receiving BPDUs. This is similar to
the functionof loop guard.

Reference: http://lostintransit.se/tag/convergence/

 

Free VCE & PDF File for Cisco 400-101 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …