Page: 1
/ 57
Total 843 questions
A network engineer is trying to implement broadcast-based NTP in a network and executes the ntp broadcast client command. Assuming that an NTP server is already set up, what is the result of the command?
- A. It enables receiving NTP broadcasts on the interface where the command was executed.
- B. It enables receiving NTP broadcasts on all interfaces globally.
- C. It enables a device to be an NTP peer to another device.
- D. It enables a device to receive NTP broadcast and unicast packets.
Answer : A
Explanation:
The NTP service can be activated by entering any ntp command. When you use the ntp broadcast client command, the NTP service is activated (if it has not already been activated) and the device is configured to receive NTP broadcast packets on a specified interface simultaneously.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-xe-3se-3850-cr-book/bsm-xe-3se-3850-cr-book_chapter_00.html
What is a function of NPTv6?
- A. It interferes with encryption of the full IP payload.
- B. It maintains a per-node state.
- C. It is checksum-neutral.
- D. It rewrites transport layer headers. C
Answer : Explanation
Explanation:
RFC 6296 describes a stateless Ipv6-to-Ipv6 Network Prefix Translation (NPTv6) function, designed to provide address independence to the edge network. It is transport-agnostic with respect to transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/DCCP (Datagram
Congestion Control Protocol) pseudo-header and checksum
NPTv6 provides a simple and compelling solution to meet the address-independence requirement in Ipv6. The address-independence benefit stems directly from the translation function of the network prefix translator. To avoid as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two- way, checksum-neutral, algorithmic translation function, and nothing else.
Reference:
http://tools.ietf.org/html/rfc6296
Ipv6 has just been deployed to all of the hosts within a network, but not to the servers. Which feature allows Ipv6 devices to communicate with Ipv4 servers?
- A. NAT
- B. NATng
- C. NAT64
- D. dual-stack NAT
- E. DNS64
Answer : C
Explanation:
NAT64 is a mechanism to allow Ipv6 hosts to communicate with Ipv4 servers. The NAT64 server is the endpoint for at least one Ipv4 address and an Ipv6 network segment of 32-bits (for instance 64:ff9b::/96, see RFC 6052, RFC 6146). The Ipv6 client embeds the Ipv4 address it wishes to communicate with using these bits, and sends its packets to the resulting address. The NAT64 server then creates a NAT-mapping between the Ipv6 and the Ipv4 address, allowing them to communicate.
Reference:
http://en.wikipedia.org/wiki/NAT64
A network engineer initiates the ip sla responder tcp-connect command in order to gather statistics for performance gauging. Which type of statistics does the engineer see?
- A. connectionless-oriented
- B. service-oriented
- C. connection-oriented
- D. application-oriented C
Answer : Explanation
Explanation:
Configuration Examples for IP SLAs TCP Connect Operations
The following example shows how to configure a TCP Connection-oriented operation from Device B to the Telnet port (TCP port 23) of IP Host 1 (IP address
10.0.0.1), as shown in the “TCP Connect Operation†figure in the “Information About the IP SLAs TCP Connect Operation†section. The operation is scheduled to start immediately. In this example, the control protocol is disabled on the source (Device B). IP SLAs uses the control protocol to notify the IP SLAs responder to enable the target port temporarily. This action allows the responder to reply to the TCP Connect operation. In this example, because the target is not a Cisco device and a well-known TCP port is used, there is no need to send the control message.
Device A (target device) Configuration
configure terminal
ip sla responder tcp-connect ipaddress 10.0.0.1 port 23
Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt-book/sla_tcp_conn.html
A network engineer executes the “ipv6 flowset†command. What is the result?
- A. Flow-label marking in 1280-byte or larger packets is enabled.
- B. Flow-set marking in 1280-byte or larger packets is enabled.
- C. Ipv6 PMTU is enabled on the router.
- D. Ipv6 flow control is enabled on the router.
Answer : A
Explanation:
Enabling Flow-Label Marking in Packets that Originate from the Device
This feature allows the device to track destinations to which the device has sent packets that are 1280 bytes or larger.
SUMMARY STEPS -
enable
1.
configure terminal
2.
ipv6 flowset
3.
exit
4.
clear ipv6 mtu
5.
DETAILED STEPS -
Reference:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/15-mt/ip6b-15-mt-book/ip6-mtu-path-disc.html
A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and export packets are not being sent?
- A. output drops
- B. enqueuing for the RP
- C. fragmentation failures
- D. adjacency issues
Answer : A
Explanation:
Table 5 show ip flow export Field Descriptions
References:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/oaggnf.html
A network engineer is asked to configure a “site-to-site†Ipsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?
- A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
- B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one†access for all devices on a defined segment to share a single IP address upon exiting the external interface.
- C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
- D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one†access for all devices on a defined segment to share a single IP address upon exiting the external interface.
Answer : D
Explanation:
Configuring NAT to Allow Internal Users to Access the Internet Using Overloading
Note in the previous second configuration, the NAT pool “ovrldâ€only has a range of one address. The keyword overload used in the ip nat inside source list 7 command allows NAT to translate multiple inside devices to the single address in the pool. pool ovrld overload
Reference:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?
- A. Track the up/down state of a loopback interface and shut down this interface during maintenance.
- B. Adjust the HSRP priority without the use of preemption.
- C. Disable and enable all active interfaces on the active HSRP node.
- D. Enable HSRPv2 under global configuration, which allows for maintenance mode.
Answer : A
Explanation:
The standby track command allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with higher priority can become the active router if that router has standby preempt enabled. Loopback interfaces can be tracked, so when this interface is shut down the HSRP priority for that router will be lowered and the other HSRP router will then become the active one.
Reference:
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13780-6.html
A network engineer is notified that several employees are experiencing network performance related issues, and bandwidth-intensive applications are identified as the root cause. In order to identify which specific type of traffic is causing this slowness, information such as the source/destination IP and Layer 4 port numbers is required. Which feature should the engineer use to gather the required information?
- A. SNMP
- B. Cisco IOS EEM
- C. NetFlow
- D. Syslog
- E. WCCP
Answer : C
Explanation:
NetFlow Flows Key Fields -
A network flow is identified as a unidirectional stream of packets between a given source and destination--both are defined by a network-layer IP address and transport-layer source and desâ€"nation port numbers. Specifically, a flow is identified as the combination of the following key fields:
-> Source IP address
-> Destination IP address
-> Source Layer 4 port number
-> Destination Layer 4 port number
-> Layer 3 protocol type
-> Type of service (ToS)
-> Input logical interface
An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of
NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?
- A. Cisco Express Forwarding has not been configured globally.
- B. NetFlow output has been filtered by default.
- C. Flow Export version 9 is in use.
- D. The command ip flow-capture fragment-offset has been enabled.
Answer : A
Explanation:
We came across a recent issue where a user setup a router for
NetFlow -
export but was unable to see the OUT traffic for the interfaces in NetFlow Analyzer. Every
NetFlow configuration aspect was checked and nothing incorrect was found. That is when we noticed the ‘no ip cef’ command on the router.
CEF -
was enabled at
the global level and within seconds,
NetFlow Analyzer -
started showing OUT traffic for the interfaces. This is why this topic is about Cisco Express Forwarding.
What is switching?
A Router must make decisions about where to forward the packets passing through. This decision-making process is called “switchingâ€. Switching is what a router does when it makes the following decisions:
1. Whether to forward or not forward the packets after checking that the destination for the packet is reachable.
2. If the destination is reachable, what is the next hop of the router and which interface will the router use to get to that destination.
What is CEF?
CEF is one of the available switching options for Cisco routers. Based on the routing table, CEF creates its own table, called the Forwarding Information Base
(FIB). The FIB is organized differently than the routing table and CEF uses the FIB to decide which interface to send traffic from. CEF offers the following benefits:
1. Better performance than fast-switching (the default) and takes less CPU to perform the same task.
2. When enabled, allows for advanced features like NBAR
3. Overall, CEF can switch traffic faster than route-caching using fast-switching
How to enable CEF?
CEF is disabled by default on all routers except the 7xxx series routers. Enabling and Disabling CEF is easy. To enable CEF, go into global configuration mode and enter the CEF command. config t
Router#
ip cef
Router(config)#
Router(config)#
To disable CEF, simply use the ‘no’ form of the command, ie. ‘no ip cef‘.
Why CEF Needed when enabling NetFlow?
CEF is a prerequisite to enable NetFlow on the router interfaces. CEF decides through which interface traffic is exiting the router. Any NetFlow analyzer product will calculate the OUT traffic for an interface based on the Destination Interface value present in the NetFlow packets exported from the router. If the CEF is disabled on the router, the NetFlow packets exported from the router will have “Destination interface†as “null†and this leads NetFlow Analyzer to show no OUT traffic for the interfaces. Without enabling the CEF on the router, the NetFlow packets did not mark the destination interfaces and so NetFlow Analyzer was not able to show the OUT traffic for the interfaces.
Reference:
https://blogs.manageengine.com/network-2/netflowanalyzer/2010/05/19/need-for-cef-in-netflow-data-export.html
A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered: switch#show flow exporter Flow_Exporter-1
What is the expected output?
- A. configuration of the specified flow exporter
- B. current status of the specified flow exporter
- C. status and statistics of the specified flow monitor
- D. configuration of the specified flow monitor
Answer : B
Explanation:
Reference:
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-mt/cfg-de-fnflow-exprts.html
A company’s corporate policy has been updated to require that stateless, 1-to-1, and Ipv6 to Ipv6 translations at the Internet edge are performed. What is the best solution to ensure compliance with this new policy?
- A. NAT64
- B. NAT44
- C. NATv6
- D. NPTv4
- E. NPTv6 E
Answer : Explanation
Explanation:
NPTv6 provides a mechanism to translate the private internal organization prefixes to public globally reachable addresses. The translation mechanism is stateless and provides a 1:1 relationship between the internal addresses and external addresses. The use cases for NPTv6 outlined in the RFC include peering with partner networks, multi homing, and redundancy and load sharing.
Reference:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/August2012/Cisco_SBA_BN_IPv6AddressingGuide-Aug2012.pdf
Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.)
- A. DNS
- B. NAT
- C. port redirection
- D. stateless translation
- E. session handling
Answer : AB
Explanation:
Work Address Translation IPv6 to IPv4, or NAT64, technology facilitates communication between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously handling IPv4 address depletion. The DnS64 and NAT64 functions are completely separated, which is essential to the superiority of NAT64 over NAT-PT.
Reference:
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html
Which two methods of deployment can you use when implementing NAT64? (Choose two.)
- A. stateless
- B. stateful
- C. manual
- D. automatic
- E. static
- F. functional
- G. dynamic
Answer : AB
Explanation:
While stateful and stateless NAT64 perform the task of translating IPv4 packets into IPv6 packets and vice versa, there are important differences. The following table provides a high-level overview of the most relevant differences.
Differences Between Stateless NAT64 and Stateful NAT64
Table 2.
Reference:
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676277.html
Which NetFlow component is applied to an interface and collects information about flows?
- A. flow monitor
- B. flow exporter
- C. flow sampler
- D. flow collector
Answer : A
Explanation:
Flow monitors are the NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030