Professional Documents
Culture Documents
2018)================
Question 1
Drag and drop the sequence for configuring SSH in correct order.
A. ip ssh ver 2
B. ip domain-name cisco.com
C. crypto-key generate rsa
D. line vty 0 4
E. Transport input ssh
Transport input telnet
Question 2
Answer:
Strict mode:
+ Must have the same path back
+ Can be used on inside internet router interface
+?
Loose mode:
+ Must have the source IP in routing table
+ Can be used on outside internet router interface
+?
Question 3
A. DMVPN
B. NHRP
C. OSPF
D. IPSec
Answer: B
Question 4
A. HTTP only
B. HTTP and HTTPS
C. SSH
D. FTP
E. SFTP
F. TFTP
Answer: B C F
Explanation
The Management Plane Protection (MPP) feature in Cisco IOS software provides the
capability to restrict the interfaces on which network management packets are allowed to
enter a device. The MPP feature allows a network operator to designate one or more router
interfaces as management interfaces. Device management traffic is permitted to enter a
device only through these management interfaces. After MPP is enabled, no interfaces except
designated management interfaces will accept network management traffic destined to the
device.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mg
mt_plane_prot.html#wp1047623
Following are the management protocols that the management plane protection (MPP)
feature supports. These management protocols are also the only protocols affected when
MPP is enabled.
+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP
+ HTTP
+ HTTPS
Reference: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-
1/security/configuration/guide/syssec_cg41crs_chapter7.html#con_1013398
Question 5
Which topologies are allowed with p2p GRE over IPsec? (Choose two)
Answer: A B
Question 6
Which keywords can be used with debug condition to filter output? (Choose two)
A. Username
B. Interface ID
C. Port number
D. Protocol
Ε. Packet Size
Answer: A B
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/debug/command/reference/12
2debug/dbfcndtr.html
Question 7
Answer: D
======================================================
===========
Old questions:
Question 1
Which two can use to protect and secure management plane from unwanted & unauthorized
access? (Choose two)
Answer: A E
Explanation
The Management Plane Protection (MPP) feature in Cisco IOS software provides the
capability to restrict the interfaces on which network management packets are allowed to
enter a device. The MPP feature allows a network operator to designate one or more router
interfaces as management interfaces. Device management traffic is permitted to enter a
device only through these management interfaces. After MPP is enabled, no interfaces except
designated management interfaces will accept network management traffic destined to the
device.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mg
mt_plane_prot.html#wp1047623
Question 2
A. Physical
B. Datalink
C. Network
Answer: C
Question 3
When your network experiences Cisco Discovery Protocol and LLDP issues, with which layer
of the OSI model must you begin troubleshooting ?
A. Physical layer
B. Datalink layer
C. Network layer
D. Transport layer
Answer: B
Question 4
Answer: B
Explanation
Type 7 means the password will be encrypted when router store it in Run/Start Files using
Vigenere cipher which any website with type7 reversal can crack it in less than one second.
Question 5
Answer: C E
Question 6
Question refering to an exhibit – something with PIM, tunnel flapping and neighboring get
rejected, regardless Tunnel 1018 went down.
Answer: D E
Explanation
The tunnel destination must be the physical destination address of the other end of the
tunnel. For example in this topology:
R1 R2
interface tunnel0 interface tunnel0
ip address 12.12.12.1 255.255.255.252 ip address 12.12.12.2 255.255.255.252
tunnel mode gre ip //this command can be tunnel mode gre ip //this command can be
ignored ignored
tunnel source 192.168.13.1 tunnel source 192.168.23.2
tunnel destination 192.168.23.2 tunnel destination 192.168.13.1
For R1, the tunnel destination must point to 192.168.23.2 (the physical IP address of other
end of the tunnel, not 12.12.12.2 – the other destination of the tunnel itself)
Question 7
How do you make sure AAA will still allow you to login if TACACS fails? (Choose two)
Answer: B
Question 8
If you want to use GRE with IPSec which compatible with NAT traversal?
Answer: C
Explanation
This is not officially written by Cisco but it is the best we can find:
Reference: https://www.coursehero.com/file/p7qcduh/No-GRE-provides-a-stateless-private-
connection-15-What-is-the-GRE-header-for-It/
Question 9
Troubleshoot uRPF loose mode at client gateway router for networks that are not in the
routing table. (Choose two)
Answer: B C
Question 10
Which two statements about traceroute are true? (Choose two)
Answer: A D
Reference: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-
rip/13730-ext-ping-trace.html
======================================================
===================
Old questions:
Question 1
The WAN link is 1500 MTU. How to configure GRE Tunnel so that the packets do not get
fragmented? (Choose three)
A. ip tcp path-mtu-discovery
B. ip mtu 1400
C. ip tcp adjust-mss 1360
D. tunnel mode gre ip
E. tunnel mode gre multipoint
Answer: B C and ?
Explanation
Since GRE is an encapsulating protocol, we adjust the maximum transfer unit (mtu) to 1400
bytes and maximum segment size (mss) to 1360 bytes. Because most transport MTUs are
1500 bytes and we have an added overhead because of GRE, we must reduce the MTU to
account for the extra overhead. A setting of 1400 is a common practice and will ensure
unnecessary packet fragmentation is kept to a minimum.
Question 2
A. tagged
B. standard
C. named
D. numbered
E. dynamic
Answer: A C
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/xe-
3s/ipv6-xe-36s-book/ip6-sec-trfltr-fw.html
Question 3
Which two statements about time based ACL are true? (Choose two)
Answer: A B
Question 4
Question 5
Answer: B C
Question 6
GRE tunnel is up but the server or host cannot pass through traffic what are the two things
need to be fixed? (Choose two)
Answer:
Question 7
Which two protocols does the management plane protection feature support? (Choose two)
A. HTTPS
B. ARP
C. DNS
D. TFTP
E. DHCP
Answer: A D
Explanation
Following are the management protocols that the management plane protection (MPP)
feature supports. These management protocols are also the only protocols affected when
MPP is enabled.
+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP
+ HTTP
+ HTTPS
Reference: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-
1/security/configuration/guide/syssec_cg41crs_chapter7.html#con_1013398
Question 8
Answer: C
Explanation
Let’s assume that you are researching a problem of a user that cannot browse a particular
website and while you are verifying the problem, you find that the user’s workstation is not
even able to obtain an IP address through the DHCP process. In this situation it is reasonable
to suspect lower layers of the OSI model and take a bottom-up troubleshooting approach.
Reference: http://www.ciscopress.com/articles/article.asp?p=2273070&seqNum=2
Question 9
A router knows one destination using EIGRP and two OSPF networks, which will be the best
way to determine the path? (choose two)
Answer: C E
Question 10
Which two statements about ping & traceroute are true? (Choose two)
Answer: A D
Reference: https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-
releases-121-mainline/12778-ping-traceroute.html
Old MCQs:
Question 1
A. ICMP
B. PIM
C. IGMP
D. IP
Answer: A
Question 2
Which two options about GRE keepalives are true? (Choose two)
A. enabled by default
B. supports on point-to-point GRE tunnel interface
C. supports on point-to-multipoint mGRE
D. support broadcast
E. supported in VRFs only if fVRF and iVRF match
F. support broadcast multicast
Answer: B E
Explanation
GRE tunnel keepalives are only supported on point-to-point GRE tunnels. Tunnel keepalives
are configurable on multipoint GRE (mGRE) tunnels but have no effect.
GRE keepalives are not supported together with IPsec tunnel protection under any
circumstances.
In general, tunnel keepalives will not work when VRFs are used on the tunnel interface and
the fVRF (‘tunnel vrf …’) and iVRF (‘ip vrf forwarding …’ on tunnel interface) do not match.
Question 3
A. Data
B. Management
C. Control
D. Forwarding
Answer: B
Question 4
A user is able to log into the switch but cannot go to the global config mode. What needs to
be done?
Answer: A
Question 5
Which trouble shooting method is used when we troubleshoot a spanning tree issue for any
VLAN?
Answer: D
Question 6
Answer:
OR
Good reference:
https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13730-ext-
ping-trace.html
Question 7
Which two statements about IPv6 traffic filtering are true? (Choose two)
Answer: A D
Question 8
There was also a question about GRE tunnel with the options of it support multicast,
broadcast traffic or only broadcast and some other options that we needed to choose 2
correct ones.
Answer: A B
Question 9
AAA and what will be the result with this configuration: it either checks the local database
first or it only authenticate 2 listed users –
A. It will check TACAS authentication but skip for the two users created locally
B. aaa-new model not used and hence policy will not be applied.
C. aaa- not used hence policy will not be applied
D. Part of the script is reject
and 1 more options
Answer:
1. aaa-new-model command is not there in the script ; hence the script will not work
2. Part of the script is reject (as 2 local username and password are there)
Question 10
Drag and drop question related to Tunnel GRE. What are the require configuration and what
are optional?
Answer:
Require:
+ Tunnel destination IP
+ Tunnel Original IP
+ Tunnel IP
Optional:
+ TCP MSS
+ Tunnel key
+ Tunnel mode
======================================================
=======================
Old questions
Question 1
In which troubleshooting approach, you start troubleshooting from middle of OSI layer stack
and then either go up or down layer for further troubleshooting?
A. Bottom-up
B. Top-down
C. Divide-and-conquer
D. Follow-the-path
Answer: C
Question 2
Which two things should you check while troubleshooting uRPF? (Choose two)
Answer: A D
Question 3a
Answer: C
Or
Question 3b
Securing control plane on R1 connected via SSH to the network 10.10.0.0/16. You should
choose right answers and place in right configuring order. Not all options will be used.
Answer:
Sequence 1:
access-list X permit tcp 10.10.0.0/16 eq 22 any estab
access-list X permit tcp 10.10.0.0/16 any eq 22
Sequence 2:
class-map match-all SSH
match access-group X
Sequence 3:
Policy Y
Class SSH
Sequence 4:
Control plane
service-policy input Y
Question 4
What could be reason for GRE Tunnel interface in up/down state? (Choose two)
Answer: B C
Question 5
A. Line
B. Krb6
C. LDAP
D. Local
E. Blowfish
Answer: A D
Question 6
A.
R2:
interface tunnel 1
ip address 10.1.1.1 255.255.255.252
tunnel source 192.168.1.1
tunnel destination 192.168.2.3
B.
R3:
interface tunnel 1
ip address 10.1.1.2 255.255.255.252
tunnel source g0/0
tunnel destination 192.168.1.1
Answer: A B
Question 7
While troubleshooting you noticed *** as output of traceroute command. What is the reason
for that?
Question 8
Answer:
https://www.cisco.com/c/en/us/about/security-center/copp-best-practices.html
Question 9
Drag Drop question about four valid debug commands on switch (Choose four)
A. debug hsrp
B. debug glbp errors
C. debug ip igmp snooping
D. debug ip interface route-cache
E. debug spanning-tree mstp init
Answer: B C D E
Question 10
Drag and drop question. Choose and place in the right order headers when monitoring GRE
packet
======================================================
=======
Premium Member: You can test your knowledge with these questions first via this link.
Question 1
GRE Tunnel Drag and Drop. Which fields are optional and mandatory in a GRE header?
Answer:
Question 2
Answer:
Question 3
What IP header option fields can you modify in an extended ping? (Choose three)
A. Value
B. Strict
C. Record
D. Timestamp
E. Timeout
Answer: B C D
Explanation
All of these can be modified: protocol, IP destination address, repeat count, Datagram size,
Timeout, source address/interface, type of service, DF bit, Validate reply data, Data
pattern, Loose, Strict, Record, Timestamp, Verbose, Sweep range of sizes.
Reference: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-
rip/13730-ext-ping-trace.html
Question 4
Answer: A B C E
Question 5
Question 6