1-Two routers cannot communicate via tunnel, what would you troubleshoot 1st?.

a. Tunnel connectivity.
b. Irrelevant
c. Irrelevant
d. The NHRP.

Answer: A
2-GRE Tunnel cant form tunnel over WAN between to sites, why?
A: Firewall/Router ACL blocks TCP Port 57
B: Firewall/Router ACL blocks IP Protocol 57
C: Firewall/Router ACL blocks UDP Port 47
D: Firewall/Router ACL blocks IP Protocol 47

Answer:D
3-routers are connected and use the VRF, later on the new Lo address is added to one router but is not
able to see the rest of interfaces, what should the fix the issue (2 answers)
A. add static route to vrf
B. add Lo into the VRF
C. add dynamic routing between them
D. and other options

Answer:A,B
4-BGP ASN 64xxx. Which answer is correct?
A: Private AS 2-byte
B: Private AS 4-byte
C: Public AS 2-byte
D: Private AS 4-byte
PRIVATE: 64,512 to 65,534
PUPBLIC: 1

to 64495

2-byre

5-Refer to the exhibit. A new TAC engineer came to you for advice. A GRE over IPsec tunnel was
configured, but the tunnel is not coming up.
What did the TAC engineer configure incorrectly?
A. The crypto isakmp configuration is not correct.
B. The crypto map configuration is not correct.
C. The interface tunnel configuration is not correct.
D. The network configuration is not correct; network 172.16.1.0 is missing

Answer:A
http://www.digitaltut.com/ipsec-and-gre

6-If a user using AuthNoPriv who the data will be Authorised

a) User will be authorized and Encryption
b) User will be authorized and Encryption
c) User will not be authorized and Data will not be Encryption
d) User will be authorized and data will not be Encrypted

Answer:D
7-When the CEF will receive the packet without FIB
a) will drop the packet
b) will find the same in the FIB table
c) will create new FIB
d) will forward it

Answer:A
8-DHCP client isn not able to reach the DHCP server and the issue should be fixed by adding the ip
helper on the Fa interface of the router connected to DHCP client
a) ip helper with the ip address of the DHCP server
b) ip helper with the ip address of the DHCP client
c) and two other options

Answer:A
9-A network engineer enters the command debug condition interface. Under which conditions will
the engineer see the debug output?
a) When the command logging buffer has been entered
b) When the interface is up and receives traffic
c) When the interface is down and receive traffic
d) When the interface is up and receives traffic on the main and subinterfaces
Answer:B
10-Company was subject to a DDoS Attack from IPv4 and IPv6 Addresses. What can you use to
INDENTIFY AN IPV6 HEADER, in order to mitigate future attacks on the network?a) Source Address

a) Destination Address
b) Source Address
c) Fragment Offset
d) Flow Label
e) Hop Limit
f) Traffic Class
Answer: D,E,F
11-What is the reason for using NTPv6?
a) IPv6 to IPv6 network prefix translation
b) IPv4 to IPv6 network address translation
c) Irrelevant
d) Irrelevant

Answer:A

12-You have NAT translation that is incorrect but when you try to remove you get error message in use
how do you remove select least impact?
a) Cant recall
b) Reload router
c) Clear IP NAT table
d) Clear IP NAT translation

Answer:D

13-Why use dual stack?

a) ipv6 to ipv4
b) ipv4 to ipv6
c) both parallel
d) translate ipv4 to tpv6

Answer:C

14-NTP: in command ntp master 10

a) Stratum
b) and other options

Answer:A

15-According to the output showing below what is the IPV6 summarization will be?
The four routes was as I remember :
2001:db8:0:7
2001:db8:0:8
2001:db8:0:9

a) 2001:db8::0/64 [120/100] Via FE80::A8BB:CCFF:FE00:A00 Fastethernet 0/1

b) 2001:db8::0/32 [120/100] Via FE80::A8BB:CCFF:FE00:A00 Fastethernet 0/1
c) 2001:db8::0/48 [120/100] Via FE80::A8BB:CCFF:FE00:A00 Fastethernet 0/1
d) 2001:db8::0/16 [120/100] Via FE80::A8BB:CCFF:FE00:A00 Fastethernet 0/1

Answer:C

16-There was a screenshot with config and a question like what is true.
ip sla XXX
udp-jitter 172.29.139.134 dest-port 5000 num-packets 20
frequency 30
!
ip sla schedule 99 life 300 start-time after 00:05:00
a) Start time after 5 hours ???
b) Send 20 packets with des-port 5000
c) Start time 12:05:00 AM
d)send 20 packets every 30 seconds

Answer:D

17-Question about Easy Virtual Network. Choose 3

a) Simplify Layer 3 network virtualization
b) Improve support for shared services
c) Enhance management and troubleshooting
d) and other options

Answer:A,B,C

18-What IPv6 address is show once sh ipv6 route RIPng ?

a) Multicast
b) Global
c) Link-state
d) Link-local

Answer:D
19-Refer to the exhibit. A new TAC engineer came to you for advice. A GRE over IPsec tunnel was
configured, but the tunnel is not coming up.
What did the TAC engineer configure incorrectly?
A. The crypto map is not configured correctly.
B. The crypto ACL is not configured correctly.
C. The crypto map is not applied to the correct interface.
D. The OSPF network is not configured correctly.
Answer:B
http://www.digitaltut.com/ipsec-and-gre
20- Question: Which has authentication and encryption:
a. Auth
b. No Auth
c. Priv
d. Secret

Answer:C

21- DMVPN: before testing IPsec what would you test?

A) NHRP
B) mGRE tunnels

Answer:B

22-A route is being advertised by four routing protocols which one will added to routing table:

a-OSPF
b-EIGRP
c-IBGP
d-RIP
Answer:B

23-Refer to the exhibit.The network setup is running the RIP routing protocol. Which two events will
occur following link failure between R2 and R3?
A. R1 will reply to R2 with the advertisement for network 192.168.2.0/27 with hop count of 16.
B. R2 will not send any advertisements and will remove route 192.168.2.0/27 from its routing table.
C. After communication fails and after hold-down timer expires, R1 will remove the 192.168.2.0/27 route from its
routing table.
D. R3 will not accept any further updates from R2, due to the dplit-horizon loop prevention mechanism.
E. R2 will advertise network 192.168.2.0/27 will a hop count of 16 to R1.
Answer:A,E

24-Which VPN tech use aaa for group policies, authorization and also can use xauth ?
(Choose 1

a) GREVPN
b) Cisco Easy VPN
c) DMVPN
d) cant remember (but was nonsense)
Answer:B

25-What 3 items can you monitor if you use IP SLA with 2 timestamps
(choose 3)

a) path
b) jitter
c) throughput
d) load
e) packet loss
f) delay

Answer:B,E,F
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/44sg/configuration/guide/Wrapper44SG/swipsla.html

26-A piece of configuration with an IPv6 DHCP Pool is given:

Question: If the Router config are default for IPv6. What a dynamic IPv6 address mechanism can Clients use ?
5 Answers: (choose 2)
a) SLAAC
b) DHCPv6 (should be stateless but I wrote the questions like it is posted)
c) somewhat
d) EUI64
e) somewhat

Answers:A,B
I remember that the pool was like below structure (stateless DHCPV6)

1. ipv6 dhcp pool <pool name>

2. dns-server <specify the dns server address>
3. domain-name <specify the domain name>
*so if client need only ip can use SLAAC and if client need more info can use stateless DHCPV6

27-Which traffic characteristic has a UDP Packet which contains voice and video traffic which is going
direct to the queue on a link with less than 768Kbit?
a) is fragmentet
b) is not fragmentet
c) somewhat
d) video are delayed (not exact so in exam)
e) somewhat
Answer:A
this link may help
No7 under QOS REQUIREMENTS IN THE WAN

http://www.cisco.com/en/US/technologies/tk543/tk879/technologies_white_paper0900aecd800a8561_ps6613_Pro
ducts_White_Paper.html

28-question about memory leak

OR
which two commands would be use for troubleshoot high usages of the process:
a-show memory summary
b-show memory allocating-proccess total
c-show memory process dead
Answers:A,B
29-Which options help to handle fragmentation between two hosts along path:
a- MSS
b-PMTUD(right answer)
c-Windowing
d..
Answer:B
30-frame-relay map ipv6 fe80::100 100 what ip address is:
a-Link-local
b-Global unicast
Answer:A
31- you want to use single tunnel in Hub and connect to multiple spoke sites what technology you
would use
a) DMVPN i selected this option
B) Cisco easy vpn
c) FlexVPN
D) not sure

Answer:A
======================================
Not complete questions

1-Question: Difference between Tracking Reachability and State

Reachability:
Track-Object is UP if IP SLA Code is OK or Over-Threshold of IP SLA
Track-Object is DOWN if IP SLA code is DOWN or over Timeout
State:
Track-Object is UP if IP SLA Code is OK, so IP SLA test is NOT over threshold or timeout)
Track-Object is DOWN in any other case
2-Question: when the ip flow ingress is configured
1. ip flow ingress on the interface will also include the subinteraces(NOT CORRECT)
2. and other options
q
3-What is the primary service if you implement Easy Virtual Network (EVN)?
(Choose 1)
4 Answers for choice