Refer to this output What is the logging severity level?
R1#Feb 14 37:15:12:429: %LINEPROTO-5-UPDOWN Line protocol on interface GigabitEthernet0/1. Change state to up Alert Critical Notificationcorrect Emergency.
When using TLS for syslog, which configuration allows for secure and reliable transportation of messages to its default port? logging host 10.2.3.4 vrf mgmt transport tcp port 6514 logging host 10.2.3.4 vrf mgmt transport udp port 6514 logging host 10.2.3.4 vrf mgmt transport tcp port 514 logging host 10.2.3.4 vrf mgmt transport udp port 514.
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis? Cisco Firepower and FireSIGHT Cisco Stealthwatch system Advanced Malware Protection Cisco Web Security Appliance.
Refer to exhibit. What are two reasons for IP SLA tracking failure? (Choose two ) The source-interface is configured incorrectly The destination must be 172.30.30.2 for icmp-echo A route back to the R1 LAN network is missing in R2 The default route has wrong next hop IP address The threshold value is wrong.
Refer to the exhibit.
The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the IP SLA. Which configuration should the engineer use? event manager applet EEM_IP_SLA
event track 10 state down event manager applet EEM_IP_SLA
event track 10 state unreachable event manager applet EEM_IP_SLA
event sla 10 state unreachable event manager applet EEM_IP_SLA
event sla 10 state down.
Which two statements about IP SLA are true? (Choose two) SNMP access is not supported It uses active traffic monitoring It is Layer 2 transport-independent The IP SLA responder is a component in the source Cisco device It can measure MOS It uses NetFlow for passive traffic monitoring.
Which IP SLA operation requires the IP SLA responder to be configured on the remote end? ICMP echo UDP jitter ICMP jitter TCP connect.
A network engineer is configuring Flexible NetFlow and enters these commands:
Sampler Netflow1
mode random one-out-of 100
interface fastethernet 1/0
flow-sampler netflow1
Which are two results of implementing this feature instead of traditional NetFlow? (Choose two) Only the flows of top 100 talkers are exported CPU and memory utilization are reduced the data export flow is more securet The accuracy of the data to be analyzed is improved The number of packets to be analyzed are reduced.
Refer to the exhibit.
Which command set must be added to the configuration to analyze 50 packets out of every 100? A B C D.
Refer to the exhibit. How can you configure a second export destination for IP address 192.168.10.1?
configure terminal
ip flow-export destination 192.168.10.1 9991
ip flow-export version 9
Specify a different TCP port Specify a different UDP port Specify a VRF Configure a version 5 flow-export to the same destination Specify a different flow ID.
A network is being migrated from IPv4 to IPv6 using a dual-stack approach. Network management is already 100% IPv6 enabled. In a dual-stack network with two dual-stack NetFlow collections, how many flow exporters are needed per network device in the flexible NetFlow configuration? 1 2 4 8.
Refer to the exhibit.
An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm? SPAN session 1 monitors activity on VLAN 50 of a remote switch SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15. RSPAN session 1 is incompletely configured for monitoring.
Refer to the exhibit.
lan 222
remote-span
!
vlan 223
remote-span
!
monitor session 1 source interface FastEthernet0/1 tx
monitor session 1 source interface FastEthernet0/2 rx
monitor session 1 source interface port-channel 5
monitor session 1 destination remote vlan 222
monitor session 1 source interface FastEthernet0/1 rx monitor session 1 source interface port-channel 6 monitor session 1 source vlan 10 monitor session 1 source interface port-channel 7, port-channel 8.
Refer to the exhibit.
monitor session 1 source vlan 10 -12 rx
monitor session 1 destination interface gigabitethernet0/1
An engineer must configure a SPAN session. What is the effect of the configuration? Traffic sent on VLANs 10, 11, and 12 is copied and sent to interface g0/1. Traffic sent on VLANs 10 and 12 only is copied and sent to interface g0/1. Traffic received on VLANs 10 and 12 only is copied and sent to interface g0/1. Traffic received on VLANs 10, 11, and 12 is copied and sent to interface g0/1.
Refer to the exhibit.
vlan 222
remote-span
!
vlan 223
remote-span
!
monitor session 1 source interface FastEthernet0/1 tx
monitor session 1 source interface FastEthernet0/2 rx
monitor session 1 source interface port-channel 5
monitor session 1 destination remote vlan 222
!
What is the result when a technician adds the monitor session 1 destination remote vlan 223 command? The RSPAN VLAN is replaced by VLAN 223 RSPAN traffic is sent to VLANs 222 and 223 An error is flagged for configuring two destinations RSPAN traffic is split between VLANs 222 and 223.
Which feature must be configured to allow packet capture over Layer 3 infrastructure? VSPAN IPSPAN RSPAN ERSPAN.
Which statement about an RSPAN session configuration is true? A fitter must be configured for RSPAN Regions Only one session can be configured at a time A special VLAN type must be used as the RSPAN destination. Only incoming traffic can be monitored.
Refer to the exhibit. R1 is able to ping the R3 fa0/1 interface. Why do the extended pings fail? The DF bit has been set R2 and R3 do not have an OSPF adjacency the maximum packet size accepted by the command is 1476 bytes R3 is missing a return route to 10.99.69.0/30.
Which two statements about AAA authentication are true? (Choose two) RADIUS authentication queries the router’s local username database TACACS+ authentication uses an RSA server to authenticate users Local user names are case-insensitive Local authentication is maintained on the router KRB5 authentication disables user access when an incorrect password is entered.
A network administrator applies the following configuration to an IOS device.
aaa new-model
aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device? A TACACS+ server is checked first. If that check fail, a database is checked A TACACS+ server is checked first. If that check fail, a RADIUS server is checked. If that check fail, a local database is checked A local database is checked first. If that fails, a TACACS+server is checked, if that check fails, a RADIUS server is checked A local database is checked first. If that check fails, a TACACS+server is checked.
The login method is configured on the VTY lines of a router with these parameters.
– The first method for authentication is TACACS
– If TACACS is unavailable, login is allowed without any provided credentials
Which configuration accomplishes this task? R1#sh run | include aaa
aaa new-model
aaa authentication login VTY group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
password 7 0202039485748
R1#sh run | include aaa
aaa new-model
aaa authentication login default group tacacs+
aaa session-id common
R1#sh run | section vty
line vty 0 4
transport input none
R1#sh run | include aaa
aaa new-model
aaa authentication login default group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
password 7 0202039485748
R1#sh run | include aaa
aaa new-model
aaa authentication login telnet group tacacs+ none
aaa session-id common
R1#sh run | section vty
line vty 0 4
R1#sh run | include username
.
Refer to the exhibit.
aaa new-model
aaa authentication login authorizationlist tacacs+
tacacs-server host 192.168.0.202
tacacs-server key ciscotestkey
line vty 0 4
login authentication authorizationlist
What is the effect of the configuration? The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey the device will allow only users at 192 168.0.202 to connect to vty lines 0 through 4 When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+.
Refer to the exhibit.
aaa new-model
aaa authentication login default local-case enable
aaa authentication login ADMIN local-case
username CCNP secret Str0ngP@ssw0rd!
line 0 4
login authentication ADMIN
An engineer must create a configuration that executes the show run command and then terminates the session when user CCNP logs in. Which configuration change is required?
Add the autocommand keyword to the aaa authentication command Add the access-class keyword to the aaa authentication command Add the access-class keyword to the username command Add the autocommand keyword to the username command.
Refer to the exhibit. Cisco local 0 Cisco Tommy.
Which two GRE features are configured to prevent fragmentation? (Choose two) TCP window size TCP MSS IP MTU DF bit Clear MTU ignore PMTUD.
Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel? MTU Window size MRU MSS.
Refer to exhibit.
MTU has been configured on the underlying physical topology, and no MTU command has been configured on the tunnel interfaces. What happens when a 1500-byte IPv4 packet traverses the GRE tunnel from host X to host Y, assuming the DF bit is cleared? The packet arrives on router C without fragmentation. The packet is discarded on router A The packet is discarded on router B The packet arrives on router C fragmented.
Which statement about dynamic GRE between a headend router and a remote router is true? The headend router learns the IP address of the remote end router statically A GRE tunnel without an IP address has a status of administratively down GRE tunnels can be established when the remote router has a dynamic IP address The remote router initiates the tunnel connection.
A GRE tunnel is down with the error message %TUN-5-RECUR DOWN:
Tunnel0 temporarily disabled due to recursive routing error.
Which two options describe possible causes of the error? (Choose two) Incorrect destination IP addresses are configured on the tunnel There is link flapping on the tunnel There is instability in the network due to route flapping The tunnel mode and tunnel IP address are misconfigured The tunnel destination is being routed out of the tunnel interface.
Refer to the exhibit. A network engineer configures a GRE tunnel and enters the show interface tunnel command. What does the output confirm about the configuration? the keepalive value is modified from the default value. Interface tracking is configured. The tunnel mode is set to the default. The physical interface MTU is 1476 bytes.
Refer to the exhibit.
Which command must be applied to Router1 to bring the GRE tunnel to an up/up state? Router1(config-if)#tunnel source Loopback0 Router1(config-if)#tunnel source GigabitEthernet0/1 Router1(config-if)#tunnel mode gre multipoint Router1(config)#interface tunnel0.
Refer to the exhibit.
> Frame 24: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface 0
> Ethernet II, Src: 50:00:00:01:00:01 (50:00:00:01:00:01), Dst: 50:00:00:02:00:01 (50:00:00:02:00:01)
> Internet Protocol Version 4, Src: 209.165.202.130, Dst: 209.165.202.134
> Generic Routing Encapsulation (IP)
> Internet Protocol Version 4, Src: 10.111.111.1, Dst: 10.111.111.2
> Internet Control Message Protocol
A GRE tunnel has been created between HQ and BR routers. What is the tunnel IP on the HQ router?
209.165.202.130 10.111.111.2 10.111.111.1 209.165.202.134.
Refer to the exhibit. Option A
interface Tunnel1
ip address 209.165.202.130 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel destination 209.165.202.129
Option B
interface Tunnel1
ip address 10.111.111.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 209.165.202.133
Option C
interface Tunnel1
ip address 10.111.111.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 209.165.202.134
Option D
interface Tunnel1
ip address 10.111.111.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 209.165.202.129
.
Which IPv6 migration method relies on dynamic tunnels that use the 2002::/16 reserved address space? 6RD 6to4 ISATAP GRE.
Refer to the exhibit.
access-list 1 permit 172.16.1.0 0.0.0.255
ip nat inside source list 1 interface gigabitethernet0/0 overload
The inside and outside interfaces in the NAT configuration of this device have been correctly identified. What is the effect of this configuration? dynamic NAT static NAT PAT NAT64.
Refer to the exhibit. What are two effect of this configuration? (Choose two)
access-list 1 permit 10.1.1.0 0.0.0.31
ip nat pool CISCO 209.165.201.1 209.165.201.30 netmask 255.255.255.224
ip nat inside source list 1 pool CISCO Inside source addresses are translated to the 209.165.201.0/27 subnet It establishes a one-to-one NAT translation The 10.1.1.0/27 subnet is assigned as the inside global address range The 209.165.201.0/27 subnet is assigned as the outside local address range The 10.1.1.0/27 subnet is assigned as the inside local addresses.
Refer to the exhibit.
R1(config)# ip nat inside source static 10.70.5.1 10.45.1.7
A network architect has partially configured static NAT. which commands should be asked to complete the configuration?
A.
R1(config)#interface GigabitEthernet0/0
R1(config)#ip pat outside
R1(config)#interface GigabitEthernet0/1
R1(config)#ip pat inside
B.
R1(config)#interface GigabitEthernet0/0
R1(config)#ip nat outside
R1(config)#interface GigabitEthernet0/1
R1(config)#ip nat inside
C.
R1(config)#interface GigabitEthernet0/0
R1(config)#ip nat inside
R1(config)#interface GigabitEthernet0/1
R1(config)#ip nat outside
D.
R1(config)#interface GigabitEthernet0/0
R1(config)#ip pat inside
R1(config)#interface GigabitEthernet0/1
R1(config)#ip pat outside
.
Refer to the exhibit.
interface FastEthernet0/1
ip address 209.165.200.225 255.255.255.224
ip nat outside
!
interface FastEthernet0/2
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
access-list 10 permit 10.10.10.0 0.0.0.255
!
Which command allows hosts that are connected to FastEthernet0/2 to access the Internet? ip nat inside source list 10 interface FastEthernet0/1 overload ip nat outside source static 209.165.200.225 10.10.10.0 overload ip nat inside source list 10 interface FastEthernet0/2 overload ip nat outside source list 10 interface FastEthernet0/2 overload.
Refer to the exhibit.
An engineer must allow all users in the 10.2.2.0/24 subnet to access the Internet. To conserve address space, the public interface address of 209.165.201.1 must be used for all external communication. Which command set accomplishes these requirements?
Option A
access-list 10 permit 10.2.2.0 0.0.0.255
interface G0/3
ip nat outside
interface G0/2
ip nat inside
ip nat inside source list 10 interface G0/2 overload
Option B
access-list 10 permit 10.2.2.0 0.0.0.255
interface G0/3
ip nat outside
interface G0/2
ip nat inside
ip nat inside source list 10 209.165.201.1
Option C
access-list 10 permit 10.2.2.0 0.0.0.255
interface G0/3
ip nat outside
interface G0/2
ip nat inside
ip nat inside source list 10 interface G0/3
Option D
access-list 10 permit 10.2.2.0 0.0.0.255
interface G0/3
ip nat outside
interface G0/2
ip nat inside
ip nat inside source list 10 interface G0/3 overload
.
What is the primary effect of the spanning-tree portfast command? It enables BPDU messages It minimizes spanning-tree convergence time It immediately puts the port into the forwarding state when the switch is reloaded It immediately enables the port in the listening state.
Refer to the exhibit.
%PM-SP-4-ERR_DISABLE: bpduguard error detected on Gi0/0, putting Gi0/0 in err-disable state.
Which command set resolves this error? A.
Sw1(config)# interface G0/0
Sw1(config-if)# no spanning-tree bpduguard enable
Sw1(config-if)# shut
Sw1(config-if)# no shut
B.
Sw1(config)# interface G0/0
Sw1(config-if)# spanning-tree bpduguard enable
Sw1(config-if)# shut
Sw1(config-if)# no shut
C.
Sw1(config)# interface G0/1
Sw1(config-if)# spanning-tree bpduguard enable
Sw1(config-if)# shut
Sw1(config-if)# no shut
D.
Sw1(config)# interface G0/0
Sw1(config-if)# no spanning-tree bpdufilter
Sw1(config-if)# shut
Sw1(config-if)# no shut
.
Refer to the exhibit. Link1 is a copper connection and Link2 is a fiber connection. The fiber port must be the primary port for all forwarding. The output of the show spanning-tree command on SW2 shows that the fiber port is blocked by spanning tree. An engineer enters the spanning-tree port-priority 32 command on G0/1 on SW2, but the port remains blocked.
SW2#show spanning-tree
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 24596
Address 0018.7363.4300
Cost 2
Port 13 (GigabitEthernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28692 (priority 28672 sys-id-ext 20)
Address 001b.0d8e.e080
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
---------- ---- ---- ---- -------- ----
Gi0/0 Root FWD 4 128.1 P2p
Gi0/1 Atln BLK 4 32.2 P2p
Which command should be entered on the ports that are connected to Link2 to resolve the issue? Enter spanning-tree port-priority 32 on SW1 Enter spanning-tree port-priority 224 on SW1 Enter spanning-tree port-priority 4 on SW2 Enter spanning-tree port-priority 64 on SW2.
What would be the preferred way to implement a loopless switch network where there are 1500 defined VLANs and it is necessary to load the shared traffic through two main aggregation points based on the VLAN identifier? 802.1D 802.1s 802.1W 802.1AE.
Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20? (Choose two) spanning-tree mstp 1 priority 0 spanning-tree mst 1 root primary spanning-tree mst vlan 10,20 priority root panning-tree mst 1 priority 4096 spanning-tree mst 1 priority 1 spanning-tree mstp vlan 10,20 root primary.
Refer to the exhibit. Assuming all links are functional, which path does PC1 take to reach DSW1? PC1 goes from ALSW1 to DSW1 PC1 goes form ALSW1 to DSW2 to ALSW2 to DSW1 PC1 goes from ALSW1 to DSW2 to Core to DSW1 PC1 goes from ALSW1 to DSW2 to DSW1.
In a traditional 3 tier topology, an engineer must explicitly configure a switch as the root bridge and exclude it from any further election process for the spanning-tree domain. Which action accomplishes this task? Configure the spanning-tree priority to 32768 Configure root guard and portfast on all access switch ports Configure BPDU guard in all switch-to-switch connections Configure the spanning-tree priority equal to 0.
Refer to the exhibit.
DSW2#
*Mar 3 09:33:23.234: #SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa1/0/7 with BPDU Guard enabled. Disabling port.
*Mar 3 09:33:23.234: %PM-4-ERR_DISABLE: bpduguard error detected on Fa1/0/7, putting Fa1/0/7 in err-disable state
*Mar 3 09:33:23.678: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Fa1/0/7 with BPDU Guard enabled. Disabling port.
*Mar 3 09:33:23.679: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/7, changed state to down
*Mar 3 09:33:23.701: %LINK-3-UPDOWN: Interface FastEthernet1/0/7, changed state to down
An engineer entered the no spanning-tree bpduguard enable on interface fa1/0/7 command. Which statement describes the effect of this command? Fa1/0/7 remains in err-disabled state until the shutdown/no shutdown command is entered in the interface configuration mode Interface Fa1/0/7 remains in err-disabled state until the errdisable recovery cause bpduguard command is entered in the interface configuration mode Fa1/0/7 remains in err-disabled state until the errdisable recovery bpduguard command is entered in the interface configuration mode interface Fa1/0/7 remains in err-disabled state until the spanning-tree portfast bpduguard disable command is entered in the interface configuration mode Interface Fa1/0/7 returns to an up and operational state.
|
