300-101 Updated All Question PDF

(75 Questions)

Revised 1/27
New Question 1:
Refer to the following access list.
access-list 100 permit ip any any log
After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to
99 percent. What is the reason for this?
A. A packet that matches access-list with the log keyword is Cisco Express Forwarding switched.
B. A packet that matches access-list with the log keyword is fast switched.
C. A packet that matches access-list with the log keyword is process switched.
D. A large amount of IP traffic is being permitted on the router.
Correct Answer: C

New Question 2:
What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router,
accomplish?
router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log
router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log
router (config)#access-list 101 permit ip any any
router (config)#interface fastEthernet 1/0
router (config-if)#ip access-group 101 in
A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-
192.168.255.255 and logs any intrusion attempts.
B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.
C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.
D. It prevents private internal addresses to be accessed directly from outside.
Correct Answer: C

New Question 3:
A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an
alternative to powering down the active router and letting the network respond accordingly. Which action will allow for
manual switching of HSRP nodes?
A. Track the up/down state of a loopback interface and shut down this interface during maintenance.
B. Adjust the HSRP priority without the use of preemption.
C. Disable and enable all active interfaces on the active HSRP node.
D. Enable HSRPv2 under global configuration, which allows for maintenance mode.
Correct Answer: A

New Question 4:
Which two commands would be used to troubleshoot high memory usage for a process? (Choose two.)
A. router#show memory allocating-process table
B. router#show memory summary
C. router#show memory dead
D. router#show memory events
E. router#show memory processor statistics
Correct Answer: A,B
New Question 6:
The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources.
Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose
three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
Correct Answer: Answer: A,C,D

New Question 7:
A network engineer has set up VRF-Lite on two routers where all the interfaces are in the same VRF. At a later time, a
new loopback is added to Router 1, but it cannot ping any of the existing interfaces. Which two configurations enable the
local or remote router to ping the loopback from any existing interface? (Choose two.)

A. adding a static route for the VRF that points to the global route table
B. adding the loopback to the VRF
C. adding dynamic routing between the two routers and advertising the loopback
D. adding the IP address of the loopback to the export route targets for the VRF
E. adding a static route for the VRF that points to the loopback interface
F. adding all interfaces to the global and VRF routing tables
Correct Answer: A,B

New Question 8:
Which three benefits does the Cisco Easy Virtual Network provide to an enterprise network? (Choose three.)
A. simplified Layer 3 network virtualization
B. improved shared services support
C. enhanced management, troubleshooting, and usability
D. reduced configuration and deployment time for dot1q trunking
E. increased network performance and throughput
F. decreased BGP neighbor configurations
Correct Answer: A,B,C

New Question 7:
Which PPP authentication method sends authentication information in cleartext?
A. MS CHAP
B. CDPCP
C. CHAP
D. PAP
Correct Answer: D

New Question 9:
On which two types of interface is Frame Relay switching supported? (Choose two.)
A. serial interfaces
B. Ethernet interfaces
C. fiber interfaces
D. ISDN interfaces
E. auxiliary interfaces
Correct Answer: A,D

New Question 10:

Which two statements about AAA implementation in a Cisco router are true? (Choose two.)
A. RADIUS is more flexible than TACACS+ in router management.
B. RADIUS and TACACS+ allow accounting of commands.
C. RADIUS and TACACS+ encrypt the entire body of the packet.
D. RADIUS and TACACS+ are client/server AAA protocols.
E. Neither RADIUS nor TACACS+ allow for accounting of commands.
Correct Answer: B,D

New Question 11:

Which option represents the minimal configuration that allows inbound traffic from the 172.16.1.0/24 network to
successfully enter router R, while also limiting spoofed 10.0.0.0/8 hosts that could enter router R?
A. (config)#ipcef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx allow-default

B. (config)#ipcef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx

C. (config)#no ipcef
(config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via rx

D. (config)#interface fa0/0
(config-if)#ip verify unicast source reachable-via any
Correct Answer: A

New Question 12:

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced
from the workstation with IP address 10.10.10.1?
A. ip access-list extended 200
deny tcp host 10.10.10.1 eq 80 any
permit ip any any
B. ip access-list extended 10
deny tcp host 10.10.10.1 any eq 80
permit ip any any
C. ip access-list extended NO_HTTP
deny tcp host 10.10.10.1 any eq 80
D. ip access-list extended 100
deny tcp host 10.10.10.1 any eq 80
permit ip any any
Correct Answer: D
New Question 13:
Which easy virtual networking configuration component significantly decreases network configuration?
A. Easy Trunk
B. Dot1e
C. Virtual Network Trunk
D. VNET Tags
E. MBGP
Correct Answer: C

New Question 14:

In which two ways can split horizon issues be overcome in a Frame Relay network environment? (choose two.)
A. Configuring one physical serial interface with Frame Relay to various remote sites.
B. Configure a loopback interface with Frame Relay to various remote sites.
C. Configuring multiple subinterfaces on a single physical interface to various remote sites.
D. Enabling split horizon.
E. Disabling split horizon
Correct Answer: C,E
New Question 15:
What is the administrative distance for EBGP?
A. 200
B. 30
C. 70
D. 20
Correct Answer: D

New Question 16:

Which three IP SLA performance metrics can you use to monitor enterprise-class networks? (Choose three.)
A. Delay
B. Reliability
C. Packet loss
D. Traps
E. Connectivity
F. Bandwidth
Correct Answer: A,C,E

New Question 17:

What command can you enter to configure an enable password that uses an encrypted password from another
configuration?
A. enable secret $abc%!e.Cd34$!ao0
B. enable secret 7 Sabc%!e.Cd34$!ao0
C. enable secret 0 Sabc%U*.Cd34$!ao0
D. enable secret 5 $abc%!e.Cd34$!ao0
E. enable secret 15 $abc%ie.Cd34$!ao0
F. enable secret 6 $abc%!e.Cd34$!ao0
Correct Answer: D
New Question 18:
A network engineer wants to notify a manager in the events that the IP SLA connection loss threshold reached. Which
two features are needed to implement this function? (choose two)
A. MOS
B. Threshold action
C. Cisco EEM
D. SNMP traps
E. IOS
Correct Answer: B,D
New Question 19:
At which layer does Cisco Express Forwarding use adjacency tables to populate addressing information?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Correct Answer: B

New Question 20:

When the tunnel interface is configured in default mode, which statement about routers and the tunnel destination
address is true?
A. The router must have a route installed towards the tunnel destination
B. The router must have wccp redirects enabled inbound from the tunnel destination
C. The router must have cisco discovery protocol enabled on the tunnel to form a CDP neighborship with the tunnel
destination
D. The router must have redirects enabled outbound towards the tunnel destination
Correct Answer: A

New Question 21:

A question in regards to the output of show crypto isakmp sa? (Sorry dont have the exact quest.)
A. Ipsec configuration not compatible
B. Isakmp not compatible.
C. Isakmp is not enabled.
D. Isakmp is default mode
Correct Answer: D

New Question 22:

In Rapid-Commit mode , the DHCP client obtain configuration parameters from the server through a rapid two message
exchange. What two messages?
A. SOLICIT
B. ADVERTISE
C. REQUEST
D. CONFIRM
E. RENEW
F. REBIND
G. REPLY
Correct Answer: A, G
New Question 23:
A network administrator notices that the BGP state drops and logs are generated for missing BGP hello keepalives. What
is the potential problem?
A. InCorrect Answer: neighbor options
B. Hello timer mismatch
C. BGP path MTU enabled
D. MTU mismatch
Correct Answer: D

New Question 25:

Refer to the exhibit showing complete command output. What type of OSPF router is Router A?

A. ABR
B. ASBR
C. Edge Router
D. Internal Router
Correct Answer: A

New Question 26:

Refer to the exhibit.
!
Access-list 1 permit 192.168.1.1
access-list 1 deny any
Access-list 2 permit 192.168.1.4
access-list 2 deny any
ntp access-group serve 1
ntp master 4
!
Which three ntp features can be deduced on the router? (choose 3)
A. Only accepts time requests from 192.168.1.1
B. Only handle four requests at a time
C. Only is in stratum 4
D. Only updates its time from 192.168.1.1
E. Only accepts time requests from 192.168.1.4
F. Only updates its time from 192.168.1.4
Correct Answer: A,C,F

New Question 27:

Considering the IPv6 address independence requirements, which process do you avoid when you use NPTv6 for
translation?
A. rewriting of higher layer information
B. checksum verification
C. ipv6 duplication and conservation
D. IPSEC AH header modification
Correct Answer:A
New Question 28:
Which two statements about NTP operation are true? (Choose two.)
A. If multiple NTP servers are configured, the one with the lowest stratum is preferred
B. By default, NTP communications use UDP port 123.
C. If multiple NTP servers are configured, the one with the highest stratum is preferred.
D. Locally configured time overrides time received from an NTP server.
E. Stratum refers to the number of hops between the NTP client and the NTP server.
NTP questions
Correct Answer: A, B

New Question 29:

Which two attributes describe UDP within a TCP/IP network? (Choose two.)
A. Acknowledgments
B. Unreliable delivery
C. Connectionless communication
D. Connection-oriented communication
E. Increased headers
Correct Answer: B, C

New Question 30:

Refer to the following configuration command.
Router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
Which statement about the command is true ?
A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80 is translated to
172.16.10.8:8080.
B. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is transtated to
172.16.10.8:80.
C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8.
D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is redirected to port 8080 or
port 80.
Correct Answer: A
New Question 31:
Which IP SLA operation can be used to measure round-trip delay for the full path and hop-by-hop round-trip delay on
the network?
A. HTTP
B. ICMP path echo
C. TCP connect
D. ICMP echo
Correct Answer: B

New Question 32:

A network engineer wants to display the statistics of an active tunnel on a DMVPN network. Which command should
the administrator execute to accomplish this task?
A. Router#show crypto ipsec sa
B. Router#show crypto isakmp peers
C. Router#show crypto isakmp sa
D. Router#show crypto ipsec transform-set
E. Router#show crypto engine connections active
Correct Answer: A

New Question 33:

Refer to the exhibit.

A network engineer has configured GRE between two IOS routers. The state of the tunnel interface is continuously
oscillating between up and down. What is the solution to this problem?
A. Create a more specific static route to define how to reach the remote router.
B. Create a more specific ARP entry to define how to reach the remote router.
C. Save the configuration and reload the router.
D. Check whether the internet service provider link is stable
Correct Answer: A

New Question 34:

What is the optimal location from which to execute a debug command that produces an excessive amount of information?
A. Vty lines
B. SNMP commands
C. A console port
D. An AUX port
Correct Answer: A

New Question 35:

What is the function of the snmp-server manager command?
A. To disable SNMP messages from getting to the SNMP engine
B. To enable the device to send SNMP traps to the SNMP server
C. To enable the device to send and receive SNMP requests and responses
D. To configure the SNMP server to store log data
Correct Answer: C

New Question 36:

A network engineer receives reports about poor voice quality issues at a remote site. The network engineer does a packet
capture and sees out-of-order packets being delivered. Which option can cause the VOIP quality to suffer?
A. traffic over backup redundant links
B. misconfigured voice vlan
C. speed duplex link issues
D. load balancing over redundant links
Correct Answer: D

New Question 37:

What following parameters for the EIGRP authentication need to match in order for EIGRP neighbors to establish a
neighbor relationship?
A. Autonomous System number.
B. K-Values
C. If authentication is used both: the key number, the password, and the date/time.
D. The neighbors must be on common subnet (all IGPs follow this rule).

Correct Answer: C

New Question 38:

A network administrator creates a static route that points directly to a multiaccess interface, instead of the next-hop IP
address. The administrator notices that Cisco Express Forwarding ARP requests are being sent to all destinations. Which
issue might this configuration create?
A. Low bandwidth usage
B. High memory usage
C. Cisco Express Forwarding routing loop
D. High bandwidth usage
E. IP route interference
Correct Answer: C

New Question 39:

A network engineer is configuring the router for NetFlow data exporting. What is required in order for NDE to begin
exporting data?
A. Source
B. Flow mask
C. Destination
D. Interface type
E. Traffic type
F. NetFlow version
Correct Answer: C
New Question 40:
A network engineer wants to ensure an optimal end-to-end delay bandwidth product. The delay is less than 64 KB.
Which TCP feature ensures steady state throughput?
A. Window scaling
B. Network buffers
C. Round-trip timers
D. TCP acknowledgments
Correct Answer: A

New Question 41:

Reter to the exhibit. Router 1 cannot ping router 2 via the Frame Relay between them. Which two statements describe
the problems? (Chooses two.)

A. Encapsulation is mismatched.
B. Frame Relay map is configured.
C. DLCI is active.
D. DLCI is inactive or deleted.
E. An access list is needed to allow ping.
Correct Answer: A,D

New Question 42:

Which type of IPv6 packet will indicate traffic from single host and single node?
A. Anycast
B. Broadcast
C. Multicast
D. Unicast
Correct Answer: Answer: D

New Question 43
Which two functionalities are specific to stateless NAT64? (Choose two.)
A. No requirement exists for the characteristics of Ipv6 address assignment.
B. It does not conserve Ipv4 addresses.
C. It provides 1-to-1 translation.
D. It uses address overloading.
E. State or bindings are created on the translation.
Correct Answer: B,C

New Question 44
Other than a working EIGRP configuration, which option must be the same on all routers for EIGRP authentication key
rolleover to work correctly?
A. SMTP
B. SNMP
C. Passwords
D. Time
Correct Answer: D

New Question 45
Refer to the Exhibit

Dest src state conn-id slot status

172.31.1.1 172.16.30.1 QM_IDLE 3 0 Active

A network engineer is troubleshooting a DMVPN setup between the hub and the spoke. The engineer executes the
command show crypto isakmp sa and observes the output that is displayed. What is the problem?
A. That ISAKMP is not enabled
B. That ISAKMP is using default settings
C. An incompatible IP sec transform set
D. An incompatible ISAKMP policy
Corect Answer: B

New Question 46
In which form does PAP authentication send the username and password across the link?
A. Encrypted
B. Password protected
C. Clear text
D. Hashed
Correct Answer: C

Question 47:
An engineer is using a network sniffer to troubleshoot DHCPv6 between a router and hosts on the LAN with the
following configuration:
Interface Ethernet0
Ipv6 dhcp server DHCPSERVERPOOL rapid-commit
!
Which two DHCPv6 messages will appear in the sniffer logs?
A. reply
B. request
C. advertise
D. acknowledge
E. solicit
F. accept
Correct Answer: A,E

New Question 48:

New Question 49:

How should a router that is being used in a Frame Relay network be configured to keep split horizon issues from
preventing routing updates?
A. Configure a separate subinterface for each PVC with a unique DLCI and subnet assigned to the subinterface.
B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.
C. Configure many subinterfaces in the same subnet.
D. Configure a single subinterface to establish multiple PVC connections to multiple remote router interfaces.
Correct Answer: A

New Question 50
Which mode of uRPF causes a router interface to accept a packet, if the network to which the packets source IP address
belongs is found in the routers FIB?
A. Strict mode
B. Loose mode
C. Auto mode
D. Desirable mode
Correct Answer: B

New Question 51
Which of the following are characteristics of TACACS+? (Choose two.)
A. Uses UDP
B. Encrypts an entire packet
C. Offers robust accounting
D. Cisco-proprietary
Correct Answer: B,D

New Question 52
Which two options are causes of out-of-order packets? (Choose two.)
A. a routing loop
B. a router in the packet flow path that is intermittently dropping packets
C. high latency
D. packets in a flow traversing multiple paths through the network.
E. some packets in a flow being process-switched and others being interrupt-switched on a
transit Router.
Correct Answer: D,E

New Question 53
Your company uses Voice over IP (VoIP). The system sends UDP datagrams containing the voice data between
communicating hosts. When areas of the network become busy, some of the datagrams arrive at their destination out of
order. What happens when this occurs?
A. UDP will send an ICMP Information request message to the source host.
B. UDP will pass the information in the datagrams up to the next OSI layer in the order in
which they arrive.
C. UDP will drop the datagrams that arrive out of order.
D. UDP will use the sequence numbers in the datagram headers to reassemble the data
Correct Answer: B

New Question 54:

Which alerts will be seen on the console when running the command: logging console warnings?
A. warnings only
B. warnings, notifications, error, debugging, informational
C. warnings, errors, critical, alerts, emergencies
D. notifications, warnings, errors
E. warnings, errors, critical, alerts
Correct Answer: C

New Question 55:

Which IP SLA operation requires Cisco endpoints?
A. UDP Jitter for VoIP
B. ICMP Path Echo
C. ICMP Echo
D. UDP Jitter
Correct Answer: A

New Question 56:

Meaning of priority 0 configured in ospf router?
(Not enough information with the answer choices. Please refer to the explanation for information)
Explanation: If needed, you can set the priority value to 0 in order to configure a router to never become a DR/BDR.
This is necessary in hub and spoke networks where the hub should be configured to become the DR, where as the spokes
should neither be DR nor BDR.
New Question 57:
What is not supported by Unicast Reverse Path Forwarding interface?
A. Ping to self router
B. Default Route
C. ACL access
D. Searchable both
Correct Answer: C

New Question 58

A question about how ALWAYS block the outbound web traffic on Saturdays and Sunday between 1:00 AM to 23:59
AM.

A. absolute sat sun 01:00 23:59

B. periodic sat sun 01:00 23.59
C. periodic Saturday Sunday 01:00 to 11:59
D. Not sure about the answer option.

Correct Answer: C
New Question 59

Which two phases of DMPVN allow the spoke site to create dynamic tunnels to one other (Choose 2)?

A. Phase 1
B. Phase 2
C. Phase 3
D. Phase 4
E. Phase 5

Correct Answer: B, C

New Question 60

Which OSPF network type doesnt require a DR election?

A. Broadcast
B. Point to point
C. Non-Broadcast
D. Point-to-multipoint

Correct Answer: B,D

New Question 61

Which command configures a PPPoE client and specifies dial-on-demand routing functionality?

A.pppoe-client dial-pool-number
B.PPPoE enable
C.interface dialer 1
D.encapsulation PPP

Correct Answer: A

New Question 62

A network engineer implemented Cisco EVN. Which feature implements shared services support?

A. edge interfacing
B. tunnel feedback
C. route replication
D. route redistribution.

Correct Answer: C

New Question 63

A Configuration snippet in regards to ip sla network

A. apply the ipv6 acl under a vty

B. ip access-class
C. ipv6 access-class in
D. access-list IN
E. access list OUT
New Question 64

In regards to CEF (Cisco Express Forwarding) with a highlight of a configuration snippet valid punt adjacency.

Correct Answer: not supported in CEF, forward to the next switching layer

New Question 65

Eigrp is implemented in a frame relay network but there is no adjacency. Which options cause the adjacency to come up?
(choose 2)

Correct Answer: disable split horizon, use neighbor command

New Question 66

What is uRPF checking first when the packet enters the interface?

A. Access list ingress

B. Access list egress
C. Route available in FIB or It verifies a reverse patch via the fib to the source
D. It verifies that the source has a ??? EED adjacency

Correct Answer: C

New Question 67

A network engineer applies the command ip tcp adjust-mss under interface configuration mode. What is the result?

A. The probability of SYN packet truncation is increased.

B. The UDP session is inversely affected.
C. The probability of dropped or segmented TCP packets is decreased
D. The optimum MTU value for the interface is set.

Correct Answer: C

New Question 68

Which command instruct a PPPoE client to obtain its IP address from the PPPoE server?

A. Interface dialer
B. IP address negotiated
C. PPPOE enable
D. Not Sure

Correct Answer: B
New Question 69

Refer to the following configuration command.

Router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80

Which statement about the command is true?

A. Any packet that is received in the inside interface with a source IP port address of
172.16.10.8:80 is translated to 172.16.10.8:8080.
B. Any packet that is received in the inside interface with a source IP port address of
172.16.10.8:8080 is translated to 172.16.10.8:80
C. The router accepts only a TCP connection from port 8080 and port 80 on IP address
172.16.10.8.
D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8
is redirected to port 8080 or port 80.

Correct Answer: B

New Question 70

Always block the outbound web traffic on Saturdays and Sunday between 1:00 to 23:59 with 4 options

Correct Answer: Absolute Saturday Sunday 01:00 to 11:59 (Do not confuse it with periodic Saturday Sunday 01:00 to
23:59)

New Question 71

Refer to the exhibit

Which two options are the causes for IP SLA tracking to fail? (Choose 2)

A. The source-interface is configured incorrectly.

B. The destination must be 172.30.30.2 for icmp-echo.
C. A route back to the R1 LAN network is missing in R2.
D. The default route has wrong next hop IP address.
E. The threshold value is wrong.

Correct Answer: A, C

New Question 72

A network engineer recently deployed Easy Virtual Networking in the enterprise network. Which feature improves the
service support??

A. edge interfacing,
B. tunnel feedback,
C. route replication
D. route distinguisher

Correct Answer: C

New Question 73

A question in regards to allowing website access between certain times

Correct Answer: Filters using Time-Based ACLs

New Question 74

A network engineer enable OSPF on a Frame Relay WAN connection to various remote sites, but no OSPF adjacencies
come up. Which two action are possible solution for this issue (Choose 2)

A. Change the network type to point-to-multipoint under WAN interface.

B. Enable virtual links.
C. Change the network type to nonbroadcast multipoint access.
D. Configure the neighbor command under OSPF process for each remote site.
E. Ensure that the OSPF process number matches among all remote sites.

Correct Answer: A, D

New Question 75

There is a question about applying an IPv6 access-list to block traffic INBOUND telnet and interface

Correct Answer: There are 5 answer options 3 being output and 2 being inbound. The two inbound options are the
correct answers