ccnp 300 101 pdf (49 to 64)

we provide Practical Cisco ccnp 300 101 dumps exam question which are the best for clearing ccnp route 300 101 dumps pdf test, and to get certified by Cisco Implementing Cisco IP Routing. The ccnp route 300 101 dumps pdf Questions & Answers covers all the knowledge points of the real ccnp 300 101 exam. Crack your Cisco ccnp routing and switching route 300 101 Exam with latest dumps, guaranteed!

If you would certainly such as to recognize more concerning 300-101 exam, call us or merely visit us at our internet 2PASSEASY.COM site.

Q49. Refer to the following command: router(config)# ip http secure-port 4433 

Which statement is true? 

A. The router will listen on port 4433 for HTTPS traffic. 

B. The router will listen on port 4433 for HTTP traffic. 

C. The router will never accept any HTTP and HTTPS traffic. 

D. The router will listen to HTTP and HTTP traffic on port 4433. 



To set the secure HTTP (HTTPS) server port number for listening, use the ip http secure-port

command in global configuration mode. To return the HTTPS server port number to the default, use the no

form of this command. ip http secure-port port-number no ip http secure-port Syntax Description port-

Integer in the range of 0 to 65535 is accepted, but the port number must be number higher than 1024

unless the default is used. The default is 443. Reference:

https/command/nm-https-cr-cl- sh.html#wp3612805529

Q50. A network engineer is investigating the cause of a service disruption on a network segment and executes the debug condition interface fastethernet f0/0 command. In which situation is the debugging output generated? 

A. when packets on the interface are received and the interface is operational 

B. when packets on the interface are received and logging buffered is enabled 

C. when packets on the interface are received and forwarded to a configured syslog server 

D. when packets on the interface are received and the interface is shut down 



Q51. A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner? 


B. dot1x 

C. IPsec 





With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on

an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the

remote device. The CHAP packet requests or "challenges" the remote device to respond. The challenge

packet consists of an ID, a random number, and the host name of the local router. When the remote device

receives the challenge packet, it concatenates the ID, the remote device's password, and the random

number, and then encrypts all of it using the remote device's password. The remote device sends the

results back to the access server, along with the name associated with the password used in the

encryption process. When the access server receives the response, it uses the name it received to retrieve

a password stored in its user database. The retrieved password should be the same password the remote

device used in its encryption process. The access server then encrypts the concatenated information with

the newly retrieved password--if the result matches the result sent in the response packet, authentication

succeeds. The benefit of using CHAP authentication is that the remote device's password is never

transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access

to the ISP's network. Reference:

guide/fsecur_c/ ml

Q52. Refer to the exhibit. 

A network administrator checks this adjacency table on a router. What is a possible cause for the incomplete marking? 

A. incomplete ARP information 

B. incorrect ACL 

C. dynamic routing protocol failure 

D. serial link congestion 



To display information about the Cisco Express Forwarding adjacency table or the hardware Layer 3-

switching adjacency table, use the show adjacency command.

Reasons for Incomplete Adjacencies

There are two known reasons for an incomplete adjacency:

The router cannot use ARP successfully for the next-hop interface.

After a clear ip arp or a clear adjacency command, the router marks the adjacency as incomplete. Then it

fails to clear the entry.

In an MPLS environment, IP CEF should be enabeled for Label Switching. Interface level command ip

route-cache cef No ARP Entry When CEF cannot locate a valid adjacency for a destination prefix, it punts

the packets to the CPU for ARP resolution and, in turn, for completion of the adjacency.



Q53. Which PPP authentication method sends authentication information in clear text? 







PAP authentication involves a two-way handshake where the username and password are

sent across the link in clear text; hence, PAP authentication does not provide any protection against

playback and line sniffing. CHAP authentication, on the other hand, periodically verifies the identity of the

remote node using a three-way handshake. After the PPP link is established, the host sends a "challenge"

message to the remote node. The remote node responds with a value calculated using a one-way hash

function. The host checks the response against its own calculation of the expected hash value. If the

values match, the authentication is acknowledged; otherwise, the connection is terminated. Reference: ppp-callinhostname.


Q54. Refer to the exhibit. Which statement about the configuration is true? 

A. 20 packets are being sent every 30 seconds. 

B. The monitor starts at 12:05:00 a.m. 

C. Jitter is being tested with TCP packets to port 65051. 

D. The packets that are being sent use DSCP EF. 



Q55. Which type of traffic does DHCP snooping drop? 

A. discover messages 

B. DHCP messages where the source MAC and client MAC do not match 

C. traffic from a trusted DHCP server to client 

D. DHCP messages where the destination MAC and client MAC do not match 



The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping

enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):

The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY

packet) from a DHCP server outside the network or firewall.

The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client

hardware address do not match. This check is performed only if the DHCP snooping MAC address

verification option is turned on. · The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.

The switch receives a DHCP packet that includes a relay agent IP address that is not To support

trusted edge switches that are connected to untrusted aggregation-switch ports, you can enable the DHCP

option-82 on untrusted port feature, which enables untrusted aggregation- switch ports to accept DHCP

packets that include option-82 information. Configure the port on the edge switch that connects to the

aggregation switch as a trusted port. Reference: http://

catalyst6500/ios/12- 2SX/configuration/guide/book/snoodhcp.html

Topic 7, Mix Questions 

83. Which two commands would be used to troubleshoot high memory usage for a process? (Choose two.) 

A. router#show memory allocating-process table 

B. router#show memory summary 

C. router#show memory dead 

D. router#show memory events 

E. router#show memory processor statistics 

Answer: A,B 


Q56. Scenario: 

You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command. 

How many times was SPF algorithm executed on R4 for Area 1? 

A. 1 

B. 5 

C. 9 

D. 20 

E. 54 

F. 224 



Q57. A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present? 

A. DHCPv6 request 

B. router-advertisement 

C. neighbor-solicitation 

D. redirect 



Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled

interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin

the process by generating a link-local address for the interface. It is formed by appending the interface

identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of

the link-local prefix. Before the link-local address can be assigned to the interface, the node performs the

Duplicate Address Detection mechanism to see if any other node is using the same link-local address on

the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative"

address and destination address as the solicited-node multicast address corresponding to this tentative

address. If a node responds with a Neighbor Advertisement message with tentative address as the target

address, the address is a duplicate address and must not be used. Hence, manual configuration is

required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local

address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The

autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The

routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.

The next phase involves obtaining Router Advertisements from routers if any routers are present on the

link. If no routers are present, a stateful configuration is required. If routers are present, the Router

Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global

unicast IPv6 address. Reference:

ipv6-stateless- autoconfiguration

Q58. To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security level. What effect does this action have on the SNMP messages? 

A. They become unauthenticated and unencrypted. 

B. They become authenticated and unencrypted. 

C. They become authenticated and encrypted. 

D. They become unauthenticated and encrypted. 



Q59. Refer to the following output: 

Router#show ip nhrp detail via, Tunnel1 created 00:00:12, expire 01:59:47 

TypE. dynamic, Flags: authoritative unique nat registered used 

NBMA address: 

What does the authoritative flag mean in regards to the NHRP information? 

A. It was obtained directly from the next-hop server. 

B. Data packets are process switches for this mapping entry. 

C. NHRP mapping is for networks that are local to this router. 

D. The mapping entry was created in response to an NHRP registration request. 

E. The NHRP mapping entry cannot be overwritten. 



Show NHRP: Examples

The following is sample output from the show ip nhrp command:

Router# show ip nhrp, tunnel 100 created 0:00:43 expire 1:59:16 Type: dynamic Flags: authoritative

NBMA address: 10.1111.1111.1111.1111.1111.1111.1111.1111.1111.11,

Tunnel0 created 0:10:03 expire 1:49:56 Type: static Flags: authoritative NBMA address: The

fields in the sample display are as follows:

The IP address and its network mask in the IP-to-NBMA address cache. The mask is always because Cisco does not support aggregation of NBMA information through NHRP.

The interface type and number and how long ago it was created (hours:minutes:seconds).

The time in which the positive and negative authoritative NBMA address will expire

(hours:minutes:seconds). This value is based on the ip nhrp holdtime


Type of interface:

dynamic--NBMA address was obtained from the NHRP Request packet.

static--NBMA address was statically configured.


authoritative--Indicates that the NHRP information was obtained from the Next Hop Server or router that

maintains the NBMA-to-IP address mapping for a particular destination. Reference:


Q60. After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this information, what do you conclude about these IPv6 addresses? 

A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device. 

B. The addresses were misconfigured and will not function as intended. 

C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast. 

D. The IPv6 universal/local flag (bit 7) was flipped. 

E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled. 



Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-

Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the

need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained

through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI

(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted

between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which

can only appear in EUI-64 generated from the an EUI-48 MAC address. Here is an example showing how

a the Mac Address is used to generate EUI.

Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally

administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally

unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses

has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address

is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.

Once the above is done, we have a fully functional EUI-64 format address. 

Reference: https:// address

Q61. You have been asked to evaluate how EIGRP is functioning in a customer network. 

What percent of R1’s interfaces bandwidth is EIGRP allowed to use? 

A. 10 

B. 20 

C. 30 

D. 40 



Q62. Refer to the exhibit. After configuring GRE between two routers running OSPF that are connected to each other via a WAN link, a network engineer notices that the two routers cannot establish the GRE tunnel to begin the exchange of routing updates. What is the reason for this? 

A. Either a firewall between the two routers or an ACL on the router is blocking IP protocol number 47. 

B. Either a firewall between the two routers or an ACL on the router is blocking UDP 57. 

C. Either a firewall between the two routers or an ACL on the router is blocking TCP 47. 

D. Either a firewall between the two routers or an ACL on the router is blocking IP protocol number 57. 



Q63. A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage? 

A. Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host. 

B. Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery. 

C. Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment. 

D. All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator. 



Router Advertisements (RA) are sent in response to router solicitation messages. Router

solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by

hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next

scheduled RA message. Given that router solicitation messages are usually sent by hosts at system

startup (the host does not have a configured unicast address), the source address in router solicitation

messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast

address, the unicast address of the interface sending the router solicitation message is used as the source

address in the message. The destination address in router solicitation messages is the all-routers multicast

address with a scope of the link. When an RA is sent in response to a router solicitation, the destination

address in the RA message is the unicast address of the source of the router solicitation message. RA

messages typically include the following information:

One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6


Lifetime information for each prefix included in the advertisement

Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed

Default router information (whether the router sending the advertisement should be used as a default

router and, if so, the amount of time (in seconds) the router should be used as a default router)

Additional information for hosts, such as the hop limit and MTU a host should use in packets that it

originates Reference:

ipv6_12_4t_book/ip6- addrg_bsc_con.html

Q64. Which Cisco VPN technology can use multipoint tunnel, resulting in a single GRE tunnel interface on the hub, to support multiple connections from multiple spoke devices? 



C. Cisco Easy VPN 

D. FlexVPN