Free Download Cisco 350-001 VCE Test Engine Full Version Now (151-160)

QUESTION 151
Which two of these parameters are used to determine a forwarding equivalence class? (Choose
two.)

A.    IP prefix
B.    Layer 2 circuit
C.    RSVP request from CE for bandwidth reservation
D.    BGP MED value

Answer: AB

Explanation:
A Forwarding Equivalence Class (FEC) is a class of packets that should be forwarded in the same manner (i.e. over the same path). A FEC is not a packet, nor is it a label. A FEC is a logical entity created by the router to represent a class (category) of packets. When a packet arrives at the ingress router of an MPLS domain, the router parses the packet’s headers, and checks to see if the packet matches a known FEC (class). Once the matching FEC is determined, the path and outgoing label assigned to that FEC are used to forward the packet.
FECs are typically created based on the IP destinations known to the router, so for each different destination a router might create a different FEC, or if a router is doing aggregation, it might represent multiple destinations with a single FEC (for example, if those destinations are reachable through the same immediate next hop anyway). The MPLS framework, however, allows for the creation of FECs using advanced criteria like source and destination address pairs, destination address and TOS, etc.

QUESTION 152
A network is composed of several VRFs. It is required that VRF users VRF_A and VRF_B be able
to route to and from VRF_C, which hosts shared services. However, traffic must not be allowed to flow between VRF_A and VRF_B. How can this be accomplished?

A.    route redistribution
B.    import and export using route descriptors
C.    import and export using route targets
D.    Cisco MPLS Traffic Engineering

Answer: C
Explanation:
An MPLS VPN implementation is very similar to a dedicated router peer-to-peer model implementation. From a CE router’s perspective, only IPv4 updates, as well as data, are forwarded to the PE router. The CE router does not need any specific configuration to enable it to be a part of a MPLS VPN domain. The only requirement on the CE router is a routing protocol (or a static/default route) that enables the router to exchange IPv4 routing information with the connected PE router. In the MPLS VPN implementation, the PE router performs multiple functions. The PE router must first be capable of isolating customer traffic if more than one customer is connected to the PE router. Each customer, therefore, is assigned an independent routing table similar to a dedicated PE router in the initial peer-to-peer discussion. Routing across the SP backbone is performed using a routing process in the global routing table. P routers provide label switching between provider edge routers and are unaware of VPN routes. CE routers in the customer network are not aware of the P routers and, thus, the internal topology of the SP network is transparent to the customer The P routers are only responsible for label switching of packets. They do not carry VPN routes and do not participate in MPLS VPN routing. The PE routers exchange IPv4 routes with connected CE routers using individual routing protocol contexts. To enable scaling the network to large number of customer VPNs, multiprotocol BGP is configured between PE routers to carry customer routes. Customer isolation is achieved on the PE router by the use of virtual routing tables or instances, also called virtual routing and forwarding tables/instances (VRFs). In essence, it is similar to maintaining multiple dedicated routers for customers connecting into the provider network. The function of a VRF is similar to a global routing table, except that it contains all routes pertaining to a specific VPN versus the global routing table. The VRF also contains a VRF-specific CEF forwarding table analogous to the global CEF table and defines the connectivity requirements and protocols for each customer site on a single PE router. The VRF defines routing protocol contexts that are part of a specific VPN as well as the interfaces on the local PE router that are part of a specific VPN and, hence, use the VRF. The interface that is part of the VRF must support CEF switching. The number of interfaces that can be bound to a VRF is only limited by the number of interfaces on the router, and a single interface (logical or physical) can be associated with only one VRF. The VRF contains an IP routing table analogous to the global IP routing table, a CEF table, list of interfaces that are part of the VRF, and a set of rules defining routing protocol exchange with attached CE routers (routing protocol contexts). In addition, the VRF also contains VPN identifiers as well as VPN membership information (RD and RT are covered in the next section).
Route targets (RTs) are additional identifiers used in the MPLS VPN domain in the deployment of MPLS VPN that identify the VPN membership of the routes learned from that particular site. RTs are implemented by the use of extended BGP communities in which the higher order 16 bits of the BGP extended community (64 total bits) are encoded with a value corresponding to the VPN membership of the specific site. When a VPN route learned from a CE router is injected into VPNv4 BGP, a list of VPN route target extended community attributes is associated with it. The export route target is used in identification of VPN membership and is associated to each VRF. This export route target is appended to a customer prefix when it is converted to a VPNv4 prefix by the PE router and propagated in MP-BGP updates. The import route target is associated with each VRF and identifies the VPNv4 routes to be imported into the VRF for the specific customer. The format of a RT is the same as an RD value.

QUESTION 153
Which of these statements best describes the major difference between an IPv4-compatible tunnel
and a 6to4 tunnel?

A.    An IPv4-compatible tunnel is a static tunnel, but an 6to4 tunnel is a semiautomatic tunnel.
B.    The deployment of a IPv4-compatible tunnel requires a special code on the edge routers, but a
6to4 tunnel does not require any special code.
C.    An IPv4-compatible tunnel is typically used only between two IPv6 domains, but a 6to4 tunnel is
used to connect to connect two or more IPv6 domains.
D.    For an IPv4-compatible tunnel, the ISP assigns only IPv4 addresses for each domain, but for a
6to4 tunnel, the ISP assigns only IPv6 addresses for each domain.

Answer: C
Explanation:
Automatic 6to4 Tunnels
An automatic 6to4 tunnel allows isolated IPv6 domains to be connected over an IPv4 network to remote IPv6 networks. The key difference between automatic 6to4 tunnels and manually configured tunnels is that the tunnel is not point-to-point; it is point-to-multipoint. In automatic 6to4 tunnels, routers are not configured in pairs because they treat the IPv4 infrastructure as a virtual nonbroadcast multi-access (NBMA) link. The IPv4 address embedded in the IPv6 address is used to find the other end of the automatic tunnel.
An automatic 6to4 tunnel may be configured on a border router in an isolated IPv6 network, which creates a tunnel on a per-packet basis to a border router in another IPv6 network over an IPv4 infrastructure. The tunnel destination is determined by the IPv4 address of the border router extracted from the IPv6 address that starts with the prefix 2002::/16, where the format is 2002:border-router-IPv4-address::/48. Following the embedded IPv4 address are 16 bits that can be used to number networks within the site. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks. 6to4 tunnels are configured between border routers or between a border router and a host.
The simplest deployment scenario for 6to4 tunnels is to interconnect multiple IPv6 sites, each of which has at least one connection to a shared IPv4 network. This IPv4 network could be the global Internet or a corporate backbone. The key requirement is that each site have a globally unique IPv4 address; the Cisco IOS software uses this address to construct a globally unique 6to4/48 IPv6 prefix. As with other tunnel mechanisms, appropriate entries in a Domain Name System (DNS) that map between hostnames and IP addresses for both IPv4 and IPv6 allow the applications to choose the required address. Automatic IPv4-Compatible IPv6 Tunnels Automatic IPv4-compatible tunnels use IPv4-compatible IPv6 addresses. IPv4-compatible IPv6 addresses are IPv6 unicast addresses that have zeros in the high-order 96 bits of the address, and an IPv4 address in the low-order 32 bits. They can be written as 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D, where “A.B.C.D” represents the embedded IPv4 address.
The tunnel destination is automatically determined by the IPv4 address in the low-order 32 bits of IPv4- compatible IPv6 addresses. The host or router at each end of an IPv4-compatible tunnel must support both the IPv4 and IPv6 protocol stacks. IPv4-compatible tunnels can be configured between border- routers or between a border-router and a host. Using IPv4-compatible tunnels is an easy method to create tunnels for IPv6 over IPv4, but the technique does not scale for large networks.

QUESTION 154
Which information is carried in an OSPFv3 intra-area-prefix LSA?

A.    IPv6 prefixes
B.    link-local addresses
C.    solicited node multicast addresses
D.    IPv6 prefixes and topology information

Answer: A

QUESTION 155
Which IPv6 address would you ping to determine if OSPFv3 is able to send and receive unicast
packets across a link?

A.    anycast address
B.    site-local multicast
C.    global address of the link
D.    unique local address
E.    link-local address

Answer: E
Explanation:
A link-local address is an Internet Protocol address that is intended only for communications within the segment of a local network (a link) or a point-to-point connection that a host is connected to. Routers do not forward packets with link-local addresses.

QUESTION 156
You are using IPv6, and would like to configure EIGRPv3. Which three of these correctly describe how you can perform this configuration? (Choose three.)

A.    EIGRP for IPv6 is directly configured on the interfaces over which it runs.
B.    EIGRP for IPv6 is not configured on the interfaces over which it runs, but if a user uses
passive-interface configuration, EIGRP for IPv6 needs to be configured on the interface that is
made passive.
C.    There is a network statement configuration in EIGRP for IPv6, the same as for IPv4.
D.    There is no network statement configuration in EIGRP for IPv6.
E.    When a user uses a passive-interface configuration, EIGRP for IPv6 does not need to be
configured on the interface that is made passive.
F.    When a user uses a non-passive-interface configuration, EIGRP for IPv6 does not need to be
configured on the interface that is made passive

Answer: ADE
Explanation:
Restrictions for Implementing EIGRP for IPv6:
This section lists ways in which EIGRP for IPv6 differs from EIGRP IPv4 as well as EIGRP for IPv6 restrictions.
EIGRP for IPv6 is directly configured on the interfaces over which it runs. This feature allows EIGRP for IPv6 to be configured without the use of a global IPv6 address. There is no network statement in EIGRP for IPv6.
In per-interface configuration at system startup, if EIGRP has been configured on an interface, then the EIGRP protocol may start running before any EIGRP router mode commands have been executed.
An EIGRP for IPv6 protocol instance requires a router ID before it can start running. ?EIGRP for IPv6 has a shutdown feature. The routing process should be in “no shutdown” mode in order to start running.
When a user uses passive-interface configuration, EIGRP for IPv6 does not need to be configured on the interface that is made passive.
EIGRP for IPv6 provides route filtering using the distribute-list prefix-list command. Use of the routE.map command is not supported for route filtering with a distribute list.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter 09186a00805fc867.html

QUESTION 157
Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be
employed to prevent the use of malformed or forged IP sources addresses?

A.    It is applied only on the input interface of a router.
B.    It is applied only on the output interface of a router.
C.    It can be configured either on the input or output interface of a router.
D.    It cannot be configured on a router interface.
E.    It is configured under any routing protocol process.

Answer: A
Explanation:
Unicast Reverse Path Forwarding:
Is a small security feature, when configured on an interface, the router checks the incoming packet’s source address with its routing table. If the incoming packet’s source is reachable via the same interface it was received, the packet is allowed. URPF provides protection again spoofed packets with unverifiable source.
http://www.cciecandidate.com/?p=494
Unicast RPF can be used in any “single-homed” environment where there is essentially only one access point out of the network; that is, one upstream connection. Networks having one access point offer the best example of symmetric routing, which means that the interface where a packet enters the network is also the best return path to the source of the IP packet. Unicast RPF is best used at the network perimeter for Internet, intranet, or extranet environments, or in ISP environments for customer network terminations.
Feature Overview
The Unicast RPF feature helps to mitigate problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
For example, a number of common types of denial-of-service (DoS) attacks, including Smurf and Tribe Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
How It Works
When Unicast RPF is enabled on an interface, the router examines all packets received as input on that interface to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This “look backwards” ability is available only when Cisco express forwarding (CEF) is enabled on the router, because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation. Note Unicast RPF is an input function and is applied only on the input interface of a router at the upstream end of a connection.
http://www.cisco.com/en/US/docs/ios/11_1/feature/guide/uni_rpf.html

QUESTION 158
Unicast Reverse Path Forwarding can perform all of these actions except which one?

A.    examine all packets received to make sure that the source addresses and source interfaces
appear in the routing table and match the interfaces where the packets were received
B.    check to see if any packet received at a router interface arrives on the best return path
C.    combine with a configured ACL
D.    log its events, if you specify the logging options for the ACL entries used by the unicast rpf
command
E.    inspect IP packets encapsulated in tunnels, such as GRE

Answer: E
Explanation:
For RPF to function, CEF must be enabled on the router. This is because the router uses the Forwarding Information Base (FIB) of CEF to perform the lookup process, which is built from the router’s routing table. In other words, RPF does not really look at the router’s routing table; instead, it uses the CEF FIB to determine spoofing.
Also, RPF cannot detect all spoofed packets. For the network in this example, the perimeter router cannot determine spoofing from packets received on the external E1 interface if they match the default route statement. Therefore, the more routes your router has in its CEF FIB table, the more likely the router will be capable of detecting spoofing attacks. In addition, RPF cannot detect any spoofed packets that are encapsulated, such as packets encapsulated in GRE, IPSec, L2TP, and other packets.
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this document.
When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router’s choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.
When administrators use Unicast RPF in loose mode, the source address must appear in the routing table. Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths. Unicast RPF in an Enterprise Network In many enterprise environments, it is necessary to use a combination of strict mode and loose mode Unicast RPF. The choice of the Unicast RPF mode that will be used will depend on the design of the network segment connected to the interface on which Unicast RPF is deployed.
Administrators should use Unicast RPF in strict mode on network interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. A subnet composed of end stations or network resources fulfills this requirement. Such a design would be in place for an access layer network or a branch office where there is only one path into and out of the branch network. No other traffic originating from the subnet is allowed and no other routes are available past the subnet. Unicast RPF loose mode can be used on an uplink network interface that has a default route associated with it.
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

QUESTION 159
Which three of these statements about Dynamic Trunking Protocol are correct? (Choose three.)

A.    It supports autonegotiation for both ISL and IEEE 802.1Q trunks.
B.    It must be disabled on an interface if you do not want the interface to work as a trunk or start
negotiation to become a trunk.
C.    It is a point-to-multipoint protocol.
D.    It is a point-to-point protocol.
E.    It is not supported on private VLAN ports or tunneling ports.

Answer: ABD
Explanation:
By default Cisco states that PVLANs will be forwarded. Keep in mind that if you do not disable DTP it will attempt to negotiate a trunk with any additional switch that it is connected to on the port in question. Switchport mode access – This command puts the interface (access port) into permanent nontrunking mode.
The interface will generate DTP frames, negotiating with the neighboring interface to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface does not agree to the change.
Switchport mode dynamic desirable – This command makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces. If the neighboring interface is set to the access or non-negotiate mode, the link will become a non-trunking link. Switchport mode dynamic auto – This command makes the interface willing to convert the link to a trunk link if the neighboring interface is set to trunk or desirable mode. Otherwise, the link will become a non-trunking link. Switchport mode trunk – This command puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface does not agree to the change. Switchport nonegotiate – Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link, otherwise the link will be a non-trunking link.
Using these different trunking modes, an interface can be set to trunking or nontrunking or even able to negotiate trunking with the neighboring interface. To automatically negotiate trunking, the interfaces must be in the same VTP domain. Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Cisco proprietary Point-to-Point Protocol.

QUESTION 160
You are designing your network to be able to use trunks. As part of this process you are
comparing the ISL and 802.1Q encapsulation options. All of these statements about the two
encapsulation options are correct except which one?

A.    Both support normal and extended VLAN ranges.
B.    ISL is a Cisco proprietary encapsulation method and 802.1Q is an IEEE standard.
C.    ISL encapsulates the original frame.
D.    Both support native VLANs.
E.    802.1Q does not encapsulate the original frame.

Answer: D
Explanation:
ISL is a Cisco proprietary protocol for the interconnection of multiple switches and maintenance of VLAN information as traffic goes between switches. ISL provides VLAN trunking capabilities while it maintains full wire-speed performance on Ethernet links in full-duplex or half-duplex mode. ISL operates in a point- to-point environment and can support up to 1000 VLANs. In ISL, the original frame is encapsulated and an additional header is added before the frame is carried over a trunk link. At the receiving end, the header is removed and the frame is forwarded to the assigned VLAN.
ISL uses Per VLAN Spanning Tree (PVST), which runs one
instance of Spanning Tree Protocol (STP) per VLAN. PVST allows the optimization of root switch placement for each VLAN and supports the load balancing of VLANs over multiple trunk links. 802.1Q is the IEEE standard for tagging frames on a trunk and supports up to 4096 VLANs. In 802.1Q, the trunking device inserts a 4-byte tag into the original frame and recomputes the frame check sequence (FCS) before the device sends the frame over the trunk link. At the receiving end, the tag is removed and the frame is forwarded to the assigned VLAN. 802.1Q does not tag frames on the native VLAN. It tags all other frames that are transmitted and received on the trunk. When you configure an 802.1Q trunk, you must make sure that you
configure the same native VLAN on both sides of the trunk. IEEE 802.1Q defines a single instance of spanning tree that runs on the native VLAN for all the VLANs in the network. This is called Mono Spanning Tree (MST). This lacks the flexibility and load balancing capability of PVST that is available with ISL. However, PVST+ offers the capability to retain multiple spanning tree topologies with 802.1Q trunking.

If you want to pass Cisco 350-001 exam successfully, donot missing to read latest lead2pass Cisco 350-001 practice tests.
If you can master all lead2pass questions you will able to pass 100% guaranteed.

http://www.lead2pass.com/350-001.html

Comments are closed.