Free 300-410 Sample Questions — Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)

Which IPv6 security feature blocks all traffic from an IPv6 host when initially connecting to a switch port except for traffic to gain an IPv6 address and discover IPv6 neighbors?

• A. IPv6 Source Guard
• B. IPv6 DHCP Guard
• C. IPv6 Destination Guard
• D. IPv6 RA Guard

The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks. access-list 100 permit ip 10.10.10.0 0.0.0.255 any access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23 ! class-map CLASS-SSH match access-group 100 ! policy-map PM-COPP class CLASS-SSH police 500000 conform-action transmit ! interface E0/0 service-policy input PM-COPP ! interface E0/1 service-policy input PM-COPP The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue?

• A. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
• B. interface E0/0 no service-policy input PM-COPP ! interface E0/1 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP
• C. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 ! policy-map PM-COPP class CLASS-SSH no police 500000 conform-action transmit police 500000 conform-action transmit exceed-action drop
• D. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 ! interface E0/0 no service-policy input PM-COPP ! interface E0/1 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP

An engineer is implementing a coordinated change with a server team. As part of the change, the engineer must configure interface GigabitEthernet2 in an existing VRF "RED" then move the interface to an existing VRF "BLUE" when the server team is ready. The engineer configured interface GigabitEthernet2 in VRF "RED": interface GigabitEthernet2 description Migration ID: B410A82D0935G35 vrf forwarding RED ip address 10.0.0.0 255.255.255.254 negotiation auto Which configuration completes the change?

• A. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE ip address 10.0.0.0 255.255.255.254
• B. interface GigabitEthernet2 no ip address vrf forwarding BLUE
• C. interface GigabitEthernet2 no vrf forwarding RED vrf forwarding BLUE
• D. interface GigabitEthernet2 no ip address ip address 10.0.0.0 255.255.255.254 vrf forwarding BLUE

A new site has been added to an OPSF network using area 2. Area 2 is connected only to area 1 of this OSPF network. Area 1 is used to connect area 1 to the backbone area 0. Should you expect full connectivity to the networks located in area 2 from area 0 in this scenario?

• A. Yes, by default there will be full connectivity
• B. No, you will need to redistribute the area 2 routes into area 0
• C. No, a virtual link is needed to logically connect area 2 info area 0
• D. Yes, but area 2 will need to be configured as a stub area

A network administrator performed a Compact Flash Memory upgrade on a Cisco Catalyst 6509 Switch. Everything is functioning normally except SNMP, which was configured to monitor the bandwidth of key interfaces but the interface indexes are changed. Which global configuration resolves the issue?

• A. snmp-server ifindex persist
• B. snmp-server ifindex permanent
• C. snmp ifindex persist
• D. snmp ifindex permanent

Which IPv6 feature enables a device to reject traffic when it is originated from an address that is not stored in the device binding table?

• A. IPv6 Source Guard
• B. IPv6 DAD Proxy
• C. IPv6 RA Guard
• D. IPv6 Snooping

What are two purposes of using IPv4 and VPNv4 address-family configurations in a Layer 3 MPLS VPN? (Choose two.)

• A. RD is prepended to the IPv4 route to make it unique
• B. The VPNv4 address consists of a 64-bit route distinguisher that is prepended to the IPv4 prefix
• C. MP-BGP is used to allow overlapping IPv4 addresses between customers to advertise through the network
• D. The IPv4 address is needed to tag the MPLS label
• E. The VPNv4 address is used to advertise the MPLS VPN label

What are two features of BFD? (Choose two.)

• A. reliable
• B. replaces hello messages
• C. requires routing protocols
• D. scalable
• E. intensive on CPU for Layer 2 links

What is an advantage of using BFD?

• A. It detects local link failure at layer 1 and updates the routing table
• B. It detects local link failure at layer 3 and updates the routing protocols
• C. It has sub-second failure detection for layer 1 and layer 3 problems
• D. It has sub-second failure detection for layer 1 and layer 2 problems

Which tag is used by the PE router to forward the packet to the correct customer?

• A. RD
• B. extended-community
• C. RT
• D. VNI

An engineer configured two routers connected to two different service providers using BGP with default attributes. One of the links is presenting high delay, which causes slowness in the network. Which BGP attribute must the engineer configure to avoid using the high-delay ISP link if the second ISP link is up?

• A. AS-PATH
• B. WEIGHT
• C. MED
• D. LOCAL_PREF

Which method provides failure detection in BFD?

• A. long duration, low overhead
• B. short duration, low overhead
• C. long duration, high overhead
• D. short duration, high overhead

An engineer configured the wrong default gateway for the Cisco DNA Center enterprise interface during the install. Which command must the engineer run to correct the configuration?

• A. sudo maglev-config update
• B. sudo maglev install config update
• C. sudo maglev reinstall
• D. sudo update config install

Which configuration enables the VRF that is labeled `Inet` on FastEthernet0/0?

• A. R1(config)# ip vrf Inet R1(config-vrf)#ip vrf FastEthernet0/0
• B. R1(config)#ip vrf Inet FastEthernet0/0
• C. R1(config)# ip vrf Inet R1(config-vrf)#interface FastEthernet0/0 R1(config-if)#ip vrf forwarding Inet
• D. R1(config)#router ospf 1 vrf Inet R1(config-router)#ip vrf forwarding FastEthernet0/0

An engineer must override the normal routing behavior of a router. The engineer must send HTTP traffic that is destined to 10.100.100.100 from 10.1.1.0/24 via a next hop of 10.2.2.2, two hops away from the router that is connected to the 10.1.1.0/24 subnet. Which configuration reroutes traffic according to this requirement?

• A. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100 set ip next-hop recursive 10.2.2.2
• B. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY deny 10 match ip address 100 set ip next-hop recursive 10.2.2.2 route-map POLICY permit 20
• C. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2 route-map POLICY permit 20 D. access-list 100 permit tcp 10.1.1.0 0.0.0.255 host 10.100.100.100 eq http ! route-map POLICY permit 10 match ip address 100 set ip next-hop 10.2.2.2

An engineer must configure a Cisco router to initiate secure connections from the router to other devices in the network but kept failing. Which two actions resolve the issue? (Choose two.)

• A. Configure transport input ssh command on the console
• B. Configure a domain name
• C. Configure a crypto key to be generated
• D. Configure a source port for the SSH connection to initiate
• E. Configure a TACACS+ server and enable it

A newly installed spoke router is configured for DMVPN with the ip mtu 1400 command. Which configuration allows the spoke to use fragmentation with the maximum negotiated TCP MTU over GRE?

• A. ip tcp adjust-mss 1360 crypto ipsec fragmentation mtu-discovery
• B. ip tcp adjust-mss 1360 crypto ipsec fragmentation after-encryption
• C. ip tcp payload-mtu 1360 crypto ipsec fragmentation after-encryption
• D. ip tcp payload-mtu 1360 crypto ipsec fragmentation mtu-discovery

What is a characteristic of Layer 3 MPLS VPNs?

• A. Traffic engineering capabilities provide QoS and SLAs
• B. Traffic engineering supports multiple IGP instances
• C. LSP signaling requires the use of unnumbered IP links for traffic engineering
• D. Authentication is performed by using digital certificates or preshared keys

What is the minimum time gap required by the local system before putting a BFD control packet on the wire?

• A. Desired Min TX Interval
• B. Detect Mult
• C. Required Min RX Interval
• D. Required Min Echo RX Interval

How are CE advertised routes segmented from other CE routers on an MPLS PE router?

• A. with a combination of VRF-Lite and MP-BGP
• B. by pushing MPLS labels advertised by LDP on customer routes
• C. by enabling multiple instances of BGP, one for each CE router
• D. by assigning CE-facing interfaces to different VRFs