Q101. Which three conditions can cause excessive unicast flooding? (Choose three.)
A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
Causes of Flooding
The very cause of flooding is that destination MAC address of the packet is not in the L2 forwarding table of the switch. In this case the packet will be flooded out of all forwarding ports in its VLAN (except the port it was received on). Below case studies display most
common reasons for destination MAC address not being known to the switch.
Cause 1: Asymmetric Routing
Large amounts of flooded traffic might saturate low-bandwidth links causing network performance issues or complete connectivity outage to devices connected across such low-bandwidth links.
Cause 2: Spanning-Tree Protocol Topology Changes
Another common issue caused by flooding is Spanning-Tree Protocol (STP) Topology Change Notification (TCN). TCN is designed to correct forwarding tables after the forwarding topology has changed. This is necessary to avoid a connectivity outage, as after a topology change some destinations previously accessible via particular ports might become accessible via different ports. TCN operates by shortening the forwarding table aging time, such that if the address is not relearned, it will age out and flooding will occur. TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN, even if the particular destination MAC address has aged out, flooding should not happen for long in most cases since the address will be relearned. The issue might arise when TCNs are occurring repeatedly with short intervals. The switches will constantly be fast-aging their forwarding tables so flooding will be nearly constant. Normally, a TCN is rare in a well-configured network. When the port on a switch goes up or down, there is eventually a TCN once the STP state of the port is changing to or from forwarding. When the port is flapping, repetitive TCNs and flooding occurs.
Cause 3: Forwarding Table Overflow
Another possible cause of flooding can be overflow of the switch forwarding table. In this case, new addresses cannot be learned and packets destined to such addresses are flooded until some space becomes available in the forwarding table. New addresses will then be learned. This is possible but rare, since most modern switches have large enough forwarding tables to accommodate MAC addresses for most designs. Forwarding table exhaustion can also be caused by an attack on the network where one host starts generating frames each sourced with different MAC address. This will tie up all the forwarding table resources. Once the forwarding tables become saturated, other traffic will be flooded because new learning cannot occur. This kind of attack can be detected by examining the switch forwarding table. Most of the MAC addresses will point to the same port or group of ports. Such attacks can be prevented by limiting the number of MAC addresses learned on untrusted ports by using the port security feature.
Q102. Refer to the exhibit.
Router A and router B are physically connected over an Ethernet interface, and IS-IS is configured as shown. Which option explains why the IS-IS neighborship is not getting formed between router A and router B?
A. same area ID
B. same N selector
C. same domain ID
D. same system ID
With IS-IS, the LSP identifier is derived from the system ID (along with the pseudonode ID and LSP number). Each IS is usually configured with one NET and in one area; each system ID within an area must be unique. The big difference between NSAP style addressing and IP style addressing is that, in general, there will be a single NSAP address for the entire router, whereas with IP there will be one IP address per interface. All ISs and ESs in a routing domain must have system IDs of the same length. All routers in an area must have the same area address. All Level 2 routers must have a unique system ID domain-wide, and all Level 1 routers must have a unique system ID area-wide.
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.sh tml
Q103. Which three statements about implementing an application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
An ALG may offer the following functions:
. allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall — rendering the network vulnerable to attacks on those ports.
. converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. This aspect introduces the term 'gateway' for an ALG.
. recognizing application-specific commands and offering granular security controls over them
. synchronizing between multiple streams/sessions of data between two hosts exchanging data. For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server. During large file transfers, the control connection may remain idle. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes.
Q104. Which two statements about VPLS are true? (Choose two.)
A. Split horizon is used on PE devices to prevent loops.
B. Spanning tree is extended from CE to CE.
C. IP is used to switch Ethernet frames between sites.
D. PE routers dynamically associate to peers.
E. VPLS extends a Layer 2 broadcast domain.
Q105. Refer to the exhibit.
Which three statements about the device with this configuration are true? (Choose three.)
A. Multiple AFIs are configured on the device.
B. The authentication on 172.16.129.7 is configured incorrectly.
C. The device is configured to support MPLS VPNs.
D. This device is configured with a single AFI.
E. The authentication on 172.16.129.4 is configured incorrectly.
F. The device is configured to support L2VPNs.
Q106. When deploying redundant route reflectors in BGP, which attribute can you configure on the route reflector to allow routes to be identified as belonging to the same group?
Together, a route reflector and its clients form a cluster. When a single route reflector is deployed in a cluster, the cluster is identified by the router ID of the route reflector. The bgp cluster-id command is used to assign a cluster ID to a route reflector when the cluster has one or more route reflectors. Multiple route reflectors are deployed in a cluster to increase redundancy and avoid a single point of failure. When multiple route reflectors are configured in a cluster, the same cluster ID is assigned to all route reflectors. This allows all route reflectors in the cluster to recognize updates from peers in the same cluster and reduces the number of updates that need to be stored in BGP routing tables.
Q107. Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)
A. mismatch of subnet masks
B. mismatch of network types
C. mismatch of authentication types
D. mismatch of instance IDs
E. mismatch of area types
An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria:
. Hello interval
. Dead interval
. Area ID
. Optional capabilities
The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header.
Q108. Which three statements about IS-IS are true? (Choose three.)
A. IS-IS is not encapsulated in IP.
B. IS-IS is directly encapsulated in the data link layer.
C. 0XFEFE is used in the Layer 2 header to identify the Layer 3 protocol.
D. IS-IS uses protocol ID 93.
E. IS-IS can be used to route the IPX protocol.
F. IS-IS is an IETF standard.
IS-IS is an Interior Gateway Protocol (IGP) for routing OSI. IS-IS packets are not encapsulated in CLNS or IP but are encapsulated directly in the data-link layer. The IS-IS protocol family is OSI, and values such as 0xFE and 0xFEFE are used by the data-link protocol to identify the Layer 3 protocol as OSI.
Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.sh tml
Q109. Which two statements about IPv4 and IPv6 networks are true? (Choose two.)
A. In IPv6, hosts perform fragmentation.
B. IPv6 uses a UDP checksum to verify packet integrity.
C. In IPv6, routers perform fragmentation.
D. In IPv4, fragmentation is performed by the source of the packet.
E. IPv4 uses an optional checksum at the transport layer.
F. IPv6 uses a required checksum at the network layer.
Q110. DRAG DROP
Drag and Drop Cisco PFR adjacency types.