★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-101 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/300-101-dumps.html
The studying materials will be updated promptly in accordance with the alterations on the 300-101 exam. We will present the latest simulated test questions that are in stage with the current Testking exam. Whats a lot more, the items you acquire will be updated within time inside 120 days for free. Its our duty to spare absolutely no efforts to be able to offer almost all customers the most effective after-sale service. We can provide 24h customer support to suit your needs to figure out your questions timely right after receiving them. For this reason, you can contact us with anytime if you have got any problems about Cisco 300-101 certification. To a large level, the satisfaction from the customers is actually our expectation and it has great contribution to be able to our development.
2021 Nov ccnp route 300-101:
Q51. The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
Answer: A,C,D
Explanation:
Q52. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
Areas of Router 5 and 6 are not normal areas, inspect their routing tables and determine which statement is true?
A. R5's Loopback and R6's Loopback are both present in R5's Routing table
B. R5's Loopback and R6's Loopback are both present in R6's Routing table
C. Only R5's loopback is present in R5's Routing table
D. Only R6's loopback is present in R5's Routing table
E. Only R5's loopback is present in R6's Routing table
Answer: A
Explanation:
Topic 4, VPN Technologies
45. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Answer: A
Explanation:
The configuration of mGRE allows a tunnel to have multiple destinations. The configuration of
mGRE on one side of a tunnel does not have any relation to the tunnel properties that might exist tunnel
source Serial0/0 tunnel mode gre multipoint
B. interface fa0/0 bandwidth 1536 ip address 209.165.200.230 255.255.255.224 tunnel mode gre
multipoint
C. interface Tunnel0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source
209.165.201.1 tunnel-mode dynamic
D. interface fa 0/0 bandwidth 1536 ip address 209.165.200.231 255.255.255.224 tunnel source
192.168.161.2 tunnel destination 209.165.201.1 tunnel-mode dynamic
Answer: A Explanation: The configuration of mGRE allows a tunnel to have multiple destinations. The
configuration of mGRE on one side of a tunnel does not have any relation to the tunnel properties that
might exist at the exit points. This means that an mGRE tunnel on the hub may connect to a p2p tunnel on
the branch. Conversely, a p2p GRE tunnel may connect to an mGRE tunnel. The distinguishing feature
between an mGRE interface and a p2p GRE interface is the tunnel destination. An mGRE interface does
not have a configured destination. Instead the GRE tunnel is configured with the command tunnel mode
gre multipoint. This command is used instead of the tunnel destination x.x.x.x found with p2p GRE tunnels.
Besides allowing for multiple destinations, an mGRE tunnel requires NHRP to resolve the tunnel
endpoints. Note, tunnel interfaces by default are point-to-point (p-p) using GRE encapsulation, effectively they have the tunnel mode gre command, which is not seen in the configuration because it is the default.
The mGRE configuration is as follows: ! interface Tunnel0 bandwidth 1536 ip address 10.62.1.10
255.255.255.0 tunnel source Serial0/0 tunnel mode gre multipoint Reference: http://www.cisco.com/c/en/
us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVP N_2_Phase2.html
Q53. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q54. A router with an interface that is configured with ipv6 address autoconfig also has a link-local address assigned. Which message is required to obtain a global unicast address when a router is present?
A. DHCPv6 request
B. router-advertisement
C. neighbor-solicitation
D. redirect
Answer: B
Explanation:
Autoconfiguration is performed on multicast-enabled links only and begins when a multicastenabled
interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin
the process by generating a link-local address for the interface. It is formed by appending the interface
identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of
the link-local prefix. Before the link-local address can be assigned to the interface, the node performs the
Duplicate Address Detection mechanism to see if any other node is using the same link-local address on
the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative"
address and destination address as the solicited-node multicast address corresponding to this tentative
address. If a node responds with a Neighbor Advertisement message with tentative address as the target
address, the address is a duplicate address and must not be used. Hence, manual configuration is
required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local
address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The
autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The
routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.
The next phase involves obtaining Router Advertisements from routers if any routers are present on the
link. If no routers are present, a stateful configuration is required. If routers are present, the Router
Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global
unicast IPv6 address. Reference: https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/
ipv6-stateless- autoconfiguration
Q55. Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?
A. 10.9.1.0/24
B. 10.8.0.0/24
C. 10.8.0.0/16
D. 10.8.0.0/23
Answer: B
Explanation:
With prefix lists, the ge 24 term means greater than or equal to a /24 and the le 24 means less than or
equal to /24, so only a /24 is both greater than or equal to 24 and less than or equal to 24. This translate to any prefix in the 10.8.x.0/24 network, where X is any value in the 0-255 range.
Only the choice of 10.8.0.0.24 matches this.
Most recent cisco route 300-101:
Q56. Which common issue causes intermittent DMVPN tunnel flaps?
A. a routing neighbor reachability issue
B. a suboptimal routing table
C. interface bandwidth congestion
D. that the GRE tunnel to hub router is not encrypted
Answer: A
Explanation:
DMVPN Tunnel Flaps Intermittently Problem DMVPN tunnel flaps intermittently. Solution
When DMVPN tunnels flap, check the neighborship between the routers as issues with neighborship
formation between routers may cause the DMVPN tunnel to flap. In order to resolve this problem, make
sure the neighborship between the routers is always up. Reference: http://www.cisco.com/c/en/us/support/
docs/security-vpn/ipsec-negotiation-ike- protocols/29240-dcmvpn.html#Prblm1
Q57. A network engineer executes the show ip flow export command. Which line in the output indicates that the send queue is full and export packets are not being sent?
A. output drops
B. enqueuing for the RP
C. fragmentation failures
D. adjacency issues
Answer: A
Explanation:
Table 5 show ip flow export Field Descriptions Field Description Exporting flows to 10.1.1.1
Specifies the export destinations and ports. (1000) and 10.2.1.1 The ports are in parentheses. Exporting
using source Specifies the source address or interface. IP address 10.3.1.1 Version 5 flow records
Specifies the version of the flow. 11 flows exported in 8 udp The total number of export packets sent, and
datagrams the total number of flows contained within them. 0 flows failed due to lack of No memory was
available to create an export export packet packet. 0 export packets were sent The packet could not be
processed by CEF or up to process level by fast switching, possibly because another feature requires
running on the packet. 0 export packets were Indicates that CEF was unable to switch the dropped due to
no fib packet or forward it up to the process level. 0 export packets were dropped due to adjacency issues
0 export packets were Indicates that the packet was dropped because dropped due to of problems
constructing the IP packet. fragmentation failures 0 export packets were dropped due to encapsulation
fixup failures 0 export packets were Indicates that there was a problem transferring dropped enqueuing for
the the export packet between the RP and the line RP card. 0 export packets were dropped due to IPC
rate limiting 0 export packets were Indicates that the send queue was full while dropped due to output the
packet was being transmitted. drops
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/oaggnf.html
Q58. An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?
A. Cisco Express Forwarding has not been configured globally.
B. NetFlow output has been filtered by default.
C. Flow Export version 9 is in use.
D. The command ip flow-capture fragment-offset has been enabled.
Answer: A
Explanation:
We came across a recent issue where a user setup a router for NetFlow export but was unable to see the
OUT traffic for the interfaces in NetFlow Analyzer. Every NetFlow configuration aspect was checked and
nothing incorrect was found. That is when we noticed the `no ip cef' command on the router. CEF was
enabled at the global level and within seconds, NetFlow Analyzer started showing OUT traffic for the
interfaces. This is why this topic is about Cisco Express Forwarding.
What is switching?
A Router must make decisions about where to forward the packets passing through. This decision-making
process is called "switching". Switching is what a router does when it makes the following decisions:
1.Whether to forward or not forward the packets after checking that the destination for the packet is
reachable.
2.If the destination is reachable, what is the next hop of the router and which interface will the router use to
get to that destination.
What is CEF?
CEF is one of the available switching options for Cisco routers. Based on the routing table, CEF creates its
own table, called the Forwarding Information Base (FIB). The FIB is organized differently than the routing
table and CEF uses the FIB to decide which interface to send traffic from. CEF offers the following
benefits:
1.Better performance than fast-switching (the default) and takes less CPU to perform the same task.
2.When enabled, allows for advanced features like NBAR
3.Overall, CEF can switch traffic faster than route-caching using fast-switching
How to enable CEF?
CEF is disabled by default on all routers except the 7xxx series routers. Enabling and Disabling CEF is
easy. To enable CEF, go into global configuration mode and
enter the CEF command.
Router# config t
Router(config)# ip cef
Router(config)#
To disable CEF, simply use the `no' form of the command, ie. `no ip cef`.
Why CEF Needed when enabling NetFlow ?
CEF is a prerequisite to enable NetFlow on the router interfaces. CEF decides through which interface
traffic is exiting the router. Any NetFlow analyzer product will calculate the OUT traffic for an interface
based on the Destination Interface value present in the NetFlow packets exported from the router. If the
CEF is disabled on the router, the NetFlow packets exported from the router will have "Destination
interface" as "null" and this leads NetFlow Analyzer to show no OUT traffic for the interfaces. Without
enabling the CEF on the router, the NetFlow packets did not mark the destination interfaces and so
NetFlow Analyzer was not able to show the OUT traffic for the interfaces. Reference: https://
blogs.manageengine.com/network-2/netflowanalyzer/2010/05/19/need-for-cef- in-netflow-data-export.html
Q59. A corporate policy requires PPPoE to be enabled and to maintain a connection with the ISP, even if no interesting traffic exists. Which feature can be used to accomplish this task?
A. TCP Adjust
B. Dialer Persistent
C. PPPoE Groups
D. half-bridging
E. Peer Neighbor Route
Answer: B
Explanation:
A new interface configuration command, dialer persistent, allows a dial-on-demand routing (DDR) dialer
profile connection to be brought up without being triggered by interesting traffic. When configured, the dialer persistent command starts a timer when the dialer interface starts up and starts the connection when the timer expires. If interesting traffic arrives before the timer expires, the connection is still brought up and set as persistent. The command provides a default timer interval, or you can set a custom timer interval. To configure a dialer interface as persistent, use the following commands beginning in global configuration mode:
Command Purpose
Step 1 Router(config)# interface dialer Creates a dialer interface and number enters interface
Configuration mode.
Step 2 Router(config-if)# ip address Specifies the IP address and mask address mask of the dialer
interface as a node in the destination network to be called.
Step 3 Router(config-if)# encapsulation Specifies the encapsulation type.
type
Step 4 Router(config-if)# dialer string Specifies the remote destination to dial-string class class-name call
and the map class that defines characteristics for calls to this destination.
Step 5 Router(config-if)# dialer pool Specifies the dialing pool to use number for calls to this destination.
Step 6 Router(config-if)# dialer-group Assigns the dialer interface to a group-number dialer group.
Step 7 Router(config-if)# dialer-list Specifies an access list by list dialer-group protocol protocol- number or
by protocol and list name {permit | deny | list number to define the interesting access-list-number} packets that can trigger a call. Step 8 Router(config-if)# dialer
(Optional) Specifies the remote-name user-name
authentication name of the remote router on the destination subnetwork for a dialer interface.
Step 9 Router(config-if)# dialer Forces a dialer interface to be persistent [delay [initial] connected at all
times, even in seconds | max-attempts the absence of interesting traffic.
number]
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/dial/configuration/guide/12_4t/dia_12_4t_book/dia_dia
ler_persist.html
Q60. Two aspects of an IP SLA operation can be tracked: state and reachability. Which statement about state tracking is true?
A. When tracking state, an OK return code means that the track's state is up; any other return code means that the track's state is down.
B. When tracking state, an OK or over threshold return code means that the track's state is up; any other return code means that the track's state is down.
C. When tracking state, an OK return code means that the track's state is down; any other return code means that the track's state is up.
D. When tracking state, an OK or over threshold return code means that the track's state is down; any other return code means that the track's state is up.
Answer: A
Explanation: