Cisco 300-410 Online Practice Questions and Exam Preparation

Cisco 300-410 Online Questions & Answers

• Question 691:

  How does an MPLS Layer 3 VPN function?

  A. set of sites use multiprotocol BGP at the customer site for aggregation
  B. multiple customer sites interconnect through service provider network to create secure tunnels between customer edge devices
  C. set of sites interconnect privately over the Internet for security
  D. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity
  D. multiple customer sites interconnect through a service provider network using customer edge to provider edge connectivity

  ---

  A Multiprotocol Label Switching(MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers. Reference: https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-5/lxvpn/configuration/guide/b-l3vpn-cg-asr9000-65x/b-l3vpn-cg-asr9000-65x_chapter_010.pdf

• Question 692:

  Refer to the exhibit.

  

  A network engineer is provisioning end-to-end traffic service for two different enterprise networks with these requirements:

  1. The OSPF process must differ between customers on HQ and Branch office routers, and adjacencies should come up instantly.

  2. The enterprise networks are connected with overtapping networks between HQ and a Branch office.

  Which configuration meets the requirements for a customer site?

  A. ISP(config-if)#int f1/0 ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA2_Branch ISP(config-if)#ip add 172.16.200.2 255.255.255.0 ISP(config-if)#no shut
  B. ISP(config-vrf)#int f0/0 ISP(config-if)#ip vrf forwarding EB ISP(config-if)#description TO->EB1_Branch ISP(config-if)#ip add 172.16.100.2 255.255.255.0 ISP(config-if)#no shut
  C. ISP(config)#int f2/0 ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA1_HQ ISP(config-if)#ip address 172.16.100.2 255.255.255.0 ISP(config-if)#no shut
  D. ISP(config-if)#int f3/0 ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA2_Branch ISP(config-if)#ip address 172.16.200.2 255.255.255.0 ISP(config-if)#no shut
  A. ISP(config-if)#int f1/0 ISP(config-if)#ip vrf forwarding EA ISP(config-if)#description TO->EA2_Branch ISP(config-if)#ip add 172.16.200.2 255.255.255.0 ISP(config-if)#no shut

• Question 693:

  Select three benefits of setting up a MPLS Network from the below options. (Choose three.)

  A. Connection less Service
  B. Security as good as connection-oriented VPNs
  C. Provides IPS level intelligence to filter packets.
  D. Integrated QoS support
  E. All variations of Static routes are supported
  A. Connection less Service
  B. Security as good as connection-oriented VPNs
  D. Integrated QoS support

• Question 694:

  SIMULATION

  

  Guidelines

  This is a lab item in which tasks will be performed on virtual devices.

  1. Refer to the Tasks tab to view the tasks for this lab item.

  2. Refer to the Topology tab to access the device console(s) and perform the tasks.

  3. Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

  4. All necessary preconfigurations have been applied.

  5. Do not change the enable password or hostname for any device.

  6. Save your configurations to NVRAM before moving to the next item.

  7. Click Next at the bottom of the screen to submit this lab and move to the next question.

  8. When Next is clicked, the lab closes and cannot be reopened.

  Topology

  

  Tasks

  Configure IPSec security policy on tunnel interfaces to ensure data confidentiality and integrity where mGRE tunnels are up and running between HUB and SPOKE routers.

  1. Configure the ISAKMP policy parameters with the following attributes: AES256 SHA256 Group2 lifetime 86400

  2. Ensure that GRE IP Header should be encrypted inside the IPSec packet. Verify IPSec security association and ISAKMP encrypted key. Use ISAKMP key "abc123".

  3. Configure a flexible ISAKMP Policy on the HUB to add peers that have the dynamic IP addresses where SPOKES must add HUB IP static entry using an encrypted key. Use a single command to configure it. Use IPSec phase-2 transform-set name as T-SET and IPSec Profile name as ’IPSEC-PROFILE’.

  

  A. See the solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the solution below in Explanation.

  ---

  

• Question 695:

  SIMULATION

  

  Guidelines

  This is a lab item in which tasks will be performed on virtual devices.

  1. Refer to the Tasks tab to view the tasks for this lab item.

  2. Refer to the Topology tab to access the device console(s) and perform the tasks.

  3. Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

  4. All necessary preconfigurations have been applied.

  5. Do not change the enable password or hostname for any device.

  6. Save your configurations to NVRAM before moving to the next item.

  7. Click Next at the bottom of the screen to submit this lab and move to the next question.

  8. When Next is clicked, the lab closes and cannot be reopened.

  Topology

  

  Tasks

  Troubleshoot R-WEST to achieve the desired results:

  1. All the commands should be locally saved to the router as well as sent to the Syslog server except passwords.

  2. All the Cisco OSPF LSA traps should be sent to the SNMP server.

  A. See the solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the solution below in Explanation.

  ---

  

• Question 696:

  Refer to the exhibit. An engineer must establish a point-to-point GRE VPN between R1 and the remote site. Which configuration accomplishes the task for the remote site?

  

  A. Interface Tunnel1 tunnel source 199.1.1.1 tunnel destination 200.1.1.3 ip address 192.168.1.3 255.255.255.0
  B. Interface Tunnel1 tunnel source 200.1.1.3 tunnel destination 199.1.1.1 ip address 192.168.1.1.255.255.255.0
  C. Interface Tunnel1 tunnel source 200.1.1.3 tunnel destination 199.1.1.1 ip address 192.168.1.3.255.255.255.0
  D. Interface Tunnel lunnel source 199.1.1.1 tunnel destination 200.1.1.3 ip address 192.168.1.1.255.255.255.0
  C. Interface Tunnel1 tunnel source 200.1.1.3 tunnel destination 199.1.1.1 ip address 192.168.1.3.255.255.255.0

  ---

• Question 697:

  Some of the technicians in your organization use the secure web interface to make some of the configurations changes on the router R68. Today it was reported that a technician could not make a connection to the secure web server. You execute a show run command on R68 and receive the following output:

  

  What must the technician do to make the connection to the secure web interface?

  A. specify port 443 in the command
  B. specify port 1025 in the command
  C. disable the HTTP server first
  D. enable the secure server
  B. specify port 1025 in the command

  ---

  The partial output of the show run command indicates that the port number of the HTTPS interface has been changed to 1025. This is indicted by the presence of this command in the configuration:

  ip http secure-port 1025

  That is not the default port configuration of 443. Therefore, anyone wishing to connect to the secure server will need to reference the new port number in the command. If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format:

  https://device:port_number

  In this syntax, port_number is the HTTPS port number.

  It will not help for the technician to reference port 443 in the command, because that is no longer the port number of the secure server. It is now 1025.

  It is not required to disable the HTTP server to use the HTTPS server, although it is a best practice to do so.

  There is no need to enable the secure server. We can see it has been enabled by the presence of this command in the configuration:

  ip http secure-server

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify device management

  References:

  Cisco IOS HTTP Services Command Reference > clear ip http client cookie through show ip http server secure status > ip http secure-port

• Question 698:

  A network administrator is troubleshooting a high utilization issue on the route processor of a router that was reported by NMS. The administrator logged into the router to check the control plane policing and observed that the BGP process is dropping a high number of routing packets and causing thousands of routes to recalculate frequently. Which solution resolves this issue?

  A. Police the pir for BGP, conform action set-prec-transmit, and exceed action set-clp-transmit.
  B. Police the cir for BGP, conform action transmit, and exceed action transmit
  C. Shape the cir for BGP, conform-action transmit and exceed action transmit
  D. Shape the pir for BGP, conform-action set-prec-transmit, and exceed action set-frde-transmit.
  B. Police the cir for BGP, conform action transmit, and exceed action transmit

  ---

  CIR (Committed Information Rate) is the minimum guaranteed traffic delivered in the network.

  PIR (Peak Information Rate) is the top bandwidth point of allowed traffic in a non busy times without any guarantee.

  +

  Policing: is used to control the rate of traffic flowing across an interface. During a bandwidth exceed (crossed the maximum configured rate), the excess traffic is generally dropped or remarked. The result of traffic policing is an output rate that appears as a saw-tooth with crests and troughs. Traffic policing can be applied to inbound and outbound interfaces. Unlike traffic shaping, QoS policing avoids delays due to queuing. Policing is configured in bytes.

  +

  Shaping: retains excess packets in a queue and then schedules the excess for later transmission over increments of time. When traffic reaches the maximum configured rate, additional packets are queued instead of being dropped to proceed later. Traffic shaping is applicable only on outbound interfaces as buffering and queuing happens only on outbound interfaces. Shaping is configured in bits per second.

  Therefore in this case we can only policing, not shaping as traffic shaping is applicable only on outbound interfaces as buffering and queuing happens only on outbound interfaces. Moreover, BGP traffic is not important so we can drop the excess packets without any problems.

  And we only policing the PIR traffic so that the route processor is not overwhelmed by BGP calculation.

  Note: The "set-prec-transmit" is the same as "transmit" command except it sets the IP Precedence level as well. The "set-clp-transmit" sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet.

• Question 699:

  You have implemented the following IP SLA configuration, as shown in the following partial output of the show run command:

  ip sla 1 dns cow.cisco.com name-server 10.52.128.30 ip sla schedule 1 start-time now

  Which of the following statements is true of this configuration?

  A. it will find the response time to resolve the DNS name cow.cisco.com
  B. it will find the response time to connect to the DNS server at 10.52.128.30
  C. it will start in one minute
  D. it will gather data from one minute
  A. it will find the response time to resolve the DNS name cow.cisco.com

  ---

  It will find the response time to resolve the DNS name cow.cisco.com. Domain Name System (DNS) response time is computed by calculating the difference between the time taken to send a DNS request and the time a reply is received. The Cisco IOS IP SLAs DNS operation queries for an IP address if the user specifies a hostname, or queries for a hostname if the user specifies an IP address.

  It will not find the response time to connect to the DNS server at 10.52.128.30. That is the IP address of the DNS server being used for the operation (10.52.128.30). However, it will measure the response time to resolve the DNS name cow.cisco.com.

  It will not start in one minute. It will start immediately, as indicated by the start-time now parameter.

  It will not gather data for one minute. The numeral 1 in the first line refers to the IP SLA number, and the numeral 1 in the last line refers to the IP SLA number to be scheduled.

  Objective:

  Infrastructure Services

  Sub-Objective:

  Configure and verify IP SLA

  References:

  Home > Support > Technology support > IP > IP application services > Technology information > Technology white paper > Cisco IOS IP Service Level Agreements User Guide

• Question 700:

  How do devices operate in MPLS L3VPN topology?

  A. P and associated PE routers with IGP populate the VRF table in different VPNs.
  B. CE routers connect to the provider network and perform LSP functionality
  C. P routers provide connectivity between PE devices with MPLS switching.
  D. P routers support PE to PE VPN tunnel without LSP functionality
  C. P routers provide connectivity between PE devices with MPLS switching.

  ---