Cisco ENCOR 350-401 Exam Questions and Answers - Page 2 - Page 7 of 10

The latest Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 exam and earn Cisco CCNP and CCIE Enterprise Core: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) 350-401 certification.

Exam Question 161

RouterA’s Serial 0/0 interface is connected to RouterB. RouterA’s Serial 0/1 interface is connected to RouterC. You issue the debug ppp authentication on RouterA and then transition all connected interfaces to the up state.

Next, you issue the show debug condition command on RouterA and receive the following output:

Next, you issue the show debug condition command on RouterA and receive the following output.

Using the least amount of administrative effort, which of the following should you issue to receive PPP authentication debug output from both RouterB and RouterC? (Select the best answer.)

A. no debug alldebug condition interface serial 0/0 -0/1 debug condition username JohnnyB debug ppp authentication
B. debug condition interface serial 0/1
C. no debug alldebug condition interface serial 0/0 debug condition interface serial 0/1 debug condition username JohnnyB debug ppp authentication
D. no debug condition interface all
Correct Answer:
B. debug condition interface serial 0/1
Answer Description:
You should issue the debug condition interface serial 0/1 command on RouterA to receive PointtoPoint (PPP) authentication debug output from both RouterB and RouterC by using the least amount of administrative effort. The debug condition interface interface command limits debug messaging output to only enabled debugging that applies to the specified interface. Issuing the debug condition interface serial 0/0command and the debug condition username JohnnyB command followed by the debug ppp authentication command in this scenario causes the debug output to consist of PPP authentication messages, but only if those messages also apply to the router’s Serial 0/0 interface or include the user name of JohnnyB.

Based on the output of the show debug condition command in this scenario, you can determine that PPP authentication output is only displayed if it occurs on the Serial 0/0 interface, which is connected to RouterB, or if it includes a user name of JohnnyB. In addition, you can determine that both the Serial 0/0 interface and the user name JohnnyB have already triggered flags a single time each. Therefore, it is likely that PPP authentication has occurred on the Serial 0/0 interface and included the user name JohnnyB.

The debug condition interface command accepts only one interface per line. However, it is not necessary to configure all interface conditions in a sequential fashion before enabling debugging. Therefore, issuing only the debug condition interface serial 0/1command will produce the results you require in this scenario by using the least amount of administrative effort.

Configuring a series of debug condition interface interface commands limits debug message output to the series of specified interfaces. The debug output need match only one of the interface conditions to be displayed. For example, you could issue the following commands on RouterA to ensure that PPP authentication debug messages that apply to either the Serial 0/0 interface or the Serial 0/1 interface are displayed on the router:

RouterA#debug condition interface serial 0/0
RouterA#debug condition interface serial 0/1
RouterA#debug ppp authentication

After issuing the commands above, you could further limit the PPP authentication debug output by issuing the no debug condition interface interface command. For example, issuing the no debug condition interface serial 0/0 command would remove the Serial 0/0 interface condition from the debugging output, which means that only PPP authentication messages that apply to the Serial 0/1 interface would be displayed.

The debug condition {username username | called dialstring | callerdialstring} command enables you to limit the output of debugging messages by user name, calling party number, or called party number. Applying only one of those conditions to debugging output stops the output of debug messages on all interfaces. The router will then monitor each interface for a condition match. If a match occurs, debug messages will be displayed for that match. In this scenario, the debug condition username RouterB command will display output when an interface sends or receives a PPP authentication packet that contains the user name RouterB. However, because you have also issued the debug condition interface serial 0/0 command and the debug condition interface serial 0/1 command, PPP authentication messages that apply to either of those interfaces will be displayed even if the RouterB user name is not matched.

It is not necessary to issue the no debug condition interface all command in this scenario, because this command would remove all existing interface conditions. After that command is issued, all PPP authentication debugging messages would be displayed unless you also issued the no debug ppp authentication command or the no debug allcommand. This would require you to reissue the debug condition interface serial 0/0command in addition to issuing the debug condition interface serial 0/1 command, which increases administrative effort.

There is no need to issue the no debug all command in this scenario, because you can add debug conditions to an existing debugging process. Issuing the no debug allcommand would disable the debugging process that is already running.

You do not need to issue the debug condition interface serial 0/0 command or the debug condition username JohnnyB command in this scenario. Both of these commands have already been issued, as you can determine by the output of the show debug condition command. Reissuing these command would cause the router to produce the % Condition already set message.

Issuing the debug condition interface serial 0/0 -0/1 would not meet the requirements in this scenario. This command contains invalid syntax.

Exam Question 162

You issue the ping 192.168.1.1 size 1600 command on a Cisco device that is configured with the default system MTU. All pings succeed.
Which of the following is most likely true? (Select the best answer.)

A. The interface is configured with an MTU of at least 1,600.
B. The pings were sent to the destination in a fragmented fashion.
C. The DF bit has been enabled, causing the pings to succeed.
D. The datagram size specified is below the default MTU value.
Correct Answer:
B. The pings were sent to the destination in a fragmented fashion.
Answer Description:
Most likely, the pings were sent to the destination in a fragmented fashion because the IP version 4 (IPv4) donotfragment bit, or DF bit, has not been set in this scenario. By default, packet fragmentation is used to enable oversized packets to traverse the network in chunks that are smaller than the configured maximum transmission unit (MTU.) Enabling the DF bit configures the ping command to attempt to send packets of a given size without fragmentation. By repeatedly pinging a destination device with smaller and smaller datagram sizes, you can determine the MTU.

The ping command supports the ability to modify the size of the datagram that it transmits as well as the ability to enable the DF bit, which is disabled by default. You can configure extended ping features either by issuing the ping command without parameters, which causes the ping command to display a series of configuration prompts, or by specifying parameters on the command line along with the ping command. For example, the ping 192.168.1.1 size 1500 dfbit command configures an extended ping with a destination IP address of 192.168.1.1, a datagram size of 1,500 bytes, and an enabled DF bit. On a connection with an MTU of 1,500 bytes, this ping succeeds, as shown in the following output:

Based on the output, you can determine that the ping succeeded. You can also determine that the DF bit is, indeed, enabled. However, issuing the ping 192.168.1.1 size 1501 dfbit command on the same device results in a failure, as shown in the following output:

In the output above, issuing the ping 192.168.1.1 size 1501 dfbit command results in a ping failure because the MTU is configured to 1,500 bytes and the DF bit is set. If you were to issue the same command without the dfbit parameter, the ping would succeed because the ping command is allowing the datagram to be fragmented, as shown in the following output:

The interface is not configured with an MTU value of at least 1,600 in this scenario. In addition, the datagram size specified is not below the default MTU value on a Cisco device. By default, a Cisco device has a system MTU of 1,500 bytes. In this scenario, you have issued the ping 192.168.1.1 size 1600 command on a device that is configured with the system default MTU.

The DF bit has not been enabled in this scenario. In order to enable the DF bit, you should issue the ping command with the dfbit parameter.

Exam Question 163

You administer the network in the following exhibit:

All routers are configured to the system MTU defaults.
You issue the ping 192.168.1.2 size 1500 dfbit command from RouterB, but the ping fails.
Which of the following is most likely the cause of the failure? (Select the best answer.)

A. The GRE tunnel MTU is 1,476.
B. The system default MTU is 1,400.
C. The DF bit is not enabled.
D. The GRE tunnel does not support fragmented datagrams.
Correct Answer:
A. The GRE tunnel MTU is 1,476.
Answer Description:
Most likely, the Generic Routing Encapsulation (GRE) tunnel maximum transmission unit (MTU) is 1,476 if the ping fails in this scenario. By default, Cisco routers are configured with a system MTU of 1,500 bytes, which includes a 20byte IP header and 1,480 bytes of payload. The ping 192.168.1.2 size 1500 dfbit command in this scenario attempts to send a datagram of 1,500 bytes to a destination address of 192.168.1.2 without fragmenting the datagram into smaller pieces.

In this scenario, the donotfragment, or DF bit, has been enabled with the pingcommand. When the DF bit is set, the device attempts to send packets without fragmentation. If the packet is larger than the MTU, the attempt will fail. Because the GRE tunnel’s MTU supports a maximum of 1,476 bytes, a ping with a size of 1,500 bytes that does not permit fragmentation will fail.

GRE tunnels add a 24byte header to an IP packet. However, a default GRE tunnel MTU is 24 bytes smaller than the MTU of the physical interface. When the DF bit is not set, an unencapsulated 1,500byte packet would be split into two unencapsulated packets: a 1,476byte packet and a 44byte packet, prior to being transported across the tunnel. This process enables each fragment of the packet to include the 24byte GRE header when it traverses the physical interface that is being used as the tunnel’s source. The total sizes of the packet fragments that traverse the physical interface thus become 1,500 bytes and 68 bytes, respectively.

The DF bit is enabled in this scenario. The ping command supports the ability to modify the size of the datagram it transmits as well as the ability to enable the DF bit, which is disabled by default. You can configure extended ping features either by issuing the pingcommand without parameters, which causes the ping command to display a series of configuration prompts, or by specifying parameters on the command line along with the ping command. For example, the ping 192.168.1.1 size 1500 dfbit command configures an extended ping with a destination IP address of 192.168.1.1, a datagram size of 1,500 bytes, and an enabled DF bit.

The system default MTU on Cisco devices is 1,500, not 1,400. Therefore, a system default MTU of 1,400 is not causing the failure in this scenario. In addition, GRE tunnels do support fragmented datagrams.

Exam Question 164

Which of the following statements is true regarding OSPF connections over a virtual link? (Select the best answer.)

A. Traffic is encapsulated and decapsulated by tunnel endpoints.
B. Packets contain additional overhead because of tunnel headers.
C. The transit area can be a stub area.
D. Only routing updates are tunneled.
Correct Answer:
D. Only routing updates are tunneled.
Answer Description:
Only routing updates are tunneled when an Open Shortest Path First (OSPF) connection is formed over a virtual link. All other traffic is sent natively over the physical links. An OSPF virtual link is useful for the following situations:

Connecting a remote area to the backbone area through a standard area
Connecting discontiguous backbone areas

All areas in an OSPF internetwork must be directly connected to the backbone area, Area 0. When a direct connection to the backbone area is not possible, a virtual link must be created between two area border routers (ABRs) to connect the remote area to the backbone area through a transit area. The following restrictions apply to virtual links:

The routers at each end of the virtual link must share a common area.
The transit area cannot be a stub area.
One of the routers at either end of the virtual link must connect to the backbone area.

Area 0 must be contiguous. The loss of a router or the loss of a link between two routers can cause Area 0 to become discontiguous, or partitioned. A virtual link can be created to connect the discontiguous sections of the Area 0 backbone across a transit area. To connect a discontiguous backbone, the routers at each end of the virtual link must connect to the backbone area and the transit area.

It is important to note that adjacencies formed over virtual links are not visible in the output of the show ip ospf neighbors command. In order to verify that an OSPF adjacency has formed over a virtual link, you can examine the output of the show ip ospf virtuallinks command.

Generic Routing Encapsulation (GRE) tunnels can be used instead of virtual links to form OSPF connections between discontiguous backbone areas or to connect a remote area to the backbone area through a standard area. Unlike virtual links, a GRE tunnel encapsulates and decapsulates all traffic at the tunnel endpoints, including the routing updates. GRE tunnels can also transit a stub area. However, GRE tunnels create additional headers, adding overhead to the traffic.

It is important to note that an adjacency can only remain stable over a GRE tunnel if the destination remains reachable through the tunnel. If the OSPF neighbor is not reachable through the tunnel, OSPF will drop the adjacency.

Exam Question 165

Which of the following statements is true regarding OSPF connections over a GRE tunnel? (Select the best answer.)

A. Traffic is encapsulated and decapsulated by tunnel endpoints.
B. Tunnel headers do not create any additional overhead.
C. The transit area cannot be a stub area.
D. Only routing updates are tunneled.
Correct Answer:
A. Traffic is encapsulated and decapsulated by tunnel endpoints.
Answer Description:
Traffic is encapsulated and decapsulated by tunnel endpoints when Open Shortest Path First (OSPF) connections are formed over a Generic Routing Encapsulation (GRE) tunnel. All areas in an OSPF internetwork must be directly connected to the backbone area, Area 0. When a direct connection to the backbone area is not possible, a GRE tunnel or a virtual link can be created between two area border routers (ABRs) to connect the remote area to the backbone area through a transit area.

However, there are some important differences between the two methods. Unlike virtual links, a GRE tunnel encapsulates and decapsulates all traffic at the tunnel endpoints, including the routing updates. GRE tunnels can also transit a stub area. However, GRE tunnels create additional headers, adding overhead to the traffic. It is important to note that an adjacency can only remain stable over a GRE tunnel if the destination remains reachable through the tunnel. If the OSPF neighbor is not reachable through the tunnel, OSPF will drop the adjacency.

Only routing updates are tunneled when an OSPF connection is formed over a virtual link. All other traffic is sent natively over the physical links. The following restrictions apply to virtual links:

The routers at each end of the virtual link must share a common area.
The transit area cannot be a stub area.
One of the routers at either end of the virtual link must connect to the backbone area.

Exam Question 166

Which of the following does not cause a GRE tunnel endpoint on a Cisco device to enter the Up/down state? (Select the best answer.)

A. There is no route to the tunnel destination address.
B. No IP address has been configured on the tunnel interface.
C. The tunnel destination address lies through the tunnel itself.
D. The tunnel source is a loopback interface.
Correct Answer:
D. The tunnel source is a loopback interface.
Answer Description:
A tunnel source that is a loopback interface will not cause a Generic Routing Encapsulation (GRE) tunnel endpoint on a Cisco device to enter the Up/down state. GRE tunnel interfaces support loopback interfaces as source addresses and IP addresses on loopback interfaces as destination addresses, as long as the destination address is reachable by the source device. Interface states and line protocol states are often presented as a single connection state separated by a slash. The state preceding the slash represents the interface state. The state succeeding the slash represents the line protocol state. In order for the line protocol state to be up, the interface state must also be up.

A GRE tunnel can exist in one of the following four states:

Administratively down/down
Reset/down
Up/down
Up/up

A tunnel in the Administratively down/down state has been configured with the shutdown command. By default, a tunnel interface automatically transitions to the upstate when it is created. Therefore, it is not normally necessary to issue the no shutdowncommand to bring a tunnel interface up unless you have previously issued the shutdown command.

A tunnel in the Reset/down state is typically transiting through that state because a software interface reset has occurred. Software resets can happen if the tunnel is misconfigured. For example, a software reset might occur if a tunnel interface has been configured to use its own IP address as a next hop.

A tunnel in the Up/down state indicates that the tunnel interface is configured but something is interfering with the line protocol. This state commonly occurs when the tunnel interface is configured to use an incorrect destination address or when the physical interface has no route to the tunnel’s destination address. It can also occur if the tunnel destination address lies through the tunnel itself.

A tunnel in the Up/up state indicates that both the tunnel interface and the line protocol are up and functional. If something is preventing communication between endpoints on opposite ends of the tunnel and the tunnel is in the Up/up state on each end, you should continue troubleshooting beyond the tunnel configuration.

Exam Question 167

Which of the following cannot be used to connect an OSPF nonbackbone area to the backbone area? (Select the best answer.)

A. a GRE tunnel that connects to the OSPF backbone area
B. a virtual link that connects to the OSPF backbone area
C. a configuration that redistributes the two OSPF areas into another protocol
D. a direct connection to the OSPF backbone area
Correct Answer:
C. a configuration that redistributes the two OSPF areas into another protocol
Answer Description:
A configuration that redistributes the two Open Shortest Path First (OSPF) areas into another protocol cannot be used to connect an OSPF nonbackbone area to the backbone area. Redistribution can be used to enable devices in two separate autonomous systems (ASes) to connect and communicate. Therefore, you could enable communication between two separate OSPF configurations by redistributing traffic into another protocol that bridges the two ASes. However, you cannot use redistribution to enable an OSPF connection between a nonbackbone area and a backbone area in a single AS.

You can use a direct connection to the OSPF backbone area to connect an OSPF nonbackbone area to the backbone area. All areas in an OSPF internetwork must be directly connected to the backbone area, Area 0. When a direct connection to the backbone area is not possible, either a virtual link or a Generic Routing Encapsulation (GRE) tunnel must be created between two area border routers (ABRs) to connect the remote area to the backbone area through a transit area. Although it is possible to use either a virtual link or a GRE tunnel to accomplish this task, there are some important differences between the two methods.

Traffic is encapsulated and decapsulated by tunnel endpoints when OSPF connections are formed over a GRE tunnel. All areas in an OSPF internetwork must be directly connected to the backbone area, Area 0. When a direct connection to the backbone area is not possible, a GRE tunnel or a virtual link can be created between two ABRs to connect the remote area to the backbone area through a transit area.

You can use a virtual link that connects to the backbone area. However, only routing updates are tunneled when an OSPF connection is formed over a virtual link. All other traffic is sent natively over the physical links. The following restrictions apply to virtual links:

The routers at each end of the virtual link must share a common area.
The transit area cannot be a stub area.
One of the routers at either end of the virtual link must connect to the backbone area.

You can use a GRE tunnel that connects to the backbone area. Unlike virtual links, a GRE tunnel encapsulates and decapsulates all traffic at the tunnel endpoints, including the routing updates. GRE tunnels can also transit a stub area. However, GRE tunnels create additional headers, adding overhead to the traffic. It is important to note that an adjacency can only remain stable over a GRE tunnel if the destination remains reachable through the tunnel. If the OSPF neighbor is not reachable through the tunnel, OSPF will drop the adjacency.

Exam Question 168

A GRE tunnel is configured between RouterB and RouterC. The GRE tunnel sources on each router are loopback interface IP addresses. The GRE tunnel destinations on each router are publicly routable IP addresses and are accessible by each tunnel source router.
After you attempt to bring up the tunnel, which of the following states will the tunnel endpoint on RouterB most likely enter? (Select the best answer.)

A. Administratively down/down
B. Down/up
C. Reset/down
D. Up/down
E. Up/up
Correct Answer:
E. Up/up
Answer Description:
Most likely, the tunnel endpoint on RouterB will enter the Up/up state in this scenario. GRE tunnels can use loopback interfaces as source interfaces. In addition, the destination IP addresses in this scenario are publicly routable and accessible by the sources. Interface states and line protocol states are often presented as a single connection state separated by a slash. The state preceding the slash represents the interface state. The state succeeding the slash represents the line protocol state. In order for the line protocol state to be up, the interface state must also be up.

A GRE tunnel can exist in one of the following four states:

Administratively down/down
Reset/down
Up/down
Up/up

Exam Question 169

You issue the show ip ospf neighbor command on a Cisco router. The router’s OSPF neighbor state is FULL/-.
Which of the following is most likely true about the OSPF router? (Select the best answer.)

A. It is the DR.
B. It is the BDR.
C. It is on a multiaccess network.
D. It is on a pointtopoint network.
E. It is not capable of forming a neighbor relationship.
Correct Answer:
D. It is on a pointtopoint network.
Answer Description:
Most likely, the router is on a pointtopoint network if the output of the show ip ospf neighbor command reveals that the router’s Open Shortest Path First (OSPF) state is FULL/-. This output indicates that the router has formed a full adjacency with its neighbor but that the neighbor is neither a designated router (DR) nor a backup DR (BDR). OSPF routers that are connected in a pointtopoint fashion do not elect a DR or BDR. If the OSPF neighbor were not on a pointtopoint network and the network had converged without error, the neighbor state would most likely be one of the following:

FULL/DR
FULL/BDR
2WAY/DROTHER

On a multiaccess network, OSPF routers exchange databases only with the DR and BDR, which helps prevent congestion. Therefore, routers with a 2WAY/DROTHER state do not exchange full databases with those neighbors.

The router is not only capable of forming a neighbor relationship, but has formed a relationship with its neighbor. On a pointtopoint OSPF network, a neighbor state of FULL/-indicates that the OSPF neighbors have formed a full adjacency and are thus capable of exchanging their entire databases.

The router is neither the DR nor the BDR. In addition, the router is not on a multiaccess network. OSPF routers in each multiaccess network segment elect a DR and a BDR. The DR generates linkstate advertisements (LSAs) that contain OSPF routing information, and the BDR takes over for the DR if the DR fails. Because only the DR and BDR generate LSAs, network bandwidth is conserved. The DR is typically the router with the highest OSPF priority, and the BDR is typically the router with the secondhighest OSPF priority. If priorities are equal between two or more routers, the router with the highest router ID will be elected. OSPF priorities can range from 0 through 255; the default OSPF priority is 1. A router with a priority of 0 will never become the DR or BDR. A router that is not the DR or BDR will display a state of DROTHER.

Exam Question 170

Which of the following would be displayed when you issue the show ip eigrp interfacescommand? (Select the best answer.)

A. the number of EIGRP peers per interface
B. the IP addresses of EIGRP peers on each interface
C. the uptime for active neighbors on a particular interface
D. the FD to a network from an interface
Correct Answer:
A. the number of EIGRP peers per interface
Answer Description:
The number of Enhanced Interior Gateway Routing Protocol (EIGRP) peers per interface would be displayed when you issue the show ip eigrp interfaces command. The show ip eigrp interfaces command will also display information regarding EIGRPspecific settings and statistics on interfaces in which EIGRP is active. You can include a specific interface in the command to ensure that only information for that interface will be displayed? otherwise, information for all active EIGRP interfaces will be returned. The following displays sample output from the show ip eigrp interfaces command:

This output contains information such as the elapsed time required for a packet to travel roundtrip through an interface and the number of directly connected neighbors. In addition, the output contains information about the EIGRP multicast flow timer.

The IP address of EIGRP peers on each interface and the uptime for active neighbors on a particular interface are not displayed when you issue the show ip eigrp interfaces command. There are multiple commands you could issue in order to find the IP address of EIGRP peers on each interface. For example, you could issue the show ip eigrp neighborscommand, which displays the autonomous system (AS) number for this neighbor pair and the uptime for active neighbors in addition to the peer’s IP address. You could also issue the show ip eigrp accounting command, which displays the number of prefixes learned by a source and the interface that received the information from the peer in addition to the peer’s IP address.

The feasible distance (FD) to a network from an interface is not displayed when you issue the show ip eigrp interfaces command. The topology table contains successors and feasible successors. Feasible successors are neighbors that are guaranteed to represent a loopfree path to a destination. To display the topology table, you should issue the show ip eigrp topology command. Each route contains two numbers inside parentheses. The first number is the FD, which is the total distance to the destination network through that nexthop router. The second number is the advertised distance (AD), also known as the reported distance (RD), which is the cost that the nexthop router has calculated for the route. The router with the lowest FD becomes the successor. The route through the successor is placed in the routing table and is used to route packets to the destination network.