[2017 New] 2017 Lead2pass New Updated 300-101 Exam Questions (21-40)

2017 July Cisco Official New Released 300-101 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Are you interested in successfully completing the Cisco 300-101 Certification Then start to earning Salary? Lead2pass has leading edge developed Cisco exam questions that will ensure you pass this 300-101 exam! Lead2pass delivers you the most accurate, current and latest updated 300-101 Certification exam questions and available with a 100% money back guarantee promise!

 Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-101.html

QUESTION 21
Which statement is true about the PPP Session Phase of PPPoE?

A.    PPP options are negotiated and authentication is not performed.
Once the link setup is completed, PPPoE functions as a Layer 3 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
B.    PPP options are not negotiated and authentication is performed.
Once the link setup is completed, PPPoE functions as a Layer 4 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.
C.    PPP options are automatically enabled and authorization is performed.
Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be encrypted over the PPP link within PPPoE headers.
D.    PPP options are negotiated and authentication is performed.
Once the link setup is completed, PPPoE functions as a Layer 2 encapsulation method that allows data to be transferred over the PPP link within PPPoE headers.

Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn-cli/vpn-pppoe.html

QUESTION 22
Which type of traffic does DHCP snooping drop?

A.    discover messages
B.    DHCP messages where the source MAC and client MAC do not match
C.    traffic from a trusted DHCP server to client
D.    DHCP messages where the destination MAC and client MAC do not match

Answer: B
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

QUESTION 23
Refer to the exhibit. Which command only announces the 1.2.3.0/24 network out of FastEthernet 0/0?

 

A.    distribute list 1 out
B.    distribute list 1 out FastEthernet0/0
C.    distribute list 2 out
D.    distribute list 2 out FastEthernet0/0

Answer: D
Explanation:
Access list 2 is more specific, allowing only 1.2.3.0/24, whereas access list 1 permits all 1.0.0.0/8 networks. This question also asks us to apply this distribute list only to the outbound direction of the fast Ethernet 0/0 interface, so the correct command is “distribute list 2 out FastEthernet0/0.”

QUESTION 24
Which prefix is matched by the command ip prefix-list name permit 10.8.0.0/16 ge 24 le 24?

A.    10.9.1.0/24
B.    10.8.0.0/24
C.    10.8.0.0/16
D.    10.8.0.0/23

Answer: B
Explanation:
With prefix lists, the ge 24 term means greater than or equal to a /24 and the le 24 means less than or equal to /24, so only a /24 is both greater than or equal to 24 and less than or equal to 24. This translates to any prefix in the 10.8.x.0/24 network, where X is any value in the 0-255 range.
Only the choice of 10.8.0.0.24 matches this.

QUESTION 25
Router A and Router B are configured with IPv6 addressing and basic routing capabilities using OSPFv3. The networks that are advertised from Router A do not show up in Router B’s routing table. After debugging IPv6 packets, the message “not a router” is found in the output.
Why is the routing information not being learned by Router B?

A.    OSPFv3 timers were adjusted for fast convergence.
B.    The networks were not advertised properly under the OSPFv3 process.
C.    An IPv6 traffic filter is blocking the networks from being learned via the Router B interface that is connected to Router A.
D.    IPv6 unicast routing is not enabled on Router A or Router B.

Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/command/reference/ipv6_book/ipv6_16.html

QUESTION 26
After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of “FFFE” inserted into the address.
Based on this information, what do you conclude about these IPv6 addresses?

A.    IEEE EUI-64 was implemented when assigning IPv6 addresses on the device.
B.    The addresses were misconfigured and will not function as intended.
C.    IPv6 addresses containing “FFFE” indicate that the address is reserved for multicast.
D.    The IPv6 universal/local flag (bit 7) was flipped.
E.    IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled.

Answer: A
Explanation:
Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-Bit IP Version 6 interface identify them EUI-64). This feature is a key benefit over IPv4 as it eliminates the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the EUI-48 MAC address.
https://supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit-address

QUESTION 27
A packet capture log indicates that several router solicitation messages were sent from a local host on the IPv6 segment. What is the expected acknowledgment and its usage?

A.    Router acknowledgment messages will be forwarded upstream, where the DHCP server will allocate addresses to the local host.
B.    Routers on the IPv6 segment will respond with an advertisement that provides an external path from the local subnet, as well as certain data, such as prefix discovery.
C.    Duplicate Address Detection will determine if any other local host is using the same IPv6 address for communication with the IPv6 routers on the segment.
D.    All local host traffic will be redirected to the router with the lowest ICMPv6 signature, which is statically defined by the network administrator.

Answer: B
Explanation:
Router Advertisements (RA) are sent in response to router solicitation messages. Router solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled RA message. Given that router solicitation messages are usually sent by hosts at system startup (the host does not have a configured unicast address), the source address in router solicitation messages is usually the unspecified Ipv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface sending the router solicitation message is used as the source address in the message. The destination address in router solicitation messages is the all-routers multicast address with a scope of the link. When an RA is sent in response to a router solicitation, the destination address in the RA message is the unicast address of the source of the router solicitation message. RA messages typically include the following information:
One or more onlink Ipv6 prefixes that nodes on the local link can use to automatically configure their Ipv6 addresses
Lifetime information for each prefix included in the advertisement
Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed
Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time (in seconds) the router should be used as a default router)
Additional information for hosts, such as the hop limit and MTU a host should use in packets that it originates
http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6-addrg_bsc_con.html

QUESTION 28
A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions.
After doing this, the user is able to access company shares.
Which type of remote access did the engineer enable?

A.    EZVPN
B.    IPsec VPN client access
C.    VPDN client access
D.    SSL VPN client access

Answer: D
Explanation:
The Cisco AnyConnect VPN Client provides secure SSL connections to the security appliance for remote users. Without a previously installed client, remote users enter the IP address in their browser of an interface configured to accept SSL VPN connections. Unless the security appliance is configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.
After entering the URL, the browser connects to that interface and displays the login screen. If the user satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it downloads the client that matches the operating system of the remote computer. After downloading, the client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls itself (depending on the security appliance configuration) when the connection terminates.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

QUESTION 29
Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding?

A.    FlexVPN
B.    DMVPN
C.    GETVPN
D.    Cisco Easy VPN

Answer: B
Explanation:
Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on the standard protocols, GRE, NHRP and Ipsec. This DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including Ipsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub- and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.
DMVPN is combination of the following technologies:
http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network

QUESTION 30
A network engineer is configuring a solution to allow failover of HSRP nodes during maintenance windows, as an alternative to powering down the active router and letting the network respond accordingly. Which action will allow for manual switching of HSRP nodes?

A.    Track the up/down state of a loopback interface and shut down this interface during maintenance.
B.    Adjust the HSRP priority without the use of preemption.
C.    Disable and enable all active interfaces on the active HSRP node.
D.    Enable HSRPv2 under global configuration, which allows for maintenance mode.

Answer: A
Explanation:
The standby track command allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the line protocol of the specified interface goes down, the HSRP priority is reduced. This means that another HSRP router with higher priority can become the active router if that router has standby preempt enabled. Loopback interfaces can be tracked, so when this interface is shut down the HSRP priority for that router will be lowered and the other HSRP router will then become the active one.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13780-6.html

QUESTION 31
A network engineer is notified that several employees are experiencing network performance related issues, and bandwidth-intensive applications are identified as the root cause. In order to identify which specific type of traffic is causing this slowness, information such as the source/destination IP and Layer 4 port numbers is required.
Which feature should the engineer use to gather the required information?

A.    SNMP
B.    Cisco IOS EEM
C.    NetFlow
D.    Syslog
E.    WCCP

Answer: C
Explanation:
NetFlow Flows Key Fields
A network flow is identified as a unidirectional stream of packets between a given source and destination–both are defined by a network-layer IP address and transport-layer source and des–nation port numbers. Specifically, a flow is identified as the combination of the following key fields:
http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-4t/cfg-nflow-data-expt.html

QUESTION 32
An organization decides to implement NetFlow on its network to monitor the fluctuation of traffic that is disrupting core services. After reviewing the output of NetFlow, the network engineer is unable to see OUT traffic on the interfaces. What can you determine based on this information?

A.    Cisco Express Forwarding has not been configured globally.
B.    NetFlow output has been filtered by default.
C.    Flow Export version 9 is in use.
D.    The command ip flow-capture fragment-offset has been enabled.

Answer: A
Explanation:
https://blogs.manageengine.com/network-2/netflowanalyzer/2010/05/19/need-for-cef-in-netflow-data-export.html

QUESTION 33
A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered:

switch#show flow exporter Flow_Exporter-1

What is the expected output?

A.    configuration of the specified flow exporter
B.    current status of the specified flow exporter
C.    status and statistics of the specified flow monitor
D.    configuration of the specified flow monitor

Answer: B
Explanation:
show flow exporter exporter-name

Example:
Device# show flow exporter FLOW_EXPORTER-1

(Optional) Displays the current status of the specified flow exporter

http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-mt/cfg-de-fnflow-exprts.html

QUESTION 34
A company’s corporate policy has been updated to require that stateless, 1-to-1, and IPv6 to IPv6 translations at the Internet edge are performed.
What is the best solution to ensure compliance with this new policy?

A.    NAT64
B.    NAT44
C.    NATv6
D.    NPTv4
E.    NPTv6

Answer: E
Explanation:
NPTv6 provides a mechanism to translate the private internal organization prefixes to public globally reachable addresses. The translation mechanism is stateless and provides a 1:1 relationship between the internal addresses and external addresses. The use cases for NPTv6 outlined in the RFC include peering with partner networks, multi homing, and redundancy and load sharing.
http://www.cisco.com/c/dam/en/us/td/docs/solutions/SBA/August2012/Cisco_SBA_BN_IPv6AddressingGuide-Aug2012.pdf

QUESTION 35
Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.)

A.    DNS
B.    NAT
C.    port redirection
D.    stateless translation
E.    session handling

Answer: AB
Explanation:
Work Address Translation IPv6 to IPv4, or NAT64, technology facilitates communication between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously handling IPv4 address depletion. The DnS64 and NAT64 functions are completely separated, which is essential to the superiority of NAT64 over NAT-PT.
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676278.html

QUESTION 36
Which two methods of deployment can you use when implementing NAT64? (Choose two.)

A.    stateless
B.    stateful
C.    manual
D.    automatic
E.    static
F.    functional
G.    dynamic

Answer: AB
Explanation:
While stateful and stateless NAT64 perform the task of translating IPv4 packets into IPv6 packets and vice versa, there are important differences. The following table provides a high-level overview of the most relevant differences.
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/enterprise-ipv6-solution/white_paper_c11-676277.html

QUESTION 37
Which NetFlow component is applied to an interface and collects information about flows?

A.    flow monitor
B.    flow exporter
C.    flow sampler
D.    flow collector

Answer: A
Explanation:
Flow monitors are the NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.
http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030

QUESTION 38
Refer to the exhibit. Which statement about the output of the show flow-sampler command is true?

 

A.    The sampler matched 10 packets, each packet randomly chosen from every group of 100 packets.
B.    The sampler matched 10 packets, one packet every 100 packets.
C.    The sampler matched 10 packets, each one randomly chosen from every 100-second interval.
D.    The sampler matched 10 packets, one packet every 100 seconds.

Answer: A
Explanation:
The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode that Random Sampled NetFlow uses, incoming packets are randomly selected so that one out of each n sequential packets is selected on average for NetFlow processing.
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/nfstatsa.html#wp1084291

QUESTION 39
What is the result of the command ip flow-export destination 10.10.10.1 5858?

A.    It configures the router to export cache flow information to IP 10.10.10.1 on port UDP/5858.
B.    It configures the router to export cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.
C.    It configures the router to receive cache flow information from IP 10.10.10.1 on port UDP/5858.
D.    It configures the router to receive cache flow information about flows with destination IP 10.10.10.1 and port UDP/5858.

Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/12s_mdnf.html#wp1023091

QUESTION 40
Lab Simulation 1 – OSPF
Route.com is a small IT corporation that is attempting to implement the network shown in the exhibit. Currently the implementation is partially completed. OSPF has been configured on routers Chicago and NewYork. The S0/0 interface on Chicago and the S0/1 interface on NewYork are in Area 0. The loopback0 interface on NewYork is in Area 1.
However, they cannot ping from the serial interface of the Seattle router to the loopback interface of the NewYork router.
You have been asked to complete the implementation to allow this ping.
ROUTE.com’s corporate implementation guidelines require:

– The OSPF process ID for all routers must be 10.
– The routing protocol for each interface must be enabled under the routing process.
– The routing protocol must be enabled for each interface using the most specific wildcard mask possible.
– The serial link between Seattle and Chicago must be in OSPF area 21.
– OSPF area 21 must not receive any inter-area or external routes.

Network Information
Seattle

S0/0 192.168.16.5/30 – Link between Seattle and Chicago
Secret Password: cisco

Chicago

S0/0 192.168.54.9/30 – Link between Chicago and NewYork
S0/1 192.168.16.6/30 – Link between Seattle and Chicago Secre
Password: cisco

NewYork

S0/1 192.168.54.10/30 – Link between Chicago and NewYork
Loopback0 172.16.189.189
Secret Password: cisco

 

Answer:

Note: In actual exam, the IP addressing, OSPF areas and process ID, and router hostnames may change, but the overall solution is the same.
Seattle’s S0/0 IP Address is 192.168.16.5/30. So, we need to find the network address and wildcard mask of 192.168.16.5/30 in order to configure the OSPF.

IP Address: 192.168.16.5 /30
Subnet Mask: 255.255.255.252

Here subtract 252 from 2565, 256-252 = 4, hence the subnets will increment by 4.
First, find the 4th octet of the Network Address:

 
The 4th octet of IP address (192.168.16.5) belongs to subnet 1 (4 to 7).

Network Address: 192.168.16.4
Broadcast Address: 192.168.16.7

Lets find the wildcard mask of /30.
Subnet Mask: (Network Bits ¬1’s, Host Bits ¬ 0’s)
Lets find the wildcard mask of /30.

 

Now we configure OSPF using process ID 10 (note the process ID may change to something else in real exam).

Seattle> enable
Password:
Seattle# conf t
Seattle(config)# router ospf 10
Seattle(config-router)# network 192.168.16.4 0.0.0.3 area 21

One of the tasks states that area 21 should not receive any external or inter-area routes (except the default route).

Seattle(config-router)# area 21 stub
Seattle(config-router)# end
Seattle# copy run start

Chicago Configuration:

Chicago> enable
Password: cisco
Chicago# conf t
Chicago(config)# router ospf 10

We need to add Chicago’s S0/1 interface to Area 21

Chicago(config-router)# network 192.168.16.4 0.0.0.3 area 21

Again, area 21 should not receive any external or inter-area routes (except the default route).
In order to accomplish this, we must stop LSA Type 5 if we don’t want to send external routes. And if we don’t want to send inter-area routes, we have to stop LSA Type 3 and Type 4.
Therefore we want to configure area 21 as a totally stubby area.

Chicago(config-router)# area 21 stub no-summary
Chicago(config-router)# end
Chicago# copy run start

The other interface on the Chicago router is already configured correctly in this scenario, as well as the New York router so there is nothing that needs to be done on that router.

All Cisco 300-101 exam questions are the new checked and updated! In recent years, the 300-101 certification has become a global standard for many successful IT companies. Want to become a certified Cisco professional? Download Lead2pass 2017 latest released 300-101 exam dumps full version and pass 300-101 100%!

300-101 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDX0QwYXF1aXFINmM

2017 Cisco 300-101 exam dumps (All 403 Q&As) from Lead2pass:

http://www.lead2pass.com/300-101.html [100% Exam Pass Guaranteed]