CCIE SP Written Exam (Version 3.0)
Number: 350-029
Passing Score: 790
Time Limit: 120 min
File Version: 421Q+69
QUESTION 271
What protocol does an IP phone use to learn the voice VLAN ID it should use for voice traffic?
A. VTP
B. 802.1q
C. CDP
D. Skinny Station Protocol
Correct Answer: C
QUESTION 272
What is the relationship between the Domain Name System (DNS) and LDAP?
A. All the root DNS servers maintain information in a distributed LDAP tree.
B. DNS clients access DNS information by making LDAP queries to DNS servers.
C. An LDAP DN attribute is a Domain Name.
D. It is currently recommended to express DN as a sequence of Domain components
Correct Answer: D
QUESTION 273
What layer of the TMN (telecommunications management network) model does CTM fit into?
A. Network management layer
B. Element management layer
C. Business management layer
D. Network element layer
Correct Answer: B
QUESTION 274
What is TCI?
A. Tag Calling Interface
B. Tag Control Identifier
C. ToS Class Interface
D. Tag Control Information
Correct Answer: D
QUESTION 275
In the Apache Web Server configuration, the command KeepAlive ON is used to
A. Allow a CSS to probe the server
B.Allow a connection to be closed with a TCP RESET
C.Allow persistent connections
D. Allow the use of HTTP HEAD request
Correct Answer: C
QUESTION 276
How many token buckets are needed to support a multi-actions policer that meters conforming, exceeding and violating traffic?
A. 1
B. 3
C. 5
D. 2
E. 6
F. 4
Correct Answer: D
QUESTION 277
What are the differences between LLQ and CBWFQ? (Choose two.)
A. LLQ priority queue bandwidth is policed with a congestion aware policer.
B. With LLQ, bandwidth allocations for the priority queue and all the CBWFQ queues are configured using the priority command.
C. LLQ does not support WFQ on the default traffic class (class-default).
D. LLQ supports the addition of strict priority queuing.
E. LLQ is configured using MQC and CBWFQ is configured using the fair-queue command.
Correct Answer: AD
QUESTION 278
What is used to provide read access to QoS configuration and statistics information on Cisco platforms that support Modular QoS CLI (MQC)?
A. Cisco SDM QoS Wizard
B. Cisco AutoQoS
C. CDP
D. Cisco Class-Based QoS MIB.
E. Cisco NBAR Discovery
Correct Answer: D
QUESTION 279
As described in RFC 3270, short-pipe mode operation, the PE to CE egress polices are based upon:
A. customer marking
B. remarked IP tos value
C. Qos groups/discard class
D. innermost label exp value
E. MDRR quantam
F. topmost label exp value
Correct Answer: A
QUESTION 280
Select the statement that best describes "The cure for Amplification Principle" in the Internet domain, as explained in RFC 3429 (Internet Architectural Guidelines)
A. None of the above
B. Amplification is prevented if local changes have only a local effect as opposed to system in which local change have a global effect
C. Amplification is prevented if global changes have only a local effect as opposed to systems in which global changes have a local effect
D. Internet domain does not suffer from "The Amplification Principle" as BGP takes care of misbehaving advertisers
Correct Answer: B
QUESTION 281
A network administrator wants to detect a login attack against a router. What IOS command can make the attack recorded in syslog server?
A. Login detect login-failure log
B. none of the above
C. Logging detect fail-login
D. Login on-failure log
E. Logging login on-failure
Correct Answer: D
QUESTION 282
Which of the following IOS commands cause syslog messages to be stamped with time and dates?
A. logging datetime on
B. service timestamps log datetime
C. service logging datetime
D. logging timestamps on
E. logging trap datetime
Correct Answer: B
QUESTION 283
Which of the following statements regarding Selective Packet Discard (SPD) is correct?
A. Selective Packet Discard (SPD) is a mechanism to drop non-routing packets instead of routing packets when the process level queue is congested.
B. Selective Packet Discard (SPD) is a mechanism to drop normal IP packets instead of VOIP packets when the link is overloaded
C. None of above.
D. Selective Packet Discard (SPD) is a mechanism to drop Frame Relay frames with the DE bit set instead of Frame Relay frames DE bits without being set when
the link is overloaded
E. Selective Packet Discard (SPD) is a mechanism to drop packets with low IP precedence instead of packets with high IP precedence when the link is
overloaded
Correct Answer: A
QUESTION 284
In which modes does selective packet discard (SPD) operate? (Choose three.)
A. discard
B. random
C. normal
D. full
E. select
Correct Answer: BCD
QUESTION 285
Which of the following statements regarding Control Plane Policing (CoPP) is correct? (Choose three.)
A. Control Plane Policing (CoPP) addresses the need to protect the management planes, ensuring routing stability, availability, and critical packet delivery.
B. Control Plane Policing (CoPP) leverages MQC to define traffic classification criteria and to specify configurable policy actions for the classified traffic.
C. Control Plane Policing (CoPP) uses a dedicated "control-plane" command via the Modular QoS CLI (MQC) to provide filtering and rate limiting capabilities.
D. Control Plane Policing (CoPP) uses "service policy" command under relevant interfaces to filter DOS packet to protect routing packets.
E. Control Plane Policing (CoPP) protects the transit management and data traffic through the router.
Correct Answer: ABC
QUESTION 286
Which of the following comparison of Control Plane Policing (CoPP) with Receive ACL (RACL) is correct? (Choose two.)
A. CoPP protects against IP spoofing, RACL protects against DoS attacks.
B. CoPP can not use named access lists, RACL can use named access lists.
C. CoPP applies to a dedicated control plane interface, RACL applies to all interfaces.
D. CoPP needs a AAA server, RACL does not need a AAA server.
E. CoPP supports rate limits, RACL does not support rate limits.
Correct Answer: CE
QUESTION 287
How would you characterize the source and type in a denial of service attack on a router?
A. By perform a show ip interface to see the type and source of the attack based upon the access- list matches
B. By setting up an access-list to permit all ICMP, TCP, and UDP traffic with the log or log-input commands, then use the show access-list and show log
commands to determine the type and source of attack
C. By performing a show interface to see the transmitted load "txload" and receive load "rxload", if the interface utilization is not maxed out, there is no attack
underway
D. By applying an access-list to all incoming and outgoing interfaces, turning off route-cache on all interfaces, then, when telnetting into the router perform a
debug IP packet detail
Correct Answer: B
QUESTION 288
Which of the following descriptions about IP spoofing is correct?
A. IP destination address is forged
B. IP source address is forged
C. IP TCP destination port is forged
D. None of above
E. IP TCP source port is forged
Correct Answer: B
QUESTION 289
BCP (Best Common Practices) 38/RFC 2827 Ingress and Egress Packet Filtering would help mitigate what classification of attack?
A. Denial of service attack
B. Sniffing attack
C. Spoofing attack
D. Reconnaisance attack
E. Port Scan attack
Correct Answer: C
QUESTION 290
What are BCP 38 (Best Common Practices 38) / RFC 2827 Ingress Packet Filtering Principles? (Choose three.)
A. Filter Smurf ICMP packets.
B. Filter as close to the core as possible
C. Filter as close to the edge as possible
D. Filter as precisely as possible
E. Filter both source and destination where possible.
Correct Answer: CDE
QUESTION 291
Which of the following IOS commands can detect whether the SQL slammer virus propagates in your networks?
A. access-list 110 permit any any udp eq 69 log
B. access-list 100 permit any any udp eq 1434 log
C. access-list 110 permit any any udp eq 69
D. access-list 100 permit any any udp eq 1434
Correct Answer: B
QUESTION 292
Refer to the exhibit.
Inbound infrastructure ACLs are configured to protect the SP network. Which two types of traffic should be permitted in the infrastructure ACL? (Choose two.)
A. traffic destined for network of 172.30.0.0/16
B. traffic source from network of 172.30.0.0/16
C. traffic destined for network of 162.238.0.0/16
D. traffic source from network of 162.238.0.0/16
E. traffic destined for network of 232.16.0.0/16
Correct Answer: CE
QUESTION 293
Refer to the exhibit.
Inbound Infrastructure ACLs are configured to protect the SP network. Which three types of traffic should be filtered in the infrastructure ACLs? (Choose three.)
A. traffic from a source with an IP address that is within 239.255.0.0/16
B. FTP traffic destined for internal routers
C. IPsec traffic that at an internal router
D. traffic from a source with an IP address that is within 162.238.0.0/16
E. EBGP traffic that peers with edge routers
Correct Answer: ABD
QUESTION 294
What are two uRPF working modes? (Choose two.)
A. express mode
B. safe mode
C. loose mode
D. strict mode
E. tight mode
Correct Answer: CD
QUESTION 295
Which of the following IOS features can prevent IP spoofing attacks?
A. Unicast Reverse Path Forwarding (uRPF)
B. MPLS traffic Engineering
C. Cisco Express Forwarding
D. PPP over Ethernet
E. IS-IS routing
Correct Answer: A
QUESTION 296
What is a limitation of implementing uRPF?
A. Domain name must be defined.
B. MPLS LDP must be enabled.
C. BGP routing protocol must be running.
D. Symmetrical routing is required.
E. Named access-lists must be configured.
Correct Answer: D
QUESTION 297
Which of the following descriptions about uRPF loose mode is correct? (Choose two).
A. It is typically used on point-to-point interfaces where the same interface is used for both directions of packet flows; if the source address has a return route in
the FIB table, it is then checked against the adjacency table to ensure the same interface receiving the packet is the same interface used for the return path
B. If a packet fails the uRPF loose mode check, the packet is then transmitted and creates a log message
C. It is typically used on multipoint interfaces or on routers where asymmetrical routing is used (packets are received on one interface but the return path is not on
the same interface); loose mode verifies a source address by looking in forwarding information base(FIB).
D. If a packet fails the uRPF loose mode check, the packet is then dropped
Correct Answer: CD
QUESTION 298
What Cisco IOS feature examines packets received to make sure that the source address and interface are in the routing table and match the interface that the packet was received on?
A. MPLS Traffic Engineering
B. Receive ACL
C. Unicast RPF
D. Authentication
E. Dynamic access-lists
Correct Answer: C
QUESTION 299
Which statement about SNMP is true?
A. SNMP version 2 uses a proxy agent to forward GetNext message to SNMP version 3.
B. SNMP version 2 supports message integrity to ensure that a packet has not been tampered with in transit.
C. Proxy agents were used only in SNMP version 1.
D. SNMP version 3 supports encryption and SNMP version 2 support authentication.
E. GetBulk messages are converted to GetNext messages by the proxy agent and are then forwarded to the SNMP version 1 agent.
Correct Answer: E
QUESTION 300
Which of the following statements about MD5 Routing Updates authentication is valid? (Select two)
A. The MD5 algorithm inputs the routing updates of arbitrary length and outputs a 128-bit hash
B. The MD5 algorithm inputs the routing updates of every 64bit length and outputs an 8-bit hash
C. Multiple keys are supported
D. Routing updates packets are delivered in encrypted messages
E. Shared secret keys are delivered in encrypted messages
Correct Answer: AC
What protocol does an IP phone use to learn the voice VLAN ID it should use for voice traffic?
A. VTP
B. 802.1q
C. CDP
D. Skinny Station Protocol
Correct Answer: C
QUESTION 272
What is the relationship between the Domain Name System (DNS) and LDAP?
A. All the root DNS servers maintain information in a distributed LDAP tree.
B. DNS clients access DNS information by making LDAP queries to DNS servers.
C. An LDAP DN attribute is a Domain Name.
D. It is currently recommended to express DN as a sequence of Domain components
Correct Answer: D
QUESTION 273
What layer of the TMN (telecommunications management network) model does CTM fit into?
A. Network management layer
B. Element management layer
C. Business management layer
D. Network element layer
Correct Answer: B
QUESTION 274
What is TCI?
A. Tag Calling Interface
B. Tag Control Identifier
C. ToS Class Interface
D. Tag Control Information
Correct Answer: D
QUESTION 275
In the Apache Web Server configuration, the command KeepAlive ON is used to
A. Allow a CSS to probe the server
B.Allow a connection to be closed with a TCP RESET
C.Allow persistent connections
D. Allow the use of HTTP HEAD request
Correct Answer: C
QUESTION 276
How many token buckets are needed to support a multi-actions policer that meters conforming, exceeding and violating traffic?
A. 1
B. 3
C. 5
D. 2
E. 6
F. 4
Correct Answer: D
QUESTION 277
What are the differences between LLQ and CBWFQ? (Choose two.)
A. LLQ priority queue bandwidth is policed with a congestion aware policer.
B. With LLQ, bandwidth allocations for the priority queue and all the CBWFQ queues are configured using the priority command.
C. LLQ does not support WFQ on the default traffic class (class-default).
D. LLQ supports the addition of strict priority queuing.
E. LLQ is configured using MQC and CBWFQ is configured using the fair-queue command.
Correct Answer: AD
QUESTION 278
What is used to provide read access to QoS configuration and statistics information on Cisco platforms that support Modular QoS CLI (MQC)?
A. Cisco SDM QoS Wizard
B. Cisco AutoQoS
C. CDP
D. Cisco Class-Based QoS MIB.
E. Cisco NBAR Discovery
Correct Answer: D
QUESTION 279
As described in RFC 3270, short-pipe mode operation, the PE to CE egress polices are based upon:
A. customer marking
B. remarked IP tos value
C. Qos groups/discard class
D. innermost label exp value
E. MDRR quantam
F. topmost label exp value
Correct Answer: A
QUESTION 280
Select the statement that best describes "The cure for Amplification Principle" in the Internet domain, as explained in RFC 3429 (Internet Architectural Guidelines)
A. None of the above
B. Amplification is prevented if local changes have only a local effect as opposed to system in which local change have a global effect
C. Amplification is prevented if global changes have only a local effect as opposed to systems in which global changes have a local effect
D. Internet domain does not suffer from "The Amplification Principle" as BGP takes care of misbehaving advertisers
Correct Answer: B
QUESTION 281
A network administrator wants to detect a login attack against a router. What IOS command can make the attack recorded in syslog server?
A. Login detect login-failure log
B. none of the above
C. Logging detect fail-login
D. Login on-failure log
E. Logging login on-failure
Correct Answer: D
QUESTION 282
Which of the following IOS commands cause syslog messages to be stamped with time and dates?
A. logging datetime on
B. service timestamps log datetime
C. service logging datetime
D. logging timestamps on
E. logging trap datetime
Correct Answer: B
QUESTION 283
Which of the following statements regarding Selective Packet Discard (SPD) is correct?
A. Selective Packet Discard (SPD) is a mechanism to drop non-routing packets instead of routing packets when the process level queue is congested.
B. Selective Packet Discard (SPD) is a mechanism to drop normal IP packets instead of VOIP packets when the link is overloaded
C. None of above.
D. Selective Packet Discard (SPD) is a mechanism to drop Frame Relay frames with the DE bit set instead of Frame Relay frames DE bits without being set when
the link is overloaded
E. Selective Packet Discard (SPD) is a mechanism to drop packets with low IP precedence instead of packets with high IP precedence when the link is
overloaded
Correct Answer: A
QUESTION 284
In which modes does selective packet discard (SPD) operate? (Choose three.)
A. discard
B. random
C. normal
D. full
E. select
Correct Answer: BCD
QUESTION 285
Which of the following statements regarding Control Plane Policing (CoPP) is correct? (Choose three.)
A. Control Plane Policing (CoPP) addresses the need to protect the management planes, ensuring routing stability, availability, and critical packet delivery.
B. Control Plane Policing (CoPP) leverages MQC to define traffic classification criteria and to specify configurable policy actions for the classified traffic.
C. Control Plane Policing (CoPP) uses a dedicated "control-plane" command via the Modular QoS CLI (MQC) to provide filtering and rate limiting capabilities.
D. Control Plane Policing (CoPP) uses "service policy" command under relevant interfaces to filter DOS packet to protect routing packets.
E. Control Plane Policing (CoPP) protects the transit management and data traffic through the router.
Correct Answer: ABC
QUESTION 286
Which of the following comparison of Control Plane Policing (CoPP) with Receive ACL (RACL) is correct? (Choose two.)
A. CoPP protects against IP spoofing, RACL protects against DoS attacks.
B. CoPP can not use named access lists, RACL can use named access lists.
C. CoPP applies to a dedicated control plane interface, RACL applies to all interfaces.
D. CoPP needs a AAA server, RACL does not need a AAA server.
E. CoPP supports rate limits, RACL does not support rate limits.
Correct Answer: CE
QUESTION 287
How would you characterize the source and type in a denial of service attack on a router?
A. By perform a show ip interface to see the type and source of the attack based upon the access- list matches
B. By setting up an access-list to permit all ICMP, TCP, and UDP traffic with the log or log-input commands, then use the show access-list and show log
commands to determine the type and source of attack
C. By performing a show interface to see the transmitted load "txload" and receive load "rxload", if the interface utilization is not maxed out, there is no attack
underway
D. By applying an access-list to all incoming and outgoing interfaces, turning off route-cache on all interfaces, then, when telnetting into the router perform a
debug IP packet detail
Correct Answer: B
QUESTION 288
Which of the following descriptions about IP spoofing is correct?
A. IP destination address is forged
B. IP source address is forged
C. IP TCP destination port is forged
D. None of above
E. IP TCP source port is forged
Correct Answer: B
QUESTION 289
BCP (Best Common Practices) 38/RFC 2827 Ingress and Egress Packet Filtering would help mitigate what classification of attack?
A. Denial of service attack
B. Sniffing attack
C. Spoofing attack
D. Reconnaisance attack
E. Port Scan attack
Correct Answer: C
QUESTION 290
What are BCP 38 (Best Common Practices 38) / RFC 2827 Ingress Packet Filtering Principles? (Choose three.)
A. Filter Smurf ICMP packets.
B. Filter as close to the core as possible
C. Filter as close to the edge as possible
D. Filter as precisely as possible
E. Filter both source and destination where possible.
Correct Answer: CDE
QUESTION 291
Which of the following IOS commands can detect whether the SQL slammer virus propagates in your networks?
A. access-list 110 permit any any udp eq 69 log
B. access-list 100 permit any any udp eq 1434 log
C. access-list 110 permit any any udp eq 69
D. access-list 100 permit any any udp eq 1434
Correct Answer: B
QUESTION 292
Refer to the exhibit.
A. traffic destined for network of 172.30.0.0/16
B. traffic source from network of 172.30.0.0/16
C. traffic destined for network of 162.238.0.0/16
D. traffic source from network of 162.238.0.0/16
E. traffic destined for network of 232.16.0.0/16
Correct Answer: CE
QUESTION 293
Refer to the exhibit.
A. traffic from a source with an IP address that is within 239.255.0.0/16
B. FTP traffic destined for internal routers
C. IPsec traffic that at an internal router
D. traffic from a source with an IP address that is within 162.238.0.0/16
E. EBGP traffic that peers with edge routers
Correct Answer: ABD
QUESTION 294
What are two uRPF working modes? (Choose two.)
A. express mode
B. safe mode
C. loose mode
D. strict mode
E. tight mode
Correct Answer: CD
QUESTION 295
Which of the following IOS features can prevent IP spoofing attacks?
A. Unicast Reverse Path Forwarding (uRPF)
B. MPLS traffic Engineering
C. Cisco Express Forwarding
D. PPP over Ethernet
E. IS-IS routing
Correct Answer: A
QUESTION 296
What is a limitation of implementing uRPF?
A. Domain name must be defined.
B. MPLS LDP must be enabled.
C. BGP routing protocol must be running.
D. Symmetrical routing is required.
E. Named access-lists must be configured.
Correct Answer: D
QUESTION 297
Which of the following descriptions about uRPF loose mode is correct? (Choose two).
A. It is typically used on point-to-point interfaces where the same interface is used for both directions of packet flows; if the source address has a return route in
the FIB table, it is then checked against the adjacency table to ensure the same interface receiving the packet is the same interface used for the return path
B. If a packet fails the uRPF loose mode check, the packet is then transmitted and creates a log message
C. It is typically used on multipoint interfaces or on routers where asymmetrical routing is used (packets are received on one interface but the return path is not on
the same interface); loose mode verifies a source address by looking in forwarding information base(FIB).
D. If a packet fails the uRPF loose mode check, the packet is then dropped
Correct Answer: CD
QUESTION 298
What Cisco IOS feature examines packets received to make sure that the source address and interface are in the routing table and match the interface that the packet was received on?
A. MPLS Traffic Engineering
B. Receive ACL
C. Unicast RPF
D. Authentication
E. Dynamic access-lists
Correct Answer: C
QUESTION 299
Which statement about SNMP is true?
A. SNMP version 2 uses a proxy agent to forward GetNext message to SNMP version 3.
B. SNMP version 2 supports message integrity to ensure that a packet has not been tampered with in transit.
C. Proxy agents were used only in SNMP version 1.
D. SNMP version 3 supports encryption and SNMP version 2 support authentication.
E. GetBulk messages are converted to GetNext messages by the proxy agent and are then forwarded to the SNMP version 1 agent.
Correct Answer: E
QUESTION 300
Which of the following statements about MD5 Routing Updates authentication is valid? (Select two)
A. The MD5 algorithm inputs the routing updates of arbitrary length and outputs a 128-bit hash
B. The MD5 algorithm inputs the routing updates of every 64bit length and outputs an 8-bit hash
C. Multiple keys are supported
D. Routing updates packets are delivered in encrypted messages
E. Shared secret keys are delivered in encrypted messages
Correct Answer: AC
沒有留言:
張貼留言