♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-101 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-101 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-101-exam-dumps.html
Q41. What are the three modes of Unicast Reverse Path Forwarding?
A. strict mode, loose mode, and VRF mode
B. strict mode, loose mode, and broadcast mode
C. strict mode, broadcast mode, and VRF mode
D. broadcast mode, loose mode, and VRF mode
Answer: A
Explanation:
Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit
the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the
reachability of the source address in packets being forwarded. This capability can limit the appearance of
spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast
RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all
network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this
document. When administrators use Unicast RPF in strict mode, the packet must be received on the
interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may
drop legitimate traffic that is received on an interface that was not the router's choice for sending return
traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the
network. When administrators use Unicast RPF in loose mode, the source address must appear in the
routing table. Administrators can change this behavior using the allow-default option, which allows the use
of the default route in the source verification process. Additionally, a packet that contains a source address
for which the return route points to the Null 0 interface will be dropped. An access list may also be
specified that permits or denies certain source addresses in Unicast RPF loose mode. Care must be taken
to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of
this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern
when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain
asymmetric routing paths. Reference: http://www.cisco.com/web/about/security/intelligence/unicastrpf.
html
Q42. Which two actions must you perform to enable and use window scaling on a router? (Choose two.)
A. Execute the command ip tcp window-size 65536.
B. Set window scaling to be used on the remote host.
C. Execute the command ip tcp queuemax.
D. Set TCP options to "enabled" on the remote host.
E. Execute the command ip tcp adjust-mss.
Answer: A,B
Explanation:
The TCP Window Scaling feature adds support for the Window Scaling option in RFC 1323,
TCP Extensions for High Performance . A larger window size is recommended to improve TCP performance in network paths with large bandwidth-delay product characteristics that are called Long Fat
Networks (LFNs).
The TCP Window Scaling enhancement provides that support. The window scaling extension in Cisco IOS software expands the definition of the TCP window to 32 bits and then uses a scale factor to carry this 32-bit value in the 16-bit window field of the TCP header.
The window size can increase to a scale factor of 14. Typical applications use a scale factor of 3 when deployed in LFNs.
The TCP Window Scaling feature complies with RFC 1323. The larger scalable window size will allow TCP to perform better over LFNs.
Use the ip tcp window-size command in global configuration mode to configure the TCP window size. In order for this to work, the remote host must also support this feature and its window size must be increased.
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/
configuration/12-4t/iap-12- 4t-book/iap-tcp.html#GUID-BD998AC6-F128-47DD-B5F7-B226546D4B08
Q43. A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable?
A. EZVPN
B. IPsec VPN client access
C. VPDN client access
D. SSL VPN client access
Answer: D
Explanation:
The Cisco AnyConnect VPN Client provides secure SSL connections to the security
appliance for remote users. Without a previously installed client, remote users enter the IP address in their
browser of an interface configured to accept SSL VPN connections. Unless the security appliance is
configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.
After entering the URL, the browser connects to that interface and displays the login screen. If the user
satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it
downloads the client that matches the operating system of the remote computer. After downloading, the
client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls
itself (depending on the security appliance configuration) when the connection terminates. Reference:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next- generation-firewalls/100936-
asa8x-split-tunnel-anyconnect-config.html
Q44. CORRECT TEXT
You are a network engineer with ROUTE.com, a small IT company. ROUTE.com has two connections to the Internet; one via a frame relay link and one via an EoMPLS link. IT policy requires that all outbound HTTP traffic use the frame relay link when it is available. All other traffic may use either link. No static or default routing is allowed.
Choose and configure the appropriate path selection feature to accomplish this task. You may use the Test Workstation to generate HTTP traffic to validate your solution.
Answer: We need to configure policy based routing to send specific traffic along a path that is different from the best path in the routing table. Here are the step by Step Solution for this:
1) First create the access list that catches the HTTP traffic: R1(config)#access-list 101 permit tcp any any eq www
2) Configure the route map that sets the next hop address to be ISP1 and permits the rest of the traffic: R1(config)#route-map pbr permit 10
R1(config-route-map)#match ip address 101
R1(config-route-map)#set ip next-hop 10.1.100.2
R1(config-route-map)#exit
R1(config)#route-map pbr permit 20
3) Apply the route-map on the interface to the server in the EIGRP Network:
R1(config-route-map)#exit
R1(config)#int fa0/1
R1(config-if)#ip policy route-map pbr
R1(config-if)#exit
R1(config)#exit
Explanation:
First you need to configure access list to HTTP traffic and then configure that access list. After that configure the route map and then apply it on the interface to the server in EIGRP network.
Q45. Which address is used by the Unicast Reverse Path Forwarding protocol to validate a packet against the routing table?
A. source address
B. destination address
C. router interface
D. default gateway
Answer: A
Explanation:
The Unicast RPF feature helps to mitigate problems that are caused by the introduction of
malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks,
including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing source
IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers
(ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have
source addresses that are valid and consistent with the IP routing table. This action protects the network of
the ISP, its customer, and the rest of the Internet. Reference: http://www.cisco.com/en/US/docs/ios/12_2/
security/configuration/guide/scfrpf.html
Q46. PPPoE is composed of which two phases?
A. Active Authentication Phase and PPP Session Phase
B. Passive Discovery Phase and PPP Session Phase
C. Active Authorization Phase and PPP Session Phase
D. Active Discovery Phase and PPP Session Phase
Answer: D
Explanation:
PPPoE is composed of two main phases:
Active Discovery Phase--In this phase, the PPPoE client locates a PPPoE server, called an access
concentrator. During this phase, a Session ID is assigned and the PPPoE layer is established.
PPP Session Phase--In this phase, PPP options are negotiated and authentication is performed. Once the
link setup is completed, PPPoE functions as a Layer 2 encapsulation method, allowing data to be transferred over the PPP link within PPPoE headers.
Reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/vpn/asa-vpn- cli/vpn-pppoe.html
Topic 3, Layer 3 Technologies
20. Refer to the exhibit.
Which one statement is true?
A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.
B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.
C. The 10.0.0.0/8 network will not be in the routing table on Router B.
D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network.
E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Answer: E
Explanation:
You can filter what individual routes are sent (out) or received (in) to any interface within your EIGRP
configuration.
One example is noted above. If you filter outbound, the next neighbor(s) will not know about anything
except the 172.16.0.0/16 route and therefore won't send it to anyone else downstream. If you filter inbound, YOU won't know about the route and therefore won't send it to anyone else downstream.
Q47. Refer to the exhibit. Which statement about the command output is true?
A. The router exports flow information to 10.10.10.1 on UDP port 5127.
B. The router receives flow information from 10.10.10.2 on UDP port 5127.
C. The router exports flow information to 10.10.10.1 on TCP port 5127.
D. The router receives flow information from 10.10.10.2 on TCP port 5127.
Answer: A
Explanation:
Q48. A network administrator is troubleshooting a DMVPN setup between the hub and the spoke. Which action should the administrator take before troubleshooting the IPsec configuration?
A. Verify the GRE tunnels.
B. Verify ISAKMP.
C. Verify NHRP.
D. Verify crypto maps.
Answer: A
Explanation:
Q49. The following configuration is applied to a router at a branch site:
ipv6 dhcp pool dhcp-pool
dns-server 2001:DB8:1:B::1
dns-server 2001:DB8:3:307C::42
domain-name example.com
!
If IPv6 is configured with default settings on all interfaces on the router, which two dynamic IPv6 addressing mechanisms could you use on end hosts to provide end-to-end connectivity? (Choose two.)
A. EUI-64
B. SLAAC
C. DHCPv6
D. BOOTP
Answer: A,B
Explanation:
Q50. An engineer executes the ip flow ingress command in interface configuration mode. What is the result of this action?
A. It enables the collection of IP flow samples arriving to the interface.
B. It enables the collection of IP flow samples leaving the interface.
C. It enables IP flow while disabling IP CEF on the interface.
D. It enables IP flow collection on the physical interface and its subinterfaces.
Answer: A
Explanation: