♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 300-101 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-101 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/300-101-exam-dumps.html

Q31. Scenario: 

You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command. 

Which of the following statements is true about the serial links that terminate in R3 

A. The R1-R3 link needs the neighbor command for the adjacency to stay up 

B. The R2-R3 link OSPF timer values are 30, 120, 120 

C. The R1-R3 link OSPF timer values should be 10,40,40 

D. R3 is responsible for flooding LSUs to all the routers on the network. 



Q32. Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.) 



C. port redirection 

D. stateless translation 

E. session handling 

Answer: A,B 


Network Address Translation IPv6 to IPv4, or NAT64, technology facilitates communication

between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge

network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously

handling IPv4 address depletion. The DNS64 and NAT64 functions are completely separated, which is

essential to the superiority of NAT64 over NAT-PT. Reference: http:// www.cisco.com/c/en/us/products/

collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html

Q33. A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner? 


B. dot1x 

C. IPsec 





With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on

an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the

remote device. The CHAP packet requests or "challenges" the remote device to respond. The challenge

packet consists of an ID, a random number, and the host name of the local router. When the remote device

receives the challenge packet, it concatenates the ID, the remote device's password, and the random

number, and then encrypts all of it using the remote device's password. The remote device sends the

results back to the access server, along with the name associated with the password used in the

encryption process. When the access server receives the response, it uses the name it received to retrieve

a password stored in its user database. The retrieved password should be the same password the remote

device used in its encryption process. The access server then encrypts the concatenated information with

the newly retrieved password--if the result matches the result sent in the response packet, authentication

succeeds. The benefit of using CHAP authentication is that the remote device's password is never

transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access

to the ISP's network. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/

guide/fsecur_c/scfathen.ht ml

Q34. Which three TCP enhancements can be used with TCP selective acknowledgments? (Choose three.) 

A. header compression 

B. explicit congestion notification 

C. keepalive 

D. time stamps 

E. TCP path discovery 

F. MTU window 

Answer: B,C,D 


TCP Selective Acknowledgment

The TCP Selective Acknowledgment feature improves performance if multiple packets are lost from one

TCP window of data.

Prior to this feature, because of limited information available from cumulative acknowledgments, a TCP

sender could learn about only one lost packet per-round-trip

time. An aggressive sender could choose to resend packets early, but such re-sent segments might have

already been successfully received.

The TCP selective acknowledgment mechanism helps improve performance. The receiving TCP host

returns selective acknowledgment packets to the sender,

informing the sender of data that has been received. In other words, the receiver can acknowledge packets

received out of order. The sender can then resend only

missing data segments (instead of everything since the first missing packet).

Prior to selective acknowledgment, if TCP lost packets 4 and 7 out of an 8-packet window, TCP would

receive acknowledgment of only packets 1, 2, and 3. Packets

4 through 8 would need to be re-sent. With selective acknowledgment, TCP receives acknowledgment of

packets 1, 2, 3, 5, 6, and 8. Only packets 4 and 7 must be


TCP selective acknowledgment is used only when multiple packets are dropped within one TCP window.

There is no performance impact when the feature is

enabled but not used. Use the ip tcp selective-ack command in global configuration mode to enable TCP

selective acknowledgment.

Refer to RFC 2021 for more details about TCP selective acknowledgment.

TCP Time Stamp

The TCP time-stamp option provides improved TCP round-trip time measurements. Because the time

stamps are always sent and echoed in both directions and the time-stamp value in the header is always

changing, TCP header compression will not compress the outgoing packet. To allow TCP header

compression over a serial link, the TCP time-stamp option is disabled. Use the ip tcp timestamp command

to enable the TCP time-stamp option.

TCP Explicit Congestion Notification

The TCP Explicit Congestion Notification (ECN) feature allows an intermediate router to notify end hosts of

impending network congestion. It also provides enhanced support for TCP sessions associated with

applications, such as Telnet, web browsing, and transfer of audio and video data that are sensitive to delay

or packet loss. The benefit of this feature is the reduction of delay and packet loss in data transmissions.

Use the ip tcp ecn command in global configuration mode to enable TCP ECN.

TCP Keepalive Timer

The TCP Keepalive Timer feature provides a mechanism to identify dead connections. When a TCP

connection on a routing device is idle for too long, the device sends a TCP keepalive packet to the peer

with only the Acknowledgment (ACK) flag turned on. If a response packet (a TCP ACK packet) is not

received after the device sends a specific number of probes, the connection is considered dead and the

device initiating the probes frees resources used by the TCP connection. Reference: http://www.cisco.com/


Q35. What is the purpose of the autonomous-system {autonomous-system-number} command? 

A. It sets the EIGRP autonomous system number in a VRF. 

B. It sets the BGP autonomous system number in a VRF. 

C. It sets the global EIGRP autonomous system number. 

D. It sets the global BGP autonomous system number. 



To configure the autonomous-system number for an Enhanced Interior Gateway Routing

Protocol (EIGRP) routing process to run within a VPN routing and forwarding (VRF) instance, use the

autonomous-system command in address-family configuration mode. To remove the autonomous-system

for an EIGRP routing process from within a VPN VRF instance, use the no form of this command.

autonomous-system autonomous-system-number no autonomous-system autonomous-system-number

Reference: http://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/

ire_a1.htm l#wp1062796

Q36. Under which condition does UDP dominance occur? 

A. when TCP traffic is in the same class as UDP 

B. when UDP flows are assigned a lower priority queue 

C. when WRED is enabled 

D. when ACLs are in place to block TCP traffic 



Explanation: Mixing TCP with UDP It is a general best practice to not mix TCP-based traffic with UDPbased

traffic (especially Streaming-Video) within a single service-provider class because of the behaviors

of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when

drops are detected. Although some UDP applications have application-level windowing, flow control, and

retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower

transmission rates because of dropping. When TCP flows are combined with UDP flows within a single

service-provider class and the class experiences congestion, TCP flows continually lower their

transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This

effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-

Video and the class experiences sustained congestion. Even if WRED is enabled on the service-provider

class, the same behavior would be observed because WRED (for the most part) manages congestion only

on TCP-based flows. Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/


Topic 2, Layer 2 Technologies 

13. Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed? 

A. Disable CDP on the interface. 

B. Execute the vpdn enable command. 

C. Execute the no switchport command. 

D. Enable QoS FIFO for PPPoE support. 



Enabling PPPoE in a VPDN Group

Perform this task to enable PPPoE in a virtual private dial-up network (VPDN) group.


This task applies only to releases prior to Cisco IOS Release 12.2(13)T.



2.configure terminal

3.vpdn enable

4.vpdn-group name


6.protocol pppoe DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC

mode. Example: · Enter your password if Router> enable prompted. Step 2 configure terminal Enters

global configuration mode. Example: Router# configure terminal Step 3 vpdn enable Enables virtual private

dialup Example: networking. Router(config)# vpdn enable Step 4 vpdn-group name Associates a VPDN

group with a Example: customer or VPDN profile. Router(config)# vpdn-group group1 Step 5 request-dialin

Creates a request-dialin VPDN Example: subgroup. Router(config-vpdn)# request-dialin Step 6 protocol

pppoe Enables the VPDN subgroup to Example: establish PPPoE Router(config-vpdn-req-in)# pro tocol





Q37. A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario? 

A. The command access-list 1 defines interesting traffic that is allowed through the tunnel. 

B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface. 

C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel. 

D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface. 



Configuring NAT to Allow Internal Users to Access the Internet Using Overloading NAT Router

interface ethernet 0

ip address

ip nat inside

!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.

interface ethernet 1

ip address

ip nat inside

!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.

interface serial 0

ip address

ip nat outside

!--- Defines serial 0 with an IP address and as a NAT outside interface.

ip nat pool ovrld prefix 24 !

!--- Defines a NAT pool named ovrld with a range of a single IP

!--- address,

ip nat inside source list 7 pool ovrld overload





!--- Indicates that any packets received on the inside interface that

!--- are permitted by access-list 7 has the source


!--- translated to an address out of the NAT pool named ovrld.

!--- Translations are overloaded, which allows multiple inside

!--- devices to be translated to the same valid IP


access-list 7 permit

access-list 7 permit

!--- Access-list 7 permits packets with source addresses ranging from

!--- through and


Note in the previous second configuration, the NAT pool "ovrld"only has a range of one address. The

keyword overload used in the ip nat inside source list 7 pool

ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.



Q38. What is the default OSPF hello interval on a Frame Relay point-to-point network? 

A. 10 

B. 20 

C. 30 

D. 40 



Explanation: Before you troubleshoot any OSPF neighbor-related issues on an NBMA network, it is

important to remember that an NBMA network can be configured in these modes of operation with the ip

ospf network command: Point-to-Point Point-to-Multipoint Broadcast NBMA The Hello and Dead Intervals

of each mode are described in this table: Hello Interval Dead Interval Network Type (secs) (secs) Point-to-

Point 10 40 Point-to-Multipoint 30 120 Broadcast 10 40 Non-Broadcast 30 120

Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13693- 22.html

Q39. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding? 

A. FlexVPN 



D. Cisco Easy VPN 


Explanation: Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual

private network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on

the standard protocols, GRE, NHRP and IPsec. This DMVPN provides the capability for creating a

dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers,

including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key

Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by

statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is

required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be

dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This

dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke

networks. DMVPN is combination of the following technologies:

Multipoint GRE (mGRE)

Next-Hop Resolution Protocol (NHRP)

Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)

Dynamic IPsec encryption

Cisco Express Forwarding (CEF)

Reference: http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network

Topic 5, Infrastructure Security 

53. Which traffic does the following configuration allow? 

ipv6 access-list cisco 

permit ipv6 host 2001:DB8:0:4::32 any eq ssh 

line vty 0 4 

ipv6 access-class cisco in 

A. all traffic to vty 0 4 from source 2001:DB8:0:4::32 

B. only ssh traffic to vty 0 4 from source all 

C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32 

D. all traffic to vty 0 4 from source all 



Here we see that the IPv6 access list called "cisco" is being applied to incoming VTY connections to the

router. IPv6 access list has just one entry, which allows only the single IPv6 IP address of 2001:DB8:0:4::32 to connect using SSH only.

Q40. Which Cisco VPN technology uses AAA to implement group policies and authorization and is also used for the XAUTH authentication method? 


B. Cisco Easy VPN