♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-101 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-101 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-101-exam-dumps.html
Q31. Scenario:
You have been asked to evaluate an OSPF network setup in a test lab and to answer questions a customer has about its operation. The customer has disabled your access to the show running-config command.
Which of the following statements is true about the serial links that terminate in R3
A. The R1-R3 link needs the neighbor command for the adjacency to stay up
B. The R2-R3 link OSPF timer values are 30, 120, 120
C. The R1-R3 link OSPF timer values should be 10,40,40
D. R3 is responsible for flooding LSUs to all the routers on the network.
Answer: B
Explanation:
Q32. Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.)
A. DNS
B. NAT
C. port redirection
D. stateless translation
E. session handling
Answer: A,B
Explanation:
Network Address Translation IPv6 to IPv4, or NAT64, technology facilitates communication
between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge
network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously
handling IPv4 address depletion. The DNS64 and NAT64 functions are completely separated, which is
essential to the superiority of NAT64 over NAT-PT. Reference: http:// www.cisco.com/c/en/us/products/
collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html
Q33. A network engineer has been asked to ensure that the PPPoE connection is established and authenticated using an encrypted password. Which technology, in combination with PPPoE, can be used for authentication in this manner?
A. PAP
B. dot1x
C. IPsec
D. CHAP
E. ESP
Answer: D
Explanation:
With PPPoE, the two authentication options are PAP and CHAP. When CHAP is enabled on
an interface and a remote device attempts to connect to it, the access server sends a CHAP packet to the
remote device. The CHAP packet requests or "challenges" the remote device to respond. The challenge
packet consists of an ID, a random number, and the host name of the local router. When the remote device
receives the challenge packet, it concatenates the ID, the remote device's password, and the random
number, and then encrypts all of it using the remote device's password. The remote device sends the
results back to the access server, along with the name associated with the password used in the
encryption process. When the access server receives the response, it uses the name it received to retrieve
a password stored in its user database. The retrieved password should be the same password the remote
device used in its encryption process. The access server then encrypts the concatenated information with
the newly retrieved password--if the result matches the result sent in the response packet, authentication
succeeds. The benefit of using CHAP authentication is that the remote device's password is never
transmitted in clear text (encrypted). This prevents other devices from stealing it and gaining illegal access
to the ISP's network. Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/
guide/fsecur_c/scfathen.ht ml
Q34. Which three TCP enhancements can be used with TCP selective acknowledgments? (Choose three.)
A. header compression
B. explicit congestion notification
C. keepalive
D. time stamps
E. TCP path discovery
F. MTU window
Answer: B,C,D
Explanation:
TCP Selective Acknowledgment
The TCP Selective Acknowledgment feature improves performance if multiple packets are lost from one
TCP window of data.
Prior to this feature, because of limited information available from cumulative acknowledgments, a TCP
sender could learn about only one lost packet per-round-trip
time. An aggressive sender could choose to resend packets early, but such re-sent segments might have
already been successfully received.
The TCP selective acknowledgment mechanism helps improve performance. The receiving TCP host
returns selective acknowledgment packets to the sender,
informing the sender of data that has been received. In other words, the receiver can acknowledge packets
received out of order. The sender can then resend only
missing data segments (instead of everything since the first missing packet).
Prior to selective acknowledgment, if TCP lost packets 4 and 7 out of an 8-packet window, TCP would
receive acknowledgment of only packets 1, 2, and 3. Packets
4 through 8 would need to be re-sent. With selective acknowledgment, TCP receives acknowledgment of
packets 1, 2, 3, 5, 6, and 8. Only packets 4 and 7 must be
re-sent.
TCP selective acknowledgment is used only when multiple packets are dropped within one TCP window.
There is no performance impact when the feature is
enabled but not used. Use the ip tcp selective-ack command in global configuration mode to enable TCP
selective acknowledgment.
Refer to RFC 2021 for more details about TCP selective acknowledgment.
TCP Time Stamp
The TCP time-stamp option provides improved TCP round-trip time measurements. Because the time
stamps are always sent and echoed in both directions and the time-stamp value in the header is always
changing, TCP header compression will not compress the outgoing packet. To allow TCP header
compression over a serial link, the TCP time-stamp option is disabled. Use the ip tcp timestamp command
to enable the TCP time-stamp option.
TCP Explicit Congestion Notification
The TCP Explicit Congestion Notification (ECN) feature allows an intermediate router to notify end hosts of
impending network congestion. It also provides enhanced support for TCP sessions associated with
applications, such as Telnet, web browsing, and transfer of audio and video data that are sensitive to delay
or packet loss. The benefit of this feature is the reduction of delay and packet loss in data transmissions.
Use the ip tcp ecn command in global configuration mode to enable TCP ECN.
TCP Keepalive Timer
The TCP Keepalive Timer feature provides a mechanism to identify dead connections. When a TCP
connection on a routing device is idle for too long, the device sends a TCP keepalive packet to the peer
with only the Acknowledgment (ACK) flag turned on. If a response packet (a TCP ACK packet) is not
received after the device sends a specific number of probes, the connection is considered dead and the
device initiating the probes frees resources used by the TCP connection. Reference: http://www.cisco.com/
c/en/us/td/docs/ios-xml/ios/ipapp/configuration/xe-3s/asr1000/iap-xe-3s-asr1000-book/iap-tcp.html#GUID-22A82C5F-631F-4390-9838-F2E48FFEEA01
Q35. What is the purpose of the autonomous-system {autonomous-system-number} command?
A. It sets the EIGRP autonomous system number in a VRF.
B. It sets the BGP autonomous system number in a VRF.
C. It sets the global EIGRP autonomous system number.
D. It sets the global BGP autonomous system number.
Answer: A
Explanation:
To configure the autonomous-system number for an Enhanced Interior Gateway Routing
Protocol (EIGRP) routing process to run within a VPN routing and forwarding (VRF) instance, use the
autonomous-system command in address-family configuration mode. To remove the autonomous-system
for an EIGRP routing process from within a VPN VRF instance, use the no form of this command.
autonomous-system autonomous-system-number no autonomous-system autonomous-system-number
Reference: http://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/
ire_a1.htm l#wp1062796
Q36. Under which condition does UDP dominance occur?
A. when TCP traffic is in the same class as UDP
B. when UDP flows are assigned a lower priority queue
C. when WRED is enabled
D. when ACLs are in place to block TCP traffic
Answer: A
Explanation:
Explanation: Mixing TCP with UDP It is a general best practice to not mix TCP-based traffic with UDPbased
traffic (especially Streaming-Video) within a single service-provider class because of the behaviors
of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when
drops are detected. Although some UDP applications have application-level windowing, flow control, and
retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower
transmission rates because of dropping. When TCP flows are combined with UDP flows within a single
service-provider class and the class experiences congestion, TCP flows continually lower their
transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This
effect is called TCP starvation/UDP dominance. TCP starvation/UDP dominance likely occurs if (TCP-based) Mission-Critical Data is assigned to the same service-provider class as (UDP-based) Streaming-
Video and the class experiences sustained congestion. Even if WRED is enabled on the service-provider
class, the same behavior would be observed because WRED (for the most part) manages congestion only
on TCP-based flows. Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/
WAN_and_MAN/QoS_SRND/QoS- SRND-Book/VPNQoS.html
Topic 2, Layer 2 Technologies
13. Prior to enabling PPPoE in a virtual private dialup network group, which task must be completed?
A. Disable CDP on the interface.
B. Execute the vpdn enable command.
C. Execute the no switchport command.
D. Enable QoS FIFO for PPPoE support.
Answer: B
Explanation:
Enabling PPPoE in a VPDN Group
Perform this task to enable PPPoE in a virtual private dial-up network (VPDN) group.
Restrictions
This task applies only to releases prior to Cisco IOS Release 12.2(13)T.
SUMMARY STEPS
1.enable
2.configure terminal
3.vpdn enable
4.vpdn-group name
5.request-dialin
6.protocol pppoe DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC
mode. Example: · Enter your password if Router> enable prompted. Step 2 configure terminal Enters
global configuration mode. Example: Router# configure terminal Step 3 vpdn enable Enables virtual private
dialup Example: networking. Router(config)# vpdn enable Step 4 vpdn-group name Associates a VPDN
group with a Example: customer or VPDN profile. Router(config)# vpdn-group group1 Step 5 request-dialin
Creates a request-dialin VPDN Example: subgroup. Router(config-vpdn)# request-dialin Step 6 protocol
pppoe Enables the VPDN subgroup to Example: establish PPPoE Router(config-vpdn-req-in)# pro tocol
pppoe
Reference:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftpppoec_support_TSD_Island
_of_Content_Chapter.html
Q37. A network engineer is asked to configure a "site-to-site" IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?
A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.
B. The command ip nat inside source list 1 int s0/0 overload disables "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.
D. The command ip nat inside source list 1 int s0/0 overload provides "many-to-one" access for all devices on a defined segment to share a single IP address upon exiting the external interface.
Answer: D
Explanation:
Configuring NAT to Allow Internal Users to Access the Internet Using Overloading NAT Router
interface ethernet 0
ip address 10.10.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface ethernet 1
ip address 10.10.20.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.
interface serial 0
ip address 172.16.10.64 255.255.255.0
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24 !
!--- Defines a NAT pool named ovrld with a range of a single IP
!--- address, 172.16.10.1.
ip nat inside source list 7 pool ovrld overload
!
!
!
!
!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has the source
address
!--- translated to an address out of the NAT pool named ovrld.
!--- Translations are overloaded, which allows multiple inside
!--- devices to be translated to the same valid IP
address.
access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31
!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0
through 10.10.20.31.
Note in the previous second configuration, the NAT pool "ovrld"only has a range of one address. The
keyword overload used in the ip nat inside source list 7 pool
ovrld overload command allows NAT to translate multiple inside devices to the single address in the pool.
Reference:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
Q38. What is the default OSPF hello interval on a Frame Relay point-to-point network?
A. 10
B. 20
C. 30
D. 40
Answer: A
Explanation:
Explanation: Before you troubleshoot any OSPF neighbor-related issues on an NBMA network, it is
important to remember that an NBMA network can be configured in these modes of operation with the ip
ospf network command: Point-to-Point Point-to-Multipoint Broadcast NBMA The Hello and Dead Intervals
of each mode are described in this table: Hello Interval Dead Interval Network Type (secs) (secs) Point-to-
Point 10 40 Point-to-Multipoint 30 120 Broadcast 10 40 Non-Broadcast 30 120
Reference: http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13693- 22.html
Q39. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding?
A. FlexVPN
B. DMVPN
C. GETVPN
D. Cisco Easy VPN
Answer: B
Explanation: Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual
private network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on
the standard protocols, GRE, NHRP and IPsec. This DMVPN provides the capability for creating a
dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers,
including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key
Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by
statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is
required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be
dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This
dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke
networks. DMVPN is combination of the following technologies:
Multipoint GRE (mGRE)
Next-Hop Resolution Protocol (NHRP)
Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)
Dynamic IPsec encryption
Cisco Express Forwarding (CEF)
Reference: http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network
Topic 5, Infrastructure Security
53. Which traffic does the following configuration allow?
ipv6 access-list cisco
permit ipv6 host 2001:DB8:0:4::32 any eq ssh
line vty 0 4
ipv6 access-class cisco in
A. all traffic to vty 0 4 from source 2001:DB8:0:4::32
B. only ssh traffic to vty 0 4 from source all
C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32
D. all traffic to vty 0 4 from source all
Answer: C
Explanation:
Here we see that the IPv6 access list called "cisco" is being applied to incoming VTY connections to the
router. IPv6 access list has just one entry, which allows only the single IPv6 IP address of 2001:DB8:0:4::32 to connect using SSH only.
Q40. Which Cisco VPN technology uses AAA to implement group policies and authorization and is also used for the XAUTH authentication method?
A. DMVPN
B. Cisco Easy VPN
C. GETVPN
D. GREVPN
Answer: B
Explanation: