NEW QUESTION 61 For which feature is the address family "rtfilter" used? A.    Enhanced Route Refresh B.    MPLS VPN filtering C.    Route Target Constraint D.    Unified MPLS Answer: C NEW QUESTION 62 Refer to the exhibit. What does the return code 3 represent in this output? A.    The mapping of the replying router for the FEC is different. B.    The packet is label-switched at stack depth. C.    The return code is reserved. D.    The upstream index is unknown. E.    The replying router was the proper egress for the FEC. Answer: E NEW QUESTION 63 Which two values comprise the VPN ID for an MPLS VPN? (Choose two.) A.    an OUI B.    a VPN index C.    a route distinguisher D.    a 16-bit AS number E.    a 32-bit IP address Answer: AB NEW QUESTION 64 Refer to the exhibit. Which LISP component do routers in the public IP network use to forward traffic between the two networks? A.    EID B.    RLOC C.    map server D.    map resolver Answer: B NEW QUESTION 65 Refer to the exhibit. Which device role could have generated this debug output? A.    an NHS only B.    an NHC only C.    an NHS or an NHC D.    a DMVPN hub router Answer: B NEW QUESTION 66 Which statement about the NHRP network ID is true? A.    It is sent from the spoke to the hub to identify the spoke as a member of the same NHRP domain. B.    It is sent from the hub to the spoke to identify the hub as a member of the same NHRP domain. C.    It is sent between spokes to identify the spokes as members of the same NHRP domain. D.    It is a locally significant ID used to define the NHRP domain for an interface. Answer: D NEW QUESTION 67 You are configuring a DMVPN spoke to use IPsec over a physical interface that is located within a VRF. For which three configuration sections must you specify the VRF name? (Choose three.) A.    the ISAKMP profile B.    the crypto keyring C.    the IPsec profile D.    the IPsec transform set E.    the tunnel interface F.    the physical interface Answer: BEF NEW QUESTION 68 Which IPv6 prefix is used for 6to4 tunnel addresses? A.    2001. . /23 B.    2002. . /16 C.    3ffe. . /16 D.    5f00. . /8 E.    2001. . /32 Answer: B NEW QUESTION 69 When you configure the ip pmtu command under an L2TPv3 pseudowire class, which two things can happen when a packet exceeds the L2TP path MTU? (Choose two.) A.    The router drops the packet. B.    The router always fragments the packet after L2TP/IP encapsulation. C.    The router drops the packet and sends an ICMP unreachable message back to the sender only if the DF bit is set to 1. D.    The router always fragments the packet before L2TP/IP encapsulation. E.    The router fragments the packet after L2TP/IP encapsulation only if the DF bit is set to 0. F.    The router fragments the packet before L2TP/IP encapsulation only if the DF bit is set to 0. Answer: CF NEW QUESTION 70 Which two parameters does the Tunnel Mode Auto Selection feature select automatically? (Choose two.) A.    the tunneling protocol B.    the transport protocol C.    the ISAKMP profile D.    the transform-set E.    the tunnel peer Answer: AB NEW QUESTION 71 By default, how does a GET VPN group member router handle traffic when it is unable to register to a key server? A.    All traffic is queued until registration is successful or the queue is full. B.    All traffic is forwarded through the router unencrypted. C.    All traffic is forwarded through the router encrypted. D.    All traffic through the router is dropped. Answer: B NEW QUESTION 72 Which two protocols are not protected in an edge router by using control plane policing? (Choose two.) A.    SMTP B.    RPC C.    SSH D.    Telnet Answer: AB NEW QUESTION 73 Which two statements are true about AAA? (Choose two.) A.    AAA can use RADIUS, TACACS+, or Windows AD to authenticate users. B.    If RADIUS is the only method configured in AAA, and the server becomes unreachable, the user will be able to log in to the router using a local username and password. C.    If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail. D.    AAA can be used to authenticate the enable password with a AAA server. Answer: CD NEW QUESTION 74 Which three types of traffic are allowed by IEEE 802.1X access control prior to getting authenticated? (Choose three.) A.    EAPOL B.    VTP C.    STP D.    ARP E.    CDP F.    HTTP Answer: ACE NEW QUESTION 75 Which two statements about MAC ACLs are true? (Choose two.) A.    They support only inbound filtering. B.    They support both inbound and outbound filtering. C.    They are configured with the command mac access-list standard. D.    They can filter non-IP traffic on a VLAN and on a physical interface. Answer: AD NEW QUESTION 76 Refer to the exhibit. What happens to packets when traffic in the icmp-class class exceeds the policed amount? A.    Packets are discarded and a message is logged. B.    Packets are discarded and a trap is sent to any servers that are configured to receive traps. C.    Packets are discarded silently. D.    Packets are discarded and an inform is sent to any servers that are configured to receive informs. Answer: C NEW QUESTION 77 Which statement describes Cisco PfR link groups? A.    Link groups enable Cisco PfR Fast Reroute when NetFlow is enabled on the external interfaces of the border routers. B.    Link groups define a strict or loose hop-by-hop path preference. C.    Link groups are required only when Cisco PfR is configured to load-balance all traffic. D.    Link groups are enabled automatically when Cisco PfR is in Fast Reroute mode. E.    Link groups set a preference for primary and fallback (backup) external exit interfaces. Answer: E NEW QUESTION 78 Which two statements about NetFlow are true? (Choose two.) A.    It must be configured on each router in a network. B.    It supports ATM LAN emulation. C.    The existing network is unaware that NetFlow is running. D.    It uses SIP to establish sessions between neighbors. E.    It provides resource utilization accounting. Answer: CE NEW QUESTION 79 You are installing a new device to replace a device that failed. The configuration of the failed device is stored on a networked server, and the new device has an RXBOOT image installed. Under which condition does the streamlined Setup mode fail? A.    The last four bits of the configuration register are not equal to the decimal value 0 or 1. B.    The startup configuration file was deleted. C.    Bit 6 is set in the configuration register. D.    The startup configuration is corrupt. Answer: A NEW QUESTION 80 Which option is the Cisco recommended method to secure access to the console port? A.    Configure the activation-character command. 