300-410 Free Practice Test

- (Exam Topic 3)
Refer to the exhibit.

R1 is configured with IP SLA to check the availability of the server behind R6 but it kept failing. Which configuration resolves the issue?

1. A. R6(config)# ip sla responder
2. B. R6(config)# ip sla responder udp-echo ip address 10.10.10.1 port 5000
3. C. R6(config)# ip access-list extended DDOSR6(config ext-nac)# 5 permit icmp host 10.66 66.66 host 10.10.10.1
4. D. R6(config)# ip access-list extended DDOSR6(confg ext-nac)# 5 permit icmp host 10.10.10.1 host 10.66.66.66

Correct Answer: D
In this IP SLA tracking, we don’t need a IP SLA Responder so the command “ip sla responder” on R6 is not necessary.
We also notice that the ACL is blocking ICMP packets on both interfaces E0/0 & E0/1 of R6 so we need to allow ICMP from source 10.10.10.1 to destination 10.66.66.66.

- (Exam Topic 2)
Which Ipv6 first-hop security feature helps to minimize denial of service attacks?

1. A. IPv6 Router Advertisement Guard
2. B. IPv6 Destination Guard
3. C. DHCPv6 Guard
4. D. IPv6 MAC address filtering

Correct Answer: B
The Destination Guard feature helps in minimizing denial-of-service (DoS) attacks. It performs address resolutions only for those addresses that are active on the link,and requires the FHS binding table to be populated with the help of the IPv6 snooping feature.The feature enables the filtering of IPv6 traffic based on the destinationaddress, and blocks the NDP resolution for destination addresses that are not found in the binding table. By default, the policy drops traffic coming for an unknowndestination.
Reference: https://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/IPv6_Secur

- (Exam Topic 3)
R1 and R2 are configured as eBGP neighbor , R1 is in AS100 and R2 is in AS200. R2 is advertising these networks to R1:

The network administrator on R1 must improve convergence by blocking all subnets of 172-16.0.0/16 major network with a mask lower than 23 from coming in, Which set of configurations accomplishes the task on R1?

1. A. ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
2. B. ip prefix-list PL-1 deny 172.16.0.0/16 ge 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
3. C. access-list 1 deny 172.16.0.0 0.0.254.255 access-list 1 permit any!router bgp 100neighbor 192.168.100.2 remote-as 200neighbor 192.168.100.2 distribute-list 1 in
4. D. ip prefix-list PL-1 deny 172.16.0.0/16 ip prefix-list PL-1 permit 0.0.0.0/0!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in

Correct Answer: A
“Blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in” would block 172.16.16.0/20.
The first prefix-list “ip prefix-list PL-1 deny 172.16.0.0/16 le 23” means “all networks that fall within the 172.16.0.0/16 range AND that have a subnet mask of /23 or less” are denied.
The second prefix-list “ip prefix-list PL-1 permit 0.0.0.0/0 le 32” means allows all other prefixes.

- (Exam Topic 3)
How do devices operate in MPLS L3VPN topology?

1. A. P and associated PE routers with IGP populate the VRF table in different VPNs.
2. B. CE routers connect to the provider network and perform LSP functionality
3. C. P routers provide connectivity between PE devices with MPLS switching.
4. D. P routers support PE to PE VPN tunnel without LSP functionality

Correct Answer: C

- (Exam Topic 1)
What is the output of the following command:
show ip vrf

1. A. Show's default RD values
2. B. Displays IP routing table information associated with a VRF
3. C. Show's routing protocol information associated with a VRF.
4. D. Displays the ARP table (static and dynamic entries) in the specified VRF

Correct Answer: A