- (Exam Topic 2)
An engineer configured policy-based routing for a destination IP address that does not exist in the routing table. How is the packet treated through the policy for configuring the set ip default next-hop command?

1. A. Packets are not forwarded to the specific next hop.
2. B. Packets are forwarded based on the routing table.
3. C. Packets are forwarded based on a static route.
4. D. Packets are forwarded to the specific next hop.

Correct Answer: D
The set ip default next-hop command verifies the existence of the destination IP address in the routing table, and…+ if the destination IP address exists, the command does not policy route the packet, but forwards the packet based on the routing table.+ if the destination IP address does not exist, the command policy routes the packet by sending it to the specified next hop.
Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html

- (Exam Topic 3)
What is the purpose of the DHCPv6 Guard?

1. A. It messages between a DHCPv6 server and a DHCPv6 client ( or relay agent).
2. B. It shows that clients of a DHCPv5 server are affected.
3. C. It block DHCPv6 messages from relay agents to a DHCPv6 server.
4. D. It allows DHCPv6 replay and advertisements from (rouge) DHCPv6 servers.

Correct Answer: A
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6fxe- 16-book/ip6-dhcpv6-guard.html

- (Exam Topic 1)
Refer to the exhibit.

Why is user authentication being rejected?

1. A. The TACACS+ server expects “user”, but the NT client sends “domain/user”.
2. B. The TACACS+ server refuses the user because the user is set up for CHAP.
3. C. The TACACS+ server is down, and the user is in the local database.
4. D. The TACACS+ server is down, and the user is not in the local database.

Correct Answer: D
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-accesscontrol-system-tacac

- (Exam Topic 3)
R1 and R2 are configured as eBGP neighbor , R1 is in AS100 and R2 is in AS200. R2 is advertising these networks to R1:

The network administrator on R1 must improve convergence by blocking all subnets of 172-16.0.0/16 major network with a mask lower than 23 from coming in, Which set of configurations accomplishes the task on R1?

1. A. ip prefix-list PL-1 deny 172.16.0.0/16 le 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
2. B. ip prefix-list PL-1 deny 172.16.0.0/16 ge 23 ip prefix-list PL-1 permit 0.0.0.0/0 le 32!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in
3. C. access-list 1 deny 172.16.0.0 0.0.254.255 access-list 1 permit any!router bgp 100neighbor 192.168.100.2 remote-as 200neighbor 192.168.100.2 distribute-list 1 in
4. D. ip prefix-list PL-1 deny 172.16.0.0/16 ip prefix-list PL-1 permit 0.0.0.0/0!router bgp 100neighbor 192.168.100.2 remote-as 200 neighbor 192.168.100.2 prefix-list PL-1 in

Correct Answer: A
“Blocking all subnets of 172.16.0.0/16 major network with a mask lower than 23 from coming in” would block 172.16.16.0/20.
The first prefix-list “ip prefix-list PL-1 deny 172.16.0.0/16 le 23” means “all networks that fall within the 172.16.0.0/16 range AND that have a subnet mask of /23 or less” are denied.
The second prefix-list “ip prefix-list PL-1 permit 0.0.0.0/0 le 32” means allows all other prefixes.

- (Exam Topic 3)
configuration on the hub router meets this requirement?

1. A. interface Tunnel0tunnel mode gre multipoint
2. B. interface Tunnel0 tunnel mode dvmrp
3. C. interface Tunnel0 tunnel mode ipsec ipv4
4. D. interface Tunnel0 tunnel mode ip

Correct Answer: A