300-101 bundle(1 to 17) for candidates: May 2016 Edition

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-101 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-101-dumps.html


Exam Code: 300-101 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco IP Routing
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-101 Exam.

2016 May 300-101 Study Guide Questions:

Q1. Which Cisco IOS VPN technology leverages IPsec, mGRE, dynamic routing protocol, NHRP, and Cisco Express Forwarding? 

A. FlexVPN 

B. DMVPN 

C. GETVPN 

D. Cisco Easy VPN 

Answer: B 

Explanation: Dynamic Multipoint Virtual Private Network (DMVPN) is a dynamic tunneling form of a virtual

private network (VPN) supported on Cisco IOS-based routers and Unix-like Operating Systems based on

the standard protocols, GRE, NHRP and IPsec. This DMVPN provides the capability for creating a

dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers,

including IPsec (Internet Protocol Security) and ISAKMP (Internet Security Association and Key

Management Protocol) peers. DMVPN is initially configured to build out a hub-and-spoke network by

statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is

required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be

dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes. This

dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke

networks. DMVPN is combination of the following technologies:

Multipoint GRE (mGRE)

Next-Hop Resolution Protocol (NHRP)

Dynamic Routing Protocol (EIGRP, RIP, OSPF, BGP)

Dynamic IPsec encryption

Cisco Express Forwarding (CEF)

Reference: http://en.wikipedia.org/wiki/Dynamic_Multipoint_Virtual_Private_Network


Topic 5, Infrastructure Security 

53. Which traffic does the following configuration allow? 

ipv6 access-list cisco 

permit ipv6 host 2001:DB8:0:4::32 any eq ssh 

line vty 0 4 

ipv6 access-class cisco in 

A. all traffic to vty 0 4 from source 2001:DB8:0:4::32 

B. only ssh traffic to vty 0 4 from source all 

C. only ssh traffic to vty 0 4 from source 2001:DB8:0:4::32 

D. all traffic to vty 0 4 from source all 

Answer: C 

Explanation: 

Here we see that the IPv6 access list called "cisco" is being applied to incoming VTY connections to the

router. IPv6 access list has just one entry, which allows only the single IPv6 IP address of 2001:DB8:0:4::32 to connect using SSH only.


Q2. Which PPP authentication method sends authentication information in clear text? 

A. MS CHAP 

B. CDPCP 

C. CHAP 

D. PAP 

Answer: D 

Explanation: 

PAP authentication involves a two-way handshake where the username and password are

sent across the link in clear text; hence, PAP authentication does not provide any protection against

playback and line sniffing. CHAP authentication, on the other hand, periodically verifies the identity of the

remote node using a three-way handshake. After the PPP link is established, the host sends a "challenge"

message to the remote node. The remote node responds with a value calculated using a one-way hash

function. The host checks the response against its own calculation of the expected hash value. If the

values match, the authentication is acknowledged; otherwise, the connection is terminated. Reference:

http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10241- ppp-callinhostname.

html


Q3. Which Cisco VPN technology uses AAA to implement group policies and authorization and is also used for the XAUTH authentication method? 

A. DMVPN 

B. Cisco Easy VPN 

C. GETVPN 

D. GREVPN 

Answer: B 

Explanation: 


Q4. A network engineer has left a NetFlow capture enabled over the weekend to gather information regarding excessive bandwidth utilization. The following command is entered: 

switch#show flow exporter Flow_Exporter-1 What is the expected output? 

A. configuration of the specified flow exporter 

B. current status of the specified flow exporter 

C. status and statistics of the specified flow monitor 

D. configuration of the specified flow monitor 

Answer: B 

Explanation: 

show flow exporter exporter-name (Optional) Displays the current status of the specified flow exporter.

Example:

Device# show flow exporter

FLOW_EXPORTER-1

Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-mt/cfg-de- fnflowexprts.

html


Q5. What is a function of NPTv6? 

A. It interferes with encryption of the full IP payload. 

B. It maintains a per-node state. 

C. It is checksum-neutral. 

D. It rewrites transport layer headers. 

Answer: C 

Explanation: 

RFC 6296 describes a stateless IPv6-to-IPv6 Network Prefix Translation (NPTv6) function,

designed to provide address independence to the edge network. It is transport-agnostic with respect to

transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/

DCCP (Datagram Congestion Control Protocol) pseudo-header and checksum NPTv6 provides a simple

and compelling solution to meet the address-independence requirement in IPv6. The addressindependence

benefit stems directly from the translation function of the network prefix translator. To avoid

as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two-way,

checksum-neutral, algorithmic translation function, and nothing else. Reference: http://tools.ietf.org/html/

rfc6296


300-101 exam price

Renewal 300-101 test engine:

Q6. Which two functions are completely independent when implementing NAT64 over NAT-PT? (Choose two.) 

A. DNS 

B. NAT 

C. port redirection 

D. stateless translation 

E. session handling 

Answer: A,B 

Explanation: 

Network Address Translation IPv6 to IPv4, or NAT64, technology facilitates communication

between IPv6-only and IPv4-only hosts and networks (whether in a transit, an access, or an edge

network). This solution allows both enterprises and ISPs to accelerate IPv6 adoption while simultaneously

handling IPv4 address depletion. The DNS64 and NAT64 functions are completely separated, which is

essential to the superiority of NAT64 over NAT-PT. Reference: http:// www.cisco.com/c/en/us/products/

collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html


Q7. Refer to the following access list. 

access-list 100 permit ip any any log 

After applying the access list on a Cisco router, the network engineer notices that the router CPU utilization has risen to 99 percent. What is the reason for this? 

A. A packet that matches access-list with the "log" keyword is Cisco Express Forwarding switched. 

B. A packet that matches access-list with the "log" keyword is fast switched. 

C. A packet that matches access-list with the "log" keyword is process switched. 

D. A large amount of IP traffic is being permitted on the router. 

Answer: C 

Explanation: 

Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the

network or is dropped by network devices. Unfortunately, ACL logging can be CPU intensive and can

negatively affect other functions of the network device. There are two primary factors that contribute to the

CPU load increase from ACL logging: process switching of packets that match log-enabled access control

entries (ACEs) and the generation and transmission of log messages. Reference: http://www.cisco.com/

web/about/security/intelligence/acl-logging.html#4


Q8. You have been asked to evaluate how EIGRP is functioning in a customer network. 

Which key chain is being used for authentication of EIGRP adjacency between R4 and R2? 








A. CISCO 

B. EIGRP 

C. key 

D. MD5 

Answer: A 

Explanation: R4 and R2 configs are as shown below: 


Clearly we see the actual key chain is named CISCO. 


Q9. A user is having issues accessing file shares on a network. The network engineer advises the user to open a web browser, input a prescribed IP address, and follow the instructions. After doing this, the user is able to access company shares. Which type of remote access did the engineer enable? 

A. EZVPN 

B. IPsec VPN client access 

C. VPDN client access 

D. SSL VPN client access 

Answer: D 

Explanation: 

The Cisco AnyConnect VPN Client provides secure SSL connections to the security

appliance for remote users. Without a previously installed client, remote users enter the IP address in their

browser of an interface configured to accept SSL VPN connections. Unless the security appliance is

configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.

After entering the URL, the browser connects to that interface and displays the login screen. If the user

satisfies the login and authentication, and the security appliance identifies the user as requiring the client, it

downloads the client that matches the operating system of the remote computer. After downloading, the

client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls

itself (depending on the security appliance configuration) when the connection terminates. Reference:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next- generation-firewalls/100936-

asa8x-split-tunnel-anyconnect-config.html


Q10. You have been asked to evaluate how EIGRP is functioning in a customer network. 








What type of route filtering is occurring on R6 

A. Distribute-list using an ACL 

B. Distribute-list using a prefix-list 

C. Distribute-list using a route-map 

D. An ACL using a distance of 255 

Answer: A 

Explanation: 


300-101 brain dumps

Guaranteed 300-101 dumps:

Q11. Which parameter in an SNMPv3 configuration offers authentication and encryption? 

A. auth 

B. noauth 

C. priv 

D. secret 

Answer: C 

Explanation: 


Q12. After you review the output of the command show ipv6 interface brief, you see that several IPv6 addresses have the 16-bit hexadecimal value of "FFFE" inserted into the address. Based on this information, what do you conclude about these IPv6 addresses? 

A. IEEE EUI-64 was implemented when assigning IPv6 addresses on the device. 

B. The addresses were misconfigured and will not function as intended. 

C. IPv6 addresses containing "FFFE" indicate that the address is reserved for multicast. 

D. The IPv6 universal/local flag (bit 7) was flipped. 

E. IPv6 unicast forwarding was enabled, but IPv6 Cisco Express Forwarding was disabled. 

Answer: A 

Explanation: 

Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-

Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the

need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained

through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI

(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted

between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which

can only appear in EUI-64 generated from the an EUI-48 MAC address. Here is an example showing how

a the Mac Address is used to generate EUI.


Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies whether this interface identifier is universally or locally administered. If 0, the address is locally

administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally

unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses

has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address

is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.


Once the above is done, we have a fully functional EUI-64 format address. 

Reference: https://

supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address


Q13. Which statement about the use of tunneling to migrate to IPv6 is true? 

A. Tunneling is less secure than dual stack or translation. 

B. Tunneling is more difficult to configure than dual stack or translation. 

C. Tunneling does not enable users of the new protocol to communicate with users of the old protocol without dual-stack hosts. 

D. Tunneling destinations are manually determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses. 

Answer: C 

Explanation: 

Using the tunneling option, organizations build an overlay network that tunnels one protocol over the other

by encapsulating IPv6 packets within IPv4 packets and IPv4 packets within IPv6 packets. The advantage of this approach is that the new protocol can work without disturbing the old protocol, thus providing connectivity between users of the new protocol. Tunneling has two disadvantages, as discussed in RFC 6144: Users of the new architecture cannot use the services of the underlying infrastructure.

Tunneling does not enable users of the new protocol to communicate with users of the old protocol without

dual-stack hosts, which negates interoperability. 

Reference: http://www.cisco.com/c/en/us/products/

collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html


Q14. Which three characteristics are shared by subinterfaces and associated EVNs? (Choose three.) 

A. IP address 

B. routing table 

C. forwarding table 

D. access control lists 

E. NetFlow configuration 

Answer: A,B,C 

Explanation: 

A trunk interface can carry traffic for multiple EVNs. To simplify the configuration process, all

the subinterfaces and associated EVNs have the same IP address assigned. In other words, the trunk

interface is identified by the same IP address in different EVN contexts. This is accomplished as a result of

each EVN having a unique routing and forwarding table, thereby enabling support for overlapping IP

addresses across multiple EVNs. Reference: http://www.cisco.com/en/US/docs/ios-xml/ios/evn/

configuration/xe-3sg/evn- overview.pdf


Q15. Refer to the exhibit. 


A network administrator checks this adjacency table on a router. What is a possible cause for the incomplete marking? 

A. incomplete ARP information 

B. incorrect ACL 

C. dynamic routing protocol failure 

D. serial link congestion 

Answer: A 

Explanation: 

To display information about the Cisco Express Forwarding adjacency table or the hardware Layer 3-

switching adjacency table, use the show adjacency command.

Reasons for Incomplete Adjacencies

There are two known reasons for an incomplete adjacency:

The router cannot use ARP successfully for the next-hop interface.

After a clear ip arp or a clear adjacency command, the router marks the adjacency as incomplete. Then it

fails to clear the entry.

In an MPLS environment, IP CEF should be enabeled for Label Switching. Interface level command ip

route-cache cef No ARP Entry When CEF cannot locate a valid adjacency for a destination prefix, it punts

the packets to the CPU for ARP resolution and, in turn, for completion of the adjacency.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/express-forwarding-cef/17812-cefincomp.

html#t4


Q16. A network engineer finds that a core router has crashed without warning. In this situation, which feature can the engineer use to create a crash collection? 

A. secure copy protocol 

B. core dumps 

C. warm reloads 

D. SNMP 

E. NetFlow 

Answer: B 

Explanation: 

When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a core

dump) to identify the cause of the crash. Core dumps are generally very useful to your technical support representative.

Four basic ways exist for setting up the router to generate a core dump:

Using Trivial File Transfer Protocol (TFTP)

Using File Transfer Protocol (FTP)

Using remote copy protocol (rcp)

Using a Flash disk Reference: http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/

tr19aa.html


Q17. A network administrator executes the command clear ip route. Which two tables does this command clear and rebuild? (Choose two.) 

A. IP routing 

B. FIB 

C. ARP cache 

D. MAC address table 

E. Cisco Express Forwarding table 

F. topology table 

Answer: A,B 

Explanation: 

To clear one or more entries in the IP routing table, use the following commands in any mode:

Command Purpose

clear ip route {* |

Clears one or more routes from both the

{route |

unicast RIB and all the module FIBs. The

prefix/length}[next-hop route options are as follows:

interface]}

· *--All routes.

[vrf vrf-name]

Example:

· route--An individual IP route.

switch(config)# clear ip

· prefix/length--Any IP prefix.

route

10.2.2.2 · next-hop--The next-hop address · interface--The interface to reach the next-hop address.

The vrf-name can be any case-sensitive, al-phanumeric string up to 32 characters.

Reference:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/unicast/5_0_3_N1_1/Ci

sco_n5k_layer3_ucast_cfg_rel_503_N1_1/l3_manage-routes.html



see more Implementing Cisco IP Routing