350-029 Real Tests (Spring 2015)

Download New Updated (Spring 2015) Cisco 350-029 Actual Tests 301-310

April 26, 2015

Ensurepass

 

QUESTION 301

Which ofthe following descriptions about uRPF loose mode is correct? (Choose two).

 

A.

It is typically used on point-to-point interfaces where the same interface is used for both directions of packet flows; if the source address has a return route in the FIB table, it is thenchecked against the adjacency table to ensure the same interface receiving the packet is the same interface used for the return path.

B.

If a packet fails the uRPF loose mode check, the packet is then transmitted and creates a log message.

C.

It is typically used on multipoint interfaces or on routers where asymmetrical routing is used (packets are received on one interface but the return path is not on the same interface); loose mode verifies a source address by looking in forwarding information base(FIB).

D.

If a packet fails the uRPF loose mode check, the packet is then dropped.

 

Correct Answer: CD

Explanation:

When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet.Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router’s choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.

 

When administrators use Unicast RPF in loose mode, the source address must appear in the routing table.

 

Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode.

 

Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths.

 

 

QUESTION 302

What Cisco IOS feature examines packets received to make sure that the source address and interface are in the routing table and match the interface that the packet was received on?

 

A.

MPLS Traffic Engineering

B.

Receive ACL

C.

Unicast RPF

D.

Authentication

E.

Dynamic access-lists

 

Correct Answer: C

 

 

QUESTION 303

Which statement about SNMP is true?

 

A.

SNMP version 2 uses a proxy agent to forward GetNext message to SNMP version 3.

B.

SNMP version 2 supports message integrity to ensure that a packet has not been tampered with in transit.

C.

Proxy agents were used only in SNMP version 1.

D.

SNMP version 3 supports encryption and SNMP version 2 supportauthentication.

E.

GetBulk messages are converted to GetNext messages by the proxy agent and are then forwarded to the SNMP version 1 agent.

 

Correct Answer: E

Explanation:

Proxy agents:

A SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows:

 

A SNMPv2 NMS issues a command intended for a SNMPv1 agent.

The NMS sends the SNMP message to the SNMPv2 proxy agent.

The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged.

GetBulk messages are converted by the proxy agentto GetNext messages and then are forwarded to the SNMPv1 agent.

The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.

SNMPv3 provides important security features:[11]

Confidentiality – Encryption of packets toprevent snooping by an unauthorized source.

Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.

Authentication – to verify that the message is from a validsource.

 

 

 

 

 

 

QUESTION 304

Which of the following statements about MD5 Routing Updates authentication is valid? (Select two)

 

A.

The MD5 algorithm inputs the routing updates of arbitrary length and outputs a 128-bit hash

B.

The MD5 algorithm inputs the routing updates of every 64bit length and outputs an 8-bit hash

C.

Multiple keys are supported

D.

Routing updates packets are delivered in encrypted messages

E.

Shared secret keys are delivered in encrypted messages

 

Correct Answer: AC

 

 

QUESTION 305

RFC 3270describes Differentiated Services (Diff-Serv) over Multi-Protocol Label Switching (MPLS) networks. Which model alters Differentiated Services (Diff-Serv) code points set in different DifferentiatedServices (Diff-Serv) domain?

 

A.

None of the above will alter Differentiated Services (Diff-Serv) code points set in different Differentiated Services (Diff-Serv) domain.

B.

Uniform model

C.

Pipe Model

D.

Short Pipe

 

Correct Answer: B

 

 

QUESTION 306

Which ACL entry can be used to block Teredo tunnels?

 

A.

Teredo tunnels cannot be blocked

B.

deny udp any any 3544

C.

deny ipv6 udp any any 3544

D.

deny 41 any any

 

Correct Answer: B

 

 

QUESTION 307

Which three of these can be a forwarding equivalence class? (Choose three)

 

A.

IPSec tunnel

B.

routingequivalence paths

C.

traffic engineering tunnel

D.

bridge or switch instance

E.

groups of IP addresses

 

Correct Answer: CDE

 

 

 

 

 

QUESTION 308

How many messages does Internet Key Exchange use to negotiate SA characteristics when it runs in aggressive mode?

 

A.

3

B.

4

C.

5

D.

2

E.

6

 

Correct Answer: A

 

 

QUESTION 309

Refer to the exhibit. All routers are running IS-IS. Which routers must be Level 2 routers?

 

clip_image002

 

A.

B, D, E and G

B.

A, D, E, and H

C.

B, C, F, and G

D.

B, C, E, F, and G

E.

A, B, C, D, F, G, and H

 

Correct Answer: D

 

 

QUESTION 310

In PIM-SM operations, to which device does the first router that connects with the multicast source send the register message?

 

A.

RP

B.

multicast source

C.

IGMP router

D.

multicast receiver

E.

PIM designated router

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 350-029 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …