300-410 : Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) : Part 10

  1. You need to configure a Cisco router to act as a DHCP server and provide the following services:

    Hand out IP addresses for subnet 10.10.0.0/16

    Set the domain name for the clients to “Cisco”
    Set the DNS server to 10.10.0.1
    Set the default gateway to 10.10.0.1
    Prevent IP address conflicts with 6 print servers that have consecutive permanently assigned addresses starting at 10.10.0.20.

    Which of the following sets of commands will successfully accomplish this?

    • Router1(config)# service dhcp
      Router1(config)# ip dhcp pool IPPool
      Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
      Router1(dhcp-config)# domain-name Cisco
      Router1(dhcp-config)# dns-server 10.10.0.1
      Router1(dhcp-config)# default-router 10.10.0.1
      Router1(dhcp-config)# exit
      Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25
    • Router1(config)# service dhcp
      
      Router1(config)# dhcp pool IPPool
      
      Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
      
      Router1(dhcp-config)# domain-name Cisco
      
      Router1(dhcp-config)# dns-server 10.10.0.1
      
      Router1(dhcp-config)# default-router 10.10.0.1
      
      Router1(dhcp-config)# exit
      
      Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25
    • Router1(config)# service dhcp
      
      Router1(config)# ip dhcp pool IPPool
      
      Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
      
      Router1(dhcp-config)# domain-name Cisco
      
      Router1(dhcp-config)# dns-server 10.10.0.1
      
      Router1(dhcp-config)# default-gateway 10.10.0.1
      
      Router1(dhcp-config)# exit
      
      Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25
    • Router1(config)# service dhcp
      
      Router1(config)# ip dhcp pool IPPool
      
      Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
      
      Router1(dhcp-config)# domain-name Cisco
      
      Router1(dhcp-config)# dns-server 10.10.0.1
      
      Router1(dhcp-config)# default-router 10.10.0.1
      
      Router1(dhcp-config)# exit
      
      Router1(config)# ip dhcp excluded-address 10.10.0.20 - 10.10.0.25
    Explanation:
    The following command sequence is correct:

    Router1(config)# service dhcp
    Router1(config)# ip dhcp pool IPPool
    Router1(dhcp-config)# network 10.10.0.0 255.255.0.0
    Router1(dhcp-config)# domain-name Cisco
    Router1(dhcp-config)# dns-server 10.10.0.1
    Router1(dhcp-config)# default-router 10.10.0.1
    Router1(dhcp-config)# exit
    Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25

    The Router1(config)# service dhcp command enables the DHCP process. It is enabled by default, but this command may be needed if it has been disabled.

    The Router1(config)# ip dhcp pool IPPool command creates a DHCP pool named IPPool.

    The Router1(dhcp-config)# network 10.10.0.0 255.255.0.0 command specifies the subnet and mask for which the DHCP process will be handing out IP addresses. Unless otherwise specified, it is assumed that the assignment will start with the first address on the subnet and end with the last address on the subnet; in this case, 10.10.0.1 through 10.10.0.255.

    The Router1(dhcp-config)# domain-name Cisco command sets the domain name for the clients to “Cisco.”

    The Router1(dhcp-config)# dns-server 10.10.0.1 command sets the DNS server IP address for the clients to 10.10.0.1.

    The Router1(dhcp-config)# default-router 10.10.0.1 command sets the default gateway for the clients to 10.10.0.1.

    The Router1(dhcp-config)# exit command exits back to global config mode.

    The Router1(config)# ip dhcp excluded-address 10.10.0.20 10.10.0.25 command configures the DHCP process not to hand out addresses 10.10.0.20 through 10.10.0.25 so that there is no conflict with the print servers. This command is technically not a dhcp-config command, but if it is issued in the dhcp-config mode, the router will exit to global config mode and invoke the command.

    The other options are incorrect due to incorrect syntax or command mode.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify IPv4 and IPv6 DHCP

  2. Your network team is assessing options available to translate IPv6 address to IPv4 addresses.

    Which of the following is an advantage of NAT64 over NAT-PT as a translation option?

    • DNS64 and NAT64 functions are completely separated
    • DNS64 and NAT64 functions are completely integrated
    • NAT64 only works over an Ethernet network
    • NAT64 will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4 router
    Explanation:
    DNS64 and NAT64 functions are completely separated when using NAT64. In NAT-PT these two functions are tightly coupled, which reduces flexibility and is why NAT-PT has been deprecated, with the IETF proposing NAT64 as its viable successor.

    DNS64 and NAT64 functions are not completely integrated in NAT64, so this is not an advantage of NAT64 over NAT-PT as a translation option.

    NAT64 works over non- Ethernet networks. It is NAT-PT that does only works on Ethernet networks. Therefore, this is not an advantage of NAT 64 over NAT-PT.

    NAT64 can reconstruct fragments packets if they are fragmented by an intermediate IPv4 router. It is NAT-PT that will be unable to reconstruct fragments packets if they are fragmented by an intermediate IPv4 router, so this is not an advantage of NAT 64 over NAT-PT.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Describe IPv6 NAT

  3. You configured a device as an IP SLA responder using the following configuration:

    300-410 Part 09 Q23 111
    300-410 Part 09 Q23 111

    Which line indicates that the device is not a Cisco device?

    • frequency 30
    • timeout 1000
    • tcp-connect 10.0.0.1 23 control disable
    • tag FLL-RO
    Explanation:
    The IP SLA TCP connect operation is used to gather statistics on connection-oriented services. The tcp-connect 10.0.0.1 23 control disable command specifies the IP address to which the responder should respond, the port number on which to respond and it disables the control protocol normally used to inform the responder to temporarily enable the port specified .by the configuration in the sender. When the responder is a non-Cisco device, a well-known port number must be chosen and the control protocol should be disabled on the responder. When a Cisco device is the responder, then any port number can be chosen and the control protocol should be left enabled.

    The frequency 30 command specifies how often the test should occur in seconds. It is not changed in any way as a result of the responder being a non-Cisco device.

    The timeout 1000 command specifies in milliseconds the amount of time an IP SLAs operation waits for a response from its request packet. It is not changed in any way as a result of the responder being a non-Cisco device.

    The tag FLL-RO command simply applies a user-specified identifier to the IP SLAs operation and is changed in any way as a result of the responder being a non-Cisco device.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify IP SLA

  4. Which command is NOT mandatory for inclusion in a plan to implement IP Service Level Agreements (SLAs) to monitor IP connections and traffic?

    • ip sla
    • ip sla schedule
    • ip sla reset
    • icmp-echo
    Explanation:
    The ip sla reset command is not mandatory for an implementation plan to configure IP SLAs for monitoring IP connections and traffic. This command causes the IP SLA engine to either restart or shutdown. As a result, all IP SLAs operations are stopped, IP SLA configuration information is erased, and IP SLAs are restarted. The IP SLAs configuration information will need to be reloaded to the engine.

    The following commands are essential to the implementation plan:

    ip sla
    ip sla schedule
    icmp-echo

    The ip sla command allows you to configure IP SLAs operations. When you execute this command in the global configuration mode, it enables the IP SLA configuration mode. In the IP SLA configuration mode, you can configure different IP SLA operations. You can configure up to 2000 operations for a given IP SLA ID number.

    The icmp-echo command allows you to monitor IP connections and traffic on routers by creating an IP SLA ICMP Echo operation. This operation monitors end-to-end response times between routers.

    The ip sla schedule command allows you to schedule the IP SLA operation that has been configured. With this command, you can specify when the operation starts, how long the operation runs, and the how long the operation gathers information. For example, if you execute the ip sla schedule 40 start-time now life forever command, the IP SLA operation with the identification number 40 immediately starts running. This is because the now keyword is specified for the start-time parameter. The forever keyword with the life parameter indicates that the operation keeps collecting information indefinitely. Note that you cannot re-configure the IP SLA operation after you have executed the ip sla schedule command.

    The information gathered by an IP SLA operation is typically stored in RTTMON-MIB. A Management Information Base (MIB) is a database hosting information required for the management of routers or network devices. The RTTMON-MIB is a Cisco-defined MIB intended for Cisco IOS IP SLAs. RTTMON MIB acts as an interface between the Network Management System (NMS) applications and the Cisco IOS IP SLAs operations.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify IP SLA

  5. Which of the following IPv4 to IPv6 migration techniques does not separate DNS and the translation process?

    • NAT-PT
    • stateless NAT64
    • stateful NAT64
    • MAP-T
    Explanation:
    Network Address Translation-Protocol Translation (NAT-PT) and DNS are inseparable, which is one of the reasons why NAT-PT has been deprecated. Network Address Translation IPv6 to IPv4, or NAT64, is superior to the NAT-PT technique because this solution has complete separation of the functions of NAT64 and DNS64.

    Stateless NAT64 is a version of NAT64 that does not maintain a binding or session state when it performs Address Family Translation (AFT). As such, it cannot be used in some of the implementations in which stateful NAT 64 can. However, in this method, DNS and the translation process are independent.

    Stateful NAT64 creates or modifies bindings or session state while performing translation. For this reason, it can be used to translate from an IPv4 network to an IPv6 network if static mappings are created, which stateless NAT64 cannot.

    Mapping of Address and Ports using Translation (MAP-T) is a method of creating mappings to provide connectivity for IPv4 hosts across an IPv6 domain. Its operation is not connected to DNS.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Describe IPv6 NAT

  6. What would be a use case for the HSRP configuration below?

    300-410 Part 09 Q26 112
    300-410 Part 09 Q26 112

     

    • used to switch the active role to the other router in the HSRP group during a maintenance window
    • used to prevent this router from ever relinquishing the active role
    • used to prevent this router from ever performing the active role
    • used to allow preemption over multiple peers
    Explanation:
    By tracking the loopback interface and decrementing the priority if it goes down, technicians would have a method of moving the active role to the other router by disabling the loopback interface. This method is less disruptive than disabling any of the physical interfaces. Although no decrement value has been specified, a default decrement of 10 will occur.

    This configuration would not be used to prevent this router from ever relinquishing the active role. That would defeat the purpose of Hot Standby Routing Protocol (HSRP), which is to provide failover by relinquishing the active role to the other router.

    This configuration would not be used to prevent this router from ever performing the active role. That would defeat the purpose of HSRP which is to provide failover by this router taking the active role when there is an issue with the other router.

    This configuration would not be used to allow preemption over multiple peers. When more than two routers are in an HSRP group, the active router is allowed preemption over multiple peers by default.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify tracking objects

  7. You asked your assistant to implement port address translation on the edge router of your network, which uses the S0 interface to connect to the ISP. When she is finished, you review the configuration by executing the show run command and receive the following results related to the configuration:

    300-410 Part 09 Q27 113
    300-410 Part 09 Q27 113

    Which of the following statements are true of the configuration?

    • the wrong interfaces are configured as inside and outside
    • the command establishing the pool of public IP addresses is incorrect
    • the ip nat inside source list command references a non-existent access list
    • the ip nat inside source list command references a non-existent NAT pool
    Explanation:
    The wrong interfaces are configured as inside and outside. The Serial 0 interface which leads to the ISP should be set as outside, and the E0 interface should be the inside address. As it is set now, these settings are reversed.

    The command establishing the pool of public IP addresses is correct. It establishes a pool of one public IP address, which is what you would do if you were configuring PAT. PAT uses a single public IP address for all translations.

    The ip nat inside source list command references a correct access list number 7 and a correct NAT pool name of ourpool. The access list is used to determine computers that are allowed to have their traffic translated.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify IPv4 Network Address Translation (NAT)

  8. Your assistant is interested in gathering statistics about connection-oriented operations.

    Which of the following should be done to enhance the accuracy of the information gathered?

    • configure an IP SLA responder on the destination device
    • configure an IP SLA responder on the source device
    • schedule the operation on the destination device
    • add the verify-data command to the configuration of the operation
    Explanation:
    Any IP SLA operations accuracy can be enhanced by configure an IP SLA responder on the destination device. It is important to note that only Cisco devices support the configuration as a responder.

    You do not configure an IP SLA responder on the source device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

    You do not schedule the operation on the destination device. You schedule the operation on the source device and the destination device is the one that is configured as a responder.

    Adding the verify-data command to the configuration of the operation will not enhance the accuracy of the information gathered. When data verification is enabled, each operation response is checked for corruption. Use the verify-data command with caution during normal operations because it generates unnecessary overhead.

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify IP SLA

  9. Which of the following commands configures an SNMP host to authenticate a user by username and send clear text notifications, the receipt of which will be acknowledged by the receiver?

      • Router(config)# snmp-server host 192.168.5.5 informs version 3 noauth CISCO
      • Router(config)# snmp-server host 192.168.5.5 traps version 3 auth CISCO
      • Router(config)# snmp-server host 192.168.5.5 informs version 2c CISCO
      • Router(config)# snmp-server host 192.168.5.5 informs version 3 authpriv CISCO
      Explanation:
      The command snmp-server host 192.168.5.5 informs version 3 noauth CISCO will configure the host to authenticate a user by username and send clear text notifications. The receiver will then acknowledge receipt of the notification. The keyword informs indicates that an inform message type will be used. Unlike a trap, an inform message is acknowledged by the receiver.

      The version 3 keyword indicates that version 3 is in use, which is the ONLY version that supports authentication and encryption. Finally, the noauth keyword specifies authentication by username only and no encryption.

      The command snmp-server host 192.168.5.5 traps version 3 auth CISCO configures the host to send traps rather than informs.

      The command snmp-server host 192.168.5.5 informs version 2c CISCO specifies version 2c, which only support community string-based authentication.

      The command snmp-server host 192.168.5.5 informs version 3 authpriv CISCO specifies the keyword authpriv, which indicates encryption will be used and authentication based on HMAC-MD5 or HMAC-SHA algorithms.

      Objective:
      Infrastructure Services
      Sub-Objective:
      Configure and verify SNMP

  10. Recently you had a serious problem with a router and contacted TAC. They told you a core dump of the system would have been helpful in diagnosing the issue. You would like to configure the router to make a full copy of the memory image the next time the router experiences the type of issue that can generate a core dump.

    Which of the following is NOT a supported method of setting up a core dump?

    • TFTP
    • rcp
    • Flash disk
    • HTTP
    Explanation:
    A core dump cannot be sent to a location using HTTP. The four supported methods for dumping a copy of the router’s memory image are:
    TFTP
    FTP
    rcp
    Flash disk

    To use File Transfer Protocol (FTP) to configure a core dump, execute the following commands:

    ip ftp usename username

    ip ftp password password

    exception protocol ftp

    exception dump a.b.c.d

    To use Trivial File Transfer Protocol (TFTP) to configure a core dump, execute the following commands:

    exception dump a.b.c.d

    To use remote copy protocol (rcp) to configure a core dump, execute the following commands:

    exception protocol rcp

    exception dump a.b.c.d

    Finally, to send a core dump to a Flash drive, execute the following commands:

    exception crashinfo file flash:filename

    Objective:
    Infrastructure Services
    Sub-Objective:
    Configure and verify device management