1. What is the only attribute used by standard access control lists to identify traffic?
- source MAC address
- source IP address
- source TCP port
- protocol type
Explanation: Standard access control lists can only identify traffic based on the source IPv4 address in the protocol header.
2. Which network prefix matches the prefix match pattern 10.0.0.0/8 ge 16 le 24?
- 10.42.0.0/18
- 10.16.0.0/12
- 10.123.77.128/25
- 10.0.0.0/32
Explanation: To match the prefix match pattern specification, a prefix must have the same 8 high-order bits as 10.0.0.0/8 and also have a network mask that is equal to or greater than /16 but also less than or equal to /24. The prefix that meets both requirements is 10.42.0.0/18.
3. What is the function of the continue keyword when applied to a sequence in a route map?
- It allows the route map to process the next sequence after a match is made.
- It allows the route map to process all sequences in the route map.
- It allows the route map to apply multiple match statements within a sequence.
- It allows the route map to apply multiple set actions within a sequence.
Explanation: A route map will process sequences in order and will stop processing upon the first sequence match. The continue keyword causes a route map to process the next sequence after the sequence containing the key word is matched.
4. Which network and wildcard mask should be configured on an ACE entry to match any IP address?
- 0.0.0.0 0.0.0.0
- 0.0.0.0 255.255.255.255
- 255.255.255.255 255.255.255.255
- 255.255.255.255 0.0.0.0
Explanation: To configure an ACE to match any IP address, use the any keyword or use 0.0.0.0 0.0.0.0.
5. What is the purpose of configuring local PBR?
- to modify the next-hop address on traffic sourced from a router
- to examine packets as they enter a router interface
- to place next-hop addresses in the routing table
- to forward packets to next-hop addresses that are not in the routing table
Explanation: By default, packets originated from a router are not policy routed by PBR. However, local PBR can be configured using the ip local policy command to identify packets that originate from a router and modify the next-hop IP address.
6. An administrator is configuring an extended ACL for BGP route selection. Which ACE command should the administrator issue to permit only 192.168.0.x networks with a /24 through /32 prefix length?
- permit ip 192.168.0.0 0.0.0.255 255.255.255.0 0.0.0.255
- permit ip 192.168.0.0 0.0.255.255 255.255.255.0 0.0.0.255
- permit ip 192.168.0.0 0.0.0.255 0.0.0.255 255.255.255.0
- permit ip 192.168.0.0 255.255.255.255 255.255.255.0 0.0.0.255
Explanation: When an ACL is used for BGP network selection the ACE source field matches against the network portion of the network and the destination field matches against the network mask. In this example the ACE source field source and wildcard-mask of 192.168.0.0 0.0.0.255 will match the first 24 bits of network 192.168.0.x. The destination field of 255.255.255.0 0.0.0.255 will match prefix lengths of /24 through /32.
7. Which network prefix matches the prefix match pattern 2001:db8:cafe::/48 ge 48 le 56?
- 2001:db8:cafe:1001::/48
- 2001:db8:cafe:12::/64
- 2001:db8:feed::/52
- 2001:db8::/52
Explanation: To match the prefix match pattern specification, a prefix must have the same 48 high-order bits as 2001:db8:cafe::/48 and also have a prefix length that is equal to or greater than /48 and also less than or equal to /56.
8. Which is a characteristic of standard ACLs?
- They match packets based on source IP address only.
- They use a numbered entry of 100-199 or 2000-2699.
- They match packets based on source or destination IP address.
- They can only be applied in the inbound direction on an interface.
Explanation: There are two categories of ACLs: standard and extended. Standard ACLs can be named or numbered with numbered ACLs having a numbered entry of 1-99 or 1300-1999. Standard ACLs can be applied either inbound or outbound on an interface and they can only identify packets based on source IP address.
9. What is the default auto-increment sequence number value of a prefix list if none is specified?
- 1
- 5
- 10
- 20
Explanation: If a sequence number is not provided in the ip prefix-list command, the sequence number is auto-incremented by 5.
10. Which network prefix matches the prefix match pattern 10.0.0.0/10 ge 16?
- 10.1.5.0/16
- 10.1.0.0/8
- 10.128.0.0/32
- 10.64.0.0/24
Explanation: To match the prefix match pattern, a prefix must have the same 10 high-order bits as 10.0.0.0/10 and also have a network mask that is equal to or greater than /16. The prefix that meets both requirements is 10.1.5.0/16
11. Which two rules apply to route map statements? (Choose two.)
- Sequence numbers increment by 10 automatically if not provided.
- An implied all prefixes statement is applied if no matching statement is given.
- A default value of deny is used if there is no processing action defined.
- After a matching criterion, processing continues until all match criteria are checked.
- Boolean logic “and” is used if multiple variables are configured for a specific route map sequence.
Explanation: Route maps statements have rules as to how they are applied.
- If no processing action is provided, the default value is permit.
- If no sequence number is provided, the number increments by 10 automatically.
- If there is no matching statement, an implied all prefixes statement is applied.
- Processing of route map statements stops after a match criterion is matched.
- Boolean logic \”or\” is used if multiple variables are configured for a specific route map sequence.
12. What is the final step when configuring policy-based routing?
- Define access lists.
- Configure policy with the use of the
route-mapcommand. - Apply policy to an interface using
ip policy route-mapcommand. - Apply
matchcommands.
Explanation: There are four basic steps to policy based routing configuration:
- Configure the route map.
- Identify match criteria.
- Configure set statement.
- Apply the route map to the inbound interface.
