Home > IP Services Questions

IP Services Questions

July 16th, 2017 in ROUTE 300-101 Go to comments

Question 1

Explanation

The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):
+ The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.
+ The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.
+ The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.
+ The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html#wp1101946

Question 2

Explanation

We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.

Question 3

Explanation

The “ip http secure-port

” is used to set the secure HTTP (HTTPS) server port number for listening.

Question 4

Explanation

This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below:

Router#show crypto ipsec sa
interface: FastEthernet0
    Crypto map tag: test, local addr. 12.1.1.1
   local  ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
   current_peer: 12.1.1.2
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918
    #pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, 
    #pkts decompress failed: 0, #send errors 1, #recv errors 0
     local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2
     path mtu 1500, media mtu 1500
     current outbound spi: 3D3
     inbound esp sas:
      spi: 0x136A010F(325714191)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 3442, flow_id: 1443, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4608000/52)
        IV size: 8 bytes
        replay detection support: Y
     inbound ah sas:
     inbound pcp sas:
inbound pcp sas:
outbound esp sas:
   spi: 0x3D3(979)
    transform: esp-3des esp-md5-hmac ,
    in use settings ={Tunnel, }
    slot: 0, conn id: 3443, flow_id: 1444, crypto map: test
    sa timing: remaining key lifetime (k/sec): (4608000/52)
    IV size: 8 bytes
    replay detection support: Y
outbound ah sas:
outbound pcp sas:

The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs.

Note: Maybe “inbound crypto map” here mentions about crypto map name.

Question 5

Explanation

The Management Plane Protection (MPP) feature in Cisco IOS software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature allows a network operator to designate one or more router interfaces as management interfaces. Device management traffic is permitted to enter a device only through these management interfaces. After MPP is enabled, no interfaces except designated management interfaces will accept network management traffic destined to the device.

In the command management-interface interface allow protocols we can configure these protocols (to allow on the designated management interface):

+ BEEP
+ FTP
+ HTTP
+ HTTPS
+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP

Therefore these are also the protocols that can be affected by MPP.

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html

Comments
  1. Love Leo
    May 21st, 2016

    Can anybody tell me, what is “82Q” ???

  2. Need Help PLease
    October 4th, 2016

    All, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  3. MrsAliB
    November 28th, 2016

    I heard the dump ROUTE_Apr_2016 is no longer valid.
    Will there be a new dump soon?

  4. MrsAliB
    November 28th, 2016

    Please send it to ali.bos mail at outlook.

  5. Vishnua
    April 1st, 2017

    Hello – the link not works anymore.
    can you please upload again?

  6. Hares
    May 23rd, 2017

    If you are looking to pass use the 358q dumps, the only one that is valid now.

  7. r2d2
    September 14th, 2017

    pls send 358q dumps an mail admin @ iskramedia . ru

  8. Maj
    October 16th, 2017

    passed today with the new 539 dumps from it-libraries.
    will try to share once links are allowed

  9. Juan
    November 1st, 2017

    @MAJ, could you share with me the PDF from IT-Libraries

  10. Lee
    November 9th, 2017

    Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.

  11. Darell
    November 9th, 2017

    Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.

  12. Hong
    November 14th, 2017

    Dose anyone have the full version for this dumps? https://drive.google.com/open?id=0B5mAFqgydmCzVWtzU09fYV9SZGc

  13. Litanel
    November 16th, 2017

    @Darrell can you please share pdf from it-libraries to my email

  14. Litanel
    November 16th, 2017

    I am taking test tomorrow can anyone pls provide dumps(vce or pdf) from iT-Libraries for 300-101

  15. Paris
    November 21st, 2017
  1. No trackbacks yet.