Home > IP Services Questions

IP Services Questions

July 16th, 2019 in ROUTE 300-101 Go to comments

Question 1

Explanation

The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):
+ The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.
+ The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.
+ The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.
+ The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html#wp1101946

Question 2

Explanation

We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.

Question 3

Explanation

The “ip http secure-port

” is used to set the secure HTTP (HTTPS) server port number for listening.

Question 4

Explanation

This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below:

Router#show crypto ipsec sa
interface: FastEthernet0
    Crypto map tag: test, local addr. 12.1.1.1
   local  ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
   current_peer: 12.1.1.2
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918
    #pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0, 
    #pkts decompress failed: 0, #send errors 1, #recv errors 0
     local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2
     path mtu 1500, media mtu 1500
     current outbound spi: 3D3
     inbound esp sas:
      spi: 0x136A010F(325714191)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        slot: 0, conn id: 3442, flow_id: 1443, crypto map: test
        sa timing: remaining key lifetime (k/sec): (4608000/52)
        IV size: 8 bytes
        replay detection support: Y
     inbound ah sas:
     inbound pcp sas:
inbound pcp sas:
outbound esp sas:
   spi: 0x3D3(979)
    transform: esp-3des esp-md5-hmac ,
    in use settings ={Tunnel, }
    slot: 0, conn id: 3443, flow_id: 1444, crypto map: test
    sa timing: remaining key lifetime (k/sec): (4608000/52)
    IV size: 8 bytes
    replay detection support: Y
outbound ah sas:
outbound pcp sas:

The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs.

Note: Maybe “inbound crypto map” here mentions about crypto map name.

Question 5

Explanation

The Management Plane Protection (MPP) feature in Cisco IOS software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature allows a network operator to designate one or more router interfaces as management interfaces. Device management traffic is permitted to enter a device only through these management interfaces. After MPP is enabled, no interfaces except designated management interfaces will accept network management traffic destined to the device.

In the command management-interface interface allow protocols we can configure these protocols (to allow on the designated management interface):

+ BEEP
+ FTP
+ HTTP
+ HTTPS
+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP

Therefore these are also the protocols that can be affected by MPP.

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html

Comments
  1. Vishnua
    April 1st, 2017

    Hello – the link not works anymore.
    can you please upload again?

  2. Hares
    May 23rd, 2017

    If you are looking to pass use the 358q dumps, the only one that is valid now.

  3. r2d2
    September 14th, 2017

    pls send 358q dumps an mail admin @ iskramedia . ru

  4. Maj
    October 16th, 2017

    passed today with the new 539 dumps from it-libraries.
    will try to share once links are allowed

  5. Juan
    November 1st, 2017

    @MAJ, could you share with me the PDF from IT-Libraries

  6. Lee
    November 9th, 2017

    Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.

  7. Darell
    November 9th, 2017

    Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.

  8. Litanel
    November 16th, 2017

    @Darrell can you please share pdf from it-libraries to my email

  9. Litanel
    November 16th, 2017

    I am taking test tomorrow can anyone pls provide dumps(vce or pdf) from iT-Libraries for 300-101

  10. Paris
    November 21st, 2017
  11. Johnie
    November 28th, 2017

    Passed, if you go the exam study the 21q dumps.

  12. Warren
    November 28th, 2017

    Passed with the 440q dumps from it libraries.

  13. Deshawn
    December 4th, 2017

    Confirming the 21q dumps are valid.

  14. Clair
    December 12th, 2017

    Thanks all, done with the router. 539q dumps from IT-Libraries are valid. Practice the labs since the ips change on the exam

  15. Alfonzo
    June 22nd, 2018

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  16. Raito
    July 20th, 2018

    Where can we find the it libraries dump? Anyone sharing?

  17. _saiko
    September 24th, 2018

    Can anyone share dumps from it libraries?

  1. No trackbacks yet.