Exam : Cisco 350-001

Title : CCIE-Routing and Switching Written exam (3.1)

1. Into which two types of areas would an area border router (ABR) inject a default route? (Choose two.)
A. the autonomous system of a different interior gateway protocol (IGP)
B. area 0
C. totally stubby
D. NSSA
E. stub
F. the autonomous system of an exterior gateway protocol (EGP)
Answer: CE

2. Refer to the exhibit. If VLAN 21 does not exist before typing the commands, what is the result of the configuration applied on switch SW1?

A. A new VLAN 21 is created and port 0/8 is assigned to that VLAN.
B. A new VLAN 21 is created, but no ports are assigned to that VLAN.
C. No VLAN 21 is created and no ports are assigned to that VLAN.
D. Configuration command vlan database should be used first to create the VLAN 21.
Answer: A

3. Which three statements are true regarding Cisco IOS Firewall configurations? (Choose three.)
A. An IP inspection rule can be applied in the inbound direction on a secured interface.
B. An IP inspection rule can be applied in the outbound direction on an unsecured interface.
C. An ACL that is applied in the outbound direction on an unsecured interface must be an extended ACL.
D. An ACL that is applied in the inbound direction on an unsecured interface must be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, an IP inspection rule must be applied to the secured interface.
Answer: ABD

4. The ip inspect inspection-name {in | out} command is used to configure which IOS security feature?
A. IPS
B. IPsec site-to-site VPN
C. Cisco IOS Firewall
D. Cisco AutoSecure
E. IDS
F. Easy VPN
Answer: C

5. Refer to the exhibit. Which statement about this configuration is true?

A. ACL 101 needs to have at least one permit statement in it or it will not work properly.
B. The ip inspect test out command needs to be used instead of the ip inspect test in command to make the configuration work.
C. Ethernet 0 is the trusted interface and Ethernet 1 is the untrusted interface.
D. Ethernet 0 needs an inbound access list to make the configuration work.
E. Ethernet 0 needs an outbound access list to make the configuration work.
Answer: C

6. What is the purpose of an explicit “deny any” statement at the end of an ACL?
A. none, since it is implicit
B. to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually required
C. to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually required
D. to allow the log option to be used to log any matches
E. to prevent sync flood attacks
F. to prevent half-opened TCP connections
Answer: D

7. Which Cisco IOS feature can be used to defend against spoofing attacks?
A. Cisco IOS Firewall (CBAC)
B. lock-and-key ACL and/or reflexive ACL
C. IP Source Guard and/or Unicast RPF
D. TCP Intercept
E. Cisco IOS IPS
F. Auth-Proxy
Answer: C

8. Which of these is mandatory when configuring Cisco IOS Firewall?
A. Cisco IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. a route map to define the trusted outgoing traffic
D. a route map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface
Answer: E

9. For an MPLS label, if the stack bit is set to 1, which of these is correct?
A. The stack bit is reserved for future use.
B. The label is the last entry in the label stack.
C. The stack bit will only be used when LDP is the label distribution protocol.
D. The stack bit is for Cisco implementations exclusively and will only be used when TDP is the label distribution protocol.
E. The label is the top entry in the label stack and will remain set to 1 until the last entry, the bottom label, is reached.
Answer: B

10. Which statement correctly describes the disabling of IP TTL propagation in an MPLS network?
A. The TTL field from the IP packet is copied into the TTL field of the MPLS label header at the ingress edge LSR.
B. TTL propagation cannot be disabled in an MPLS domain.
C. TTL propagation is only disabled on the ingress edge LSR.
D. The TTL field of the MPLS label header is set to 255.
E. The TTL field of the IP packet is set to 0.
Answer: D

11. Which of these statements about OSPF external LSAs (type 5) is correct?
A. External LSAs (type 5) are automatically changed to type 1 LSAs at ASBRs.
B. Type 5 LSAs are route summaries describing routes to networks outside the OSPF Autonomous System.
C. OSPF external LSAs are automatically flooded into all OSPF areas, unlike type 7 LSAs, which require that redistribution be configured.
D. External network LSAs (type 5) redistributed from other routing protocols into OSPF are not permitted to flood into a stub area.
E. OSPF external LSAs can be flooded into an NSSA area if redistributed from other routing protocols into OSPF and if the subnets parameter is used with the redistribute command.
Answer: D

12. Which two of these best describe an OSPF stub area? (Choose two.)
A. All routers in a stub area must be configured as stub.
B. Each stub area always has an ASBR attached to it.
C. A stub area will not accept routes belonging to an external AS.
D. Only summary routes from an external AS can be injected into a stub area.
E. To reach outside networks, the routers in a stub area use a default route which is injected into the area by the ASBR.
Answer: AC

13. Refer to the exhibit. Which statement best describes an OSPF not-so-stubby area (NSSA)?

A. Redistributed RIP routes (from Area 2) will be allowed into Area 1 as O E1 routes.
B. Type 5 external LSAs generated by the NSSA ABR are the only type of LSAs allowed in an NSSA.
C. A default route is required on the NSSA ABR to access external networks attached to Area 1.
D. An NSSA is a feature specific to Cisco that reduces the number of routes in the routing table.
E. Type 5 external LSAs are not allowed in NSSA areas, so NSSA ASBRs generate type 7 NSSA external LSAs instead, which remain within the NSSA.
Answer: E

14. Which of these statements best describes how neighbor adjacencies are formed in a multi-access OSPF network?
A. The router with the highest priority will become the DR.
B. Only those routers with the Cisco default priority of 0 are eligible to become the DR or BDR.
C. The router with the highest loopback address will become the DR if two or more routers have the same priority.
D. The router with the lowest Router ID will become the DR and the router with the next lowest Router ID will become the BDR.
E. Election of the DR and BDR begins only after a router that wants to become either the DR or BDR enters the ExStart state.
Answer: A

15. An OSPF router is becoming active in a multi-access network and discovers its neighbors. Which statement is correct?
A. If the router becoming active has a higher priority than some elected routers, it may influence an election but will not force an election to override an active DR or BDR.
B. If a DR and a BDR already exist and the router becoming active has the same priority and a higher loopback address than either of them, it will force a new election.
C. If a DR and a BDR already exist and the router becoming active has a lower router ID than either of them, it will force a new election.
D. If there is a DR but not a BDR, and the router becoming active has the same priority as an already active router, the router with the lowest router ID will become the BDR.
E. If there is a DR but not a BDR, and the router becoming active has the same priority as an already active router, the router with the highest loopback address will become the BDR.
Answer: A

16. Which three of these statements correctly describe type 2 LSAs (network link advertisements)? (Choose three.)
A. Network LSAs are generated by the DR.
B. Network LSAs are flooded only in their originating areas.
C. A network LSA lists all attached routers including the DR.
D. Every router in an OSPF area generates type 2 LSAs, as well as type 1 LSAs.
E. The link-state ID of the type 2 LSA is the loopback address of the DR.
F. When a network LSA reaches an ABR it is converted to a type 5 LSA (AS external LSA) and then flooded to other areas.
Answer: ABC