Miscellaneous Questions
Question 1
Explanation
Bidirectional Forwarding Detection (BFD) is a detection protocol that is designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols.
Prerequisites for Bidirectional Forwarding Detection:
+ Cisco Express Forwarding and IP routing must be enabled on all participating routers.
Question 2
Explanation
It is a general best practice to not mix TCP-based traffic with UDP-based traffic (especially Streaming-Video) within a single service-provider class because of the behaviors of these protocols during periods of congestion. Specifically, TCP transmitters throttle back flows when drops are detected. Although some UDP applications have application-level windowing, flow control, and retransmission capabilities, most UDP transmitters are completely oblivious to drops and, thus, never lower transmission rates because of dropping.
When TCP flows are combined with UDP flows within a single service-provider class and the class experiences congestion, TCP flows continually lower their transmission rates, potentially giving up their bandwidth to UDP flows that are oblivious to drops. This effect is called TCP starvation/UDP dominance.
TCP starvation/UDP dominance likely occurs if TCP-based applications is assigned to the same service-provider class as UDP-based applications and the class experiences sustained congestion.
Granted, it is not always possible to separate TCP-based flows from UDP-based flows, but it is beneficial to be aware of this behavior when making such application-mixing decisions within a single service-provider class.
Therefore two UDP protocols that can cause TCP starvation are TFTP (UDP port 69) and SNMP (UDP port 161 & 162).
Question 3
Explanation
Policy-based routing (PBR) intercepts the packet after de-encapsulation on the incoming interface, before the router performs the CEF table lookup. PBR then chooses how to forward the packet using criteria other than the usual matching of the packet’s destination address with the CEF table. Therefore PBR does not affect the routing table or the data plane.
Question 4
Explanation
Traditionally, link state protocols despite of having full view of the database, never calculated a backup route. Loop-Free Alternate (LFA) aims to calculate a backup route that can be used to route traffic, in case of a failure of a directly connected link or node on primary path.
Shared Risk Link Groups (SRLG) refer to situations in which links in a network share a common fiber (or a common physical attribute). These links have a shared risk: when one link fails, other links in the group might also fail. Topology-Independent Loop-Free Alternate (TI-LFA) SRLG protection attempts to find the post-convergence backup path that excludes the SRLG of the protected link. All local links that share any SRLG with the protecting link are excluded.
Note:
+ Linecard-disjoint: This prefers a backup route from an interface that is on another line card. This is also a special case of SRLG
+ Interface-disjoint: This means that repair path is over a different interface as compared to the interface used to reach destination via primary path. In case of point-to-point links, this condition is always met.
Question 5
Explanation
Answer A is not correct as we don’t want to disable telnet access.
Answer C is not correct because the “logging console debugging” command is equal to the “logging console 7” command, which was typed in the exhibit.
So there are only two answers left. We believe answer D is better because the “debug aaa authentication” command is used to see the AAA authentication messages. Therefore we have to enable AAA first via the “aaa new-model” command.
Note: The “logging console” is a default and hidden command. This command only appears if it is disabled (no logging console) so in fact it is currently enabled in this question.
Although we can use the “debug aaa authentication” with “aaa new-model” command but the debug would only show after entering the “aaa new-model” command”.
Question 6
Explanation
Flow exporters are created as separate components in a router’s configuration. Exporters are assigned to flow monitors to export the data from the flow monitor cache to a remote system such as a NetFlow collector.
As we can see the “flow exporter EXPORTER-1” was defined but it has not been used. We can use it inside a flow monitor. For example:
| flow monitor FLOW-MONITOR-1 record v4_r1 exporter EXPORTER-1 exit |
Question 7
Hi
Question 6:
it was mentioned “don’t see debug messages when remote users log in.”
a remote user means the user is connected by telnet/ssh. i think the correct answer is terminal monitor
@Anonymous: This question asked why “an administrator that is connected to the console …” so he is using the console port.
networktut, but that command is already supplied –> logging console 7
so more correct seems terminal monitor
The answer to question 5 is 100% to enable AAA via #aaa new-model command. I have even confirmed my judgement with a Lab and will happily provide the output if anybody needs to see it.
Q5
I’ve just passed the CCNP ENARSI exam, and in the exam the question doesn’t say: “R1(config)# do debug authentication”, instead it says: “R1(config)# do debug aaa authentication”.
So the answer to the question 5 is: D Enter the aaa new-model configuration command.
Good Luck!!!
Question 5. The Answer is B. Enter the terminal monitor exec command.
Reference:
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/system_monitoring/command/reference/b-sysmon-cr-crs/b-sysmon-cr-asr9k_chapter_0100.html#wp1325580768
@RON that’s good that you pass your test, but bro you have to read the questions, analyze them and research, is not about just passing the exam, we have to learn the technologies and learn how to investigate (because nobody knows everything).
In that question 5, they are referring to debug messages, is not about the AAA.
The debug aaa authentication is just an example of a debug that is not showing any information because the user is connected remotely and R1 doesn’t have the logging monitor enabled, so to be able to see the debug in a remote login you have to enter the terminal monitor exec command.
See the reference and READ:
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/system_monitoring/command/reference/b-sysmon-cr-crs/b-sysmon-cr-asr9k_chapter_0100.html#wp1325580768
Hi guys and networktut,
did anyone knows final correct answer to Question 5 – B, C or D.
thanks
@networktut Q5 answer should be D. It should be do debug AAA authentication. So to enable this command (Which below to AAA commands) we have to use AAA new-model configuration commmand.https://www.geeksforgeeks.org/aaa-authentication-authorization-and-accounting-configuration-locally/
Hi, in the picture @Q7 are two network with 192.168.12.0, maybe answer F is right.
Hi @networktut , I belive on Q5 the correct answer is B. We need to have logging monitor 7 ( for the debug ) + terminal monitor//exec command , after we SSH we are writting terminal monitor.
Actually no, The correct on is C. I didn`t saw it was logged over a Console.
B. Terminal Monitor: My understanding of questions is admin should see who is logging in remotely after enabling terminal monitor.
The function of terminal monitor is to enable the display of syslog messages on a terminal session (vty session). By default a terminal session does not display syslog messages. Terminal monitor enables the display (and terminal no monitor disables the display).
@networktut
The correct answer for Question 5 is B, because A has nothing to do with – C is already enabled and D if AAA is enabled the “login local” command is no longer valid
Is this not F
There are two subsets with the same IP 192.168.12.0 ?
@networktut can you give an update for question 5? Per your comment above you stated its D but the answer is still showing C ?
Q7 there are 2 “192.168.12.0” network, so the answer it’s not F?
sorry for the English…
https://www.cisco.com/c/en/us/td/docs/routers/crs/software/system_monitoring/command/reference/b-sysmon-cr-crs/b-sysmon-cr-asr9k_chapter_0100.html#wp1325580768
says: To enable the display of debug command output and system logging (syslog) messages for the current terminal session, use the terminal monitor command in EXEC mode.
So, networktut, you are not correct when you say:
The “terminal monitor” command enables logging on your virtual terminal connection (telnet), not the console line
For me the correct answer should be “Enter the terminal monitor exec command”
Question 5 again – the correct answer can not be “Enter the logging console debugging configuration command” because we have the configuration “logging console 7”, which, according to https://www.cisco.com/c/en/us/td/docs/routers/crs/software/system_monitoring/command/reference/b-sysmon-cr-crs/b-sysmon-cr-asr9k_chapter_0100.html#wp3359494668__tab_1365648 is the same as logging console debugging
Q5
This question is poorly asked.
I did some simulations to understand the possibilities and came to the conclusions below.
When “debug anything” is enabled on a router, it will continue to display information locally, regardless of whether a remote user accesses the router.
When a remote user accesses a router with “debug anything” enabled, they will not see the debug information on their screen by default. To see the outputs of the command, you must use the command “terminal monitor”.
The “logging console” command is already enabled by default. When it is disabled, no output will appear regardless of whether access is local or remote.
I understood that the statement asks how a remote access user can see the output of the debug command. In this case, he must use the command “terminal monitor”. The correct answer is B.
G5
In my opinion, the correct answer is D.
In my simulation test (consoled into a C7206VXR on EVE). There is no “debug authentication” command.
I used “debug aaa authentication” and enabled aaa new-model. I was then able to see debug messages when telnetting to the router.
NetworkTut, are these questions updated ?
Someone asked about #7
When summarizing, you use the masks that gives you the LEAST amount of addresses possible while including the addresses needed to cover.
If you use /20, you will have a 255.255.240.0. This would equal 240-256=16. Your subnets would be 0, 16, 24, 32 and so no. This would give you a range of 192.168.0.1 – 192.168.15.254
If you use /32, you have 255.255.248.0. So, 248 – 256 = 8. Your subnets are 0, 8, 16, 24, and so no.
Which option gives you the closest to the IP addresses in the picture without wasting or including unwanted addresses?
Option 1 – 192.168.0.1 – 192.168.15.254
or
Option 2 – 192.168.8.1 – 192.168.15.254?
Option 2, which is C
@Networktut, for Question 5, the method applied on line vty is local.
What is the point on enabling the aaa new-model since remote login users use the local database?
I see the only correct answer left the -terminal monitor exec command
Could you please review it?
@NPIG: Although we can use the “debug aaa authentication” with “aaa new-model” command but the debug would only show after entering the “aaa new-model” command”.
Q5: Everyone, seriously… Go into any router via console and try to use terminal monitoring. It’s already enabled by default. You’ll get an error when issuing the command.
Trust me. I have run into this many times at work just sanity checking why I’m not seeing messages in the off chance the version of IOS doesn’t have it enabled by default.