Home > Multiple Choice Questions

Multiple Choice Questions

May 8th, 2018 in TSHOOT v2 Go to comments

Question 1

Question 2

Question 3

Explanation

All of these can be modified: protocol, IP destination address, repeat count, Datagram size, Timeout, source address/interface, type of service, DF bit, Validate reply data, Data pattern, Loose, Strict, Record, Timestamp, Verbose, Sweep range of sizes.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13730-ext-ping-trace.html

Question 4

Question 5

Question 6

Comments (50) Comments
Comment pages
1 72 73 74 75 76 90 707
  1. pounder
    August 7th, 2019

    Hi folks,
    I have doubt about following question:

    *********************************************
    Router L ==== Router C ==== Router R

    L and R routers were showing GRE and IPSec configurations, questions is an ACL applied in router C is blocking all IP traffic, which protocol should be allowed in the ACL to allow traffic.

    A. ESP
    B. GRE

    Answer: B
    *********************************************

    If there is an GRE over IPSec running between Router L and Router R and Router C is filtering/blocking all IP traffic then IPsec (ESP and ISAKMP) traffic needs to be allowed on the Router C. Can someone with more experience review this and comment? I know more info is missing from the question but if the IPses with the GRE is mentioned then I assume it is “GREoverIPsec”.

  2. DomRod
    August 7th, 2019

    I passed the exam today.

    There are to port-security problem and in the ticket and one of them has a problem with wrong ip helper address. Because the question is “Client1 can’t ping the 209.65.200.241”, the solution should always be looking for the problem nearest to the client1 so I chose the port security problem. If the the question is about dhcp like “why is it that the client1 is not getting ip address from the dhcp server” then I should have chosen the ip helper address problem.

    There was also a question in MCQ wherein the router has an access-list configured and applied to the interface as “ip access-group xxx” what should be added to the access-list so that the router can ping successfully a destination.

  3. Charlie
    August 7th, 2019

    @DomRod, and what did you choose in that question?

  4. DomRod
    August 7th, 2019

    I passed the exam today.

    There are two port-security problem in the ticket and one of them has a problem with wrong ip helper address. But because the question is “Client1 can’t ping the 209.65.200.241”, the solution should always be looking for the problem nearest to the client1 so I chose the port security problem. If the the question is about dhcp like “why is it that the client1 is not getting ip address from the dhcp server” then I should have chosen the ip helper address problem.

    There was also a question in MCQ wherein the router has an access-list configured and applied to the interface as “ip access-group xxx” what should be added to the access-list so that the router can ping successfully a destination.

  5. DomRod
    August 7th, 2019

    There was also a question in MCQ wherein the router has an access-list configured and applied to the interface as “ip access-group xxx” what should be added to the access-list so that the router can ping successfully a destination.

    Ans
    Access-list xxx icmp host (ip of destination) host (router network add)

  6. DomRod
    August 7th, 2019

    (Question Corrected – applied to interface for inbound traffic)
    There was also a question in MCQ wherein the router has an access-list configured and applied to the interface as “ip access-group xxx in” what should be added to the access-list so that the router can ping successfully a destination.

    Ans
    Access-list xxx icmp host (ip of destination) host (router network add)

  7. UpdateTickets
    August 7th, 2019

    @Charlie SAM strategy will not work with IPv6.

  8. NEW_MCQ
    August 8th, 2019

    i got 3 MCQs wrong, but dont know which one was the wrong.

  9. Lucky
    August 8th, 2019

    Hi Guys. If you want to download freedump 300-135 go in my link. Last updated 08/08/2019

    htt ps : //w ww. youtu be. com/watch?v= yzG7EKVVz_0

  10. Tshoothelp
    August 8th, 2019

    @DomRod
    Congrats ! I think the answr about ACL is permit ICMP 10.x.x.x 0.0.0.255 host 170.x.x. ( contrary ) About TT have you met new TT Ipv6 ?
    THX

  11. DomRod
    August 8th, 2019

    @Tshoothelp.
    No I haven’t encountered the new IPv6 TT. I have encountered 2 ipv6 TTs and they are tunnel and redistribution problems. I have encountered the new IP NAT problem but there is a bug in the sim because by pinging 209.x.x.241 from client1 it is unsuccessful but when pinging 209.x.x.241 from DSW1, R4 through R2, the ping is successful so my assumption was that the network address of the client1 is not included in the access-list permitted for nat and when I checked I found that it was the “ip nat inside” applied to outgoing interface of R1 is causing the problem and that is because in the access-list for the NAT, the network address of Client is included in the permitted traffic. Normally in the actual if the ip nat inside is placed on the outside interface instead of the ip nat outside, ping from PC->R2 must no be successful.

  12. Charlie
    August 8th, 2019

    @UpdateTickets, thanks buddy for this info. At least this strategy will work with IPv4. IPv6 we have only 3 tickets: 1. R2 ( ipv6 ospf area 0 should be added) 2. R3 ( ipv6 tunnel should be removed) 3. R4 ( RIPng on redistribution ospf should be added) seems that for these tickets we will need to be carefully and checking 1,2 ore 3 times if it needed to be sure if we choose the right answer.

    I think now im a little rested and im brething :D

  13. Read
    August 8th, 2019

    @Charlie i have a format for the IPV6 ticket…

    Do “show ipv6 ospf neig” on R2 and R3 always for the 3 IPV6 tickets

    If you get 1 neighbors each, 1+1=2 then its R2.

    If you get 1 on R2 and 2 neighbors on R3, 1+2=3 then its R3.

    If you get 2 neighbors each on both routers, 2+2=4 then its R4

    Try this and thank me later lol

  14. CCNP certified
    August 8th, 2019

    Pass CCNP tshoot today, scored 965. Got BGP simlet, IPV4 tickets 3,4,6,7,8,9 both 11, IPV6 tickets 15 and 16. Probably got a couple more IPV4 tickets but I forgot. There was a MCQ about access-list, and I do believe the answer was as written by Tshoothelp and DomRod above.

    ACL is permit ICMP 10.x.x.x 0.0.0.255 host 170.x.x.

    but on the test they will use actual ip, subnet mask and host. Thanks networktut, your tickets, MCQ and simlet was on point.

  15. CCNP certified
    August 8th, 2019

    Oh yes on the BGP simlet, you just need to make the change, but it is actually like a real device, you need to enable terminal first by using password cisco, then sh run, then conf t and make all your changes. If you did a show ip bgp before you make the changes, you should see that bgp only show one route, but after you config the right changes, it will show all the bgp routes. On the real test it actually give you a picture of what you are suppose to see if you did your commands right (with all the routes you should be seeing), so double check and make sure your show ip bgp looks like their pictures, and no you don’t need to save the configs after you make the changes, just make changes – show ip bgp and make sure all the routes are there

  16. honeyMo
    August 8th, 2019

    passed the exam today at 982, all MCQ (Aug update) and Tickets are valid

  17. MK
    August 8th, 2019

    @honeyMo did you use the premium account? let me know please.

  18. pounder
    August 8th, 2019

    @CCNP certified, @honeyMo,

    Does it mean that you had only MCQs from the August update (11 questions added on 4th August)?

  19. Cobra2217
    August 8th, 2019

    @ CCNP certified. Tried your trick on the “Show ipv6 ospf neighbor” on R2 & R3. Works good, I like it.

  20. LISTENYALL
    August 8th, 2019

    passed – all the tickets are on the site – no changes – the access-list with the client icmp reply coming into the router – there were 2 right answers – one for the host and the other for the subnet instead of host 172.16.2.100 (or whatever) it was 172.16.2.0 0.0.0.255 – which would allow the client reply come back ( the acl is on the inbound) – all the other acls entries have the same 172.16.2.0 0.0.0.255 eq SSH, blaa blaa so i would normally in real world do the same and apply the reply allowance to the whole subnet. but the questions so that the client can ping sooo i chose that host one…not sure i got it right as i did not get 100% on infrastructure security…. the survey at the end i provided them with disapproval on their questions.

  21. honeyMo
    August 8th, 2019

    @MK, Yes, I have a premium account, it is an essential to pass the exam, highly recommended

  22. CCNP certified
    August 8th, 2019

    @pounder yes only August MCQ

  23. UpdateTickets
    August 8th, 2019

    @CCNP Certified & HoneyMo Congratulations guys.. Did you both get all 3 new tickets? IPNAT, Port security and Route redistribute? What did you both choose the answer for Port Security and Route redistribute?
    @CCNP Cert, Good points you brought up about BGP it was a challenge my jaws dropped. I did the same but for 2nd fix did you continue or did you come out of conf t and start again? I could not save the 1st fix so I continued. and Pressed Next for an other ticket.
    @HoneyMo did you get all 3 new tickets?
    @Read that is a good trick you worked out with IPv6.
    @All if you don’t have premium membership you may not have a clue what I am talking about BGP. Like above HoneMo mentioned membership is recommended, don’t try to save peanuts and let truck load of your going out of your pocket for retake of the exam. Good luck

  24. Focus
    August 9th, 2019

    honeyMo I have got premium membership.
    How will you recommend to do preparation.
    17 Tickets
    MCQs updated from June 2019.
    Drag and Drop questions.
    Can you please advice.

  25. Fusion
    August 9th, 2019

    Hi Everyone!

    I just passed the TSHOOT exam with a score of 965/1000. All the tickets are present in the August 4 update except for the in MCQ wherein the router has an access-list configured and applied to the interface as “ip access-group xxx in” what should be added to the access-list so that the router can ping successfully a destination.

    Answer: access-list 101 permit icmp host 172.16.1.100 10.1.1.0 0.0.0.31

    Premium membership is all worth it. :)

  26. Skeme
    August 9th, 2019

    Same experience with @fusion

    Passed with 965

    All materials are in networktut premium.

    Mcq
    • Wc action will set tunnel to up up

    Exhibit of show ip int br
    Tunnel is up down no ip configured

    Choices
    set tunnel source and tunnel destination (chose this im not sure if correct)
    Set tunnel ip add

    2. Agter configuring below, the other router started showing authentication error
    Standby 100
    Standby 100 vip 172.x.x.x
    Standby 100 md5 authentictaion cisco123

    Choices
    • Aaa authentication login group standby md5 on both routers
    Standby 100 authentication md5 cisco123 on both routers ( chose this)

    3. long show exhibit seems like gre with ipsec config. which protocol to allow. Chose gre

    Ticket all in networktut. Be careful with the wrong ip helper address ticker since asw1 also shows a violation hit on show portsecurity. Dont be fooled since show portsecurity interface f1/0/1 shows secure up.

    Good luck all. Premium is worthit.

  27. UpdateTickets
    August 9th, 2019

    @Skeme Congrates… Well done mate…
    What is .Wc action you mentioned above?
    What is IP helper address meant to be. 10.1.129.x for port security.

  28. Trizzy
    August 9th, 2019

    I get it there are 3 modified tickets now?
    – first one is a variation of the NAT issue, with “ip nat inside” on both inside and outside interface
    – second one is the dhcp-helper issue combined with a port-security config (which is not really relevant since the port-security interface status is secure-up)
    Which is the third one? I get it that it has something to do with redistribution, but what are the details of it? which router, is it EIGRP or OSPF?

  29. Trizzy
    August 9th, 2019

    What is the third ticket?, the one with the redistribution issue?

  30. Trizzy
    August 9th, 2019

    I get it there are 3 modified tickets.The first new one is with the “ip nat issue”, the second is with the port-security/dhcp-helper issue. What is the third one?

  31. UpdateTickets
    August 9th, 2019

    @Trizzy some one mentioned above ticket 11 A route redistribute is not same as before ie,since August. We just need a confirmation about Ticket 11A form top guys.. Skeme, CCNP certified and HoneyMo. Great job guys.

  32. SKEME
    August 9th, 2019

    @UpdateTickets

    thanks. I meant which action will set the tunnel to up/up. The exhibit shows a show ip int brief output with the tunnel in up/down state. similar to Q10 in Aug 4 MCQ update.

    ip helper address should be 10.1.21.129

    Yes 11a is slightly different: (third one as mentioned by Trizzy)
    it is as below
    redistribute ospf 1 route-map OSPF_to_EIGRP
    while
    route-map is configured as OSPF->EIGRP

  33. Trizzy
    August 9th, 2019

    @SKEME …’dem sneaky bastards… :)

  34. pounder
    August 9th, 2019

    I’ve passed exam with 9++.

    All tickets from networktut are valid and most of the MCQ questions.

    I had a new questions what @Skeme already reported:

    New 1: After applying below config on one router, OTHER router started showing authentication errors (you will see output log with errors)

    Applied configuration:
    Standby 100
    Standby 100 vip 172.x.x.x
    Standby 100 md5 authentictaion cisco123!

    Answer: “standby 100 authentication md5 keyword cisco123! on both routers”

    New 2: There are output from 2 routers with IPsec and GRE configuration. GRE is using IPsec crypto profile. And there is output of router 3 interface and ACL configuration. Router 3 is between R1 and Router 3. (ACL is like few deny statements and permit IP).
    Question is what should be allowed in order to pass tunnel(or GRE) traffic?

    A. ESP
    B. GRE

    Answer: I think this is ESP. I choosed GRE but I had 2 wrong answers so I assume this was one of them.
    Thing is that this is GRE over IPsec, so GRE traffic is not visible to the R3 router, only IPsec and for IPsec you need to allow ESP and ISAKMP.

    New 3: Router has an access-list configured and applied to the interface as “ip access-group xxx in”. IP address on the Router’s Interface is something like 10.1.1.25 255.255.255.0.
    What should be added to the access-list so that the router can ping successfully host 172.16.1.100.

    Answer: You have to choose between 4 lines, not sure which one is right.
    Two of them had destination like 172.16.1.0 0.0.0.31, and 172.16.1.0 0.0.0.15 and this two lines are not for sure, because the masks are /27 (0.0.0.31) and /28 (0.0.0.15) and the host IP address is 172.16.1.100, so it is not in those two networks.

    New 4: About uRPF loosy mode. You have some output with interface configurations and routing table output. Question is if the packet comes to one interface and the question is if will be blocked or forwarded on what interface?

    Answer: It will be forwarded on another interface (I think it came from S0/0/0, but it will be forwarded to S0/0/1 because the route in the routing table is pointing to that direction). This is because of the loosy configuration on both interfaces (ip verify unicast source reachable-via any)

    Hope this will help. Good luck guys!

  35. Abay
    August 9th, 2019

    @ Pounder Thanks for your clear information , Please send me your email adderess i need keep in touch with u

  36. Smily
    August 9th, 2019

    Guys just got confused .. now as i understand the below:

    1- IP NAT inside changed it to outside in R1 (new).
    2- Port-security/dhcp-helper issue double check.
    3- Ticket 11a now the answer is (redistribute ospf 1 route-map OSPF->EIGRP).

    For the MCQ:

    1- “ip access-group xxx in” what should be added to the access-list so that the router can ping successfully a destination ? what is the right answer ?

    2- Authentication Q what is the right answer ?

  37. ION
    August 9th, 2019

    Hi Guys,

    Just wondering if I need to study all the MCQ or just the new MCQ?

    Thanks

  38. RB
    August 9th, 2019

    @ Pounder
    Regarding the question about ESP and GRE you choose it correct because:

    GRE is a tunneling protocol which is used to transport multicast, broadcast and non-IP packets like IPX, etc.

    IPSec is an encryption protocol.

    IPSec can only transport unicast packets, not multicast & broadcast. Hence we wrap it GRE first and then into IPSec which is called as GRE over IPSec. There is nothing as IPSec over GRE

  39. RB
    August 9th, 2019

    @Skeme
    @Pounder
    Congrats to you both and thank you for sharing, I am going to take the exam tomorrow ;-)
    and I am going to share everything.

  40. MC
    August 9th, 2019

    Just passed exam with 965..
    All new Aug MCQ came back.
    Tickets 1,3,4,6,7,11a, 11b, 13,15,16,17,BGP sim

    Good luck guys.

  41. pounder
    August 9th, 2019

    @RB
    Router first encapsulate packets into the GRE, and then that GRE packet is sent into the IPsec tunnel. Since the IPsec is terminated on the R1 and R3, and you have R2 in the middle, R2 can see only encrypted IPsec packets which are carrying GRE packets.

    @ION, check all the questions from the 2018.

  42. TTL
    August 9th, 2019

    @MC Hey, wondering if you could please confirm IP helper address what Technology did you choose DHCP? for Route Redistribute ticket 11a did you selected your answer OSPF_to_EIGRP is it still same answer or it is different. With BGP is it the same SIM we have it on this site or some thing different?

  43. TTL
    August 9th, 2019

    @Skeme, CCNP certified, pounder and MC.. great scores…

  44. Ice Guevarra
    August 9th, 2019

    @Pounder Bro, the oldest dated here is January 2019

    @toall that recently passed, should we review all Old MCQ too? or just the August update?

  45. IP
    August 10th, 2019

    Hi Anyone attempted the test today ? Any reviews for the MCQ’s please ?

  46. Tshoothelp
    August 10th, 2019

    TT11 a @ALL what is the corret name of route-map ?

    The answer is A or B

    A Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF_to_EIGRP’ command and enter ‘redistribute ospf 1 route-map OSPF->EIGRP

    B Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF->EIGRP’ command and enter ‘redistribute ospf 1 route-map OSPF_to_EIGRP’

  47. Smily
    August 10th, 2019

    @Tshoothelp, as i understand the answer is A

  48. Anonymous
    August 10th, 2019

    route-map OSPF_to_EIGRP
    redistribute ospf 1 route-map OSPF_to_EIGRP this correct on R4

    correct answer B not A

  49. TTL
    August 10th, 2019

    @Skeme, CCNP certified, pounder and MC could you guys please confirm Ticket 11a asnwer?

    The answer is A or B

    A Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF_to_EIGRP’ command and enter ‘redistribute ospf 1 route-map OSPF->EIGRP

    B Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF->EIGRP’ command and enter ‘redistribute ospf 1 route-map OSPF_to_EIGRP’
    Thanks,

  50. TTL
    August 11th, 2019

    Hi guys,
    could some one please confirm regarding BGP is this still current fix?

    no neighbor 209.165.200.2
    neighbor 209.165.201.2

    Thanks

Comment pages
1 72 73 74 75 76 90 707